1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/types.h>
32 #include <linux/major.h>
33 #include <linux/errno.h>
34 #include <linux/signal.h>
35 #include <linux/fcntl.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/tty.h>
39 #include <linux/timer.h>
40 #include <linux/ctype.h>
41 #include <linux/mm.h>
42 #include <linux/string.h>
43 #include <linux/slab.h>
44 #include <linux/poll.h>
45 #include <linux/bitops.h>
46 #include <linux/audit.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/ratelimit.h>
51 #include <linux/vmalloc.h>
52
53 /*
54 * Until this number of characters is queued in the xmit buffer, select will
55 * return "we have room for writes".
56 */
57 #define WAKEUP_CHARS 256
58
59 /*
60 * This defines the low- and high-watermarks for throttling and
61 * unthrottling the TTY driver. These watermarks are used for
62 * controlling the space in the read buffer.
63 */
64 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
65 #define TTY_THRESHOLD_UNTHROTTLE 128
66
67 /*
68 * Special byte codes used in the echo buffer to represent operations
69 * or special handling of characters. Bytes in the echo buffer that
70 * are not part of such special blocks are treated as normal character
71 * codes.
72 */
73 #define ECHO_OP_START 0xff
74 #define ECHO_OP_MOVE_BACK_COL 0x80
75 #define ECHO_OP_SET_CANON_COL 0x81
76 #define ECHO_OP_ERASE_TAB 0x82
77
78 #define ECHO_COMMIT_WATERMARK 256
79 #define ECHO_BLOCK 256
80 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
81
82
83 #undef N_TTY_TRACE
84 #ifdef N_TTY_TRACE
85 # define n_tty_trace(f, args...) trace_printk(f, ##args)
86 #else
87 # define n_tty_trace(f, args...)
88 #endif
89
90 struct n_tty_data {
91 /* producer-published */
92 size_t read_head;
93 size_t commit_head;
94 size_t canon_head;
95 size_t echo_head;
96 size_t echo_commit;
97 size_t echo_mark;
98 DECLARE_BITMAP(char_map, 256);
99
100 /* private to n_tty_receive_overrun (single-threaded) */
101 unsigned long overrun_time;
102 int num_overrun;
103
104 /* non-atomic */
105 bool no_room;
106
107 /* must hold exclusive termios_rwsem to reset these */
108 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
109 unsigned char push:1;
110
111 /* shared by producer and consumer */
112 char read_buf[N_TTY_BUF_SIZE];
113 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
114 unsigned char echo_buf[N_TTY_BUF_SIZE];
115
116 /* consumer-published */
117 size_t read_tail;
118 size_t line_start;
119
120 /* protected by output lock */
121 unsigned int column;
122 unsigned int canon_column;
123 size_t echo_tail;
124
125 struct mutex atomic_read_lock;
126 struct mutex output_lock;
127 };
128
129 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
130
read_cnt(struct n_tty_data * ldata)131 static inline size_t read_cnt(struct n_tty_data *ldata)
132 {
133 return ldata->read_head - ldata->read_tail;
134 }
135
read_buf(struct n_tty_data * ldata,size_t i)136 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
137 {
138 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
139 }
140
read_buf_addr(struct n_tty_data * ldata,size_t i)141 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
142 {
143 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
144 }
145
echo_buf(struct n_tty_data * ldata,size_t i)146 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
147 {
148 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
149 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
150 }
151
echo_buf_addr(struct n_tty_data * ldata,size_t i)152 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
153 {
154 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
155 }
156
157 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(struct tty_struct * tty,u8 * buffer,int size)158 static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
159 {
160 bool icanon = !!L_ICANON(tty);
161 bool no_echo = !L_ECHO(tty);
162
163 if (icanon && no_echo)
164 memset(buffer, 0x00, size);
165 }
166
tty_copy_to_user(struct tty_struct * tty,void __user * to,size_t tail,size_t n)167 static int tty_copy_to_user(struct tty_struct *tty, void __user *to,
168 size_t tail, size_t n)
169 {
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173 int uncopied;
174
175 if (n > size) {
176 tty_audit_add_data(tty, from, size);
177 uncopied = copy_to_user(to, from, size);
178 zero_buffer(tty, from, size - uncopied);
179 if (uncopied)
180 return uncopied;
181 to += size;
182 n -= size;
183 from = ldata->read_buf;
184 }
185
186 tty_audit_add_data(tty, from, n);
187 uncopied = copy_to_user(to, from, n);
188 zero_buffer(tty, from, n - uncopied);
189 return uncopied;
190 }
191
192 /**
193 * n_tty_kick_worker - start input worker (if required)
194 * @tty: terminal
195 *
196 * Re-schedules the flip buffer work if it may have stopped
197 *
198 * Caller holds exclusive termios_rwsem
199 * or
200 * n_tty_read()/consumer path:
201 * holds non-exclusive termios_rwsem
202 */
203
n_tty_kick_worker(struct tty_struct * tty)204 static void n_tty_kick_worker(struct tty_struct *tty)
205 {
206 struct n_tty_data *ldata = tty->disc_data;
207
208 /* Did the input worker stop? Restart it */
209 if (unlikely(ldata->no_room)) {
210 ldata->no_room = 0;
211
212 WARN_RATELIMIT(tty->port->itty == NULL,
213 "scheduling with invalid itty\n");
214 /* see if ldisc has been killed - if so, this means that
215 * even though the ldisc has been halted and ->buf.work
216 * cancelled, ->buf.work is about to be rescheduled
217 */
218 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
219 "scheduling buffer work for halted ldisc\n");
220 tty_buffer_restart_work(tty->port);
221 }
222 }
223
chars_in_buffer(struct tty_struct * tty)224 static ssize_t chars_in_buffer(struct tty_struct *tty)
225 {
226 struct n_tty_data *ldata = tty->disc_data;
227 ssize_t n = 0;
228
229 if (!ldata->icanon)
230 n = ldata->commit_head - ldata->read_tail;
231 else
232 n = ldata->canon_head - ldata->read_tail;
233 return n;
234 }
235
236 /**
237 * n_tty_write_wakeup - asynchronous I/O notifier
238 * @tty: tty device
239 *
240 * Required for the ptys, serial driver etc. since processes
241 * that attach themselves to the master and rely on ASYNC
242 * IO must be woken up
243 */
244
n_tty_write_wakeup(struct tty_struct * tty)245 static void n_tty_write_wakeup(struct tty_struct *tty)
246 {
247 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
248 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
249 }
250
n_tty_check_throttle(struct tty_struct * tty)251 static void n_tty_check_throttle(struct tty_struct *tty)
252 {
253 struct n_tty_data *ldata = tty->disc_data;
254
255 /*
256 * Check the remaining room for the input canonicalization
257 * mode. We don't want to throttle the driver if we're in
258 * canonical mode and don't have a newline yet!
259 */
260 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
261 return;
262
263 while (1) {
264 int throttled;
265 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
266 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
267 break;
268 throttled = tty_throttle_safe(tty);
269 if (!throttled)
270 break;
271 }
272 __tty_set_flow_change(tty, 0);
273 }
274
n_tty_check_unthrottle(struct tty_struct * tty)275 static void n_tty_check_unthrottle(struct tty_struct *tty)
276 {
277 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
278 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
279 return;
280 n_tty_kick_worker(tty);
281 tty_wakeup(tty->link);
282 return;
283 }
284
285 /* If there is enough space in the read buffer now, let the
286 * low-level driver know. We use chars_in_buffer() to
287 * check the buffer, as it now knows about canonical mode.
288 * Otherwise, if the driver is throttled and the line is
289 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
290 * we won't get any more characters.
291 */
292
293 while (1) {
294 int unthrottled;
295 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
296 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
297 break;
298 n_tty_kick_worker(tty);
299 unthrottled = tty_unthrottle_safe(tty);
300 if (!unthrottled)
301 break;
302 }
303 __tty_set_flow_change(tty, 0);
304 }
305
306 /**
307 * put_tty_queue - add character to tty
308 * @c: character
309 * @ldata: n_tty data
310 *
311 * Add a character to the tty read_buf queue.
312 *
313 * n_tty_receive_buf()/producer path:
314 * caller holds non-exclusive termios_rwsem
315 */
316
put_tty_queue(unsigned char c,struct n_tty_data * ldata)317 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
318 {
319 *read_buf_addr(ldata, ldata->read_head) = c;
320 ldata->read_head++;
321 }
322
323 /**
324 * reset_buffer_flags - reset buffer state
325 * @tty: terminal to reset
326 *
327 * Reset the read buffer counters and clear the flags.
328 * Called from n_tty_open() and n_tty_flush_buffer().
329 *
330 * Locking: caller holds exclusive termios_rwsem
331 * (or locking is not required)
332 */
333
reset_buffer_flags(struct n_tty_data * ldata)334 static void reset_buffer_flags(struct n_tty_data *ldata)
335 {
336 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
337 ldata->commit_head = 0;
338 ldata->line_start = 0;
339
340 ldata->erasing = 0;
341 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
342 ldata->push = 0;
343 }
344
n_tty_packet_mode_flush(struct tty_struct * tty)345 static void n_tty_packet_mode_flush(struct tty_struct *tty)
346 {
347 unsigned long flags;
348
349 if (tty->link->packet) {
350 spin_lock_irqsave(&tty->ctrl_lock, flags);
351 tty->ctrl_status |= TIOCPKT_FLUSHREAD;
352 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
353 wake_up_interruptible(&tty->link->read_wait);
354 }
355 }
356
357 /**
358 * n_tty_flush_buffer - clean input queue
359 * @tty: terminal device
360 *
361 * Flush the input buffer. Called when the tty layer wants the
362 * buffer flushed (eg at hangup) or when the N_TTY line discipline
363 * internally has to clean the pending queue (for example some signals).
364 *
365 * Holds termios_rwsem to exclude producer/consumer while
366 * buffer indices are reset.
367 *
368 * Locking: ctrl_lock, exclusive termios_rwsem
369 */
370
n_tty_flush_buffer(struct tty_struct * tty)371 static void n_tty_flush_buffer(struct tty_struct *tty)
372 {
373 down_write(&tty->termios_rwsem);
374 reset_buffer_flags(tty->disc_data);
375 n_tty_kick_worker(tty);
376
377 if (tty->link)
378 n_tty_packet_mode_flush(tty);
379 up_write(&tty->termios_rwsem);
380 }
381
382 /**
383 * is_utf8_continuation - utf8 multibyte check
384 * @c: byte to check
385 *
386 * Returns true if the utf8 character 'c' is a multibyte continuation
387 * character. We use this to correctly compute the on screen size
388 * of the character when printing
389 */
390
is_utf8_continuation(unsigned char c)391 static inline int is_utf8_continuation(unsigned char c)
392 {
393 return (c & 0xc0) == 0x80;
394 }
395
396 /**
397 * is_continuation - multibyte check
398 * @c: byte to check
399 *
400 * Returns true if the utf8 character 'c' is a multibyte continuation
401 * character and the terminal is in unicode mode.
402 */
403
is_continuation(unsigned char c,struct tty_struct * tty)404 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
405 {
406 return I_IUTF8(tty) && is_utf8_continuation(c);
407 }
408
409 /**
410 * do_output_char - output one character
411 * @c: character (or partial unicode symbol)
412 * @tty: terminal device
413 * @space: space available in tty driver write buffer
414 *
415 * This is a helper function that handles one output character
416 * (including special characters like TAB, CR, LF, etc.),
417 * doing OPOST processing and putting the results in the
418 * tty driver's write buffer.
419 *
420 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
421 * and NLDLY. They simply aren't relevant in the world today.
422 * If you ever need them, add them here.
423 *
424 * Returns the number of bytes of buffer space used or -1 if
425 * no space left.
426 *
427 * Locking: should be called under the output_lock to protect
428 * the column state and space left in the buffer
429 */
430
do_output_char(unsigned char c,struct tty_struct * tty,int space)431 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
432 {
433 struct n_tty_data *ldata = tty->disc_data;
434 int spaces;
435
436 if (!space)
437 return -1;
438
439 switch (c) {
440 case '\n':
441 if (O_ONLRET(tty))
442 ldata->column = 0;
443 if (O_ONLCR(tty)) {
444 if (space < 2)
445 return -1;
446 ldata->canon_column = ldata->column = 0;
447 tty->ops->write(tty, "\r\n", 2);
448 return 2;
449 }
450 ldata->canon_column = ldata->column;
451 break;
452 case '\r':
453 if (O_ONOCR(tty) && ldata->column == 0)
454 return 0;
455 if (O_OCRNL(tty)) {
456 c = '\n';
457 if (O_ONLRET(tty))
458 ldata->canon_column = ldata->column = 0;
459 break;
460 }
461 ldata->canon_column = ldata->column = 0;
462 break;
463 case '\t':
464 spaces = 8 - (ldata->column & 7);
465 if (O_TABDLY(tty) == XTABS) {
466 if (space < spaces)
467 return -1;
468 ldata->column += spaces;
469 tty->ops->write(tty, " ", spaces);
470 return spaces;
471 }
472 ldata->column += spaces;
473 break;
474 case '\b':
475 if (ldata->column > 0)
476 ldata->column--;
477 break;
478 default:
479 if (!iscntrl(c)) {
480 if (O_OLCUC(tty))
481 c = toupper(c);
482 if (!is_continuation(c, tty))
483 ldata->column++;
484 }
485 break;
486 }
487
488 tty_put_char(tty, c);
489 return 1;
490 }
491
492 /**
493 * process_output - output post processor
494 * @c: character (or partial unicode symbol)
495 * @tty: terminal device
496 *
497 * Output one character with OPOST processing.
498 * Returns -1 when the output device is full and the character
499 * must be retried.
500 *
501 * Locking: output_lock to protect column state and space left
502 * (also, this is called from n_tty_write under the
503 * tty layer write lock)
504 */
505
process_output(unsigned char c,struct tty_struct * tty)506 static int process_output(unsigned char c, struct tty_struct *tty)
507 {
508 struct n_tty_data *ldata = tty->disc_data;
509 int space, retval;
510
511 mutex_lock(&ldata->output_lock);
512
513 space = tty_write_room(tty);
514 retval = do_output_char(c, tty, space);
515
516 mutex_unlock(&ldata->output_lock);
517 if (retval < 0)
518 return -1;
519 else
520 return 0;
521 }
522
523 /**
524 * process_output_block - block post processor
525 * @tty: terminal device
526 * @buf: character buffer
527 * @nr: number of bytes to output
528 *
529 * Output a block of characters with OPOST processing.
530 * Returns the number of characters output.
531 *
532 * This path is used to speed up block console writes, among other
533 * things when processing blocks of output data. It handles only
534 * the simple cases normally found and helps to generate blocks of
535 * symbols for the console driver and thus improve performance.
536 *
537 * Locking: output_lock to protect column state and space left
538 * (also, this is called from n_tty_write under the
539 * tty layer write lock)
540 */
541
process_output_block(struct tty_struct * tty,const unsigned char * buf,unsigned int nr)542 static ssize_t process_output_block(struct tty_struct *tty,
543 const unsigned char *buf, unsigned int nr)
544 {
545 struct n_tty_data *ldata = tty->disc_data;
546 int space;
547 int i;
548 const unsigned char *cp;
549
550 mutex_lock(&ldata->output_lock);
551
552 space = tty_write_room(tty);
553 if (space <= 0) {
554 mutex_unlock(&ldata->output_lock);
555 return space;
556 }
557 if (nr > space)
558 nr = space;
559
560 for (i = 0, cp = buf; i < nr; i++, cp++) {
561 unsigned char c = *cp;
562
563 switch (c) {
564 case '\n':
565 if (O_ONLRET(tty))
566 ldata->column = 0;
567 if (O_ONLCR(tty))
568 goto break_out;
569 ldata->canon_column = ldata->column;
570 break;
571 case '\r':
572 if (O_ONOCR(tty) && ldata->column == 0)
573 goto break_out;
574 if (O_OCRNL(tty))
575 goto break_out;
576 ldata->canon_column = ldata->column = 0;
577 break;
578 case '\t':
579 goto break_out;
580 case '\b':
581 if (ldata->column > 0)
582 ldata->column--;
583 break;
584 default:
585 if (!iscntrl(c)) {
586 if (O_OLCUC(tty))
587 goto break_out;
588 if (!is_continuation(c, tty))
589 ldata->column++;
590 }
591 break;
592 }
593 }
594 break_out:
595 i = tty->ops->write(tty, buf, i);
596
597 mutex_unlock(&ldata->output_lock);
598 return i;
599 }
600
601 /**
602 * process_echoes - write pending echo characters
603 * @tty: terminal device
604 *
605 * Write previously buffered echo (and other ldisc-generated)
606 * characters to the tty.
607 *
608 * Characters generated by the ldisc (including echoes) need to
609 * be buffered because the driver's write buffer can fill during
610 * heavy program output. Echoing straight to the driver will
611 * often fail under these conditions, causing lost characters and
612 * resulting mismatches of ldisc state information.
613 *
614 * Since the ldisc state must represent the characters actually sent
615 * to the driver at the time of the write, operations like certain
616 * changes in column state are also saved in the buffer and executed
617 * here.
618 *
619 * A circular fifo buffer is used so that the most recent characters
620 * are prioritized. Also, when control characters are echoed with a
621 * prefixed "^", the pair is treated atomically and thus not separated.
622 *
623 * Locking: callers must hold output_lock
624 */
625
__process_echoes(struct tty_struct * tty)626 static size_t __process_echoes(struct tty_struct *tty)
627 {
628 struct n_tty_data *ldata = tty->disc_data;
629 int space, old_space;
630 size_t tail;
631 unsigned char c;
632
633 old_space = space = tty_write_room(tty);
634
635 tail = ldata->echo_tail;
636 while (MASK(ldata->echo_commit) != MASK(tail)) {
637 c = echo_buf(ldata, tail);
638 if (c == ECHO_OP_START) {
639 unsigned char op;
640 int no_space_left = 0;
641
642 /*
643 * Since add_echo_byte() is called without holding
644 * output_lock, we might see only portion of multi-byte
645 * operation.
646 */
647 if (MASK(ldata->echo_commit) == MASK(tail + 1))
648 goto not_yet_stored;
649 /*
650 * If the buffer byte is the start of a multi-byte
651 * operation, get the next byte, which is either the
652 * op code or a control character value.
653 */
654 op = echo_buf(ldata, tail + 1);
655
656 switch (op) {
657 unsigned int num_chars, num_bs;
658
659 case ECHO_OP_ERASE_TAB:
660 if (MASK(ldata->echo_commit) == MASK(tail + 2))
661 goto not_yet_stored;
662 num_chars = echo_buf(ldata, tail + 2);
663
664 /*
665 * Determine how many columns to go back
666 * in order to erase the tab.
667 * This depends on the number of columns
668 * used by other characters within the tab
669 * area. If this (modulo 8) count is from
670 * the start of input rather than from a
671 * previous tab, we offset by canon column.
672 * Otherwise, tab spacing is normal.
673 */
674 if (!(num_chars & 0x80))
675 num_chars += ldata->canon_column;
676 num_bs = 8 - (num_chars & 7);
677
678 if (num_bs > space) {
679 no_space_left = 1;
680 break;
681 }
682 space -= num_bs;
683 while (num_bs--) {
684 tty_put_char(tty, '\b');
685 if (ldata->column > 0)
686 ldata->column--;
687 }
688 tail += 3;
689 break;
690
691 case ECHO_OP_SET_CANON_COL:
692 ldata->canon_column = ldata->column;
693 tail += 2;
694 break;
695
696 case ECHO_OP_MOVE_BACK_COL:
697 if (ldata->column > 0)
698 ldata->column--;
699 tail += 2;
700 break;
701
702 case ECHO_OP_START:
703 /* This is an escaped echo op start code */
704 if (!space) {
705 no_space_left = 1;
706 break;
707 }
708 tty_put_char(tty, ECHO_OP_START);
709 ldata->column++;
710 space--;
711 tail += 2;
712 break;
713
714 default:
715 /*
716 * If the op is not a special byte code,
717 * it is a ctrl char tagged to be echoed
718 * as "^X" (where X is the letter
719 * representing the control char).
720 * Note that we must ensure there is
721 * enough space for the whole ctrl pair.
722 *
723 */
724 if (space < 2) {
725 no_space_left = 1;
726 break;
727 }
728 tty_put_char(tty, '^');
729 tty_put_char(tty, op ^ 0100);
730 ldata->column += 2;
731 space -= 2;
732 tail += 2;
733 }
734
735 if (no_space_left)
736 break;
737 } else {
738 if (O_OPOST(tty)) {
739 int retval = do_output_char(c, tty, space);
740 if (retval < 0)
741 break;
742 space -= retval;
743 } else {
744 if (!space)
745 break;
746 tty_put_char(tty, c);
747 space -= 1;
748 }
749 tail += 1;
750 }
751 }
752
753 /* If the echo buffer is nearly full (so that the possibility exists
754 * of echo overrun before the next commit), then discard enough
755 * data at the tail to prevent a subsequent overrun */
756 while (ldata->echo_commit > tail &&
757 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
758 if (echo_buf(ldata, tail) == ECHO_OP_START) {
759 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
760 tail += 3;
761 else
762 tail += 2;
763 } else
764 tail++;
765 }
766
767 not_yet_stored:
768 ldata->echo_tail = tail;
769 return old_space - space;
770 }
771
commit_echoes(struct tty_struct * tty)772 static void commit_echoes(struct tty_struct *tty)
773 {
774 struct n_tty_data *ldata = tty->disc_data;
775 size_t nr, old, echoed;
776 size_t head;
777
778 mutex_lock(&ldata->output_lock);
779 head = ldata->echo_head;
780 ldata->echo_mark = head;
781 old = ldata->echo_commit - ldata->echo_tail;
782
783 /* Process committed echoes if the accumulated # of bytes
784 * is over the threshold (and try again each time another
785 * block is accumulated) */
786 nr = head - ldata->echo_tail;
787 if (nr < ECHO_COMMIT_WATERMARK ||
788 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
789 mutex_unlock(&ldata->output_lock);
790 return;
791 }
792
793 ldata->echo_commit = head;
794 echoed = __process_echoes(tty);
795 mutex_unlock(&ldata->output_lock);
796
797 if (echoed && tty->ops->flush_chars)
798 tty->ops->flush_chars(tty);
799 }
800
process_echoes(struct tty_struct * tty)801 static void process_echoes(struct tty_struct *tty)
802 {
803 struct n_tty_data *ldata = tty->disc_data;
804 size_t echoed;
805
806 if (ldata->echo_mark == ldata->echo_tail)
807 return;
808
809 mutex_lock(&ldata->output_lock);
810 ldata->echo_commit = ldata->echo_mark;
811 echoed = __process_echoes(tty);
812 mutex_unlock(&ldata->output_lock);
813
814 if (echoed && tty->ops->flush_chars)
815 tty->ops->flush_chars(tty);
816 }
817
818 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)819 static void flush_echoes(struct tty_struct *tty)
820 {
821 struct n_tty_data *ldata = tty->disc_data;
822
823 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
824 ldata->echo_commit == ldata->echo_head)
825 return;
826
827 mutex_lock(&ldata->output_lock);
828 ldata->echo_commit = ldata->echo_head;
829 __process_echoes(tty);
830 mutex_unlock(&ldata->output_lock);
831 }
832
833 /**
834 * add_echo_byte - add a byte to the echo buffer
835 * @c: unicode byte to echo
836 * @ldata: n_tty data
837 *
838 * Add a character or operation byte to the echo buffer.
839 */
840
add_echo_byte(unsigned char c,struct n_tty_data * ldata)841 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
842 {
843 *echo_buf_addr(ldata, ldata->echo_head) = c;
844 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
845 ldata->echo_head++;
846 }
847
848 /**
849 * echo_move_back_col - add operation to move back a column
850 * @ldata: n_tty data
851 *
852 * Add an operation to the echo buffer to move back one column.
853 */
854
echo_move_back_col(struct n_tty_data * ldata)855 static void echo_move_back_col(struct n_tty_data *ldata)
856 {
857 add_echo_byte(ECHO_OP_START, ldata);
858 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
859 }
860
861 /**
862 * echo_set_canon_col - add operation to set the canon column
863 * @ldata: n_tty data
864 *
865 * Add an operation to the echo buffer to set the canon column
866 * to the current column.
867 */
868
echo_set_canon_col(struct n_tty_data * ldata)869 static void echo_set_canon_col(struct n_tty_data *ldata)
870 {
871 add_echo_byte(ECHO_OP_START, ldata);
872 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
873 }
874
875 /**
876 * echo_erase_tab - add operation to erase a tab
877 * @num_chars: number of character columns already used
878 * @after_tab: true if num_chars starts after a previous tab
879 * @ldata: n_tty data
880 *
881 * Add an operation to the echo buffer to erase a tab.
882 *
883 * Called by the eraser function, which knows how many character
884 * columns have been used since either a previous tab or the start
885 * of input. This information will be used later, along with
886 * canon column (if applicable), to go back the correct number
887 * of columns.
888 */
889
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)890 static void echo_erase_tab(unsigned int num_chars, int after_tab,
891 struct n_tty_data *ldata)
892 {
893 add_echo_byte(ECHO_OP_START, ldata);
894 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
895
896 /* We only need to know this modulo 8 (tab spacing) */
897 num_chars &= 7;
898
899 /* Set the high bit as a flag if num_chars is after a previous tab */
900 if (after_tab)
901 num_chars |= 0x80;
902
903 add_echo_byte(num_chars, ldata);
904 }
905
906 /**
907 * echo_char_raw - echo a character raw
908 * @c: unicode byte to echo
909 * @tty: terminal device
910 *
911 * Echo user input back onto the screen. This must be called only when
912 * L_ECHO(tty) is true. Called from the driver receive_buf path.
913 *
914 * This variant does not treat control characters specially.
915 */
916
echo_char_raw(unsigned char c,struct n_tty_data * ldata)917 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
918 {
919 if (c == ECHO_OP_START) {
920 add_echo_byte(ECHO_OP_START, ldata);
921 add_echo_byte(ECHO_OP_START, ldata);
922 } else {
923 add_echo_byte(c, ldata);
924 }
925 }
926
927 /**
928 * echo_char - echo a character
929 * @c: unicode byte to echo
930 * @tty: terminal device
931 *
932 * Echo user input back onto the screen. This must be called only when
933 * L_ECHO(tty) is true. Called from the driver receive_buf path.
934 *
935 * This variant tags control characters to be echoed as "^X"
936 * (where X is the letter representing the control char).
937 */
938
echo_char(unsigned char c,struct tty_struct * tty)939 static void echo_char(unsigned char c, struct tty_struct *tty)
940 {
941 struct n_tty_data *ldata = tty->disc_data;
942
943 if (c == ECHO_OP_START) {
944 add_echo_byte(ECHO_OP_START, ldata);
945 add_echo_byte(ECHO_OP_START, ldata);
946 } else {
947 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
948 add_echo_byte(ECHO_OP_START, ldata);
949 add_echo_byte(c, ldata);
950 }
951 }
952
953 /**
954 * finish_erasing - complete erase
955 * @ldata: n_tty data
956 */
957
finish_erasing(struct n_tty_data * ldata)958 static inline void finish_erasing(struct n_tty_data *ldata)
959 {
960 if (ldata->erasing) {
961 echo_char_raw('/', ldata);
962 ldata->erasing = 0;
963 }
964 }
965
966 /**
967 * eraser - handle erase function
968 * @c: character input
969 * @tty: terminal device
970 *
971 * Perform erase and necessary output when an erase character is
972 * present in the stream from the driver layer. Handles the complexities
973 * of UTF-8 multibyte symbols.
974 *
975 * n_tty_receive_buf()/producer path:
976 * caller holds non-exclusive termios_rwsem
977 */
978
eraser(unsigned char c,struct tty_struct * tty)979 static void eraser(unsigned char c, struct tty_struct *tty)
980 {
981 struct n_tty_data *ldata = tty->disc_data;
982 enum { ERASE, WERASE, KILL } kill_type;
983 size_t head;
984 size_t cnt;
985 int seen_alnums;
986
987 if (ldata->read_head == ldata->canon_head) {
988 /* process_output('\a', tty); */ /* what do you think? */
989 return;
990 }
991 if (c == ERASE_CHAR(tty))
992 kill_type = ERASE;
993 else if (c == WERASE_CHAR(tty))
994 kill_type = WERASE;
995 else {
996 if (!L_ECHO(tty)) {
997 ldata->read_head = ldata->canon_head;
998 return;
999 }
1000 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
1001 ldata->read_head = ldata->canon_head;
1002 finish_erasing(ldata);
1003 echo_char(KILL_CHAR(tty), tty);
1004 /* Add a newline if ECHOK is on and ECHOKE is off. */
1005 if (L_ECHOK(tty))
1006 echo_char_raw('\n', ldata);
1007 return;
1008 }
1009 kill_type = KILL;
1010 }
1011
1012 seen_alnums = 0;
1013 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
1014 head = ldata->read_head;
1015
1016 /* erase a single possibly multibyte character */
1017 do {
1018 head--;
1019 c = read_buf(ldata, head);
1020 } while (is_continuation(c, tty) &&
1021 MASK(head) != MASK(ldata->canon_head));
1022
1023 /* do not partially erase */
1024 if (is_continuation(c, tty))
1025 break;
1026
1027 if (kill_type == WERASE) {
1028 /* Equivalent to BSD's ALTWERASE. */
1029 if (isalnum(c) || c == '_')
1030 seen_alnums++;
1031 else if (seen_alnums)
1032 break;
1033 }
1034 cnt = ldata->read_head - head;
1035 ldata->read_head = head;
1036 if (L_ECHO(tty)) {
1037 if (L_ECHOPRT(tty)) {
1038 if (!ldata->erasing) {
1039 echo_char_raw('\\', ldata);
1040 ldata->erasing = 1;
1041 }
1042 /* if cnt > 1, output a multi-byte character */
1043 echo_char(c, tty);
1044 while (--cnt > 0) {
1045 head++;
1046 echo_char_raw(read_buf(ldata, head), ldata);
1047 echo_move_back_col(ldata);
1048 }
1049 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1050 echo_char(ERASE_CHAR(tty), tty);
1051 } else if (c == '\t') {
1052 unsigned int num_chars = 0;
1053 int after_tab = 0;
1054 size_t tail = ldata->read_head;
1055
1056 /*
1057 * Count the columns used for characters
1058 * since the start of input or after a
1059 * previous tab.
1060 * This info is used to go back the correct
1061 * number of columns.
1062 */
1063 while (MASK(tail) != MASK(ldata->canon_head)) {
1064 tail--;
1065 c = read_buf(ldata, tail);
1066 if (c == '\t') {
1067 after_tab = 1;
1068 break;
1069 } else if (iscntrl(c)) {
1070 if (L_ECHOCTL(tty))
1071 num_chars += 2;
1072 } else if (!is_continuation(c, tty)) {
1073 num_chars++;
1074 }
1075 }
1076 echo_erase_tab(num_chars, after_tab, ldata);
1077 } else {
1078 if (iscntrl(c) && L_ECHOCTL(tty)) {
1079 echo_char_raw('\b', ldata);
1080 echo_char_raw(' ', ldata);
1081 echo_char_raw('\b', ldata);
1082 }
1083 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1084 echo_char_raw('\b', ldata);
1085 echo_char_raw(' ', ldata);
1086 echo_char_raw('\b', ldata);
1087 }
1088 }
1089 }
1090 if (kill_type == ERASE)
1091 break;
1092 }
1093 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1094 finish_erasing(ldata);
1095 }
1096
1097 /**
1098 * isig - handle the ISIG optio
1099 * @sig: signal
1100 * @tty: terminal
1101 *
1102 * Called when a signal is being sent due to terminal input.
1103 * Called from the driver receive_buf path so serialized.
1104 *
1105 * Performs input and output flush if !NOFLSH. In this context, the echo
1106 * buffer is 'output'. The signal is processed first to alert any current
1107 * readers or writers to discontinue and exit their i/o loops.
1108 *
1109 * Locking: ctrl_lock
1110 */
1111
__isig(int sig,struct tty_struct * tty)1112 static void __isig(int sig, struct tty_struct *tty)
1113 {
1114 struct pid *tty_pgrp = tty_get_pgrp(tty);
1115 if (tty_pgrp) {
1116 kill_pgrp(tty_pgrp, sig, 1);
1117 put_pid(tty_pgrp);
1118 }
1119 }
1120
isig(int sig,struct tty_struct * tty)1121 static void isig(int sig, struct tty_struct *tty)
1122 {
1123 struct n_tty_data *ldata = tty->disc_data;
1124
1125 if (L_NOFLSH(tty)) {
1126 /* signal only */
1127 __isig(sig, tty);
1128
1129 } else { /* signal and flush */
1130 up_read(&tty->termios_rwsem);
1131 down_write(&tty->termios_rwsem);
1132
1133 __isig(sig, tty);
1134
1135 /* clear echo buffer */
1136 mutex_lock(&ldata->output_lock);
1137 ldata->echo_head = ldata->echo_tail = 0;
1138 ldata->echo_mark = ldata->echo_commit = 0;
1139 mutex_unlock(&ldata->output_lock);
1140
1141 /* clear output buffer */
1142 tty_driver_flush_buffer(tty);
1143
1144 /* clear input buffer */
1145 reset_buffer_flags(tty->disc_data);
1146
1147 /* notify pty master of flush */
1148 if (tty->link)
1149 n_tty_packet_mode_flush(tty);
1150
1151 up_write(&tty->termios_rwsem);
1152 down_read(&tty->termios_rwsem);
1153 }
1154 }
1155
1156 /**
1157 * n_tty_receive_break - handle break
1158 * @tty: terminal
1159 *
1160 * An RS232 break event has been hit in the incoming bitstream. This
1161 * can cause a variety of events depending upon the termios settings.
1162 *
1163 * n_tty_receive_buf()/producer path:
1164 * caller holds non-exclusive termios_rwsem
1165 *
1166 * Note: may get exclusive termios_rwsem if flushing input buffer
1167 */
1168
n_tty_receive_break(struct tty_struct * tty)1169 static void n_tty_receive_break(struct tty_struct *tty)
1170 {
1171 struct n_tty_data *ldata = tty->disc_data;
1172
1173 if (I_IGNBRK(tty))
1174 return;
1175 if (I_BRKINT(tty)) {
1176 isig(SIGINT, tty);
1177 return;
1178 }
1179 if (I_PARMRK(tty)) {
1180 put_tty_queue('\377', ldata);
1181 put_tty_queue('\0', ldata);
1182 }
1183 put_tty_queue('\0', ldata);
1184 }
1185
1186 /**
1187 * n_tty_receive_overrun - handle overrun reporting
1188 * @tty: terminal
1189 *
1190 * Data arrived faster than we could process it. While the tty
1191 * driver has flagged this the bits that were missed are gone
1192 * forever.
1193 *
1194 * Called from the receive_buf path so single threaded. Does not
1195 * need locking as num_overrun and overrun_time are function
1196 * private.
1197 */
1198
n_tty_receive_overrun(struct tty_struct * tty)1199 static void n_tty_receive_overrun(struct tty_struct *tty)
1200 {
1201 struct n_tty_data *ldata = tty->disc_data;
1202
1203 ldata->num_overrun++;
1204 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1205 time_after(ldata->overrun_time, jiffies)) {
1206 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1207 ldata->overrun_time = jiffies;
1208 ldata->num_overrun = 0;
1209 }
1210 }
1211
1212 /**
1213 * n_tty_receive_parity_error - error notifier
1214 * @tty: terminal device
1215 * @c: character
1216 *
1217 * Process a parity error and queue the right data to indicate
1218 * the error case if necessary.
1219 *
1220 * n_tty_receive_buf()/producer path:
1221 * caller holds non-exclusive termios_rwsem
1222 */
n_tty_receive_parity_error(struct tty_struct * tty,unsigned char c)1223 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1224 {
1225 struct n_tty_data *ldata = tty->disc_data;
1226
1227 if (I_INPCK(tty)) {
1228 if (I_IGNPAR(tty))
1229 return;
1230 if (I_PARMRK(tty)) {
1231 put_tty_queue('\377', ldata);
1232 put_tty_queue('\0', ldata);
1233 put_tty_queue(c, ldata);
1234 } else
1235 put_tty_queue('\0', ldata);
1236 } else
1237 put_tty_queue(c, ldata);
1238 }
1239
1240 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,unsigned char c)1241 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1242 {
1243 isig(signal, tty);
1244 if (I_IXON(tty))
1245 start_tty(tty);
1246 if (L_ECHO(tty)) {
1247 echo_char(c, tty);
1248 commit_echoes(tty);
1249 } else
1250 process_echoes(tty);
1251 return;
1252 }
1253
1254 /**
1255 * n_tty_receive_char - perform processing
1256 * @tty: terminal device
1257 * @c: character
1258 *
1259 * Process an individual character of input received from the driver.
1260 * This is serialized with respect to itself by the rules for the
1261 * driver above.
1262 *
1263 * n_tty_receive_buf()/producer path:
1264 * caller holds non-exclusive termios_rwsem
1265 * publishes canon_head if canonical mode is active
1266 *
1267 * Returns 1 if LNEXT was received, else returns 0
1268 */
1269
1270 static int
n_tty_receive_char_special(struct tty_struct * tty,unsigned char c)1271 n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1272 {
1273 struct n_tty_data *ldata = tty->disc_data;
1274
1275 if (I_IXON(tty)) {
1276 if (c == START_CHAR(tty)) {
1277 start_tty(tty);
1278 process_echoes(tty);
1279 return 0;
1280 }
1281 if (c == STOP_CHAR(tty)) {
1282 stop_tty(tty);
1283 return 0;
1284 }
1285 }
1286
1287 if (L_ISIG(tty)) {
1288 if (c == INTR_CHAR(tty)) {
1289 n_tty_receive_signal_char(tty, SIGINT, c);
1290 return 0;
1291 } else if (c == QUIT_CHAR(tty)) {
1292 n_tty_receive_signal_char(tty, SIGQUIT, c);
1293 return 0;
1294 } else if (c == SUSP_CHAR(tty)) {
1295 n_tty_receive_signal_char(tty, SIGTSTP, c);
1296 return 0;
1297 }
1298 }
1299
1300 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1301 start_tty(tty);
1302 process_echoes(tty);
1303 }
1304
1305 if (c == '\r') {
1306 if (I_IGNCR(tty))
1307 return 0;
1308 if (I_ICRNL(tty))
1309 c = '\n';
1310 } else if (c == '\n' && I_INLCR(tty))
1311 c = '\r';
1312
1313 if (ldata->icanon) {
1314 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1315 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1316 eraser(c, tty);
1317 commit_echoes(tty);
1318 return 0;
1319 }
1320 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1321 ldata->lnext = 1;
1322 if (L_ECHO(tty)) {
1323 finish_erasing(ldata);
1324 if (L_ECHOCTL(tty)) {
1325 echo_char_raw('^', ldata);
1326 echo_char_raw('\b', ldata);
1327 commit_echoes(tty);
1328 }
1329 }
1330 return 1;
1331 }
1332 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1333 size_t tail = ldata->canon_head;
1334
1335 finish_erasing(ldata);
1336 echo_char(c, tty);
1337 echo_char_raw('\n', ldata);
1338 while (MASK(tail) != MASK(ldata->read_head)) {
1339 echo_char(read_buf(ldata, tail), tty);
1340 tail++;
1341 }
1342 commit_echoes(tty);
1343 return 0;
1344 }
1345 if (c == '\n') {
1346 if (L_ECHO(tty) || L_ECHONL(tty)) {
1347 echo_char_raw('\n', ldata);
1348 commit_echoes(tty);
1349 }
1350 goto handle_newline;
1351 }
1352 if (c == EOF_CHAR(tty)) {
1353 c = __DISABLED_CHAR;
1354 goto handle_newline;
1355 }
1356 if ((c == EOL_CHAR(tty)) ||
1357 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1358 /*
1359 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1360 */
1361 if (L_ECHO(tty)) {
1362 /* Record the column of first canon char. */
1363 if (ldata->canon_head == ldata->read_head)
1364 echo_set_canon_col(ldata);
1365 echo_char(c, tty);
1366 commit_echoes(tty);
1367 }
1368 /*
1369 * XXX does PARMRK doubling happen for
1370 * EOL_CHAR and EOL2_CHAR?
1371 */
1372 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1373 put_tty_queue(c, ldata);
1374
1375 handle_newline:
1376 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1377 put_tty_queue(c, ldata);
1378 smp_store_release(&ldata->canon_head, ldata->read_head);
1379 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1380 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1381 return 0;
1382 }
1383 }
1384
1385 if (L_ECHO(tty)) {
1386 finish_erasing(ldata);
1387 if (c == '\n')
1388 echo_char_raw('\n', ldata);
1389 else {
1390 /* Record the column of first canon char. */
1391 if (ldata->canon_head == ldata->read_head)
1392 echo_set_canon_col(ldata);
1393 echo_char(c, tty);
1394 }
1395 commit_echoes(tty);
1396 }
1397
1398 /* PARMRK doubling check */
1399 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1400 put_tty_queue(c, ldata);
1401
1402 put_tty_queue(c, ldata);
1403 return 0;
1404 }
1405
1406 static inline void
n_tty_receive_char_inline(struct tty_struct * tty,unsigned char c)1407 n_tty_receive_char_inline(struct tty_struct *tty, unsigned char c)
1408 {
1409 struct n_tty_data *ldata = tty->disc_data;
1410
1411 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1412 start_tty(tty);
1413 process_echoes(tty);
1414 }
1415 if (L_ECHO(tty)) {
1416 finish_erasing(ldata);
1417 /* Record the column of first canon char. */
1418 if (ldata->canon_head == ldata->read_head)
1419 echo_set_canon_col(ldata);
1420 echo_char(c, tty);
1421 commit_echoes(tty);
1422 }
1423 /* PARMRK doubling check */
1424 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1425 put_tty_queue(c, ldata);
1426 put_tty_queue(c, ldata);
1427 }
1428
n_tty_receive_char(struct tty_struct * tty,unsigned char c)1429 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1430 {
1431 n_tty_receive_char_inline(tty, c);
1432 }
1433
1434 static inline void
n_tty_receive_char_fast(struct tty_struct * tty,unsigned char c)1435 n_tty_receive_char_fast(struct tty_struct *tty, unsigned char c)
1436 {
1437 struct n_tty_data *ldata = tty->disc_data;
1438
1439 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1440 start_tty(tty);
1441 process_echoes(tty);
1442 }
1443 if (L_ECHO(tty)) {
1444 finish_erasing(ldata);
1445 /* Record the column of first canon char. */
1446 if (ldata->canon_head == ldata->read_head)
1447 echo_set_canon_col(ldata);
1448 echo_char(c, tty);
1449 commit_echoes(tty);
1450 }
1451 put_tty_queue(c, ldata);
1452 }
1453
n_tty_receive_char_closing(struct tty_struct * tty,unsigned char c)1454 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1455 {
1456 if (I_ISTRIP(tty))
1457 c &= 0x7f;
1458 if (I_IUCLC(tty) && L_IEXTEN(tty))
1459 c = tolower(c);
1460
1461 if (I_IXON(tty)) {
1462 if (c == STOP_CHAR(tty))
1463 stop_tty(tty);
1464 else if (c == START_CHAR(tty) ||
1465 (tty->stopped && !tty->flow_stopped && I_IXANY(tty) &&
1466 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1467 c != SUSP_CHAR(tty))) {
1468 start_tty(tty);
1469 process_echoes(tty);
1470 }
1471 }
1472 }
1473
1474 static void
n_tty_receive_char_flagged(struct tty_struct * tty,unsigned char c,char flag)1475 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1476 {
1477 switch (flag) {
1478 case TTY_BREAK:
1479 n_tty_receive_break(tty);
1480 break;
1481 case TTY_PARITY:
1482 case TTY_FRAME:
1483 n_tty_receive_parity_error(tty, c);
1484 break;
1485 case TTY_OVERRUN:
1486 n_tty_receive_overrun(tty);
1487 break;
1488 default:
1489 tty_err(tty, "unknown flag %d\n", flag);
1490 break;
1491 }
1492 }
1493
1494 static void
n_tty_receive_char_lnext(struct tty_struct * tty,unsigned char c,char flag)1495 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1496 {
1497 struct n_tty_data *ldata = tty->disc_data;
1498
1499 ldata->lnext = 0;
1500 if (likely(flag == TTY_NORMAL)) {
1501 if (I_ISTRIP(tty))
1502 c &= 0x7f;
1503 if (I_IUCLC(tty) && L_IEXTEN(tty))
1504 c = tolower(c);
1505 n_tty_receive_char(tty, c);
1506 } else
1507 n_tty_receive_char_flagged(tty, c, flag);
1508 }
1509
1510 static void
n_tty_receive_buf_real_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1511 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1512 char *fp, int count)
1513 {
1514 struct n_tty_data *ldata = tty->disc_data;
1515 size_t n, head;
1516
1517 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1518 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1519 memcpy(read_buf_addr(ldata, head), cp, n);
1520 ldata->read_head += n;
1521 cp += n;
1522 count -= n;
1523
1524 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1525 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1526 memcpy(read_buf_addr(ldata, head), cp, n);
1527 ldata->read_head += n;
1528 }
1529
1530 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1531 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1532 char *fp, int count)
1533 {
1534 struct n_tty_data *ldata = tty->disc_data;
1535 char flag = TTY_NORMAL;
1536
1537 while (count--) {
1538 if (fp)
1539 flag = *fp++;
1540 if (likely(flag == TTY_NORMAL))
1541 put_tty_queue(*cp++, ldata);
1542 else
1543 n_tty_receive_char_flagged(tty, *cp++, flag);
1544 }
1545 }
1546
1547 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1548 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1549 char *fp, int count)
1550 {
1551 char flag = TTY_NORMAL;
1552
1553 while (count--) {
1554 if (fp)
1555 flag = *fp++;
1556 if (likely(flag == TTY_NORMAL))
1557 n_tty_receive_char_closing(tty, *cp++);
1558 }
1559 }
1560
1561 static void
n_tty_receive_buf_standard(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1562 n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
1563 char *fp, int count)
1564 {
1565 struct n_tty_data *ldata = tty->disc_data;
1566 char flag = TTY_NORMAL;
1567
1568 while (count--) {
1569 if (fp)
1570 flag = *fp++;
1571 if (likely(flag == TTY_NORMAL)) {
1572 unsigned char c = *cp++;
1573
1574 if (I_ISTRIP(tty))
1575 c &= 0x7f;
1576 if (I_IUCLC(tty) && L_IEXTEN(tty))
1577 c = tolower(c);
1578 if (L_EXTPROC(tty)) {
1579 put_tty_queue(c, ldata);
1580 continue;
1581 }
1582 if (!test_bit(c, ldata->char_map))
1583 n_tty_receive_char_inline(tty, c);
1584 else if (n_tty_receive_char_special(tty, c) && count) {
1585 if (fp)
1586 flag = *fp++;
1587 n_tty_receive_char_lnext(tty, *cp++, flag);
1588 count--;
1589 }
1590 } else
1591 n_tty_receive_char_flagged(tty, *cp++, flag);
1592 }
1593 }
1594
1595 static void
n_tty_receive_buf_fast(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1596 n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
1597 char *fp, int count)
1598 {
1599 struct n_tty_data *ldata = tty->disc_data;
1600 char flag = TTY_NORMAL;
1601
1602 while (count--) {
1603 if (fp)
1604 flag = *fp++;
1605 if (likely(flag == TTY_NORMAL)) {
1606 unsigned char c = *cp++;
1607
1608 if (!test_bit(c, ldata->char_map))
1609 n_tty_receive_char_fast(tty, c);
1610 else if (n_tty_receive_char_special(tty, c) && count) {
1611 if (fp)
1612 flag = *fp++;
1613 n_tty_receive_char_lnext(tty, *cp++, flag);
1614 count--;
1615 }
1616 } else
1617 n_tty_receive_char_flagged(tty, *cp++, flag);
1618 }
1619 }
1620
__receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1621 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1622 char *fp, int count)
1623 {
1624 struct n_tty_data *ldata = tty->disc_data;
1625 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1626
1627 if (ldata->real_raw)
1628 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1629 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1630 n_tty_receive_buf_raw(tty, cp, fp, count);
1631 else if (tty->closing && !L_EXTPROC(tty))
1632 n_tty_receive_buf_closing(tty, cp, fp, count);
1633 else {
1634 if (ldata->lnext) {
1635 char flag = TTY_NORMAL;
1636
1637 if (fp)
1638 flag = *fp++;
1639 n_tty_receive_char_lnext(tty, *cp++, flag);
1640 count--;
1641 }
1642
1643 if (!preops && !I_PARMRK(tty))
1644 n_tty_receive_buf_fast(tty, cp, fp, count);
1645 else
1646 n_tty_receive_buf_standard(tty, cp, fp, count);
1647
1648 flush_echoes(tty);
1649 if (tty->ops->flush_chars)
1650 tty->ops->flush_chars(tty);
1651 }
1652
1653 if (ldata->icanon && !L_EXTPROC(tty))
1654 return;
1655
1656 /* publish read_head to consumer */
1657 smp_store_release(&ldata->commit_head, ldata->read_head);
1658
1659 if (read_cnt(ldata)) {
1660 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1661 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1662 }
1663 }
1664
1665 /**
1666 * n_tty_receive_buf_common - process input
1667 * @tty: device to receive input
1668 * @cp: input chars
1669 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1670 * @count: number of input chars in @cp
1671 *
1672 * Called by the terminal driver when a block of characters has
1673 * been received. This function must be called from soft contexts
1674 * not from interrupt context. The driver is responsible for making
1675 * calls one at a time and in order (or using flush_to_ldisc)
1676 *
1677 * Returns the # of input chars from @cp which were processed.
1678 *
1679 * In canonical mode, the maximum line length is 4096 chars (including
1680 * the line termination char); lines longer than 4096 chars are
1681 * truncated. After 4095 chars, input data is still processed but
1682 * not stored. Overflow processing ensures the tty can always
1683 * receive more input until at least one line can be read.
1684 *
1685 * In non-canonical mode, the read buffer will only accept 4095 chars;
1686 * this provides the necessary space for a newline char if the input
1687 * mode is switched to canonical.
1688 *
1689 * Note it is possible for the read buffer to _contain_ 4096 chars
1690 * in non-canonical mode: the read buffer could already contain the
1691 * maximum canon line of 4096 chars when the mode is switched to
1692 * non-canonical.
1693 *
1694 * n_tty_receive_buf()/producer path:
1695 * claims non-exclusive termios_rwsem
1696 * publishes commit_head or canon_head
1697 */
1698 static int
n_tty_receive_buf_common(struct tty_struct * tty,const unsigned char * cp,char * fp,int count,int flow)1699 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1700 char *fp, int count, int flow)
1701 {
1702 struct n_tty_data *ldata = tty->disc_data;
1703 int room, n, rcvd = 0, overflow;
1704
1705 down_read(&tty->termios_rwsem);
1706
1707 do {
1708 /*
1709 * When PARMRK is set, each input char may take up to 3 chars
1710 * in the read buf; reduce the buffer space avail by 3x
1711 *
1712 * If we are doing input canonicalization, and there are no
1713 * pending newlines, let characters through without limit, so
1714 * that erase characters will be handled. Other excess
1715 * characters will be beeped.
1716 *
1717 * paired with store in *_copy_from_read_buf() -- guarantees
1718 * the consumer has loaded the data in read_buf up to the new
1719 * read_tail (so this producer will not overwrite unread data)
1720 */
1721 size_t tail = smp_load_acquire(&ldata->read_tail);
1722
1723 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1724 if (I_PARMRK(tty))
1725 room = (room + 2) / 3;
1726 room--;
1727 if (room <= 0) {
1728 overflow = ldata->icanon && ldata->canon_head == tail;
1729 if (overflow && room < 0)
1730 ldata->read_head--;
1731 room = overflow;
1732 ldata->no_room = flow && !room;
1733 } else
1734 overflow = 0;
1735
1736 n = min(count, room);
1737 if (!n)
1738 break;
1739
1740 /* ignore parity errors if handling overflow */
1741 if (!overflow || !fp || *fp != TTY_PARITY)
1742 __receive_buf(tty, cp, fp, n);
1743
1744 cp += n;
1745 if (fp)
1746 fp += n;
1747 count -= n;
1748 rcvd += n;
1749 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1750
1751 tty->receive_room = room;
1752
1753 /* Unthrottle if handling overflow on pty */
1754 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1755 if (overflow) {
1756 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1757 tty_unthrottle_safe(tty);
1758 __tty_set_flow_change(tty, 0);
1759 }
1760 } else
1761 n_tty_check_throttle(tty);
1762
1763 up_read(&tty->termios_rwsem);
1764
1765 return rcvd;
1766 }
1767
n_tty_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1768 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1769 char *fp, int count)
1770 {
1771 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1772 }
1773
n_tty_receive_buf2(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1774 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1775 char *fp, int count)
1776 {
1777 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1778 }
1779
1780 /**
1781 * n_tty_set_termios - termios data changed
1782 * @tty: terminal
1783 * @old: previous data
1784 *
1785 * Called by the tty layer when the user changes termios flags so
1786 * that the line discipline can plan ahead. This function cannot sleep
1787 * and is protected from re-entry by the tty layer. The user is
1788 * guaranteed that this function will not be re-entered or in progress
1789 * when the ldisc is closed.
1790 *
1791 * Locking: Caller holds tty->termios_rwsem
1792 */
1793
n_tty_set_termios(struct tty_struct * tty,struct ktermios * old)1794 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1795 {
1796 struct n_tty_data *ldata = tty->disc_data;
1797
1798 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1799 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1800 ldata->line_start = ldata->read_tail;
1801 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1802 ldata->canon_head = ldata->read_tail;
1803 ldata->push = 0;
1804 } else {
1805 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1806 ldata->read_flags);
1807 ldata->canon_head = ldata->read_head;
1808 ldata->push = 1;
1809 }
1810 ldata->commit_head = ldata->read_head;
1811 ldata->erasing = 0;
1812 ldata->lnext = 0;
1813 }
1814
1815 ldata->icanon = (L_ICANON(tty) != 0);
1816
1817 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1818 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1819 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1820 I_PARMRK(tty)) {
1821 bitmap_zero(ldata->char_map, 256);
1822
1823 if (I_IGNCR(tty) || I_ICRNL(tty))
1824 set_bit('\r', ldata->char_map);
1825 if (I_INLCR(tty))
1826 set_bit('\n', ldata->char_map);
1827
1828 if (L_ICANON(tty)) {
1829 set_bit(ERASE_CHAR(tty), ldata->char_map);
1830 set_bit(KILL_CHAR(tty), ldata->char_map);
1831 set_bit(EOF_CHAR(tty), ldata->char_map);
1832 set_bit('\n', ldata->char_map);
1833 set_bit(EOL_CHAR(tty), ldata->char_map);
1834 if (L_IEXTEN(tty)) {
1835 set_bit(WERASE_CHAR(tty), ldata->char_map);
1836 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1837 set_bit(EOL2_CHAR(tty), ldata->char_map);
1838 if (L_ECHO(tty))
1839 set_bit(REPRINT_CHAR(tty),
1840 ldata->char_map);
1841 }
1842 }
1843 if (I_IXON(tty)) {
1844 set_bit(START_CHAR(tty), ldata->char_map);
1845 set_bit(STOP_CHAR(tty), ldata->char_map);
1846 }
1847 if (L_ISIG(tty)) {
1848 set_bit(INTR_CHAR(tty), ldata->char_map);
1849 set_bit(QUIT_CHAR(tty), ldata->char_map);
1850 set_bit(SUSP_CHAR(tty), ldata->char_map);
1851 }
1852 clear_bit(__DISABLED_CHAR, ldata->char_map);
1853 ldata->raw = 0;
1854 ldata->real_raw = 0;
1855 } else {
1856 ldata->raw = 1;
1857 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1858 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1859 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1860 ldata->real_raw = 1;
1861 else
1862 ldata->real_raw = 0;
1863 }
1864 /*
1865 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1866 * been stopped by STOP_CHAR(tty) before it.
1867 */
1868 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow_stopped) {
1869 start_tty(tty);
1870 process_echoes(tty);
1871 }
1872
1873 /* The termios change make the tty ready for I/O */
1874 wake_up_interruptible(&tty->write_wait);
1875 wake_up_interruptible(&tty->read_wait);
1876 }
1877
1878 /**
1879 * n_tty_close - close the ldisc for this tty
1880 * @tty: device
1881 *
1882 * Called from the terminal layer when this line discipline is
1883 * being shut down, either because of a close or becsuse of a
1884 * discipline change. The function will not be called while other
1885 * ldisc methods are in progress.
1886 */
1887
n_tty_close(struct tty_struct * tty)1888 static void n_tty_close(struct tty_struct *tty)
1889 {
1890 struct n_tty_data *ldata = tty->disc_data;
1891
1892 if (tty->link)
1893 n_tty_packet_mode_flush(tty);
1894
1895 vfree(ldata);
1896 tty->disc_data = NULL;
1897 }
1898
1899 /**
1900 * n_tty_open - open an ldisc
1901 * @tty: terminal to open
1902 *
1903 * Called when this line discipline is being attached to the
1904 * terminal device. Can sleep. Called serialized so that no
1905 * other events will occur in parallel. No further open will occur
1906 * until a close.
1907 */
1908
n_tty_open(struct tty_struct * tty)1909 static int n_tty_open(struct tty_struct *tty)
1910 {
1911 struct n_tty_data *ldata;
1912
1913 /* Currently a malloc failure here can panic */
1914 ldata = vzalloc(sizeof(*ldata));
1915 if (!ldata)
1916 return -ENOMEM;
1917
1918 ldata->overrun_time = jiffies;
1919 mutex_init(&ldata->atomic_read_lock);
1920 mutex_init(&ldata->output_lock);
1921
1922 tty->disc_data = ldata;
1923 tty->closing = 0;
1924 /* indicate buffer work may resume */
1925 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1926 n_tty_set_termios(tty, NULL);
1927 tty_unthrottle(tty);
1928 return 0;
1929 }
1930
input_available_p(struct tty_struct * tty,int poll)1931 static inline int input_available_p(struct tty_struct *tty, int poll)
1932 {
1933 struct n_tty_data *ldata = tty->disc_data;
1934 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1935
1936 if (ldata->icanon && !L_EXTPROC(tty))
1937 return ldata->canon_head != ldata->read_tail;
1938 else
1939 return ldata->commit_head - ldata->read_tail >= amt;
1940 }
1941
1942 /**
1943 * copy_from_read_buf - copy read data directly
1944 * @tty: terminal device
1945 * @b: user data
1946 * @nr: size of data
1947 *
1948 * Helper function to speed up n_tty_read. It is only called when
1949 * ICANON is off; it copies characters straight from the tty queue to
1950 * user space directly. It can be profitably called twice; once to
1951 * drain the space from the tail pointer to the (physical) end of the
1952 * buffer, and once to drain the space from the (physical) beginning of
1953 * the buffer to head pointer.
1954 *
1955 * Called under the ldata->atomic_read_lock sem
1956 *
1957 * n_tty_read()/consumer path:
1958 * caller holds non-exclusive termios_rwsem
1959 * read_tail published
1960 */
1961
copy_from_read_buf(struct tty_struct * tty,unsigned char __user ** b,size_t * nr)1962 static int copy_from_read_buf(struct tty_struct *tty,
1963 unsigned char __user **b,
1964 size_t *nr)
1965
1966 {
1967 struct n_tty_data *ldata = tty->disc_data;
1968 int retval;
1969 size_t n;
1970 bool is_eof;
1971 size_t head = smp_load_acquire(&ldata->commit_head);
1972 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1973
1974 retval = 0;
1975 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1976 n = min(*nr, n);
1977 if (n) {
1978 unsigned char *from = read_buf_addr(ldata, tail);
1979 retval = copy_to_user(*b, from, n);
1980 n -= retval;
1981 is_eof = n == 1 && *from == EOF_CHAR(tty);
1982 tty_audit_add_data(tty, from, n);
1983 zero_buffer(tty, from, n);
1984 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1985 /* Turn single EOF into zero-length read */
1986 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1987 (head == ldata->read_tail))
1988 n = 0;
1989 *b += n;
1990 *nr -= n;
1991 }
1992 return retval;
1993 }
1994
1995 /**
1996 * canon_copy_from_read_buf - copy read data in canonical mode
1997 * @tty: terminal device
1998 * @b: user data
1999 * @nr: size of data
2000 *
2001 * Helper function for n_tty_read. It is only called when ICANON is on;
2002 * it copies one line of input up to and including the line-delimiting
2003 * character into the user-space buffer.
2004 *
2005 * NB: When termios is changed from non-canonical to canonical mode and
2006 * the read buffer contains data, n_tty_set_termios() simulates an EOF
2007 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
2008 * This causes data already processed as input to be immediately available
2009 * as input although a newline has not been received.
2010 *
2011 * Called under the atomic_read_lock mutex
2012 *
2013 * n_tty_read()/consumer path:
2014 * caller holds non-exclusive termios_rwsem
2015 * read_tail published
2016 */
2017
canon_copy_from_read_buf(struct tty_struct * tty,unsigned char __user ** b,size_t * nr)2018 static int canon_copy_from_read_buf(struct tty_struct *tty,
2019 unsigned char __user **b,
2020 size_t *nr)
2021 {
2022 struct n_tty_data *ldata = tty->disc_data;
2023 size_t n, size, more, c;
2024 size_t eol;
2025 size_t tail;
2026 int ret, found = 0;
2027
2028 /* N.B. avoid overrun if nr == 0 */
2029 if (!*nr)
2030 return 0;
2031
2032 n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
2033
2034 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
2035 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2036
2037 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2038 __func__, *nr, tail, n, size);
2039
2040 eol = find_next_bit(ldata->read_flags, size, tail);
2041 more = n - (size - tail);
2042 if (eol == N_TTY_BUF_SIZE && more) {
2043 /* scan wrapped without finding set bit */
2044 eol = find_next_bit(ldata->read_flags, more, 0);
2045 found = eol != more;
2046 } else
2047 found = eol != size;
2048
2049 n = eol - tail;
2050 if (n > N_TTY_BUF_SIZE)
2051 n += N_TTY_BUF_SIZE;
2052 c = n + found;
2053
2054 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
2055 c = min(*nr, c);
2056 n = c;
2057 }
2058
2059 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2060 __func__, eol, found, n, c, tail, more);
2061
2062 ret = tty_copy_to_user(tty, *b, tail, n);
2063 if (ret)
2064 return -EFAULT;
2065 *b += n;
2066 *nr -= n;
2067
2068 if (found)
2069 clear_bit(eol, ldata->read_flags);
2070 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2071
2072 if (found) {
2073 if (!ldata->push)
2074 ldata->line_start = ldata->read_tail;
2075 else
2076 ldata->push = 0;
2077 tty_audit_push();
2078 }
2079 return 0;
2080 }
2081
2082 extern ssize_t redirected_tty_write(struct file *, const char __user *,
2083 size_t, loff_t *);
2084
2085 /**
2086 * job_control - check job control
2087 * @tty: tty
2088 * @file: file handle
2089 *
2090 * Perform job control management checks on this file/tty descriptor
2091 * and if appropriate send any needed signals and return a negative
2092 * error code if action should be taken.
2093 *
2094 * Locking: redirected write test is safe
2095 * current->signal->tty check is safe
2096 * ctrl_lock to safely reference tty->pgrp
2097 */
2098
job_control(struct tty_struct * tty,struct file * file)2099 static int job_control(struct tty_struct *tty, struct file *file)
2100 {
2101 /* Job control check -- must be done at start and after
2102 every sleep (POSIX.1 7.1.1.4). */
2103 /* NOTE: not yet done after every sleep pending a thorough
2104 check of the logic of this change. -- jlc */
2105 /* don't stop on /dev/console */
2106 if (file->f_op->write == redirected_tty_write)
2107 return 0;
2108
2109 return __tty_check_change(tty, SIGTTIN);
2110 }
2111
2112
2113 /**
2114 * n_tty_read - read function for tty
2115 * @tty: tty device
2116 * @file: file object
2117 * @buf: userspace buffer pointer
2118 * @nr: size of I/O
2119 *
2120 * Perform reads for the line discipline. We are guaranteed that the
2121 * line discipline will not be closed under us but we may get multiple
2122 * parallel readers and must handle this ourselves. We may also get
2123 * a hangup. Always called in user context, may sleep.
2124 *
2125 * This code must be sure never to sleep through a hangup.
2126 *
2127 * n_tty_read()/consumer path:
2128 * claims non-exclusive termios_rwsem
2129 * publishes read_tail
2130 */
2131
n_tty_read(struct tty_struct * tty,struct file * file,unsigned char __user * buf,size_t nr)2132 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2133 unsigned char __user *buf, size_t nr)
2134 {
2135 struct n_tty_data *ldata = tty->disc_data;
2136 unsigned char __user *b = buf;
2137 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2138 int c;
2139 int minimum, time;
2140 ssize_t retval = 0;
2141 long timeout;
2142 int packet;
2143 size_t tail;
2144
2145 c = job_control(tty, file);
2146 if (c < 0)
2147 return c;
2148
2149 /*
2150 * Internal serialization of reads.
2151 */
2152 if (file->f_flags & O_NONBLOCK) {
2153 if (!mutex_trylock(&ldata->atomic_read_lock))
2154 return -EAGAIN;
2155 } else {
2156 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2157 return -ERESTARTSYS;
2158 }
2159
2160 down_read(&tty->termios_rwsem);
2161
2162 minimum = time = 0;
2163 timeout = MAX_SCHEDULE_TIMEOUT;
2164 if (!ldata->icanon) {
2165 minimum = MIN_CHAR(tty);
2166 if (minimum) {
2167 time = (HZ / 10) * TIME_CHAR(tty);
2168 } else {
2169 timeout = (HZ / 10) * TIME_CHAR(tty);
2170 minimum = 1;
2171 }
2172 }
2173
2174 packet = tty->packet;
2175 tail = ldata->read_tail;
2176
2177 add_wait_queue(&tty->read_wait, &wait);
2178 while (nr) {
2179 /* First test for status change. */
2180 if (packet && tty->link->ctrl_status) {
2181 unsigned char cs;
2182 if (b != buf)
2183 break;
2184 spin_lock_irq(&tty->link->ctrl_lock);
2185 cs = tty->link->ctrl_status;
2186 tty->link->ctrl_status = 0;
2187 spin_unlock_irq(&tty->link->ctrl_lock);
2188 if (put_user(cs, b)) {
2189 retval = -EFAULT;
2190 break;
2191 }
2192 b++;
2193 nr--;
2194 break;
2195 }
2196
2197 if (!input_available_p(tty, 0)) {
2198 up_read(&tty->termios_rwsem);
2199 tty_buffer_flush_work(tty->port);
2200 down_read(&tty->termios_rwsem);
2201 if (!input_available_p(tty, 0)) {
2202 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2203 retval = -EIO;
2204 break;
2205 }
2206 if (tty_hung_up_p(file))
2207 break;
2208 /*
2209 * Abort readers for ttys which never actually
2210 * get hung up. See __tty_hangup().
2211 */
2212 if (test_bit(TTY_HUPPING, &tty->flags))
2213 break;
2214 if (!timeout)
2215 break;
2216 if (tty_io_nonblock(tty, file)) {
2217 retval = -EAGAIN;
2218 break;
2219 }
2220 if (signal_pending(current)) {
2221 retval = -ERESTARTSYS;
2222 break;
2223 }
2224 up_read(&tty->termios_rwsem);
2225
2226 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2227 timeout);
2228
2229 down_read(&tty->termios_rwsem);
2230 continue;
2231 }
2232 }
2233
2234 if (ldata->icanon && !L_EXTPROC(tty)) {
2235 retval = canon_copy_from_read_buf(tty, &b, &nr);
2236 if (retval)
2237 break;
2238 } else {
2239 int uncopied;
2240
2241 /* Deal with packet mode. */
2242 if (packet && b == buf) {
2243 if (put_user(TIOCPKT_DATA, b)) {
2244 retval = -EFAULT;
2245 break;
2246 }
2247 b++;
2248 nr--;
2249 }
2250
2251 uncopied = copy_from_read_buf(tty, &b, &nr);
2252 uncopied += copy_from_read_buf(tty, &b, &nr);
2253 if (uncopied) {
2254 retval = -EFAULT;
2255 break;
2256 }
2257 }
2258
2259 n_tty_check_unthrottle(tty);
2260
2261 if (b - buf >= minimum)
2262 break;
2263 if (time)
2264 timeout = time;
2265 }
2266 if (tail != ldata->read_tail)
2267 n_tty_kick_worker(tty);
2268 up_read(&tty->termios_rwsem);
2269
2270 remove_wait_queue(&tty->read_wait, &wait);
2271 mutex_unlock(&ldata->atomic_read_lock);
2272
2273 if (b - buf)
2274 retval = b - buf;
2275
2276 return retval;
2277 }
2278
2279 /**
2280 * n_tty_write - write function for tty
2281 * @tty: tty device
2282 * @file: file object
2283 * @buf: userspace buffer pointer
2284 * @nr: size of I/O
2285 *
2286 * Write function of the terminal device. This is serialized with
2287 * respect to other write callers but not to termios changes, reads
2288 * and other such events. Since the receive code will echo characters,
2289 * thus calling driver write methods, the output_lock is used in
2290 * the output processing functions called here as well as in the
2291 * echo processing function to protect the column state and space
2292 * left in the buffer.
2293 *
2294 * This code must be sure never to sleep through a hangup.
2295 *
2296 * Locking: output_lock to protect column state and space left
2297 * (note that the process_output*() functions take this
2298 * lock themselves)
2299 */
2300
n_tty_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2301 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2302 const unsigned char *buf, size_t nr)
2303 {
2304 const unsigned char *b = buf;
2305 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2306 int c;
2307 ssize_t retval = 0;
2308
2309 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2310 if (L_TOSTOP(tty) && file->f_op->write != redirected_tty_write) {
2311 retval = tty_check_change(tty);
2312 if (retval)
2313 return retval;
2314 }
2315
2316 down_read(&tty->termios_rwsem);
2317
2318 /* Write out any echoed characters that are still pending */
2319 process_echoes(tty);
2320
2321 add_wait_queue(&tty->write_wait, &wait);
2322 while (1) {
2323 if (signal_pending(current)) {
2324 retval = -ERESTARTSYS;
2325 break;
2326 }
2327 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2328 retval = -EIO;
2329 break;
2330 }
2331 if (O_OPOST(tty)) {
2332 while (nr > 0) {
2333 ssize_t num = process_output_block(tty, b, nr);
2334 if (num < 0) {
2335 if (num == -EAGAIN)
2336 break;
2337 retval = num;
2338 goto break_out;
2339 }
2340 b += num;
2341 nr -= num;
2342 if (nr == 0)
2343 break;
2344 c = *b;
2345 if (process_output(c, tty) < 0)
2346 break;
2347 b++; nr--;
2348 }
2349 if (tty->ops->flush_chars)
2350 tty->ops->flush_chars(tty);
2351 } else {
2352 struct n_tty_data *ldata = tty->disc_data;
2353
2354 while (nr > 0) {
2355 mutex_lock(&ldata->output_lock);
2356 c = tty->ops->write(tty, b, nr);
2357 mutex_unlock(&ldata->output_lock);
2358 if (c < 0) {
2359 retval = c;
2360 goto break_out;
2361 }
2362 if (!c)
2363 break;
2364 b += c;
2365 nr -= c;
2366 }
2367 }
2368 if (!nr)
2369 break;
2370 if (tty_io_nonblock(tty, file)) {
2371 retval = -EAGAIN;
2372 break;
2373 }
2374 up_read(&tty->termios_rwsem);
2375
2376 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2377
2378 down_read(&tty->termios_rwsem);
2379 }
2380 break_out:
2381 remove_wait_queue(&tty->write_wait, &wait);
2382 if (nr && tty->fasync)
2383 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2384 up_read(&tty->termios_rwsem);
2385 return (b - buf) ? b - buf : retval;
2386 }
2387
2388 /**
2389 * n_tty_poll - poll method for N_TTY
2390 * @tty: terminal device
2391 * @file: file accessing it
2392 * @wait: poll table
2393 *
2394 * Called when the line discipline is asked to poll() for data or
2395 * for special events. This code is not serialized with respect to
2396 * other events save open/close.
2397 *
2398 * This code must be sure never to sleep through a hangup.
2399 * Called without the kernel lock held - fine
2400 */
2401
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2402 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2403 poll_table *wait)
2404 {
2405 __poll_t mask = 0;
2406
2407 poll_wait(file, &tty->read_wait, wait);
2408 poll_wait(file, &tty->write_wait, wait);
2409 if (input_available_p(tty, 1))
2410 mask |= EPOLLIN | EPOLLRDNORM;
2411 else {
2412 tty_buffer_flush_work(tty->port);
2413 if (input_available_p(tty, 1))
2414 mask |= EPOLLIN | EPOLLRDNORM;
2415 }
2416 if (tty->packet && tty->link->ctrl_status)
2417 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2418 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2419 mask |= EPOLLHUP;
2420 if (tty_hung_up_p(file))
2421 mask |= EPOLLHUP;
2422 if (tty->ops->write && !tty_is_writelocked(tty) &&
2423 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2424 tty_write_room(tty) > 0)
2425 mask |= EPOLLOUT | EPOLLWRNORM;
2426 return mask;
2427 }
2428
inq_canon(struct n_tty_data * ldata)2429 static unsigned long inq_canon(struct n_tty_data *ldata)
2430 {
2431 size_t nr, head, tail;
2432
2433 if (ldata->canon_head == ldata->read_tail)
2434 return 0;
2435 head = ldata->canon_head;
2436 tail = ldata->read_tail;
2437 nr = head - tail;
2438 /* Skip EOF-chars.. */
2439 while (MASK(head) != MASK(tail)) {
2440 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2441 read_buf(ldata, tail) == __DISABLED_CHAR)
2442 nr--;
2443 tail++;
2444 }
2445 return nr;
2446 }
2447
n_tty_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2448 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2449 unsigned int cmd, unsigned long arg)
2450 {
2451 struct n_tty_data *ldata = tty->disc_data;
2452 int retval;
2453
2454 switch (cmd) {
2455 case TIOCOUTQ:
2456 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2457 case TIOCINQ:
2458 down_write(&tty->termios_rwsem);
2459 if (L_ICANON(tty) && !L_EXTPROC(tty))
2460 retval = inq_canon(ldata);
2461 else
2462 retval = read_cnt(ldata);
2463 up_write(&tty->termios_rwsem);
2464 return put_user(retval, (unsigned int __user *) arg);
2465 default:
2466 return n_tty_ioctl_helper(tty, file, cmd, arg);
2467 }
2468 }
2469
2470 static struct tty_ldisc_ops n_tty_ops = {
2471 .magic = TTY_LDISC_MAGIC,
2472 .name = "n_tty",
2473 .open = n_tty_open,
2474 .close = n_tty_close,
2475 .flush_buffer = n_tty_flush_buffer,
2476 .read = n_tty_read,
2477 .write = n_tty_write,
2478 .ioctl = n_tty_ioctl,
2479 .set_termios = n_tty_set_termios,
2480 .poll = n_tty_poll,
2481 .receive_buf = n_tty_receive_buf,
2482 .write_wakeup = n_tty_write_wakeup,
2483 .receive_buf2 = n_tty_receive_buf2,
2484 };
2485
2486 /**
2487 * n_tty_inherit_ops - inherit N_TTY methods
2488 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2489 *
2490 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2491 */
2492
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2493 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2494 {
2495 *ops = n_tty_ops;
2496 ops->owner = NULL;
2497 ops->refcount = ops->flags = 0;
2498 }
2499 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2500
n_tty_init(void)2501 void __init n_tty_init(void)
2502 {
2503 tty_register_ldisc(N_TTY, &n_tty_ops);
2504 }
2505
