1// SPDX-License-Identifier: GPL-1.0+
   2/*
   3 * n_tty.c --- implements the N_TTY line discipline.
   4 *
   5 * This code used to be in tty_io.c, but things are getting hairy
   6 * enough that it made sense to split things off.  (The N_TTY
   7 * processing has changed so much that it's hardly recognizable,
   8 * anyway...)
   9 *
  10 * Note that the open routine for N_TTY is guaranteed never to return
  11 * an error.  This is because Linux will fall back to setting a line
  12 * to N_TTY if it can not switch to any other line discipline.
  13 *
  14 * Written by Theodore Ts'o, Copyright 1994.
  15 *
  16 * This file also contains code originally written by Linus Torvalds,
  17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
  18 *
  19 * Reduced memory usage for older ARM systems  - Russell King.
  20 *
  21 * 2000/01/20   Fixed SMP locking on put_tty_queue using bits of
  22 *		the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
  23 *		who actually finally proved there really was a race.
  24 *
  25 * 2002/03/18   Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
  26 *		waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
  27 *		Also fixed a bug in BLOCKING mode where n_tty_write returns
  28 *		EAGAIN
  29 */
  30
  31#include <linux/bitmap.h>
  32#include <linux/bitops.h>
  33#include <linux/ctype.h>
  34#include <linux/errno.h>
  35#include <linux/export.h>
  36#include <linux/fcntl.h>
  37#include <linux/file.h>
  38#include <linux/jiffies.h>
  39#include <linux/math.h>
  40#include <linux/poll.h>
  41#include <linux/ratelimit.h>
  42#include <linux/sched.h>
  43#include <linux/signal.h>
  44#include <linux/slab.h>
  45#include <linux/string.h>
  46#include <linux/tty.h>
  47#include <linux/types.h>
  48#include <linux/uaccess.h>
  49#include <linux/vmalloc.h>
  50
  51#include "tty.h"
  52
  53/*
  54 * Until this number of characters is queued in the xmit buffer, select will
  55 * return "we have room for writes".
  56 */
  57#define WAKEUP_CHARS 256
  58
  59/*
  60 * This defines the low- and high-watermarks for throttling and
  61 * unthrottling the TTY driver.  These watermarks are used for
  62 * controlling the space in the read buffer.
  63 */
  64#define TTY_THRESHOLD_THROTTLE		128 /* now based on remaining room */
  65#define TTY_THRESHOLD_UNTHROTTLE	128
  66
  67/*
  68 * Special byte codes used in the echo buffer to represent operations
  69 * or special handling of characters.  Bytes in the echo buffer that
  70 * are not part of such special blocks are treated as normal character
  71 * codes.
  72 */
  73#define ECHO_OP_START 0xff
  74#define ECHO_OP_MOVE_BACK_COL 0x80
  75#define ECHO_OP_SET_CANON_COL 0x81
  76#define ECHO_OP_ERASE_TAB 0x82
  77
  78#define ECHO_COMMIT_WATERMARK	256
  79#define ECHO_BLOCK		256
  80#define ECHO_DISCARD_WATERMARK	N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
  81
  82
  83#undef N_TTY_TRACE
  84#ifdef N_TTY_TRACE
  85# define n_tty_trace(f, args...)	trace_printk(f, ##args)
  86#else
  87# define n_tty_trace(f, args...)	no_printk(f, ##args)
  88#endif
  89
  90struct n_tty_data {
  91	/* producer-published */
  92	size_t read_head;
  93	size_t commit_head;
  94	size_t canon_head;
  95	size_t echo_head;
  96	size_t echo_commit;
  97	size_t echo_mark;
  98	DECLARE_BITMAP(char_map, 256);
  99
 100	/* private to n_tty_receive_overrun (single-threaded) */
 101	unsigned long overrun_time;
 102	unsigned int num_overrun;
 103
 104	/* non-atomic */
 105	bool no_room;
 106
 107	/* must hold exclusive termios_rwsem to reset these */
 108	unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
 109	unsigned char push:1;
 110
 111	/* shared by producer and consumer */
 112	u8 read_buf[N_TTY_BUF_SIZE];
 113	DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
 114	u8 echo_buf[N_TTY_BUF_SIZE];
 115
 116	/* consumer-published */
 117	size_t read_tail;
 118	size_t line_start;
 119
 120	/* # of chars looked ahead (to find software flow control chars) */
 121	size_t lookahead_count;
 122
 123	/* protected by output lock */
 124	unsigned int column;
 125	unsigned int canon_column;
 126	size_t echo_tail;
 127
 128	struct mutex atomic_read_lock;
 129	struct mutex output_lock;
 130};
 131
 132#define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
 133
 134static inline size_t read_cnt(struct n_tty_data *ldata)
 135{
 136	return ldata->read_head - ldata->read_tail;
 137}
 138
 139static inline u8 read_buf(struct n_tty_data *ldata, size_t i)
 140{
 141	return ldata->read_buf[MASK(i)];
 142}
 143
 144static inline u8 *read_buf_addr(struct n_tty_data *ldata, size_t i)
 145{
 146	return &ldata->read_buf[MASK(i)];
 147}
 148
 149static inline u8 echo_buf(struct n_tty_data *ldata, size_t i)
 150{
 151	smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
 152	return ldata->echo_buf[MASK(i)];
 153}
 154
 155static inline u8 *echo_buf_addr(struct n_tty_data *ldata, size_t i)
 156{
 157	return &ldata->echo_buf[MASK(i)];
 158}
 159
 160/* If we are not echoing the data, perhaps this is a secret so erase it */
 161static void zero_buffer(const struct tty_struct *tty, u8 *buffer, size_t size)
 162{
 163	if (L_ICANON(tty) && !L_ECHO(tty))
 164		memset(buffer, 0, size);
 165}
 166
 167static void tty_copy(const struct tty_struct *tty, void *to, size_t tail,
 168		     size_t n)
 169{
 170	struct n_tty_data *ldata = tty->disc_data;
 171	size_t size = N_TTY_BUF_SIZE - tail;
 172	void *from = read_buf_addr(ldata, tail);
 173
 174	if (n > size) {
 175		tty_audit_add_data(tty, from, size);
 176		memcpy(to, from, size);
 177		zero_buffer(tty, from, size);
 178		to += size;
 179		n -= size;
 180		from = ldata->read_buf;
 181	}
 182
 183	tty_audit_add_data(tty, from, n);
 184	memcpy(to, from, n);
 185	zero_buffer(tty, from, n);
 186}
 187
 188/**
 189 * n_tty_kick_worker - start input worker (if required)
 190 * @tty: terminal
 191 *
 192 * Re-schedules the flip buffer work if it may have stopped.
 193 *
 194 * Locking:
 195 *  * Caller holds exclusive %termios_rwsem, or
 196 *  * n_tty_read()/consumer path:
 197 *	holds non-exclusive %termios_rwsem
 198 */
 199static void n_tty_kick_worker(const struct tty_struct *tty)
 200{
 201	struct n_tty_data *ldata = tty->disc_data;
 202
 203	/* Did the input worker stop? Restart it */
 204	if (unlikely(READ_ONCE(ldata->no_room))) {
 205		WRITE_ONCE(ldata->no_room, 0);
 206
 207		WARN_RATELIMIT(tty->port->itty == NULL,
 208				"scheduling with invalid itty\n");
 209		/* see if ldisc has been killed - if so, this means that
 210		 * even though the ldisc has been halted and ->buf.work
 211		 * cancelled, ->buf.work is about to be rescheduled
 212		 */
 213		WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
 214			       "scheduling buffer work for halted ldisc\n");
 215		tty_buffer_restart_work(tty->port);
 216	}
 217}
 218
 219static ssize_t chars_in_buffer(const struct tty_struct *tty)
 220{
 221	const struct n_tty_data *ldata = tty->disc_data;
 222	size_t head = ldata->icanon ? ldata->canon_head : ldata->commit_head;
 223
 224	return head - ldata->read_tail;
 225}
 226
 227/**
 228 * n_tty_write_wakeup	-	asynchronous I/O notifier
 229 * @tty: tty device
 230 *
 231 * Required for the ptys, serial driver etc. since processes that attach
 232 * themselves to the master and rely on ASYNC IO must be woken up.
 233 */
 234static void n_tty_write_wakeup(struct tty_struct *tty)
 235{
 236	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 237	kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
 238}
 239
 240static void n_tty_check_throttle(struct tty_struct *tty)
 241{
 242	struct n_tty_data *ldata = tty->disc_data;
 243
 244	/*
 245	 * Check the remaining room for the input canonicalization
 246	 * mode.  We don't want to throttle the driver if we're in
 247	 * canonical mode and don't have a newline yet!
 248	 */
 249	if (ldata->icanon && ldata->canon_head == ldata->read_tail)
 250		return;
 251
 252	do {
 253		tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
 254		if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
 255			break;
 256	} while (!tty_throttle_safe(tty));
 257
 258	__tty_set_flow_change(tty, 0);
 259}
 260
 261static void n_tty_check_unthrottle(struct tty_struct *tty)
 262{
 263	if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
 264		if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
 265			return;
 266		n_tty_kick_worker(tty);
 267		tty_wakeup(tty->link);
 268		return;
 269	}
 270
 271	/* If there is enough space in the read buffer now, let the
 272	 * low-level driver know. We use chars_in_buffer() to
 273	 * check the buffer, as it now knows about canonical mode.
 274	 * Otherwise, if the driver is throttled and the line is
 275	 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
 276	 * we won't get any more characters.
 277	 */
 278
 279	do {
 280		tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
 281		if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
 282			break;
 283
 284		n_tty_kick_worker(tty);
 285	} while (!tty_unthrottle_safe(tty));
 286
 287	__tty_set_flow_change(tty, 0);
 288}
 289
 290/**
 291 * put_tty_queue		-	add character to tty
 292 * @c: character
 293 * @ldata: n_tty data
 294 *
 295 * Add a character to the tty read_buf queue.
 296 *
 297 * Locking:
 298 *  * n_tty_receive_buf()/producer path:
 299 *	caller holds non-exclusive %termios_rwsem
 300 */
 301static inline void put_tty_queue(u8 c, struct n_tty_data *ldata)
 302{
 303	*read_buf_addr(ldata, ldata->read_head) = c;
 304	ldata->read_head++;
 305}
 306
 307/**
 308 * reset_buffer_flags	-	reset buffer state
 309 * @ldata: line disc data to reset
 310 *
 311 * Reset the read buffer counters and clear the flags. Called from
 312 * n_tty_open() and n_tty_flush_buffer().
 313 *
 314 * Locking:
 315 *  * caller holds exclusive %termios_rwsem, or
 316 *  * (locking is not required)
 317 */
 318static void reset_buffer_flags(struct n_tty_data *ldata)
 319{
 320	ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
 321	ldata->commit_head = 0;
 322	ldata->line_start = 0;
 323
 324	ldata->erasing = 0;
 325	bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
 326	ldata->push = 0;
 327
 328	ldata->lookahead_count = 0;
 329}
 330
 331static void n_tty_packet_mode_flush(struct tty_struct *tty)
 332{
 333	unsigned long flags;
 334
 335	if (tty->link->ctrl.packet) {
 336		spin_lock_irqsave(&tty->ctrl.lock, flags);
 337		tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
 338		spin_unlock_irqrestore(&tty->ctrl.lock, flags);
 339		wake_up_interruptible(&tty->link->read_wait);
 340	}
 341}
 342
 343/**
 344 * n_tty_flush_buffer	-	clean input queue
 345 * @tty: terminal device
 346 *
 347 * Flush the input buffer. Called when the tty layer wants the buffer flushed
 348 * (eg at hangup) or when the %N_TTY line discipline internally has to clean
 349 * the pending queue (for example some signals).
 350 *
 351 * Holds %termios_rwsem to exclude producer/consumer while buffer indices are
 352 * reset.
 353 *
 354 * Locking: %ctrl.lock, exclusive %termios_rwsem
 355 */
 356static void n_tty_flush_buffer(struct tty_struct *tty)
 357{
 358	down_write(&tty->termios_rwsem);
 359	reset_buffer_flags(tty->disc_data);
 360	n_tty_kick_worker(tty);
 361
 362	if (tty->link)
 363		n_tty_packet_mode_flush(tty);
 364	up_write(&tty->termios_rwsem);
 365}
 366
 367/**
 368 * is_utf8_continuation	-	utf8 multibyte check
 369 * @c: byte to check
 370 *
 371 * Returns: true if the utf8 character @c is a multibyte continuation
 372 * character. We use this to correctly compute the on-screen size of the
 373 * character when printing.
 374 */
 375static inline int is_utf8_continuation(u8 c)
 376{
 377	return (c & 0xc0) == 0x80;
 378}
 379
 380/**
 381 * is_continuation	-	multibyte check
 382 * @c: byte to check
 383 * @tty: terminal device
 384 *
 385 * Returns: true if the utf8 character @c is a multibyte continuation character
 386 * and the terminal is in unicode mode.
 387 */
 388static inline int is_continuation(u8 c, const struct tty_struct *tty)
 389{
 390	return I_IUTF8(tty) && is_utf8_continuation(c);
 391}
 392
 393/**
 394 * do_output_char	-	output one character
 395 * @c: character (or partial unicode symbol)
 396 * @tty: terminal device
 397 * @space: space available in tty driver write buffer
 398 *
 399 * This is a helper function that handles one output character (including
 400 * special characters like TAB, CR, LF, etc.), doing OPOST processing and
 401 * putting the results in the tty driver's write buffer.
 402 *
 403 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY and NLDLY.
 404 * They simply aren't relevant in the world today. If you ever need them, add
 405 * them here.
 406 *
 407 * Returns: the number of bytes of buffer space used or -1 if no space left.
 408 *
 409 * Locking: should be called under the %output_lock to protect the column state
 410 * and space left in the buffer.
 411 */
 412static int do_output_char(u8 c, struct tty_struct *tty, int space)
 413{
 414	struct n_tty_data *ldata = tty->disc_data;
 415	int	spaces;
 416
 417	if (!space)
 418		return -1;
 419
 420	switch (c) {
 421	case '\n':
 422		if (O_ONLRET(tty))
 423			ldata->column = 0;
 424		if (O_ONLCR(tty)) {
 425			if (space < 2)
 426				return -1;
 427			ldata->canon_column = ldata->column = 0;
 428			tty->ops->write(tty, "\r\n", 2);
 429			return 2;
 430		}
 431		ldata->canon_column = ldata->column;
 432		break;
 433	case '\r':
 434		if (O_ONOCR(tty) && ldata->column == 0)
 435			return 0;
 436		if (O_OCRNL(tty)) {
 437			c = '\n';
 438			if (O_ONLRET(tty))
 439				ldata->canon_column = ldata->column = 0;
 440			break;
 441		}
 442		ldata->canon_column = ldata->column = 0;
 443		break;
 444	case '\t':
 445		spaces = 8 - (ldata->column & 7);
 446		if (O_TABDLY(tty) == XTABS) {
 447			if (space < spaces)
 448				return -1;
 449			ldata->column += spaces;
 450			tty->ops->write(tty, "        ", spaces);
 451			return spaces;
 452		}
 453		ldata->column += spaces;
 454		break;
 455	case '\b':
 456		if (ldata->column > 0)
 457			ldata->column--;
 458		break;
 459	default:
 460		if (!iscntrl(c)) {
 461			if (O_OLCUC(tty))
 462				c = toupper(c);
 463			if (!is_continuation(c, tty))
 464				ldata->column++;
 465		}
 466		break;
 467	}
 468
 469	tty_put_char(tty, c);
 470	return 1;
 471}
 472
 473/**
 474 * process_output	-	output post processor
 475 * @c: character (or partial unicode symbol)
 476 * @tty: terminal device
 477 *
 478 * Output one character with OPOST processing.
 479 *
 480 * Returns: -1 when the output device is full and the character must be
 481 * retried.
 482 *
 483 * Locking: %output_lock to protect column state and space left (also, this is
 484 *called from n_tty_write() under the tty layer write lock).
 485 */
 486static int process_output(u8 c, struct tty_struct *tty)
 487{
 488	struct n_tty_data *ldata = tty->disc_data;
 489	int	space, retval;
 490
 491	mutex_lock(&ldata->output_lock);
 492
 493	space = tty_write_room(tty);
 494	retval = do_output_char(c, tty, space);
 495
 496	mutex_unlock(&ldata->output_lock);
 497	if (retval < 0)
 498		return -1;
 499	else
 500		return 0;
 501}
 502
 503/**
 504 * process_output_block	-	block post processor
 505 * @tty: terminal device
 506 * @buf: character buffer
 507 * @nr: number of bytes to output
 508 *
 509 * Output a block of characters with OPOST processing.
 510 *
 511 * This path is used to speed up block console writes, among other things when
 512 * processing blocks of output data. It handles only the simple cases normally
 513 * found and helps to generate blocks of symbols for the console driver and
 514 * thus improve performance.
 515 *
 516 * Returns: the number of characters output.
 517 *
 518 * Locking: %output_lock to protect column state and space left (also, this is
 519 * called from n_tty_write() under the tty layer write lock).
 520 */
 521static ssize_t process_output_block(struct tty_struct *tty,
 522				    const u8 *buf, unsigned int nr)
 523{
 524	struct n_tty_data *ldata = tty->disc_data;
 525	int	space;
 526	int	i;
 527	const u8 *cp;
 528
 529	mutex_lock(&ldata->output_lock);
 530
 531	space = tty_write_room(tty);
 532	if (space <= 0) {
 533		mutex_unlock(&ldata->output_lock);
 534		return space;
 535	}
 536	if (nr > space)
 537		nr = space;
 538
 539	for (i = 0, cp = buf; i < nr; i++, cp++) {
 540		u8 c = *cp;
 541
 542		switch (c) {
 543		case '\n':
 544			if (O_ONLRET(tty))
 545				ldata->column = 0;
 546			if (O_ONLCR(tty))
 547				goto break_out;
 548			ldata->canon_column = ldata->column;
 549			break;
 550		case '\r':
 551			if (O_ONOCR(tty) && ldata->column == 0)
 552				goto break_out;
 553			if (O_OCRNL(tty))
 554				goto break_out;
 555			ldata->canon_column = ldata->column = 0;
 556			break;
 557		case '\t':
 558			goto break_out;
 559		case '\b':
 560			if (ldata->column > 0)
 561				ldata->column--;
 562			break;
 563		default:
 564			if (!iscntrl(c)) {
 565				if (O_OLCUC(tty))
 566					goto break_out;
 567				if (!is_continuation(c, tty))
 568					ldata->column++;
 569			}
 570			break;
 571		}
 572	}
 573break_out:
 574	i = tty->ops->write(tty, buf, i);
 575
 576	mutex_unlock(&ldata->output_lock);
 577	return i;
 578}
 579
 580static int n_tty_process_echo_ops(struct tty_struct *tty, size_t *tail,
 581				  int space)
 582{
 583	struct n_tty_data *ldata = tty->disc_data;
 584	u8 op;
 585
 586	/*
 587	 * Since add_echo_byte() is called without holding output_lock, we
 588	 * might see only portion of multi-byte operation.
 589	 */
 590	if (MASK(ldata->echo_commit) == MASK(*tail + 1))
 591		return -ENODATA;
 592
 593	/*
 594	 * If the buffer byte is the start of a multi-byte operation, get the
 595	 * next byte, which is either the op code or a control character value.
 596	 */
 597	op = echo_buf(ldata, *tail + 1);
 598
 599	switch (op) {
 600	case ECHO_OP_ERASE_TAB: {
 601		unsigned int num_chars, num_bs;
 602
 603		if (MASK(ldata->echo_commit) == MASK(*tail + 2))
 604			return -ENODATA;
 605
 606		num_chars = echo_buf(ldata, *tail + 2);
 607
 608		/*
 609		 * Determine how many columns to go back in order to erase the
 610		 * tab. This depends on the number of columns used by other
 611		 * characters within the tab area. If this (modulo 8) count is
 612		 * from the start of input rather than from a previous tab, we
 613		 * offset by canon column. Otherwise, tab spacing is normal.
 614		 */
 615		if (!(num_chars & 0x80))
 616			num_chars += ldata->canon_column;
 617		num_bs = 8 - (num_chars & 7);
 618
 619		if (num_bs > space)
 620			return -ENOSPC;
 621
 622		space -= num_bs;
 623		while (num_bs--) {
 624			tty_put_char(tty, '\b');
 625			if (ldata->column > 0)
 626				ldata->column--;
 627		}
 628		*tail += 3;
 629		break;
 630	}
 631	case ECHO_OP_SET_CANON_COL:
 632		ldata->canon_column = ldata->column;
 633		*tail += 2;
 634		break;
 635
 636	case ECHO_OP_MOVE_BACK_COL:
 637		if (ldata->column > 0)
 638			ldata->column--;
 639		*tail += 2;
 640		break;
 641
 642	case ECHO_OP_START:
 643		/* This is an escaped echo op start code */
 644		if (!space)
 645			return -ENOSPC;
 646
 647		tty_put_char(tty, ECHO_OP_START);
 648		ldata->column++;
 649		space--;
 650		*tail += 2;
 651		break;
 652
 653	default:
 654		/*
 655		 * If the op is not a special byte code, it is a ctrl char
 656		 * tagged to be echoed as "^X" (where X is the letter
 657		 * representing the control char). Note that we must ensure
 658		 * there is enough space for the whole ctrl pair.
 659		 */
 660		if (space < 2)
 661			return -ENOSPC;
 662
 663		tty_put_char(tty, '^');
 664		tty_put_char(tty, op ^ 0100);
 665		ldata->column += 2;
 666		space -= 2;
 667		*tail += 2;
 668		break;
 669	}
 670
 671	return space;
 672}
 673
 674/**
 675 * __process_echoes	-	write pending echo characters
 676 * @tty: terminal device
 677 *
 678 * Write previously buffered echo (and other ldisc-generated) characters to the
 679 * tty.
 680 *
 681 * Characters generated by the ldisc (including echoes) need to be buffered
 682 * because the driver's write buffer can fill during heavy program output.
 683 * Echoing straight to the driver will often fail under these conditions,
 684 * causing lost characters and resulting mismatches of ldisc state information.
 685 *
 686 * Since the ldisc state must represent the characters actually sent to the
 687 * driver at the time of the write, operations like certain changes in column
 688 * state are also saved in the buffer and executed here.
 689 *
 690 * A circular fifo buffer is used so that the most recent characters are
 691 * prioritized. Also, when control characters are echoed with a prefixed "^",
 692 * the pair is treated atomically and thus not separated.
 693 *
 694 * Locking: callers must hold %output_lock.
 695 */
 696static size_t __process_echoes(struct tty_struct *tty)
 697{
 698	struct n_tty_data *ldata = tty->disc_data;
 699	int	space, old_space;
 700	size_t tail;
 701	u8 c;
 702
 703	old_space = space = tty_write_room(tty);
 704
 705	tail = ldata->echo_tail;
 706	while (MASK(ldata->echo_commit) != MASK(tail)) {
 707		c = echo_buf(ldata, tail);
 708		if (c == ECHO_OP_START) {
 709			int ret = n_tty_process_echo_ops(tty, &tail, space);
 710			if (ret == -ENODATA)
 711				goto not_yet_stored;
 712			if (ret < 0)
 713				break;
 714			space = ret;
 715		} else {
 716			if (O_OPOST(tty)) {
 717				int retval = do_output_char(c, tty, space);
 718				if (retval < 0)
 719					break;
 720				space -= retval;
 721			} else {
 722				if (!space)
 723					break;
 724				tty_put_char(tty, c);
 725				space -= 1;
 726			}
 727			tail += 1;
 728		}
 729	}
 730
 731	/* If the echo buffer is nearly full (so that the possibility exists
 732	 * of echo overrun before the next commit), then discard enough
 733	 * data at the tail to prevent a subsequent overrun */
 734	while (ldata->echo_commit > tail &&
 735	       ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
 736		if (echo_buf(ldata, tail) == ECHO_OP_START) {
 737			if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
 738				tail += 3;
 739			else
 740				tail += 2;
 741		} else
 742			tail++;
 743	}
 744
 745 not_yet_stored:
 746	ldata->echo_tail = tail;
 747	return old_space - space;
 748}
 749
 750static void commit_echoes(struct tty_struct *tty)
 751{
 752	struct n_tty_data *ldata = tty->disc_data;
 753	size_t nr, old, echoed;
 754	size_t head;
 755
 756	mutex_lock(&ldata->output_lock);
 757	head = ldata->echo_head;
 758	ldata->echo_mark = head;
 759	old = ldata->echo_commit - ldata->echo_tail;
 760
 761	/* Process committed echoes if the accumulated # of bytes
 762	 * is over the threshold (and try again each time another
 763	 * block is accumulated) */
 764	nr = head - ldata->echo_tail;
 765	if (nr < ECHO_COMMIT_WATERMARK ||
 766	    (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
 767		mutex_unlock(&ldata->output_lock);
 768		return;
 769	}
 770
 771	ldata->echo_commit = head;
 772	echoed = __process_echoes(tty);
 773	mutex_unlock(&ldata->output_lock);
 774
 775	if (echoed && tty->ops->flush_chars)
 776		tty->ops->flush_chars(tty);
 777}
 778
 779static void process_echoes(struct tty_struct *tty)
 780{
 781	struct n_tty_data *ldata = tty->disc_data;
 782	size_t echoed;
 783
 784	if (ldata->echo_mark == ldata->echo_tail)
 785		return;
 786
 787	mutex_lock(&ldata->output_lock);
 788	ldata->echo_commit = ldata->echo_mark;
 789	echoed = __process_echoes(tty);
 790	mutex_unlock(&ldata->output_lock);
 791
 792	if (echoed && tty->ops->flush_chars)
 793		tty->ops->flush_chars(tty);
 794}
 795
 796/* NB: echo_mark and echo_head should be equivalent here */
 797static void flush_echoes(struct tty_struct *tty)
 798{
 799	struct n_tty_data *ldata = tty->disc_data;
 800
 801	if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
 802	    ldata->echo_commit == ldata->echo_head)
 803		return;
 804
 805	mutex_lock(&ldata->output_lock);
 806	ldata->echo_commit = ldata->echo_head;
 807	__process_echoes(tty);
 808	mutex_unlock(&ldata->output_lock);
 809}
 810
 811/**
 812 * add_echo_byte	-	add a byte to the echo buffer
 813 * @c: unicode byte to echo
 814 * @ldata: n_tty data
 815 *
 816 * Add a character or operation byte to the echo buffer.
 817 */
 818static inline void add_echo_byte(u8 c, struct n_tty_data *ldata)
 819{
 820	*echo_buf_addr(ldata, ldata->echo_head) = c;
 821	smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
 822	ldata->echo_head++;
 823}
 824
 825/**
 826 * echo_move_back_col	-	add operation to move back a column
 827 * @ldata: n_tty data
 828 *
 829 * Add an operation to the echo buffer to move back one column.
 830 */
 831static void echo_move_back_col(struct n_tty_data *ldata)
 832{
 833	add_echo_byte(ECHO_OP_START, ldata);
 834	add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
 835}
 836
 837/**
 838 * echo_set_canon_col	-	add operation to set the canon column
 839 * @ldata: n_tty data
 840 *
 841 * Add an operation to the echo buffer to set the canon column to the current
 842 * column.
 843 */
 844static void echo_set_canon_col(struct n_tty_data *ldata)
 845{
 846	add_echo_byte(ECHO_OP_START, ldata);
 847	add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
 848}
 849
 850/**
 851 * echo_erase_tab	-	add operation to erase a tab
 852 * @num_chars: number of character columns already used
 853 * @after_tab: true if num_chars starts after a previous tab
 854 * @ldata: n_tty data
 855 *
 856 * Add an operation to the echo buffer to erase a tab.
 857 *
 858 * Called by the eraser function, which knows how many character columns have
 859 * been used since either a previous tab or the start of input. This
 860 * information will be used later, along with canon column (if applicable), to
 861 * go back the correct number of columns.
 862 */
 863static void echo_erase_tab(unsigned int num_chars, int after_tab,
 864			   struct n_tty_data *ldata)
 865{
 866	add_echo_byte(ECHO_OP_START, ldata);
 867	add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
 868
 869	/* We only need to know this modulo 8 (tab spacing) */
 870	num_chars &= 7;
 871
 872	/* Set the high bit as a flag if num_chars is after a previous tab */
 873	if (after_tab)
 874		num_chars |= 0x80;
 875
 876	add_echo_byte(num_chars, ldata);
 877}
 878
 879/**
 880 * echo_char_raw	-	echo a character raw
 881 * @c: unicode byte to echo
 882 * @ldata: line disc data
 883 *
 884 * Echo user input back onto the screen. This must be called only when
 885 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
 886 *
 887 * This variant does not treat control characters specially.
 888 */
 889static void echo_char_raw(u8 c, struct n_tty_data *ldata)
 890{
 891	if (c == ECHO_OP_START) {
 892		add_echo_byte(ECHO_OP_START, ldata);
 893		add_echo_byte(ECHO_OP_START, ldata);
 894	} else {
 895		add_echo_byte(c, ldata);
 896	}
 897}
 898
 899/**
 900 * echo_char		-	echo a character
 901 * @c: unicode byte to echo
 902 * @tty: terminal device
 903 *
 904 * Echo user input back onto the screen. This must be called only when
 905 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
 906 *
 907 * This variant tags control characters to be echoed as "^X" (where X is the
 908 * letter representing the control char).
 909 */
 910static void echo_char(u8 c, const struct tty_struct *tty)
 911{
 912	struct n_tty_data *ldata = tty->disc_data;
 913
 914	if (c == ECHO_OP_START) {
 915		add_echo_byte(ECHO_OP_START, ldata);
 916		add_echo_byte(ECHO_OP_START, ldata);
 917	} else {
 918		if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
 919			add_echo_byte(ECHO_OP_START, ldata);
 920		add_echo_byte(c, ldata);
 921	}
 922}
 923
 924/**
 925 * finish_erasing	-	complete erase
 926 * @ldata: n_tty data
 927 */
 928static inline void finish_erasing(struct n_tty_data *ldata)
 929{
 930	if (ldata->erasing) {
 931		echo_char_raw('/', ldata);
 932		ldata->erasing = 0;
 933	}
 934}
 935
 936/**
 937 * eraser		-	handle erase function
 938 * @c: character input
 939 * @tty: terminal device
 940 *
 941 * Perform erase and necessary output when an erase character is present in the
 942 * stream from the driver layer. Handles the complexities of UTF-8 multibyte
 943 * symbols.
 944 *
 945 * Locking: n_tty_receive_buf()/producer path:
 946 *	caller holds non-exclusive %termios_rwsem
 947 */
 948static void eraser(u8 c, const struct tty_struct *tty)
 949{
 950	struct n_tty_data *ldata = tty->disc_data;
 951	enum { ERASE, WERASE, KILL } kill_type;
 952	size_t head;
 953	size_t cnt;
 954	int seen_alnums;
 955
 956	if (ldata->read_head == ldata->canon_head) {
 957		/* process_output('\a', tty); */ /* what do you think? */
 958		return;
 959	}
 960	if (c == ERASE_CHAR(tty))
 961		kill_type = ERASE;
 962	else if (c == WERASE_CHAR(tty))
 963		kill_type = WERASE;
 964	else {
 965		if (!L_ECHO(tty)) {
 966			ldata->read_head = ldata->canon_head;
 967			return;
 968		}
 969		if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
 970			ldata->read_head = ldata->canon_head;
 971			finish_erasing(ldata);
 972			echo_char(KILL_CHAR(tty), tty);
 973			/* Add a newline if ECHOK is on and ECHOKE is off. */
 974			if (L_ECHOK(tty))
 975				echo_char_raw('\n', ldata);
 976			return;
 977		}
 978		kill_type = KILL;
 979	}
 980
 981	seen_alnums = 0;
 982	while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
 983		head = ldata->read_head;
 984
 985		/* erase a single possibly multibyte character */
 986		do {
 987			head--;
 988			c = read_buf(ldata, head);
 989		} while (is_continuation(c, tty) &&
 990			 MASK(head) != MASK(ldata->canon_head));
 991
 992		/* do not partially erase */
 993		if (is_continuation(c, tty))
 994			break;
 995
 996		if (kill_type == WERASE) {
 997			/* Equivalent to BSD's ALTWERASE. */
 998			if (isalnum(c) || c == '_')
 999				seen_alnums++;
1000			else if (seen_alnums)
1001				break;
1002		}
1003		cnt = ldata->read_head - head;
1004		ldata->read_head = head;
1005		if (L_ECHO(tty)) {
1006			if (L_ECHOPRT(tty)) {
1007				if (!ldata->erasing) {
1008					echo_char_raw('\\', ldata);
1009					ldata->erasing = 1;
1010				}
1011				/* if cnt > 1, output a multi-byte character */
1012				echo_char(c, tty);
1013				while (--cnt > 0) {
1014					head++;
1015					echo_char_raw(read_buf(ldata, head), ldata);
1016					echo_move_back_col(ldata);
1017				}
1018			} else if (kill_type == ERASE && !L_ECHOE(tty)) {
1019				echo_char(ERASE_CHAR(tty), tty);
1020			} else if (c == '\t') {
1021				unsigned int num_chars = 0;
1022				int after_tab = 0;
1023				size_t tail = ldata->read_head;
1024
1025				/*
1026				 * Count the columns used for characters
1027				 * since the start of input or after a
1028				 * previous tab.
1029				 * This info is used to go back the correct
1030				 * number of columns.
1031				 */
1032				while (MASK(tail) != MASK(ldata->canon_head)) {
1033					tail--;
1034					c = read_buf(ldata, tail);
1035					if (c == '\t') {
1036						after_tab = 1;
1037						break;
1038					} else if (iscntrl(c)) {
1039						if (L_ECHOCTL(tty))
1040							num_chars += 2;
1041					} else if (!is_continuation(c, tty)) {
1042						num_chars++;
1043					}
1044				}
1045				echo_erase_tab(num_chars, after_tab, ldata);
1046			} else {
1047				if (iscntrl(c) && L_ECHOCTL(tty)) {
1048					echo_char_raw('\b', ldata);
1049					echo_char_raw(' ', ldata);
1050					echo_char_raw('\b', ldata);
1051				}
1052				if (!iscntrl(c) || L_ECHOCTL(tty)) {
1053					echo_char_raw('\b', ldata);
1054					echo_char_raw(' ', ldata);
1055					echo_char_raw('\b', ldata);
1056				}
1057			}
1058		}
1059		if (kill_type == ERASE)
1060			break;
1061	}
1062	if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1063		finish_erasing(ldata);
1064}
1065
1066
1067static void __isig(int sig, struct tty_struct *tty)
1068{
1069	struct pid *tty_pgrp = tty_get_pgrp(tty);
1070	if (tty_pgrp) {
1071		kill_pgrp(tty_pgrp, sig, 1);
1072		put_pid(tty_pgrp);
1073	}
1074}
1075
1076/**
1077 * isig			-	handle the ISIG optio
1078 * @sig: signal
1079 * @tty: terminal
1080 *
1081 * Called when a signal is being sent due to terminal input. Called from the
1082 * &tty_driver.receive_buf() path, so serialized.
1083 *
1084 * Performs input and output flush if !NOFLSH. In this context, the echo
1085 * buffer is 'output'. The signal is processed first to alert any current
1086 * readers or writers to discontinue and exit their i/o loops.
1087 *
1088 * Locking: %ctrl.lock
1089 */
1090static void isig(int sig, struct tty_struct *tty)
1091{
1092	struct n_tty_data *ldata = tty->disc_data;
1093
1094	if (L_NOFLSH(tty)) {
1095		/* signal only */
1096		__isig(sig, tty);
1097
1098	} else { /* signal and flush */
1099		up_read(&tty->termios_rwsem);
1100		down_write(&tty->termios_rwsem);
1101
1102		__isig(sig, tty);
1103
1104		/* clear echo buffer */
1105		mutex_lock(&ldata->output_lock);
1106		ldata->echo_head = ldata->echo_tail = 0;
1107		ldata->echo_mark = ldata->echo_commit = 0;
1108		mutex_unlock(&ldata->output_lock);
1109
1110		/* clear output buffer */
1111		tty_driver_flush_buffer(tty);
1112
1113		/* clear input buffer */
1114		reset_buffer_flags(tty->disc_data);
1115
1116		/* notify pty master of flush */
1117		if (tty->link)
1118			n_tty_packet_mode_flush(tty);
1119
1120		up_write(&tty->termios_rwsem);
1121		down_read(&tty->termios_rwsem);
1122	}
1123}
1124
1125/**
1126 * n_tty_receive_break	-	handle break
1127 * @tty: terminal
1128 *
1129 * An RS232 break event has been hit in the incoming bitstream. This can cause
1130 * a variety of events depending upon the termios settings.
1131 *
1132 * Locking: n_tty_receive_buf()/producer path:
1133 *	caller holds non-exclusive termios_rwsem
1134 *
1135 * Note: may get exclusive %termios_rwsem if flushing input buffer
1136 */
1137static void n_tty_receive_break(struct tty_struct *tty)
1138{
1139	struct n_tty_data *ldata = tty->disc_data;
1140
1141	if (I_IGNBRK(tty))
1142		return;
1143	if (I_BRKINT(tty)) {
1144		isig(SIGINT, tty);
1145		return;
1146	}
1147	if (I_PARMRK(tty)) {
1148		put_tty_queue('\377', ldata);
1149		put_tty_queue('\0', ldata);
1150	}
1151	put_tty_queue('\0', ldata);
1152}
1153
1154/**
1155 * n_tty_receive_overrun	-	handle overrun reporting
1156 * @tty: terminal
1157 *
1158 * Data arrived faster than we could process it. While the tty driver has
1159 * flagged this the bits that were missed are gone forever.
1160 *
1161 * Called from the receive_buf path so single threaded. Does not need locking
1162 * as num_overrun and overrun_time are function private.
1163 */
1164static void n_tty_receive_overrun(const struct tty_struct *tty)
1165{
1166	struct n_tty_data *ldata = tty->disc_data;
1167
1168	ldata->num_overrun++;
1169	if (time_is_before_jiffies(ldata->overrun_time + HZ)) {
1170		tty_warn(tty, "%u input overrun(s)\n", ldata->num_overrun);
1171		ldata->overrun_time = jiffies;
1172		ldata->num_overrun = 0;
1173	}
1174}
1175
1176/**
1177 * n_tty_receive_parity_error	-	error notifier
1178 * @tty: terminal device
1179 * @c: character
1180 *
1181 * Process a parity error and queue the right data to indicate the error case
1182 * if necessary.
1183 *
1184 * Locking: n_tty_receive_buf()/producer path:
1185 * 	caller holds non-exclusive %termios_rwsem
1186 */
1187static void n_tty_receive_parity_error(const struct tty_struct *tty,
1188				       u8 c)
1189{
1190	struct n_tty_data *ldata = tty->disc_data;
1191
1192	if (I_INPCK(tty)) {
1193		if (I_IGNPAR(tty))
1194			return;
1195		if (I_PARMRK(tty)) {
1196			put_tty_queue('\377', ldata);
1197			put_tty_queue('\0', ldata);
1198			put_tty_queue(c, ldata);
1199		} else
1200			put_tty_queue('\0', ldata);
1201	} else
1202		put_tty_queue(c, ldata);
1203}
1204
1205static void
1206n_tty_receive_signal_char(struct tty_struct *tty, int signal, u8 c)
1207{
1208	isig(signal, tty);
1209	if (I_IXON(tty))
1210		start_tty(tty);
1211	if (L_ECHO(tty)) {
1212		echo_char(c, tty);
1213		commit_echoes(tty);
1214	} else
1215		process_echoes(tty);
1216}
1217
1218static bool n_tty_is_char_flow_ctrl(struct tty_struct *tty, u8 c)
1219{
1220	return c == START_CHAR(tty) || c == STOP_CHAR(tty);
1221}
1222
1223/**
1224 * n_tty_receive_char_flow_ctrl - receive flow control chars
1225 * @tty: terminal device
1226 * @c: character
1227 * @lookahead_done: lookahead has processed this character already
1228 *
1229 * Receive and process flow control character actions.
1230 *
1231 * In case lookahead for flow control chars already handled the character in
1232 * advance to the normal receive, the actions are skipped during normal
1233 * receive.
1234 *
1235 * Returns true if @c is consumed as flow-control character, the character
1236 * must not be treated as normal character.
1237 */
1238static bool n_tty_receive_char_flow_ctrl(struct tty_struct *tty, u8 c,
1239					 bool lookahead_done)
1240{
1241	if (!n_tty_is_char_flow_ctrl(tty, c))
1242		return false;
1243
1244	if (lookahead_done)
1245		return true;
1246
1247	if (c == START_CHAR(tty)) {
1248		start_tty(tty);
1249		process_echoes(tty);
1250		return true;
1251	}
1252
1253	/* STOP_CHAR */
1254	stop_tty(tty);
1255	return true;
1256}
1257
1258static void n_tty_receive_handle_newline(struct tty_struct *tty, u8 c)
1259{
1260	struct n_tty_data *ldata = tty->disc_data;
1261
1262	set_bit(MASK(ldata->read_head), ldata->read_flags);
1263	put_tty_queue(c, ldata);
1264	smp_store_release(&ldata->canon_head, ldata->read_head);
1265	kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1266	wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1267}
1268
1269static bool n_tty_receive_char_canon(struct tty_struct *tty, u8 c)
1270{
1271	struct n_tty_data *ldata = tty->disc_data;
1272
1273	if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1274	    (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1275		eraser(c, tty);
1276		commit_echoes(tty);
1277
1278		return true;
1279	}
1280
1281	if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1282		ldata->lnext = 1;
1283		if (L_ECHO(tty)) {
1284			finish_erasing(ldata);
1285			if (L_ECHOCTL(tty)) {
1286				echo_char_raw('^', ldata);
1287				echo_char_raw('\b', ldata);
1288				commit_echoes(tty);
1289			}
1290		}
1291
1292		return true;
1293	}
1294
1295	if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1296		size_t tail = ldata->canon_head;
1297
1298		finish_erasing(ldata);
1299		echo_char(c, tty);
1300		echo_char_raw('\n', ldata);
1301		while (MASK(tail) != MASK(ldata->read_head)) {
1302			echo_char(read_buf(ldata, tail), tty);
1303			tail++;
1304		}
1305		commit_echoes(tty);
1306
1307		return true;
1308	}
1309
1310	if (c == '\n') {
1311		if (L_ECHO(tty) || L_ECHONL(tty)) {
1312			echo_char_raw('\n', ldata);
1313			commit_echoes(tty);
1314		}
1315		n_tty_receive_handle_newline(tty, c);
1316
1317		return true;
1318	}
1319
1320	if (c == EOF_CHAR(tty)) {
1321		c = __DISABLED_CHAR;
1322		n_tty_receive_handle_newline(tty, c);
1323
1324		return true;
1325	}
1326
1327	if ((c == EOL_CHAR(tty)) ||
1328	    (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1329		/*
1330		 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1331		 */
1332		if (L_ECHO(tty)) {
1333			/* Record the column of first canon char. */
1334			if (ldata->canon_head == ldata->read_head)
1335				echo_set_canon_col(ldata);
1336			echo_char(c, tty);
1337			commit_echoes(tty);
1338		}
1339		/*
1340		 * XXX does PARMRK doubling happen for
1341		 * EOL_CHAR and EOL2_CHAR?
1342		 */
1343		if (c == '\377' && I_PARMRK(tty))
1344			put_tty_queue(c, ldata);
1345
1346		n_tty_receive_handle_newline(tty, c);
1347
1348		return true;
1349	}
1350
1351	return false;
1352}
1353
1354static void n_tty_receive_char_special(struct tty_struct *tty, u8 c,
1355				       bool lookahead_done)
1356{
1357	struct n_tty_data *ldata = tty->disc_data;
1358
1359	if (I_IXON(tty) && n_tty_receive_char_flow_ctrl(tty, c, lookahead_done))
1360		return;
1361
1362	if (L_ISIG(tty)) {
1363		if (c == INTR_CHAR(tty)) {
1364			n_tty_receive_signal_char(tty, SIGINT, c);
1365			return;
1366		} else if (c == QUIT_CHAR(tty)) {
1367			n_tty_receive_signal_char(tty, SIGQUIT, c);
1368			return;
1369		} else if (c == SUSP_CHAR(tty)) {
1370			n_tty_receive_signal_char(tty, SIGTSTP, c);
1371			return;
1372		}
1373	}
1374
1375	if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1376		start_tty(tty);
1377		process_echoes(tty);
1378	}
1379
1380	if (c == '\r') {
1381		if (I_IGNCR(tty))
1382			return;
1383		if (I_ICRNL(tty))
1384			c = '\n';
1385	} else if (c == '\n' && I_INLCR(tty))
1386		c = '\r';
1387
1388	if (ldata->icanon && n_tty_receive_char_canon(tty, c))
1389		return;
1390
1391	if (L_ECHO(tty)) {
1392		finish_erasing(ldata);
1393		if (c == '\n')
1394			echo_char_raw('\n', ldata);
1395		else {
1396			/* Record the column of first canon char. */
1397			if (ldata->canon_head == ldata->read_head)
1398				echo_set_canon_col(ldata);
1399			echo_char(c, tty);
1400		}
1401		commit_echoes(tty);
1402	}
1403
1404	/* PARMRK doubling check */
1405	if (c == '\377' && I_PARMRK(tty))
1406		put_tty_queue(c, ldata);
1407
1408	put_tty_queue(c, ldata);
1409}
1410
1411/**
1412 * n_tty_receive_char	-	perform processing
1413 * @tty: terminal device
1414 * @c: character
1415 *
1416 * Process an individual character of input received from the driver.  This is
1417 * serialized with respect to itself by the rules for the driver above.
1418 *
1419 * Locking: n_tty_receive_buf()/producer path:
1420 *	caller holds non-exclusive %termios_rwsem
1421 *	publishes canon_head if canonical mode is active
1422 */
1423static void n_tty_receive_char(struct tty_struct *tty, u8 c)
1424{
1425	struct n_tty_data *ldata = tty->disc_data;
1426
1427	if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1428		start_tty(tty);
1429		process_echoes(tty);
1430	}
1431	if (L_ECHO(tty)) {
1432		finish_erasing(ldata);
1433		/* Record the column of first canon char. */
1434		if (ldata->canon_head == ldata->read_head)
1435			echo_set_canon_col(ldata);
1436		echo_char(c, tty);
1437		commit_echoes(tty);
1438	}
1439	/* PARMRK doubling check */
1440	if (c == '\377' && I_PARMRK(tty))
1441		put_tty_queue(c, ldata);
1442	put_tty_queue(c, ldata);
1443}
1444
1445static void n_tty_receive_char_closing(struct tty_struct *tty, u8 c,
1446				       bool lookahead_done)
1447{
1448	if (I_ISTRIP(tty))
1449		c &= 0x7f;
1450	if (I_IUCLC(tty) && L_IEXTEN(tty))
1451		c = tolower(c);
1452
1453	if (I_IXON(tty)) {
1454		if (!n_tty_receive_char_flow_ctrl(tty, c, lookahead_done) &&
1455		    tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1456		    c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1457		    c != SUSP_CHAR(tty)) {
1458			start_tty(tty);
1459			process_echoes(tty);
1460		}
1461	}
1462}
1463
1464static void
1465n_tty_receive_char_flagged(struct tty_struct *tty, u8 c, u8 flag)
1466{
1467	switch (flag) {
1468	case TTY_BREAK:
1469		n_tty_receive_break(tty);
1470		break;
1471	case TTY_PARITY:
1472	case TTY_FRAME:
1473		n_tty_receive_parity_error(tty, c);
1474		break;
1475	case TTY_OVERRUN:
1476		n_tty_receive_overrun(tty);
1477		break;
1478	default:
1479		tty_err(tty, "unknown flag %u\n", flag);
1480		break;
1481	}
1482}
1483
1484static void
1485n_tty_receive_char_lnext(struct tty_struct *tty, u8 c, u8 flag)
1486{
1487	struct n_tty_data *ldata = tty->disc_data;
1488
1489	ldata->lnext = 0;
1490	if (likely(flag == TTY_NORMAL)) {
1491		if (I_ISTRIP(tty))
1492			c &= 0x7f;
1493		if (I_IUCLC(tty) && L_IEXTEN(tty))
1494			c = tolower(c);
1495		n_tty_receive_char(tty, c);
1496	} else
1497		n_tty_receive_char_flagged(tty, c, flag);
1498}
1499
1500/* Caller must ensure count > 0 */
1501static void n_tty_lookahead_flow_ctrl(struct tty_struct *tty, const u8 *cp,
1502				      const u8 *fp, size_t count)
1503{
1504	struct n_tty_data *ldata = tty->disc_data;
1505	u8 flag = TTY_NORMAL;
1506
1507	ldata->lookahead_count += count;
1508
1509	if (!I_IXON(tty))
1510		return;
1511
1512	while (count--) {
1513		if (fp)
1514			flag = *fp++;
1515		if (likely(flag == TTY_NORMAL))
1516			n_tty_receive_char_flow_ctrl(tty, *cp, false);
1517		cp++;
1518	}
1519}
1520
1521static void
1522n_tty_receive_buf_real_raw(const struct tty_struct *tty, const u8 *cp,
1523			   size_t count)
1524{
1525	struct n_tty_data *ldata = tty->disc_data;
1526
1527	/* handle buffer wrap-around by a loop */
1528	for (unsigned int i = 0; i < 2; i++) {
1529		size_t head = MASK(ldata->read_head);
1530		size_t n = min(count, N_TTY_BUF_SIZE - head);
1531
1532		memcpy(read_buf_addr(ldata, head), cp, n);
1533
1534		ldata->read_head += n;
1535		cp += n;
1536		count -= n;
1537	}
1538}
1539
1540static void
1541n_tty_receive_buf_raw(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1542		      size_t count)
1543{
1544	struct n_tty_data *ldata = tty->disc_data;
1545	u8 flag = TTY_NORMAL;
1546
1547	while (count--) {
1548		if (fp)
1549			flag = *fp++;
1550		if (likely(flag == TTY_NORMAL))
1551			put_tty_queue(*cp++, ldata);
1552		else
1553			n_tty_receive_char_flagged(tty, *cp++, flag);
1554	}
1555}
1556
1557static void
1558n_tty_receive_buf_closing(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1559			  size_t count, bool lookahead_done)
1560{
1561	u8 flag = TTY_NORMAL;
1562
1563	while (count--) {
1564		if (fp)
1565			flag = *fp++;
1566		if (likely(flag == TTY_NORMAL))
1567			n_tty_receive_char_closing(tty, *cp++, lookahead_done);
1568	}
1569}
1570
1571static void n_tty_receive_buf_standard(struct tty_struct *tty, const u8 *cp,
1572				       const u8 *fp, size_t count,
1573				       bool lookahead_done)
1574{
1575	struct n_tty_data *ldata = tty->disc_data;
1576	u8 flag = TTY_NORMAL;
1577
1578	while (count--) {
1579		u8 c = *cp++;
1580
1581		if (fp)
1582			flag = *fp++;
1583
1584		if (ldata->lnext) {
1585			n_tty_receive_char_lnext(tty, c, flag);
1586			continue;
1587		}
1588
1589		if (unlikely(flag != TTY_NORMAL)) {
1590			n_tty_receive_char_flagged(tty, c, flag);
1591			continue;
1592		}
1593
1594		if (I_ISTRIP(tty))
1595			c &= 0x7f;
1596		if (I_IUCLC(tty) && L_IEXTEN(tty))
1597			c = tolower(c);
1598		if (L_EXTPROC(tty)) {
1599			put_tty_queue(c, ldata);
1600			continue;
1601		}
1602
1603		if (test_bit(c, ldata->char_map))
1604			n_tty_receive_char_special(tty, c, lookahead_done);
1605		else
1606			n_tty_receive_char(tty, c);
1607	}
1608}
1609
1610static void __receive_buf(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1611			  size_t count)
1612{
1613	struct n_tty_data *ldata = tty->disc_data;
1614	bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1615	size_t la_count = min(ldata->lookahead_count, count);
1616
1617	if (ldata->real_raw)
1618		n_tty_receive_buf_real_raw(tty, cp, count);
1619	else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1620		n_tty_receive_buf_raw(tty, cp, fp, count);
1621	else if (tty->closing && !L_EXTPROC(tty)) {
1622		if (la_count > 0) {
1623			n_tty_receive_buf_closing(tty, cp, fp, la_count, true);
1624			cp += la_count;
1625			if (fp)
1626				fp += la_count;
1627			count -= la_count;
1628		}
1629		if (count > 0)
1630			n_tty_receive_buf_closing(tty, cp, fp, count, false);
1631	} else {
1632		if (la_count > 0) {
1633			n_tty_receive_buf_standard(tty, cp, fp, la_count, true);
1634			cp += la_count;
1635			if (fp)
1636				fp += la_count;
1637			count -= la_count;
1638		}
1639		if (count > 0)
1640			n_tty_receive_buf_standard(tty, cp, fp, count, false);
1641
1642		flush_echoes(tty);
1643		if (tty->ops->flush_chars)
1644			tty->ops->flush_chars(tty);
1645	}
1646
1647	ldata->lookahead_count -= la_count;
1648
1649	if (ldata->icanon && !L_EXTPROC(tty))
1650		return;
1651
1652	/* publish read_head to consumer */
1653	smp_store_release(&ldata->commit_head, ldata->read_head);
1654
1655	if (read_cnt(ldata)) {
1656		kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1657		wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1658	}
1659}
1660
1661/**
1662 * n_tty_receive_buf_common	-	process input
1663 * @tty: device to receive input
1664 * @cp: input chars
1665 * @fp: flags for each char (if %NULL, all chars are %TTY_NORMAL)
1666 * @count: number of input chars in @cp
1667 * @flow: enable flow control
1668 *
1669 * Called by the terminal driver when a block of characters has been received.
1670 * This function must be called from soft contexts not from interrupt context.
1671 * The driver is responsible for making calls one at a time and in order (or
1672 * using flush_to_ldisc()).
1673 *
1674 * Returns: the # of input chars from @cp which were processed.
1675 *
1676 * In canonical mode, the maximum line length is 4096 chars (including the line
1677 * termination char); lines longer than 4096 chars are truncated. After 4095
1678 * chars, input data is still processed but not stored. Overflow processing
1679 * ensures the tty can always receive more input until at least one line can be
1680 * read.
1681 *
1682 * In non-canonical mode, the read buffer will only accept 4095 chars; this
1683 * provides the necessary space for a newline char if the input mode is
1684 * switched to canonical.
1685 *
1686 * Note it is possible for the read buffer to _contain_ 4096 chars in
1687 * non-canonical mode: the read buffer could already contain the maximum canon
1688 * line of 4096 chars when the mode is switched to non-canonical.
1689 *
1690 * Locking: n_tty_receive_buf()/producer path:
1691 *	claims non-exclusive %termios_rwsem
1692 *	publishes commit_head or canon_head
1693 */
1694static size_t
1695n_tty_receive_buf_common(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1696			 size_t count, bool flow)
1697{
1698	struct n_tty_data *ldata = tty->disc_data;
1699	size_t n, rcvd = 0;
1700	int room, overflow;
1701
1702	down_read(&tty->termios_rwsem);
1703
1704	do {
1705		/*
1706		 * When PARMRK is set, each input char may take up to 3 chars
1707		 * in the read buf; reduce the buffer space avail by 3x
1708		 *
1709		 * If we are doing input canonicalization, and there are no
1710		 * pending newlines, let characters through without limit, so
1711		 * that erase characters will be handled.  Other excess
1712		 * characters will be beeped.
1713		 *
1714		 * paired with store in *_copy_from_read_buf() -- guarantees
1715		 * the consumer has loaded the data in read_buf up to the new
1716		 * read_tail (so this producer will not overwrite unread data)
1717		 */
1718		size_t tail = smp_load_acquire(&ldata->read_tail);
1719
1720		room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1721		if (I_PARMRK(tty))
1722			room = DIV_ROUND_UP(room, 3);
1723		room--;
1724		if (room <= 0) {
1725			overflow = ldata->icanon && ldata->canon_head == tail;
1726			if (overflow && room < 0)
1727				ldata->read_head--;
1728			room = overflow;
1729			WRITE_ONCE(ldata->no_room, flow && !room);
1730		} else
1731			overflow = 0;
1732
1733		n = min_t(size_t, count, room);
1734		if (!n)
1735			break;
1736
1737		/* ignore parity errors if handling overflow */
1738		if (!overflow || !fp || *fp != TTY_PARITY)
1739			__receive_buf(tty, cp, fp, n);
1740
1741		cp += n;
1742		if (fp)
1743			fp += n;
1744		count -= n;
1745		rcvd += n;
1746	} while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1747
1748	tty->receive_room = room;
1749
1750	/* Unthrottle if handling overflow on pty */
1751	if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1752		if (overflow) {
1753			tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1754			tty_unthrottle_safe(tty);
1755			__tty_set_flow_change(tty, 0);
1756		}
1757	} else
1758		n_tty_check_throttle(tty);
1759
1760	if (unlikely(ldata->no_room)) {
1761		/*
1762		 * Barrier here is to ensure to read the latest read_tail in
1763		 * chars_in_buffer() and to make sure that read_tail is not loaded
1764		 * before ldata->no_room is set.
1765		 */
1766		smp_mb();
1767		if (!chars_in_buffer(tty))
1768			n_tty_kick_worker(tty);
1769	}
1770
1771	up_read(&tty->termios_rwsem);
1772
1773	return rcvd;
1774}
1775
1776static void n_tty_receive_buf(struct tty_struct *tty, const u8 *cp,
1777			      const u8 *fp, size_t count)
1778{
1779	n_tty_receive_buf_common(tty, cp, fp, count, false);
1780}
1781
1782static size_t n_tty_receive_buf2(struct tty_struct *tty, const u8 *cp,
1783				 const u8 *fp, size_t count)
1784{
1785	return n_tty_receive_buf_common(tty, cp, fp, count, true);
1786}
1787
1788/**
1789 * n_tty_set_termios	-	termios data changed
1790 * @tty: terminal
1791 * @old: previous data
1792 *
1793 * Called by the tty layer when the user changes termios flags so that the line
1794 * discipline can plan ahead. This function cannot sleep and is protected from
1795 * re-entry by the tty layer. The user is guaranteed that this function will
1796 * not be re-entered or in progress when the ldisc is closed.
1797 *
1798 * Locking: Caller holds @tty->termios_rwsem
1799 */
1800static void n_tty_set_termios(struct tty_struct *tty, const struct ktermios *old)
1801{
1802	struct n_tty_data *ldata = tty->disc_data;
1803
1804	if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1805		bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1806		ldata->line_start = ldata->read_tail;
1807		if (!L_ICANON(tty) || !read_cnt(ldata)) {
1808			ldata->canon_head = ldata->read_tail;
1809			ldata->push = 0;
1810		} else {
1811			set_bit(MASK(ldata->read_head - 1), ldata->read_flags);
1812			ldata->canon_head = ldata->read_head;
1813			ldata->push = 1;
1814		}
1815		ldata->commit_head = ldata->read_head;
1816		ldata->erasing = 0;
1817		ldata->lnext = 0;
1818	}
1819
1820	ldata->icanon = (L_ICANON(tty) != 0);
1821
1822	if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1823	    I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1824	    I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1825	    I_PARMRK(tty)) {
1826		bitmap_zero(ldata->char_map, 256);
1827
1828		if (I_IGNCR(tty) || I_ICRNL(tty))
1829			set_bit('\r', ldata->char_map);
1830		if (I_INLCR(tty))
1831			set_bit('\n', ldata->char_map);
1832
1833		if (L_ICANON(tty)) {
1834			set_bit(ERASE_CHAR(tty), ldata->char_map);
1835			set_bit(KILL_CHAR(tty), ldata->char_map);
1836			set_bit(EOF_CHAR(tty), ldata->char_map);
1837			set_bit('\n', ldata->char_map);
1838			set_bit(EOL_CHAR(tty), ldata->char_map);
1839			if (L_IEXTEN(tty)) {
1840				set_bit(WERASE_CHAR(tty), ldata->char_map);
1841				set_bit(LNEXT_CHAR(tty), ldata->char_map);
1842				set_bit(EOL2_CHAR(tty), ldata->char_map);
1843				if (L_ECHO(tty))
1844					set_bit(REPRINT_CHAR(tty),
1845						ldata->char_map);
1846			}
1847		}
1848		if (I_IXON(tty)) {
1849			set_bit(START_CHAR(tty), ldata->char_map);
1850			set_bit(STOP_CHAR(tty), ldata->char_map);
1851		}
1852		if (L_ISIG(tty)) {
1853			set_bit(INTR_CHAR(tty), ldata->char_map);
1854			set_bit(QUIT_CHAR(tty), ldata->char_map);
1855			set_bit(SUSP_CHAR(tty), ldata->char_map);
1856		}
1857		clear_bit(__DISABLED_CHAR, ldata->char_map);
1858		ldata->raw = 0;
1859		ldata->real_raw = 0;
1860	} else {
1861		ldata->raw = 1;
1862		if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1863		    (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1864		    (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1865			ldata->real_raw = 1;
1866		else
1867			ldata->real_raw = 0;
1868	}
1869	/*
1870	 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1871	 * been stopped by STOP_CHAR(tty) before it.
1872	 */
1873	if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1874		start_tty(tty);
1875		process_echoes(tty);
1876	}
1877
1878	/* The termios change make the tty ready for I/O */
1879	wake_up_interruptible(&tty->write_wait);
1880	wake_up_interruptible(&tty->read_wait);
1881}
1882
1883/**
1884 * n_tty_close		-	close the ldisc for this tty
1885 * @tty: device
1886 *
1887 * Called from the terminal layer when this line discipline is being shut down,
1888 * either because of a close or becsuse of a discipline change. The function
1889 * will not be called while other ldisc methods are in progress.
1890 */
1891static void n_tty_close(struct tty_struct *tty)
1892{
1893	struct n_tty_data *ldata = tty->disc_data;
1894
1895	if (tty->link)
1896		n_tty_packet_mode_flush(tty);
1897
1898	down_write(&tty->termios_rwsem);
1899	vfree(ldata);
1900	tty->disc_data = NULL;
1901	up_write(&tty->termios_rwsem);
1902}
1903
1904/**
1905 * n_tty_open		-	open an ldisc
1906 * @tty: terminal to open
1907 *
1908 * Called when this line discipline is being attached to the terminal device.
1909 * Can sleep. Called serialized so that no other events will occur in parallel.
1910 * No further open will occur until a close.
1911 */
1912static int n_tty_open(struct tty_struct *tty)
1913{
1914	struct n_tty_data *ldata;
1915
1916	/* Currently a malloc failure here can panic */
1917	ldata = vzalloc(sizeof(*ldata));
1918	if (!ldata)
1919		return -ENOMEM;
1920
1921	ldata->overrun_time = jiffies;
1922	mutex_init(&ldata->atomic_read_lock);
1923	mutex_init(&ldata->output_lock);
1924
1925	tty->disc_data = ldata;
1926	tty->closing = 0;
1927	/* indicate buffer work may resume */
1928	clear_bit(TTY_LDISC_HALTED, &tty->flags);
1929	n_tty_set_termios(tty, NULL);
1930	tty_unthrottle(tty);
1931	return 0;
1932}
1933
1934static inline int input_available_p(const struct tty_struct *tty, int poll)
1935{
1936	const struct n_tty_data *ldata = tty->disc_data;
1937	int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1938
1939	if (ldata->icanon && !L_EXTPROC(tty))
1940		return ldata->canon_head != ldata->read_tail;
1941	else
1942		return ldata->commit_head - ldata->read_tail >= amt;
1943}
1944
1945/**
1946 * copy_from_read_buf	-	copy read data directly
1947 * @tty: terminal device
1948 * @kbp: data
1949 * @nr: size of data
1950 *
1951 * Helper function to speed up n_tty_read(). It is only called when %ICANON is
1952 * off; it copies characters straight from the tty queue.
1953 *
1954 * Returns: true if it successfully copied data, but there is still more data
1955 * to be had.
1956 *
1957 * Locking:
1958 *  * called under the @ldata->atomic_read_lock sem
1959 *  * n_tty_read()/consumer path:
1960 *		caller holds non-exclusive %termios_rwsem;
1961 *		read_tail published
1962 */
1963static bool copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
1964			       size_t *nr)
1965
1966{
1967	struct n_tty_data *ldata = tty->disc_data;
1968	size_t n;
1969	bool is_eof;
1970	size_t head = smp_load_acquire(&ldata->commit_head);
1971	size_t tail = MASK(ldata->read_tail);
1972
1973	n = min3(head - ldata->read_tail, N_TTY_BUF_SIZE - tail, *nr);
1974	if (!n)
1975		return false;
1976
1977	u8 *from = read_buf_addr(ldata, tail);
1978	memcpy(*kbp, from, n);
1979	is_eof = n == 1 && *from == EOF_CHAR(tty);
1980	tty_audit_add_data(tty, from, n);
1981	zero_buffer(tty, from, n);
1982	smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1983
1984	/* Turn single EOF into zero-length read */
1985	if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1986	    head == ldata->read_tail)
1987		return false;
1988
1989	*kbp += n;
1990	*nr -= n;
1991
1992	/* If we have more to copy, let the caller know */
1993	return head != ldata->read_tail;
1994}
1995
1996/**
1997 * canon_copy_from_read_buf	-	copy read data in canonical mode
1998 * @tty: terminal device
1999 * @kbp: data
2000 * @nr: size of data
2001 *
2002 * Helper function for n_tty_read(). It is only called when %ICANON is on; it
2003 * copies one line of input up to and including the line-delimiting character
2004 * into the result buffer.
2005 *
2006 * Note: When termios is changed from non-canonical to canonical mode and the
2007 * read buffer contains data, n_tty_set_termios() simulates an EOF push (as if
2008 * C-d were input) _without_ the %DISABLED_CHAR in the buffer. This causes data
2009 * already processed as input to be immediately available as input although a
2010 * newline has not been received.
2011 *
2012 * Locking:
2013 *  * called under the %atomic_read_lock mutex
2014 *  * n_tty_read()/consumer path:
2015 *	caller holds non-exclusive %termios_rwsem;
2016 *	read_tail published
2017 */
2018static bool canon_copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
2019				     size_t *nr)
2020{
2021	struct n_tty_data *ldata = tty->disc_data;
2022	size_t n, size, more, c;
2023	size_t eol;
2024	size_t tail, canon_head;
2025	int found = 0;
2026
2027	/* N.B. avoid overrun if nr == 0 */
2028	if (!*nr)
2029		return false;
2030
2031	canon_head = smp_load_acquire(&ldata->canon_head);
2032	n = min(*nr, canon_head - ldata->read_tail);
2033
2034	tail = MASK(ldata->read_tail);
2035	size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2036
2037	n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2038		    __func__, *nr, tail, n, size);
2039
2040	eol = find_next_bit(ldata->read_flags, size, tail);
2041	more = n - (size - tail);
2042	if (eol == N_TTY_BUF_SIZE && more) {
2043		/* scan wrapped without finding set bit */
2044		eol = find_first_bit(ldata->read_flags, more);
2045		found = eol != more;
2046	} else
2047		found = eol != size;
2048
2049	n = eol - tail;
2050	if (n > N_TTY_BUF_SIZE)
2051		n += N_TTY_BUF_SIZE;
2052	c = n + found;
2053
2054	if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2055		n = c;
2056
2057	n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2058		    __func__, eol, found, n, c, tail, more);
2059
2060	tty_copy(tty, *kbp, tail, n);
2061	*kbp += n;
2062	*nr -= n;
2063
2064	if (found)
2065		clear_bit(eol, ldata->read_flags);
2066	smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2067
2068	if (found) {
2069		if (!ldata->push)
2070			ldata->line_start = ldata->read_tail;
2071		else
2072			ldata->push = 0;
2073		tty_audit_push();
2074		return false;
2075	}
2076
2077	/* No EOL found - do a continuation retry if there is more data */
2078	return ldata->read_tail != canon_head;
2079}
2080
2081/*
2082 * If we finished a read at the exact location of an
2083 * EOF (special EOL character that's a __DISABLED_CHAR)
2084 * in the stream, silently eat the EOF.
2085 */
2086static void canon_skip_eof(struct n_tty_data *ldata)
2087{
2088	size_t tail, canon_head;
2089
2090	canon_head = smp_load_acquire(&ldata->canon_head);
2091	tail = ldata->read_tail;
2092
2093	// No data?
2094	if (tail == canon_head)
2095		return;
2096
2097	// See if the tail position is EOF in the circular buffer
2098	tail &= (N_TTY_BUF_SIZE - 1);
2099	if (!test_bit(tail, ldata->read_flags))
2100		return;
2101	if (read_buf(ldata, tail) != __DISABLED_CHAR)
2102		return;
2103
2104	// Clear the EOL bit, skip the EOF char.
2105	clear_bit(tail, ldata->read_flags);
2106	smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2107}
2108
2109/**
2110 * job_control		-	check job control
2111 * @tty: tty
2112 * @file: file handle
2113 *
2114 * Perform job control management checks on this @file/@tty descriptor and if
2115 * appropriate send any needed signals and return a negative error code if
2116 * action should be taken.
2117 *
2118 * Locking:
2119 *  * redirected write test is safe
2120 *  * current->signal->tty check is safe
2121 *  * ctrl.lock to safely reference @tty->ctrl.pgrp
2122 */
2123static int job_control(struct tty_struct *tty, struct file *file)
2124{
2125	/* Job control check -- must be done at start and after
2126	   every sleep (POSIX.1 7.1.1.4). */
2127	/* NOTE: not yet done after every sleep pending a thorough
2128	   check of the logic of this change. -- jlc */
2129	/* don't stop on /dev/console */
2130	if (file->f_op->write_iter == redirected_tty_write)
2131		return 0;
2132
2133	return __tty_check_change(tty, SIGTTIN);
2134}
2135
2136
2137/**
2138 * n_tty_read		-	read function for tty
2139 * @tty: tty device
2140 * @file: file object
2141 * @kbuf: kernelspace buffer pointer
2142 * @nr: size of I/O
2143 * @cookie: if non-%NULL, this is a continuation read
2144 * @offset: where to continue reading from (unused in n_tty)
2145 *
2146 * Perform reads for the line discipline. We are guaranteed that the line
2147 * discipline will not be closed under us but we may get multiple parallel
2148 * readers and must handle this ourselves. We may also get a hangup. Always
2149 * called in user context, may sleep.
2150 *
2151 * This code must be sure never to sleep through a hangup.
2152 *
2153 * Locking: n_tty_read()/consumer path:
2154 *	claims non-exclusive termios_rwsem;
2155 *	publishes read_tail
2156 */
2157static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, u8 *kbuf,
2158			  size_t nr, void **cookie, unsigned long offset)
2159{
2160	struct n_tty_data *ldata = tty->disc_data;
2161	u8 *kb = kbuf;
2162	DEFINE_WAIT_FUNC(wait, woken_wake_function);
2163	int minimum, time;
2164	ssize_t retval;
2165	long timeout;
2166	bool packet;
2167	size_t old_tail;
2168
2169	/*
2170	 * Is this a continuation of a read started earler?
2171	 *
2172	 * If so, we still hold the atomic_read_lock and the
2173	 * termios_rwsem, and can just continue to copy data.
2174	 */
2175	if (*cookie) {
2176		if (ldata->icanon && !L_EXTPROC(tty)) {
2177			/*
2178			 * If we have filled the user buffer, see
2179			 * if we should skip an EOF character before
2180			 * releasing the lock and returning done.
2181			 */
2182			if (!nr)
2183				canon_skip_eof(ldata);
2184			else if (canon_copy_from_read_buf(tty, &kb, &nr))
2185				return kb - kbuf;
2186		} else {
2187			if (copy_from_read_buf(tty, &kb, &nr))
2188				return kb - kbuf;
2189		}
2190
2191		/* No more data - release locks and stop retries */
2192		n_tty_kick_worker(tty);
2193		n_tty_check_unthrottle(tty);
2194		up_read(&tty->termios_rwsem);
2195		mutex_unlock(&ldata->atomic_read_lock);
2196		*cookie = NULL;
2197		return kb - kbuf;
2198	}
2199
2200	retval = job_control(tty, file);
2201	if (retval < 0)
2202		return retval;
2203
2204	/*
2205	 *	Internal serialization of reads.
2206	 */
2207	if (file->f_flags & O_NONBLOCK) {
2208		if (!mutex_trylock(&ldata->atomic_read_lock))
2209			return -EAGAIN;
2210	} else {
2211		if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2212			return -ERESTARTSYS;
2213	}
2214
2215	down_read(&tty->termios_rwsem);
2216
2217	minimum = time = 0;
2218	timeout = MAX_SCHEDULE_TIMEOUT;
2219	if (!ldata->icanon) {
2220		minimum = MIN_CHAR(tty);
2221		if (minimum) {
2222			time = (HZ / 10) * TIME_CHAR(tty);
2223		} else {
2224			timeout = (HZ / 10) * TIME_CHAR(tty);
2225			minimum = 1;
2226		}
2227	}
2228
2229	packet = tty->ctrl.packet;
2230	old_tail = ldata->read_tail;
2231
2232	add_wait_queue(&tty->read_wait, &wait);
2233	while (nr) {
2234		/* First test for status change. */
2235		if (packet && tty->link->ctrl.pktstatus) {
2236			u8 cs;
2237			if (kb != kbuf)
2238				break;
2239			spin_lock_irq(&tty->link->ctrl.lock);
2240			cs = tty->link->ctrl.pktstatus;
2241			tty->link->ctrl.pktstatus = 0;
2242			spin_unlock_irq(&tty->link->ctrl.lock);
2243			*kb++ = cs;
2244			nr--;
2245			break;
2246		}
2247
2248		if (!input_available_p(tty, 0)) {
2249			up_read(&tty->termios_rwsem);
2250			tty_buffer_flush_work(tty->port);
2251			down_read(&tty->termios_rwsem);
2252			if (!input_available_p(tty, 0)) {
2253				if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2254					retval = -EIO;
2255					break;
2256				}
2257				if (tty_hung_up_p(file))
2258					break;
2259				/*
2260				 * Abort readers for ttys which never actually
2261				 * get hung up.  See __tty_hangup().
2262				 */
2263				if (test_bit(TTY_HUPPING, &tty->flags))
2264					break;
2265				if (!timeout)
2266					break;
2267				if (tty_io_nonblock(tty, file)) {
2268					retval = -EAGAIN;
2269					break;
2270				}
2271				if (signal_pending(current)) {
2272					retval = -ERESTARTSYS;
2273					break;
2274				}
2275				up_read(&tty->termios_rwsem);
2276
2277				timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2278						timeout);
2279
2280				down_read(&tty->termios_rwsem);
2281				continue;
2282			}
2283		}
2284
2285		if (ldata->icanon && !L_EXTPROC(tty)) {
2286			if (canon_copy_from_read_buf(tty, &kb, &nr))
2287				goto more_to_be_read;
2288		} else {
2289			/* Deal with packet mode. */
2290			if (packet && kb == kbuf) {
2291				*kb++ = TIOCPKT_DATA;
2292				nr--;
2293			}
2294
2295			/*
2296			 * Copy data, and if there is more to be had
2297			 * and we have nothing more to wait for, then
2298			 * let's mark us for retries.
2299			 *
2300			 * NOTE! We return here with both the termios_sem
2301			 * and atomic_read_lock still held, the retries
2302			 * will release them when done.
2303			 */
2304			if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2305more_to_be_read:
2306				remove_wait_queue(&tty->read_wait, &wait);
2307				*cookie = cookie;
2308				return kb - kbuf;
2309			}
2310		}
2311
2312		n_tty_check_unthrottle(tty);
2313
2314		if (kb - kbuf >= minimum)
2315			break;
2316		if (time)
2317			timeout = time;
2318	}
2319	if (old_tail != ldata->read_tail) {
2320		/*
2321		 * Make sure no_room is not read in n_tty_kick_worker()
2322		 * before setting ldata->read_tail in copy_from_read_buf().
2323		 */
2324		smp_mb();
2325		n_tty_kick_worker(tty);
2326	}
2327	up_read(&tty->termios_rwsem);
2328
2329	remove_wait_queue(&tty->read_wait, &wait);
2330	mutex_unlock(&ldata->atomic_read_lock);
2331
2332	if (kb - kbuf)
2333		retval = kb - kbuf;
2334
2335	return retval;
2336}
2337
2338/**
2339 * n_tty_write		-	write function for tty
2340 * @tty: tty device
2341 * @file: file object
2342 * @buf: userspace buffer pointer
2343 * @nr: size of I/O
2344 *
2345 * Write function of the terminal device. This is serialized with respect to
2346 * other write callers but not to termios changes, reads and other such events.
2347 * Since the receive code will echo characters, thus calling driver write
2348 * methods, the %output_lock is used in the output processing functions called
2349 * here as well as in the echo processing function to protect the column state
2350 * and space left in the buffer.
2351 *
2352 * This code must be sure never to sleep through a hangup.
2353 *
2354 * Locking: output_lock to protect column state and space left
2355 *	 (note that the process_output*() functions take this lock themselves)
2356 */
2357
2358static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2359			   const u8 *buf, size_t nr)
2360{
2361	const u8 *b = buf;
2362	DEFINE_WAIT_FUNC(wait, woken_wake_function);
2363	ssize_t num, retval = 0;
2364
2365	/* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2366	if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2367		retval = tty_check_change(tty);
2368		if (retval)
2369			return retval;
2370	}
2371
2372	down_read(&tty->termios_rwsem);
2373
2374	/* Write out any echoed characters that are still pending */
2375	process_echoes(tty);
2376
2377	add_wait_queue(&tty->write_wait, &wait);
2378	while (1) {
2379		if (signal_pending(current)) {
2380			retval = -ERESTARTSYS;
2381			break;
2382		}
2383		if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2384			retval = -EIO;
2385			break;
2386		}
2387		if (O_OPOST(tty)) {
2388			while (nr > 0) {
2389				num = process_output_block(tty, b, nr);
2390				if (num < 0) {
2391					if (num == -EAGAIN)
2392						break;
2393					retval = num;
2394					goto break_out;
2395				}
2396				b += num;
2397				nr -= num;
2398				if (nr == 0)
2399					break;
2400				if (process_output(*b, tty) < 0)
2401					break;
2402				b++; nr--;
2403			}
2404			if (tty->ops->flush_chars)
2405				tty->ops->flush_chars(tty);
2406		} else {
2407			struct n_tty_data *ldata = tty->disc_data;
2408
2409			while (nr > 0) {
2410				mutex_lock(&ldata->output_lock);
2411				num = tty->ops->write(tty, b, nr);
2412				mutex_unlock(&ldata->output_lock);
2413				if (num < 0) {
2414					retval = num;
2415					goto break_out;
2416				}
2417				if (!num)
2418					break;
2419				b += num;
2420				nr -= num;
2421			}
2422		}
2423		if (!nr)
2424			break;
2425		if (tty_io_nonblock(tty, file)) {
2426			retval = -EAGAIN;
2427			break;
2428		}
2429		up_read(&tty->termios_rwsem);
2430
2431		wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2432
2433		down_read(&tty->termios_rwsem);
2434	}
2435break_out:
2436	remove_wait_queue(&tty->write_wait, &wait);
2437	if (nr && tty->fasync)
2438		set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2439	up_read(&tty->termios_rwsem);
2440	return (b - buf) ? b - buf : retval;
2441}
2442
2443/**
2444 * n_tty_poll		-	poll method for N_TTY
2445 * @tty: terminal device
2446 * @file: file accessing it
2447 * @wait: poll table
2448 *
2449 * Called when the line discipline is asked to poll() for data or for special
2450 * events. This code is not serialized with respect to other events save
2451 * open/close.
2452 *
2453 * This code must be sure never to sleep through a hangup.
2454 *
2455 * Locking: called without the kernel lock held -- fine.
2456 */
2457static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2458							poll_table *wait)
2459{
2460	__poll_t mask = 0;
2461
2462	poll_wait(file, &tty->read_wait, wait);
2463	poll_wait(file, &tty->write_wait, wait);
2464	if (input_available_p(tty, 1))
2465		mask |= EPOLLIN | EPOLLRDNORM;
2466	else {
2467		tty_buffer_flush_work(tty->port);
2468		if (input_available_p(tty, 1))
2469			mask |= EPOLLIN | EPOLLRDNORM;
2470	}
2471	if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2472		mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2473	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2474		mask |= EPOLLHUP;
2475	if (tty_hung_up_p(file))
2476		mask |= EPOLLHUP;
2477	if (tty->ops->write && !tty_is_writelocked(tty) &&
2478			tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2479			tty_write_room(tty) > 0)
2480		mask |= EPOLLOUT | EPOLLWRNORM;
2481	return mask;
2482}
2483
2484static unsigned long inq_canon(struct n_tty_data *ldata)
2485{
2486	size_t nr, head, tail;
2487
2488	if (ldata->canon_head == ldata->read_tail)
2489		return 0;
2490	head = ldata->canon_head;
2491	tail = ldata->read_tail;
2492	nr = head - tail;
2493	/* Skip EOF-chars.. */
2494	while (MASK(head) != MASK(tail)) {
2495		if (test_bit(MASK(tail), ldata->read_flags) &&
2496		    read_buf(ldata, tail) == __DISABLED_CHAR)
2497			nr--;
2498		tail++;
2499	}
2500	return nr;
2501}
2502
2503static int n_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
2504		       unsigned long arg)
2505{
2506	struct n_tty_data *ldata = tty->disc_data;
2507	unsigned int num;
2508
2509	switch (cmd) {
2510	case TIOCOUTQ:
2511		return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2512	case TIOCINQ:
2513		down_write(&tty->termios_rwsem);
2514		if (L_ICANON(tty) && !L_EXTPROC(tty))
2515			num = inq_canon(ldata);
2516		else
2517			num = read_cnt(ldata);
2518		up_write(&tty->termios_rwsem);
2519		return put_user(num, (unsigned int __user *) arg);
2520	default:
2521		return n_tty_ioctl_helper(tty, cmd, arg);
2522	}
2523}
2524
2525static struct tty_ldisc_ops n_tty_ops = {
2526	.owner		 = THIS_MODULE,
2527	.num		 = N_TTY,
2528	.name            = "n_tty",
2529	.open            = n_tty_open,
2530	.close           = n_tty_close,
2531	.flush_buffer    = n_tty_flush_buffer,
2532	.read            = n_tty_read,
2533	.write           = n_tty_write,
2534	.ioctl           = n_tty_ioctl,
2535	.set_termios     = n_tty_set_termios,
2536	.poll            = n_tty_poll,
2537	.receive_buf     = n_tty_receive_buf,
2538	.write_wakeup    = n_tty_write_wakeup,
2539	.receive_buf2	 = n_tty_receive_buf2,
2540	.lookahead_buf	 = n_tty_lookahead_flow_ctrl,
2541};
2542
2543/**
2544 *	n_tty_inherit_ops	-	inherit N_TTY methods
2545 *	@ops: struct tty_ldisc_ops where to save N_TTY methods
2546 *
2547 *	Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2548 */
2549
2550void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2551{
2552	*ops = n_tty_ops;
2553	ops->owner = NULL;
2554}
2555EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2556
2557void __init n_tty_init(void)
2558{
2559	tty_register_ldisc(&n_tty_ops);
2560}