1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/types.h>
32 #include <linux/major.h>
33 #include <linux/errno.h>
34 #include <linux/signal.h>
35 #include <linux/fcntl.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/tty.h>
39 #include <linux/timer.h>
40 #include <linux/ctype.h>
41 #include <linux/mm.h>
42 #include <linux/string.h>
43 #include <linux/slab.h>
44 #include <linux/poll.h>
45 #include <linux/bitops.h>
46 #include <linux/audit.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/ratelimit.h>
51 #include <linux/vmalloc.h>
52 #include "tty.h"
53
54 /*
55 * Until this number of characters is queued in the xmit buffer, select will
56 * return "we have room for writes".
57 */
58 #define WAKEUP_CHARS 256
59
60 /*
61 * This defines the low- and high-watermarks for throttling and
62 * unthrottling the TTY driver. These watermarks are used for
63 * controlling the space in the read buffer.
64 */
65 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
66 #define TTY_THRESHOLD_UNTHROTTLE 128
67
68 /*
69 * Special byte codes used in the echo buffer to represent operations
70 * or special handling of characters. Bytes in the echo buffer that
71 * are not part of such special blocks are treated as normal character
72 * codes.
73 */
74 #define ECHO_OP_START 0xff
75 #define ECHO_OP_MOVE_BACK_COL 0x80
76 #define ECHO_OP_SET_CANON_COL 0x81
77 #define ECHO_OP_ERASE_TAB 0x82
78
79 #define ECHO_COMMIT_WATERMARK 256
80 #define ECHO_BLOCK 256
81 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
82
83
84 #undef N_TTY_TRACE
85 #ifdef N_TTY_TRACE
86 # define n_tty_trace(f, args...) trace_printk(f, ##args)
87 #else
88 # define n_tty_trace(f, args...) no_printk(f, ##args)
89 #endif
90
91 struct n_tty_data {
92 /* producer-published */
93 size_t read_head;
94 size_t commit_head;
95 size_t canon_head;
96 size_t echo_head;
97 size_t echo_commit;
98 size_t echo_mark;
99 DECLARE_BITMAP(char_map, 256);
100
101 /* private to n_tty_receive_overrun (single-threaded) */
102 unsigned long overrun_time;
103 int num_overrun;
104
105 /* non-atomic */
106 bool no_room;
107
108 /* must hold exclusive termios_rwsem to reset these */
109 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
110 unsigned char push:1;
111
112 /* shared by producer and consumer */
113 char read_buf[N_TTY_BUF_SIZE];
114 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
115 unsigned char echo_buf[N_TTY_BUF_SIZE];
116
117 /* consumer-published */
118 size_t read_tail;
119 size_t line_start;
120
121 /* protected by output lock */
122 unsigned int column;
123 unsigned int canon_column;
124 size_t echo_tail;
125
126 struct mutex atomic_read_lock;
127 struct mutex output_lock;
128 };
129
130 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
131
read_cnt(struct n_tty_data * ldata)132 static inline size_t read_cnt(struct n_tty_data *ldata)
133 {
134 return ldata->read_head - ldata->read_tail;
135 }
136
read_buf(struct n_tty_data * ldata,size_t i)137 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
138 {
139 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
140 }
141
read_buf_addr(struct n_tty_data * ldata,size_t i)142 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
143 {
144 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
145 }
146
echo_buf(struct n_tty_data * ldata,size_t i)147 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
148 {
149 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
150 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
151 }
152
echo_buf_addr(struct n_tty_data * ldata,size_t i)153 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
154 {
155 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
156 }
157
158 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(struct tty_struct * tty,u8 * buffer,int size)159 static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
160 {
161 bool icanon = !!L_ICANON(tty);
162 bool no_echo = !L_ECHO(tty);
163
164 if (icanon && no_echo)
165 memset(buffer, 0x00, size);
166 }
167
tty_copy(struct tty_struct * tty,void * to,size_t tail,size_t n)168 static void tty_copy(struct tty_struct *tty, void *to, size_t tail, size_t n)
169 {
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173
174 if (n > size) {
175 tty_audit_add_data(tty, from, size);
176 memcpy(to, from, size);
177 zero_buffer(tty, from, size);
178 to += size;
179 n -= size;
180 from = ldata->read_buf;
181 }
182
183 tty_audit_add_data(tty, from, n);
184 memcpy(to, from, n);
185 zero_buffer(tty, from, n);
186 }
187
188 /**
189 * n_tty_kick_worker - start input worker (if required)
190 * @tty: terminal
191 *
192 * Re-schedules the flip buffer work if it may have stopped
193 *
194 * Caller holds exclusive termios_rwsem
195 * or
196 * n_tty_read()/consumer path:
197 * holds non-exclusive termios_rwsem
198 */
199
n_tty_kick_worker(struct tty_struct * tty)200 static void n_tty_kick_worker(struct tty_struct *tty)
201 {
202 struct n_tty_data *ldata = tty->disc_data;
203
204 /* Did the input worker stop? Restart it */
205 if (unlikely(ldata->no_room)) {
206 ldata->no_room = 0;
207
208 WARN_RATELIMIT(tty->port->itty == NULL,
209 "scheduling with invalid itty\n");
210 /* see if ldisc has been killed - if so, this means that
211 * even though the ldisc has been halted and ->buf.work
212 * cancelled, ->buf.work is about to be rescheduled
213 */
214 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
215 "scheduling buffer work for halted ldisc\n");
216 tty_buffer_restart_work(tty->port);
217 }
218 }
219
chars_in_buffer(struct tty_struct * tty)220 static ssize_t chars_in_buffer(struct tty_struct *tty)
221 {
222 struct n_tty_data *ldata = tty->disc_data;
223 ssize_t n = 0;
224
225 if (!ldata->icanon)
226 n = ldata->commit_head - ldata->read_tail;
227 else
228 n = ldata->canon_head - ldata->read_tail;
229 return n;
230 }
231
232 /**
233 * n_tty_write_wakeup - asynchronous I/O notifier
234 * @tty: tty device
235 *
236 * Required for the ptys, serial driver etc. since processes
237 * that attach themselves to the master and rely on ASYNC
238 * IO must be woken up
239 */
240
n_tty_write_wakeup(struct tty_struct * tty)241 static void n_tty_write_wakeup(struct tty_struct *tty)
242 {
243 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
244 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
245 }
246
n_tty_check_throttle(struct tty_struct * tty)247 static void n_tty_check_throttle(struct tty_struct *tty)
248 {
249 struct n_tty_data *ldata = tty->disc_data;
250
251 /*
252 * Check the remaining room for the input canonicalization
253 * mode. We don't want to throttle the driver if we're in
254 * canonical mode and don't have a newline yet!
255 */
256 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
257 return;
258
259 while (1) {
260 int throttled;
261 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
262 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
263 break;
264 throttled = tty_throttle_safe(tty);
265 if (!throttled)
266 break;
267 }
268 __tty_set_flow_change(tty, 0);
269 }
270
n_tty_check_unthrottle(struct tty_struct * tty)271 static void n_tty_check_unthrottle(struct tty_struct *tty)
272 {
273 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
274 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
275 return;
276 n_tty_kick_worker(tty);
277 tty_wakeup(tty->link);
278 return;
279 }
280
281 /* If there is enough space in the read buffer now, let the
282 * low-level driver know. We use chars_in_buffer() to
283 * check the buffer, as it now knows about canonical mode.
284 * Otherwise, if the driver is throttled and the line is
285 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
286 * we won't get any more characters.
287 */
288
289 while (1) {
290 int unthrottled;
291 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
292 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
293 break;
294 n_tty_kick_worker(tty);
295 unthrottled = tty_unthrottle_safe(tty);
296 if (!unthrottled)
297 break;
298 }
299 __tty_set_flow_change(tty, 0);
300 }
301
302 /**
303 * put_tty_queue - add character to tty
304 * @c: character
305 * @ldata: n_tty data
306 *
307 * Add a character to the tty read_buf queue.
308 *
309 * n_tty_receive_buf()/producer path:
310 * caller holds non-exclusive termios_rwsem
311 */
312
put_tty_queue(unsigned char c,struct n_tty_data * ldata)313 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
314 {
315 *read_buf_addr(ldata, ldata->read_head) = c;
316 ldata->read_head++;
317 }
318
319 /**
320 * reset_buffer_flags - reset buffer state
321 * @ldata: line disc data to reset
322 *
323 * Reset the read buffer counters and clear the flags.
324 * Called from n_tty_open() and n_tty_flush_buffer().
325 *
326 * Locking: caller holds exclusive termios_rwsem
327 * (or locking is not required)
328 */
329
reset_buffer_flags(struct n_tty_data * ldata)330 static void reset_buffer_flags(struct n_tty_data *ldata)
331 {
332 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
333 ldata->commit_head = 0;
334 ldata->line_start = 0;
335
336 ldata->erasing = 0;
337 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
338 ldata->push = 0;
339 }
340
n_tty_packet_mode_flush(struct tty_struct * tty)341 static void n_tty_packet_mode_flush(struct tty_struct *tty)
342 {
343 unsigned long flags;
344
345 if (tty->link->ctrl.packet) {
346 spin_lock_irqsave(&tty->ctrl.lock, flags);
347 tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
348 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
349 wake_up_interruptible(&tty->link->read_wait);
350 }
351 }
352
353 /**
354 * n_tty_flush_buffer - clean input queue
355 * @tty: terminal device
356 *
357 * Flush the input buffer. Called when the tty layer wants the
358 * buffer flushed (eg at hangup) or when the N_TTY line discipline
359 * internally has to clean the pending queue (for example some signals).
360 *
361 * Holds termios_rwsem to exclude producer/consumer while
362 * buffer indices are reset.
363 *
364 * Locking: ctrl.lock, exclusive termios_rwsem
365 */
366
n_tty_flush_buffer(struct tty_struct * tty)367 static void n_tty_flush_buffer(struct tty_struct *tty)
368 {
369 down_write(&tty->termios_rwsem);
370 reset_buffer_flags(tty->disc_data);
371 n_tty_kick_worker(tty);
372
373 if (tty->link)
374 n_tty_packet_mode_flush(tty);
375 up_write(&tty->termios_rwsem);
376 }
377
378 /**
379 * is_utf8_continuation - utf8 multibyte check
380 * @c: byte to check
381 *
382 * Returns true if the utf8 character 'c' is a multibyte continuation
383 * character. We use this to correctly compute the on screen size
384 * of the character when printing
385 */
386
is_utf8_continuation(unsigned char c)387 static inline int is_utf8_continuation(unsigned char c)
388 {
389 return (c & 0xc0) == 0x80;
390 }
391
392 /**
393 * is_continuation - multibyte check
394 * @c: byte to check
395 * @tty: terminal device
396 *
397 * Returns true if the utf8 character 'c' is a multibyte continuation
398 * character and the terminal is in unicode mode.
399 */
400
is_continuation(unsigned char c,struct tty_struct * tty)401 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
402 {
403 return I_IUTF8(tty) && is_utf8_continuation(c);
404 }
405
406 /**
407 * do_output_char - output one character
408 * @c: character (or partial unicode symbol)
409 * @tty: terminal device
410 * @space: space available in tty driver write buffer
411 *
412 * This is a helper function that handles one output character
413 * (including special characters like TAB, CR, LF, etc.),
414 * doing OPOST processing and putting the results in the
415 * tty driver's write buffer.
416 *
417 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
418 * and NLDLY. They simply aren't relevant in the world today.
419 * If you ever need them, add them here.
420 *
421 * Returns the number of bytes of buffer space used or -1 if
422 * no space left.
423 *
424 * Locking: should be called under the output_lock to protect
425 * the column state and space left in the buffer
426 */
427
do_output_char(unsigned char c,struct tty_struct * tty,int space)428 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
429 {
430 struct n_tty_data *ldata = tty->disc_data;
431 int spaces;
432
433 if (!space)
434 return -1;
435
436 switch (c) {
437 case '\n':
438 if (O_ONLRET(tty))
439 ldata->column = 0;
440 if (O_ONLCR(tty)) {
441 if (space < 2)
442 return -1;
443 ldata->canon_column = ldata->column = 0;
444 tty->ops->write(tty, "\r\n", 2);
445 return 2;
446 }
447 ldata->canon_column = ldata->column;
448 break;
449 case '\r':
450 if (O_ONOCR(tty) && ldata->column == 0)
451 return 0;
452 if (O_OCRNL(tty)) {
453 c = '\n';
454 if (O_ONLRET(tty))
455 ldata->canon_column = ldata->column = 0;
456 break;
457 }
458 ldata->canon_column = ldata->column = 0;
459 break;
460 case '\t':
461 spaces = 8 - (ldata->column & 7);
462 if (O_TABDLY(tty) == XTABS) {
463 if (space < spaces)
464 return -1;
465 ldata->column += spaces;
466 tty->ops->write(tty, " ", spaces);
467 return spaces;
468 }
469 ldata->column += spaces;
470 break;
471 case '\b':
472 if (ldata->column > 0)
473 ldata->column--;
474 break;
475 default:
476 if (!iscntrl(c)) {
477 if (O_OLCUC(tty))
478 c = toupper(c);
479 if (!is_continuation(c, tty))
480 ldata->column++;
481 }
482 break;
483 }
484
485 tty_put_char(tty, c);
486 return 1;
487 }
488
489 /**
490 * process_output - output post processor
491 * @c: character (or partial unicode symbol)
492 * @tty: terminal device
493 *
494 * Output one character with OPOST processing.
495 * Returns -1 when the output device is full and the character
496 * must be retried.
497 *
498 * Locking: output_lock to protect column state and space left
499 * (also, this is called from n_tty_write under the
500 * tty layer write lock)
501 */
502
process_output(unsigned char c,struct tty_struct * tty)503 static int process_output(unsigned char c, struct tty_struct *tty)
504 {
505 struct n_tty_data *ldata = tty->disc_data;
506 int space, retval;
507
508 mutex_lock(&ldata->output_lock);
509
510 space = tty_write_room(tty);
511 retval = do_output_char(c, tty, space);
512
513 mutex_unlock(&ldata->output_lock);
514 if (retval < 0)
515 return -1;
516 else
517 return 0;
518 }
519
520 /**
521 * process_output_block - block post processor
522 * @tty: terminal device
523 * @buf: character buffer
524 * @nr: number of bytes to output
525 *
526 * Output a block of characters with OPOST processing.
527 * Returns the number of characters output.
528 *
529 * This path is used to speed up block console writes, among other
530 * things when processing blocks of output data. It handles only
531 * the simple cases normally found and helps to generate blocks of
532 * symbols for the console driver and thus improve performance.
533 *
534 * Locking: output_lock to protect column state and space left
535 * (also, this is called from n_tty_write under the
536 * tty layer write lock)
537 */
538
process_output_block(struct tty_struct * tty,const unsigned char * buf,unsigned int nr)539 static ssize_t process_output_block(struct tty_struct *tty,
540 const unsigned char *buf, unsigned int nr)
541 {
542 struct n_tty_data *ldata = tty->disc_data;
543 int space;
544 int i;
545 const unsigned char *cp;
546
547 mutex_lock(&ldata->output_lock);
548
549 space = tty_write_room(tty);
550 if (space <= 0) {
551 mutex_unlock(&ldata->output_lock);
552 return space;
553 }
554 if (nr > space)
555 nr = space;
556
557 for (i = 0, cp = buf; i < nr; i++, cp++) {
558 unsigned char c = *cp;
559
560 switch (c) {
561 case '\n':
562 if (O_ONLRET(tty))
563 ldata->column = 0;
564 if (O_ONLCR(tty))
565 goto break_out;
566 ldata->canon_column = ldata->column;
567 break;
568 case '\r':
569 if (O_ONOCR(tty) && ldata->column == 0)
570 goto break_out;
571 if (O_OCRNL(tty))
572 goto break_out;
573 ldata->canon_column = ldata->column = 0;
574 break;
575 case '\t':
576 goto break_out;
577 case '\b':
578 if (ldata->column > 0)
579 ldata->column--;
580 break;
581 default:
582 if (!iscntrl(c)) {
583 if (O_OLCUC(tty))
584 goto break_out;
585 if (!is_continuation(c, tty))
586 ldata->column++;
587 }
588 break;
589 }
590 }
591 break_out:
592 i = tty->ops->write(tty, buf, i);
593
594 mutex_unlock(&ldata->output_lock);
595 return i;
596 }
597
598 /**
599 * process_echoes - write pending echo characters
600 * @tty: terminal device
601 *
602 * Write previously buffered echo (and other ldisc-generated)
603 * characters to the tty.
604 *
605 * Characters generated by the ldisc (including echoes) need to
606 * be buffered because the driver's write buffer can fill during
607 * heavy program output. Echoing straight to the driver will
608 * often fail under these conditions, causing lost characters and
609 * resulting mismatches of ldisc state information.
610 *
611 * Since the ldisc state must represent the characters actually sent
612 * to the driver at the time of the write, operations like certain
613 * changes in column state are also saved in the buffer and executed
614 * here.
615 *
616 * A circular fifo buffer is used so that the most recent characters
617 * are prioritized. Also, when control characters are echoed with a
618 * prefixed "^", the pair is treated atomically and thus not separated.
619 *
620 * Locking: callers must hold output_lock
621 */
622
__process_echoes(struct tty_struct * tty)623 static size_t __process_echoes(struct tty_struct *tty)
624 {
625 struct n_tty_data *ldata = tty->disc_data;
626 int space, old_space;
627 size_t tail;
628 unsigned char c;
629
630 old_space = space = tty_write_room(tty);
631
632 tail = ldata->echo_tail;
633 while (MASK(ldata->echo_commit) != MASK(tail)) {
634 c = echo_buf(ldata, tail);
635 if (c == ECHO_OP_START) {
636 unsigned char op;
637 int no_space_left = 0;
638
639 /*
640 * Since add_echo_byte() is called without holding
641 * output_lock, we might see only portion of multi-byte
642 * operation.
643 */
644 if (MASK(ldata->echo_commit) == MASK(tail + 1))
645 goto not_yet_stored;
646 /*
647 * If the buffer byte is the start of a multi-byte
648 * operation, get the next byte, which is either the
649 * op code or a control character value.
650 */
651 op = echo_buf(ldata, tail + 1);
652
653 switch (op) {
654 case ECHO_OP_ERASE_TAB: {
655 unsigned int num_chars, num_bs;
656
657 if (MASK(ldata->echo_commit) == MASK(tail + 2))
658 goto not_yet_stored;
659 num_chars = echo_buf(ldata, tail + 2);
660
661 /*
662 * Determine how many columns to go back
663 * in order to erase the tab.
664 * This depends on the number of columns
665 * used by other characters within the tab
666 * area. If this (modulo 8) count is from
667 * the start of input rather than from a
668 * previous tab, we offset by canon column.
669 * Otherwise, tab spacing is normal.
670 */
671 if (!(num_chars & 0x80))
672 num_chars += ldata->canon_column;
673 num_bs = 8 - (num_chars & 7);
674
675 if (num_bs > space) {
676 no_space_left = 1;
677 break;
678 }
679 space -= num_bs;
680 while (num_bs--) {
681 tty_put_char(tty, '\b');
682 if (ldata->column > 0)
683 ldata->column--;
684 }
685 tail += 3;
686 break;
687 }
688 case ECHO_OP_SET_CANON_COL:
689 ldata->canon_column = ldata->column;
690 tail += 2;
691 break;
692
693 case ECHO_OP_MOVE_BACK_COL:
694 if (ldata->column > 0)
695 ldata->column--;
696 tail += 2;
697 break;
698
699 case ECHO_OP_START:
700 /* This is an escaped echo op start code */
701 if (!space) {
702 no_space_left = 1;
703 break;
704 }
705 tty_put_char(tty, ECHO_OP_START);
706 ldata->column++;
707 space--;
708 tail += 2;
709 break;
710
711 default:
712 /*
713 * If the op is not a special byte code,
714 * it is a ctrl char tagged to be echoed
715 * as "^X" (where X is the letter
716 * representing the control char).
717 * Note that we must ensure there is
718 * enough space for the whole ctrl pair.
719 *
720 */
721 if (space < 2) {
722 no_space_left = 1;
723 break;
724 }
725 tty_put_char(tty, '^');
726 tty_put_char(tty, op ^ 0100);
727 ldata->column += 2;
728 space -= 2;
729 tail += 2;
730 }
731
732 if (no_space_left)
733 break;
734 } else {
735 if (O_OPOST(tty)) {
736 int retval = do_output_char(c, tty, space);
737 if (retval < 0)
738 break;
739 space -= retval;
740 } else {
741 if (!space)
742 break;
743 tty_put_char(tty, c);
744 space -= 1;
745 }
746 tail += 1;
747 }
748 }
749
750 /* If the echo buffer is nearly full (so that the possibility exists
751 * of echo overrun before the next commit), then discard enough
752 * data at the tail to prevent a subsequent overrun */
753 while (ldata->echo_commit > tail &&
754 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
755 if (echo_buf(ldata, tail) == ECHO_OP_START) {
756 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
757 tail += 3;
758 else
759 tail += 2;
760 } else
761 tail++;
762 }
763
764 not_yet_stored:
765 ldata->echo_tail = tail;
766 return old_space - space;
767 }
768
commit_echoes(struct tty_struct * tty)769 static void commit_echoes(struct tty_struct *tty)
770 {
771 struct n_tty_data *ldata = tty->disc_data;
772 size_t nr, old, echoed;
773 size_t head;
774
775 mutex_lock(&ldata->output_lock);
776 head = ldata->echo_head;
777 ldata->echo_mark = head;
778 old = ldata->echo_commit - ldata->echo_tail;
779
780 /* Process committed echoes if the accumulated # of bytes
781 * is over the threshold (and try again each time another
782 * block is accumulated) */
783 nr = head - ldata->echo_tail;
784 if (nr < ECHO_COMMIT_WATERMARK ||
785 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
786 mutex_unlock(&ldata->output_lock);
787 return;
788 }
789
790 ldata->echo_commit = head;
791 echoed = __process_echoes(tty);
792 mutex_unlock(&ldata->output_lock);
793
794 if (echoed && tty->ops->flush_chars)
795 tty->ops->flush_chars(tty);
796 }
797
process_echoes(struct tty_struct * tty)798 static void process_echoes(struct tty_struct *tty)
799 {
800 struct n_tty_data *ldata = tty->disc_data;
801 size_t echoed;
802
803 if (ldata->echo_mark == ldata->echo_tail)
804 return;
805
806 mutex_lock(&ldata->output_lock);
807 ldata->echo_commit = ldata->echo_mark;
808 echoed = __process_echoes(tty);
809 mutex_unlock(&ldata->output_lock);
810
811 if (echoed && tty->ops->flush_chars)
812 tty->ops->flush_chars(tty);
813 }
814
815 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)816 static void flush_echoes(struct tty_struct *tty)
817 {
818 struct n_tty_data *ldata = tty->disc_data;
819
820 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
821 ldata->echo_commit == ldata->echo_head)
822 return;
823
824 mutex_lock(&ldata->output_lock);
825 ldata->echo_commit = ldata->echo_head;
826 __process_echoes(tty);
827 mutex_unlock(&ldata->output_lock);
828 }
829
830 /**
831 * add_echo_byte - add a byte to the echo buffer
832 * @c: unicode byte to echo
833 * @ldata: n_tty data
834 *
835 * Add a character or operation byte to the echo buffer.
836 */
837
add_echo_byte(unsigned char c,struct n_tty_data * ldata)838 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
839 {
840 *echo_buf_addr(ldata, ldata->echo_head) = c;
841 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
842 ldata->echo_head++;
843 }
844
845 /**
846 * echo_move_back_col - add operation to move back a column
847 * @ldata: n_tty data
848 *
849 * Add an operation to the echo buffer to move back one column.
850 */
851
echo_move_back_col(struct n_tty_data * ldata)852 static void echo_move_back_col(struct n_tty_data *ldata)
853 {
854 add_echo_byte(ECHO_OP_START, ldata);
855 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
856 }
857
858 /**
859 * echo_set_canon_col - add operation to set the canon column
860 * @ldata: n_tty data
861 *
862 * Add an operation to the echo buffer to set the canon column
863 * to the current column.
864 */
865
echo_set_canon_col(struct n_tty_data * ldata)866 static void echo_set_canon_col(struct n_tty_data *ldata)
867 {
868 add_echo_byte(ECHO_OP_START, ldata);
869 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
870 }
871
872 /**
873 * echo_erase_tab - add operation to erase a tab
874 * @num_chars: number of character columns already used
875 * @after_tab: true if num_chars starts after a previous tab
876 * @ldata: n_tty data
877 *
878 * Add an operation to the echo buffer to erase a tab.
879 *
880 * Called by the eraser function, which knows how many character
881 * columns have been used since either a previous tab or the start
882 * of input. This information will be used later, along with
883 * canon column (if applicable), to go back the correct number
884 * of columns.
885 */
886
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)887 static void echo_erase_tab(unsigned int num_chars, int after_tab,
888 struct n_tty_data *ldata)
889 {
890 add_echo_byte(ECHO_OP_START, ldata);
891 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
892
893 /* We only need to know this modulo 8 (tab spacing) */
894 num_chars &= 7;
895
896 /* Set the high bit as a flag if num_chars is after a previous tab */
897 if (after_tab)
898 num_chars |= 0x80;
899
900 add_echo_byte(num_chars, ldata);
901 }
902
903 /**
904 * echo_char_raw - echo a character raw
905 * @c: unicode byte to echo
906 * @ldata: line disc data
907 *
908 * Echo user input back onto the screen. This must be called only when
909 * L_ECHO(tty) is true. Called from the driver receive_buf path.
910 *
911 * This variant does not treat control characters specially.
912 */
913
echo_char_raw(unsigned char c,struct n_tty_data * ldata)914 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
915 {
916 if (c == ECHO_OP_START) {
917 add_echo_byte(ECHO_OP_START, ldata);
918 add_echo_byte(ECHO_OP_START, ldata);
919 } else {
920 add_echo_byte(c, ldata);
921 }
922 }
923
924 /**
925 * echo_char - echo a character
926 * @c: unicode byte to echo
927 * @tty: terminal device
928 *
929 * Echo user input back onto the screen. This must be called only when
930 * L_ECHO(tty) is true. Called from the driver receive_buf path.
931 *
932 * This variant tags control characters to be echoed as "^X"
933 * (where X is the letter representing the control char).
934 */
935
echo_char(unsigned char c,struct tty_struct * tty)936 static void echo_char(unsigned char c, struct tty_struct *tty)
937 {
938 struct n_tty_data *ldata = tty->disc_data;
939
940 if (c == ECHO_OP_START) {
941 add_echo_byte(ECHO_OP_START, ldata);
942 add_echo_byte(ECHO_OP_START, ldata);
943 } else {
944 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
945 add_echo_byte(ECHO_OP_START, ldata);
946 add_echo_byte(c, ldata);
947 }
948 }
949
950 /**
951 * finish_erasing - complete erase
952 * @ldata: n_tty data
953 */
954
finish_erasing(struct n_tty_data * ldata)955 static inline void finish_erasing(struct n_tty_data *ldata)
956 {
957 if (ldata->erasing) {
958 echo_char_raw('/', ldata);
959 ldata->erasing = 0;
960 }
961 }
962
963 /**
964 * eraser - handle erase function
965 * @c: character input
966 * @tty: terminal device
967 *
968 * Perform erase and necessary output when an erase character is
969 * present in the stream from the driver layer. Handles the complexities
970 * of UTF-8 multibyte symbols.
971 *
972 * n_tty_receive_buf()/producer path:
973 * caller holds non-exclusive termios_rwsem
974 */
975
eraser(unsigned char c,struct tty_struct * tty)976 static void eraser(unsigned char c, struct tty_struct *tty)
977 {
978 struct n_tty_data *ldata = tty->disc_data;
979 enum { ERASE, WERASE, KILL } kill_type;
980 size_t head;
981 size_t cnt;
982 int seen_alnums;
983
984 if (ldata->read_head == ldata->canon_head) {
985 /* process_output('\a', tty); */ /* what do you think? */
986 return;
987 }
988 if (c == ERASE_CHAR(tty))
989 kill_type = ERASE;
990 else if (c == WERASE_CHAR(tty))
991 kill_type = WERASE;
992 else {
993 if (!L_ECHO(tty)) {
994 ldata->read_head = ldata->canon_head;
995 return;
996 }
997 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
998 ldata->read_head = ldata->canon_head;
999 finish_erasing(ldata);
1000 echo_char(KILL_CHAR(tty), tty);
1001 /* Add a newline if ECHOK is on and ECHOKE is off. */
1002 if (L_ECHOK(tty))
1003 echo_char_raw('\n', ldata);
1004 return;
1005 }
1006 kill_type = KILL;
1007 }
1008
1009 seen_alnums = 0;
1010 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
1011 head = ldata->read_head;
1012
1013 /* erase a single possibly multibyte character */
1014 do {
1015 head--;
1016 c = read_buf(ldata, head);
1017 } while (is_continuation(c, tty) &&
1018 MASK(head) != MASK(ldata->canon_head));
1019
1020 /* do not partially erase */
1021 if (is_continuation(c, tty))
1022 break;
1023
1024 if (kill_type == WERASE) {
1025 /* Equivalent to BSD's ALTWERASE. */
1026 if (isalnum(c) || c == '_')
1027 seen_alnums++;
1028 else if (seen_alnums)
1029 break;
1030 }
1031 cnt = ldata->read_head - head;
1032 ldata->read_head = head;
1033 if (L_ECHO(tty)) {
1034 if (L_ECHOPRT(tty)) {
1035 if (!ldata->erasing) {
1036 echo_char_raw('\\', ldata);
1037 ldata->erasing = 1;
1038 }
1039 /* if cnt > 1, output a multi-byte character */
1040 echo_char(c, tty);
1041 while (--cnt > 0) {
1042 head++;
1043 echo_char_raw(read_buf(ldata, head), ldata);
1044 echo_move_back_col(ldata);
1045 }
1046 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1047 echo_char(ERASE_CHAR(tty), tty);
1048 } else if (c == '\t') {
1049 unsigned int num_chars = 0;
1050 int after_tab = 0;
1051 size_t tail = ldata->read_head;
1052
1053 /*
1054 * Count the columns used for characters
1055 * since the start of input or after a
1056 * previous tab.
1057 * This info is used to go back the correct
1058 * number of columns.
1059 */
1060 while (MASK(tail) != MASK(ldata->canon_head)) {
1061 tail--;
1062 c = read_buf(ldata, tail);
1063 if (c == '\t') {
1064 after_tab = 1;
1065 break;
1066 } else if (iscntrl(c)) {
1067 if (L_ECHOCTL(tty))
1068 num_chars += 2;
1069 } else if (!is_continuation(c, tty)) {
1070 num_chars++;
1071 }
1072 }
1073 echo_erase_tab(num_chars, after_tab, ldata);
1074 } else {
1075 if (iscntrl(c) && L_ECHOCTL(tty)) {
1076 echo_char_raw('\b', ldata);
1077 echo_char_raw(' ', ldata);
1078 echo_char_raw('\b', ldata);
1079 }
1080 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1081 echo_char_raw('\b', ldata);
1082 echo_char_raw(' ', ldata);
1083 echo_char_raw('\b', ldata);
1084 }
1085 }
1086 }
1087 if (kill_type == ERASE)
1088 break;
1089 }
1090 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1091 finish_erasing(ldata);
1092 }
1093
1094 /**
1095 * isig - handle the ISIG optio
1096 * @sig: signal
1097 * @tty: terminal
1098 *
1099 * Called when a signal is being sent due to terminal input.
1100 * Called from the driver receive_buf path so serialized.
1101 *
1102 * Performs input and output flush if !NOFLSH. In this context, the echo
1103 * buffer is 'output'. The signal is processed first to alert any current
1104 * readers or writers to discontinue and exit their i/o loops.
1105 *
1106 * Locking: ctrl.lock
1107 */
1108
__isig(int sig,struct tty_struct * tty)1109 static void __isig(int sig, struct tty_struct *tty)
1110 {
1111 struct pid *tty_pgrp = tty_get_pgrp(tty);
1112 if (tty_pgrp) {
1113 kill_pgrp(tty_pgrp, sig, 1);
1114 put_pid(tty_pgrp);
1115 }
1116 }
1117
isig(int sig,struct tty_struct * tty)1118 static void isig(int sig, struct tty_struct *tty)
1119 {
1120 struct n_tty_data *ldata = tty->disc_data;
1121
1122 if (L_NOFLSH(tty)) {
1123 /* signal only */
1124 __isig(sig, tty);
1125
1126 } else { /* signal and flush */
1127 up_read(&tty->termios_rwsem);
1128 down_write(&tty->termios_rwsem);
1129
1130 __isig(sig, tty);
1131
1132 /* clear echo buffer */
1133 mutex_lock(&ldata->output_lock);
1134 ldata->echo_head = ldata->echo_tail = 0;
1135 ldata->echo_mark = ldata->echo_commit = 0;
1136 mutex_unlock(&ldata->output_lock);
1137
1138 /* clear output buffer */
1139 tty_driver_flush_buffer(tty);
1140
1141 /* clear input buffer */
1142 reset_buffer_flags(tty->disc_data);
1143
1144 /* notify pty master of flush */
1145 if (tty->link)
1146 n_tty_packet_mode_flush(tty);
1147
1148 up_write(&tty->termios_rwsem);
1149 down_read(&tty->termios_rwsem);
1150 }
1151 }
1152
1153 /**
1154 * n_tty_receive_break - handle break
1155 * @tty: terminal
1156 *
1157 * An RS232 break event has been hit in the incoming bitstream. This
1158 * can cause a variety of events depending upon the termios settings.
1159 *
1160 * n_tty_receive_buf()/producer path:
1161 * caller holds non-exclusive termios_rwsem
1162 *
1163 * Note: may get exclusive termios_rwsem if flushing input buffer
1164 */
1165
n_tty_receive_break(struct tty_struct * tty)1166 static void n_tty_receive_break(struct tty_struct *tty)
1167 {
1168 struct n_tty_data *ldata = tty->disc_data;
1169
1170 if (I_IGNBRK(tty))
1171 return;
1172 if (I_BRKINT(tty)) {
1173 isig(SIGINT, tty);
1174 return;
1175 }
1176 if (I_PARMRK(tty)) {
1177 put_tty_queue('\377', ldata);
1178 put_tty_queue('\0', ldata);
1179 }
1180 put_tty_queue('\0', ldata);
1181 }
1182
1183 /**
1184 * n_tty_receive_overrun - handle overrun reporting
1185 * @tty: terminal
1186 *
1187 * Data arrived faster than we could process it. While the tty
1188 * driver has flagged this the bits that were missed are gone
1189 * forever.
1190 *
1191 * Called from the receive_buf path so single threaded. Does not
1192 * need locking as num_overrun and overrun_time are function
1193 * private.
1194 */
1195
n_tty_receive_overrun(struct tty_struct * tty)1196 static void n_tty_receive_overrun(struct tty_struct *tty)
1197 {
1198 struct n_tty_data *ldata = tty->disc_data;
1199
1200 ldata->num_overrun++;
1201 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1202 time_after(ldata->overrun_time, jiffies)) {
1203 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1204 ldata->overrun_time = jiffies;
1205 ldata->num_overrun = 0;
1206 }
1207 }
1208
1209 /**
1210 * n_tty_receive_parity_error - error notifier
1211 * @tty: terminal device
1212 * @c: character
1213 *
1214 * Process a parity error and queue the right data to indicate
1215 * the error case if necessary.
1216 *
1217 * n_tty_receive_buf()/producer path:
1218 * caller holds non-exclusive termios_rwsem
1219 */
n_tty_receive_parity_error(struct tty_struct * tty,unsigned char c)1220 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1221 {
1222 struct n_tty_data *ldata = tty->disc_data;
1223
1224 if (I_INPCK(tty)) {
1225 if (I_IGNPAR(tty))
1226 return;
1227 if (I_PARMRK(tty)) {
1228 put_tty_queue('\377', ldata);
1229 put_tty_queue('\0', ldata);
1230 put_tty_queue(c, ldata);
1231 } else
1232 put_tty_queue('\0', ldata);
1233 } else
1234 put_tty_queue(c, ldata);
1235 }
1236
1237 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,unsigned char c)1238 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1239 {
1240 isig(signal, tty);
1241 if (I_IXON(tty))
1242 start_tty(tty);
1243 if (L_ECHO(tty)) {
1244 echo_char(c, tty);
1245 commit_echoes(tty);
1246 } else
1247 process_echoes(tty);
1248 }
1249
1250 /**
1251 * n_tty_receive_char - perform processing
1252 * @tty: terminal device
1253 * @c: character
1254 *
1255 * Process an individual character of input received from the driver.
1256 * This is serialized with respect to itself by the rules for the
1257 * driver above.
1258 *
1259 * n_tty_receive_buf()/producer path:
1260 * caller holds non-exclusive termios_rwsem
1261 * publishes canon_head if canonical mode is active
1262 */
n_tty_receive_char_special(struct tty_struct * tty,unsigned char c)1263 static void n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1264 {
1265 struct n_tty_data *ldata = tty->disc_data;
1266
1267 if (I_IXON(tty)) {
1268 if (c == START_CHAR(tty)) {
1269 start_tty(tty);
1270 process_echoes(tty);
1271 return;
1272 }
1273 if (c == STOP_CHAR(tty)) {
1274 stop_tty(tty);
1275 return;
1276 }
1277 }
1278
1279 if (L_ISIG(tty)) {
1280 if (c == INTR_CHAR(tty)) {
1281 n_tty_receive_signal_char(tty, SIGINT, c);
1282 return;
1283 } else if (c == QUIT_CHAR(tty)) {
1284 n_tty_receive_signal_char(tty, SIGQUIT, c);
1285 return;
1286 } else if (c == SUSP_CHAR(tty)) {
1287 n_tty_receive_signal_char(tty, SIGTSTP, c);
1288 return;
1289 }
1290 }
1291
1292 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1293 start_tty(tty);
1294 process_echoes(tty);
1295 }
1296
1297 if (c == '\r') {
1298 if (I_IGNCR(tty))
1299 return;
1300 if (I_ICRNL(tty))
1301 c = '\n';
1302 } else if (c == '\n' && I_INLCR(tty))
1303 c = '\r';
1304
1305 if (ldata->icanon) {
1306 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1307 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1308 eraser(c, tty);
1309 commit_echoes(tty);
1310 return;
1311 }
1312 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1313 ldata->lnext = 1;
1314 if (L_ECHO(tty)) {
1315 finish_erasing(ldata);
1316 if (L_ECHOCTL(tty)) {
1317 echo_char_raw('^', ldata);
1318 echo_char_raw('\b', ldata);
1319 commit_echoes(tty);
1320 }
1321 }
1322 return;
1323 }
1324 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1325 size_t tail = ldata->canon_head;
1326
1327 finish_erasing(ldata);
1328 echo_char(c, tty);
1329 echo_char_raw('\n', ldata);
1330 while (MASK(tail) != MASK(ldata->read_head)) {
1331 echo_char(read_buf(ldata, tail), tty);
1332 tail++;
1333 }
1334 commit_echoes(tty);
1335 return;
1336 }
1337 if (c == '\n') {
1338 if (L_ECHO(tty) || L_ECHONL(tty)) {
1339 echo_char_raw('\n', ldata);
1340 commit_echoes(tty);
1341 }
1342 goto handle_newline;
1343 }
1344 if (c == EOF_CHAR(tty)) {
1345 c = __DISABLED_CHAR;
1346 goto handle_newline;
1347 }
1348 if ((c == EOL_CHAR(tty)) ||
1349 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1350 /*
1351 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1352 */
1353 if (L_ECHO(tty)) {
1354 /* Record the column of first canon char. */
1355 if (ldata->canon_head == ldata->read_head)
1356 echo_set_canon_col(ldata);
1357 echo_char(c, tty);
1358 commit_echoes(tty);
1359 }
1360 /*
1361 * XXX does PARMRK doubling happen for
1362 * EOL_CHAR and EOL2_CHAR?
1363 */
1364 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1365 put_tty_queue(c, ldata);
1366
1367 handle_newline:
1368 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1369 put_tty_queue(c, ldata);
1370 smp_store_release(&ldata->canon_head, ldata->read_head);
1371 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1372 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1373 return;
1374 }
1375 }
1376
1377 if (L_ECHO(tty)) {
1378 finish_erasing(ldata);
1379 if (c == '\n')
1380 echo_char_raw('\n', ldata);
1381 else {
1382 /* Record the column of first canon char. */
1383 if (ldata->canon_head == ldata->read_head)
1384 echo_set_canon_col(ldata);
1385 echo_char(c, tty);
1386 }
1387 commit_echoes(tty);
1388 }
1389
1390 /* PARMRK doubling check */
1391 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1392 put_tty_queue(c, ldata);
1393
1394 put_tty_queue(c, ldata);
1395 }
1396
n_tty_receive_char(struct tty_struct * tty,unsigned char c)1397 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1398 {
1399 struct n_tty_data *ldata = tty->disc_data;
1400
1401 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1402 start_tty(tty);
1403 process_echoes(tty);
1404 }
1405 if (L_ECHO(tty)) {
1406 finish_erasing(ldata);
1407 /* Record the column of first canon char. */
1408 if (ldata->canon_head == ldata->read_head)
1409 echo_set_canon_col(ldata);
1410 echo_char(c, tty);
1411 commit_echoes(tty);
1412 }
1413 /* PARMRK doubling check */
1414 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1415 put_tty_queue(c, ldata);
1416 put_tty_queue(c, ldata);
1417 }
1418
n_tty_receive_char_closing(struct tty_struct * tty,unsigned char c)1419 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1420 {
1421 if (I_ISTRIP(tty))
1422 c &= 0x7f;
1423 if (I_IUCLC(tty) && L_IEXTEN(tty))
1424 c = tolower(c);
1425
1426 if (I_IXON(tty)) {
1427 if (c == STOP_CHAR(tty))
1428 stop_tty(tty);
1429 else if (c == START_CHAR(tty) ||
1430 (tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1431 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1432 c != SUSP_CHAR(tty))) {
1433 start_tty(tty);
1434 process_echoes(tty);
1435 }
1436 }
1437 }
1438
1439 static void
n_tty_receive_char_flagged(struct tty_struct * tty,unsigned char c,char flag)1440 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1441 {
1442 switch (flag) {
1443 case TTY_BREAK:
1444 n_tty_receive_break(tty);
1445 break;
1446 case TTY_PARITY:
1447 case TTY_FRAME:
1448 n_tty_receive_parity_error(tty, c);
1449 break;
1450 case TTY_OVERRUN:
1451 n_tty_receive_overrun(tty);
1452 break;
1453 default:
1454 tty_err(tty, "unknown flag %d\n", flag);
1455 break;
1456 }
1457 }
1458
1459 static void
n_tty_receive_char_lnext(struct tty_struct * tty,unsigned char c,char flag)1460 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1461 {
1462 struct n_tty_data *ldata = tty->disc_data;
1463
1464 ldata->lnext = 0;
1465 if (likely(flag == TTY_NORMAL)) {
1466 if (I_ISTRIP(tty))
1467 c &= 0x7f;
1468 if (I_IUCLC(tty) && L_IEXTEN(tty))
1469 c = tolower(c);
1470 n_tty_receive_char(tty, c);
1471 } else
1472 n_tty_receive_char_flagged(tty, c, flag);
1473 }
1474
1475 static void
n_tty_receive_buf_real_raw(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1476 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1477 const char *fp, int count)
1478 {
1479 struct n_tty_data *ldata = tty->disc_data;
1480 size_t n, head;
1481
1482 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1483 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1484 memcpy(read_buf_addr(ldata, head), cp, n);
1485 ldata->read_head += n;
1486 cp += n;
1487 count -= n;
1488
1489 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1490 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1491 memcpy(read_buf_addr(ldata, head), cp, n);
1492 ldata->read_head += n;
1493 }
1494
1495 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1496 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1497 const char *fp, int count)
1498 {
1499 struct n_tty_data *ldata = tty->disc_data;
1500 char flag = TTY_NORMAL;
1501
1502 while (count--) {
1503 if (fp)
1504 flag = *fp++;
1505 if (likely(flag == TTY_NORMAL))
1506 put_tty_queue(*cp++, ldata);
1507 else
1508 n_tty_receive_char_flagged(tty, *cp++, flag);
1509 }
1510 }
1511
1512 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1513 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1514 const char *fp, int count)
1515 {
1516 char flag = TTY_NORMAL;
1517
1518 while (count--) {
1519 if (fp)
1520 flag = *fp++;
1521 if (likely(flag == TTY_NORMAL))
1522 n_tty_receive_char_closing(tty, *cp++);
1523 }
1524 }
1525
n_tty_receive_buf_standard(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1526 static void n_tty_receive_buf_standard(struct tty_struct *tty,
1527 const unsigned char *cp, const char *fp, int count)
1528 {
1529 struct n_tty_data *ldata = tty->disc_data;
1530 char flag = TTY_NORMAL;
1531
1532 while (count--) {
1533 unsigned char c = *cp++;
1534
1535 if (fp)
1536 flag = *fp++;
1537
1538 if (ldata->lnext) {
1539 n_tty_receive_char_lnext(tty, c, flag);
1540 continue;
1541 }
1542
1543 if (unlikely(flag != TTY_NORMAL)) {
1544 n_tty_receive_char_flagged(tty, c, flag);
1545 continue;
1546 }
1547
1548 if (I_ISTRIP(tty))
1549 c &= 0x7f;
1550 if (I_IUCLC(tty) && L_IEXTEN(tty))
1551 c = tolower(c);
1552 if (L_EXTPROC(tty)) {
1553 put_tty_queue(c, ldata);
1554 continue;
1555 }
1556
1557 if (test_bit(c, ldata->char_map))
1558 n_tty_receive_char_special(tty, c);
1559 else
1560 n_tty_receive_char(tty, c);
1561 }
1562 }
1563
__receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1564 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1565 const char *fp, int count)
1566 {
1567 struct n_tty_data *ldata = tty->disc_data;
1568 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1569
1570 if (ldata->real_raw)
1571 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1572 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1573 n_tty_receive_buf_raw(tty, cp, fp, count);
1574 else if (tty->closing && !L_EXTPROC(tty))
1575 n_tty_receive_buf_closing(tty, cp, fp, count);
1576 else {
1577 n_tty_receive_buf_standard(tty, cp, fp, count);
1578
1579 flush_echoes(tty);
1580 if (tty->ops->flush_chars)
1581 tty->ops->flush_chars(tty);
1582 }
1583
1584 if (ldata->icanon && !L_EXTPROC(tty))
1585 return;
1586
1587 /* publish read_head to consumer */
1588 smp_store_release(&ldata->commit_head, ldata->read_head);
1589
1590 if (read_cnt(ldata)) {
1591 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1592 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1593 }
1594 }
1595
1596 /**
1597 * n_tty_receive_buf_common - process input
1598 * @tty: device to receive input
1599 * @cp: input chars
1600 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1601 * @count: number of input chars in @cp
1602 * @flow: enable flow control
1603 *
1604 * Called by the terminal driver when a block of characters has
1605 * been received. This function must be called from soft contexts
1606 * not from interrupt context. The driver is responsible for making
1607 * calls one at a time and in order (or using flush_to_ldisc)
1608 *
1609 * Returns the # of input chars from @cp which were processed.
1610 *
1611 * In canonical mode, the maximum line length is 4096 chars (including
1612 * the line termination char); lines longer than 4096 chars are
1613 * truncated. After 4095 chars, input data is still processed but
1614 * not stored. Overflow processing ensures the tty can always
1615 * receive more input until at least one line can be read.
1616 *
1617 * In non-canonical mode, the read buffer will only accept 4095 chars;
1618 * this provides the necessary space for a newline char if the input
1619 * mode is switched to canonical.
1620 *
1621 * Note it is possible for the read buffer to _contain_ 4096 chars
1622 * in non-canonical mode: the read buffer could already contain the
1623 * maximum canon line of 4096 chars when the mode is switched to
1624 * non-canonical.
1625 *
1626 * n_tty_receive_buf()/producer path:
1627 * claims non-exclusive termios_rwsem
1628 * publishes commit_head or canon_head
1629 */
1630 static int
n_tty_receive_buf_common(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count,int flow)1631 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1632 const char *fp, int count, int flow)
1633 {
1634 struct n_tty_data *ldata = tty->disc_data;
1635 int room, n, rcvd = 0, overflow;
1636
1637 down_read(&tty->termios_rwsem);
1638
1639 do {
1640 /*
1641 * When PARMRK is set, each input char may take up to 3 chars
1642 * in the read buf; reduce the buffer space avail by 3x
1643 *
1644 * If we are doing input canonicalization, and there are no
1645 * pending newlines, let characters through without limit, so
1646 * that erase characters will be handled. Other excess
1647 * characters will be beeped.
1648 *
1649 * paired with store in *_copy_from_read_buf() -- guarantees
1650 * the consumer has loaded the data in read_buf up to the new
1651 * read_tail (so this producer will not overwrite unread data)
1652 */
1653 size_t tail = smp_load_acquire(&ldata->read_tail);
1654
1655 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1656 if (I_PARMRK(tty))
1657 room = (room + 2) / 3;
1658 room--;
1659 if (room <= 0) {
1660 overflow = ldata->icanon && ldata->canon_head == tail;
1661 if (overflow && room < 0)
1662 ldata->read_head--;
1663 room = overflow;
1664 ldata->no_room = flow && !room;
1665 } else
1666 overflow = 0;
1667
1668 n = min(count, room);
1669 if (!n)
1670 break;
1671
1672 /* ignore parity errors if handling overflow */
1673 if (!overflow || !fp || *fp != TTY_PARITY)
1674 __receive_buf(tty, cp, fp, n);
1675
1676 cp += n;
1677 if (fp)
1678 fp += n;
1679 count -= n;
1680 rcvd += n;
1681 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1682
1683 tty->receive_room = room;
1684
1685 /* Unthrottle if handling overflow on pty */
1686 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1687 if (overflow) {
1688 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1689 tty_unthrottle_safe(tty);
1690 __tty_set_flow_change(tty, 0);
1691 }
1692 } else
1693 n_tty_check_throttle(tty);
1694
1695 up_read(&tty->termios_rwsem);
1696
1697 return rcvd;
1698 }
1699
n_tty_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1700 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1701 const char *fp, int count)
1702 {
1703 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1704 }
1705
n_tty_receive_buf2(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1706 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1707 const char *fp, int count)
1708 {
1709 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1710 }
1711
1712 /**
1713 * n_tty_set_termios - termios data changed
1714 * @tty: terminal
1715 * @old: previous data
1716 *
1717 * Called by the tty layer when the user changes termios flags so
1718 * that the line discipline can plan ahead. This function cannot sleep
1719 * and is protected from re-entry by the tty layer. The user is
1720 * guaranteed that this function will not be re-entered or in progress
1721 * when the ldisc is closed.
1722 *
1723 * Locking: Caller holds tty->termios_rwsem
1724 */
1725
n_tty_set_termios(struct tty_struct * tty,struct ktermios * old)1726 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1727 {
1728 struct n_tty_data *ldata = tty->disc_data;
1729
1730 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1731 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1732 ldata->line_start = ldata->read_tail;
1733 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1734 ldata->canon_head = ldata->read_tail;
1735 ldata->push = 0;
1736 } else {
1737 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1738 ldata->read_flags);
1739 ldata->canon_head = ldata->read_head;
1740 ldata->push = 1;
1741 }
1742 ldata->commit_head = ldata->read_head;
1743 ldata->erasing = 0;
1744 ldata->lnext = 0;
1745 }
1746
1747 ldata->icanon = (L_ICANON(tty) != 0);
1748
1749 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1750 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1751 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1752 I_PARMRK(tty)) {
1753 bitmap_zero(ldata->char_map, 256);
1754
1755 if (I_IGNCR(tty) || I_ICRNL(tty))
1756 set_bit('\r', ldata->char_map);
1757 if (I_INLCR(tty))
1758 set_bit('\n', ldata->char_map);
1759
1760 if (L_ICANON(tty)) {
1761 set_bit(ERASE_CHAR(tty), ldata->char_map);
1762 set_bit(KILL_CHAR(tty), ldata->char_map);
1763 set_bit(EOF_CHAR(tty), ldata->char_map);
1764 set_bit('\n', ldata->char_map);
1765 set_bit(EOL_CHAR(tty), ldata->char_map);
1766 if (L_IEXTEN(tty)) {
1767 set_bit(WERASE_CHAR(tty), ldata->char_map);
1768 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1769 set_bit(EOL2_CHAR(tty), ldata->char_map);
1770 if (L_ECHO(tty))
1771 set_bit(REPRINT_CHAR(tty),
1772 ldata->char_map);
1773 }
1774 }
1775 if (I_IXON(tty)) {
1776 set_bit(START_CHAR(tty), ldata->char_map);
1777 set_bit(STOP_CHAR(tty), ldata->char_map);
1778 }
1779 if (L_ISIG(tty)) {
1780 set_bit(INTR_CHAR(tty), ldata->char_map);
1781 set_bit(QUIT_CHAR(tty), ldata->char_map);
1782 set_bit(SUSP_CHAR(tty), ldata->char_map);
1783 }
1784 clear_bit(__DISABLED_CHAR, ldata->char_map);
1785 ldata->raw = 0;
1786 ldata->real_raw = 0;
1787 } else {
1788 ldata->raw = 1;
1789 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1790 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1791 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1792 ldata->real_raw = 1;
1793 else
1794 ldata->real_raw = 0;
1795 }
1796 /*
1797 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1798 * been stopped by STOP_CHAR(tty) before it.
1799 */
1800 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1801 start_tty(tty);
1802 process_echoes(tty);
1803 }
1804
1805 /* The termios change make the tty ready for I/O */
1806 wake_up_interruptible(&tty->write_wait);
1807 wake_up_interruptible(&tty->read_wait);
1808 }
1809
1810 /**
1811 * n_tty_close - close the ldisc for this tty
1812 * @tty: device
1813 *
1814 * Called from the terminal layer when this line discipline is
1815 * being shut down, either because of a close or becsuse of a
1816 * discipline change. The function will not be called while other
1817 * ldisc methods are in progress.
1818 */
1819
n_tty_close(struct tty_struct * tty)1820 static void n_tty_close(struct tty_struct *tty)
1821 {
1822 struct n_tty_data *ldata = tty->disc_data;
1823
1824 if (tty->link)
1825 n_tty_packet_mode_flush(tty);
1826
1827 down_write(&tty->termios_rwsem);
1828 vfree(ldata);
1829 tty->disc_data = NULL;
1830 up_write(&tty->termios_rwsem);
1831 }
1832
1833 /**
1834 * n_tty_open - open an ldisc
1835 * @tty: terminal to open
1836 *
1837 * Called when this line discipline is being attached to the
1838 * terminal device. Can sleep. Called serialized so that no
1839 * other events will occur in parallel. No further open will occur
1840 * until a close.
1841 */
1842
n_tty_open(struct tty_struct * tty)1843 static int n_tty_open(struct tty_struct *tty)
1844 {
1845 struct n_tty_data *ldata;
1846
1847 /* Currently a malloc failure here can panic */
1848 ldata = vzalloc(sizeof(*ldata));
1849 if (!ldata)
1850 return -ENOMEM;
1851
1852 ldata->overrun_time = jiffies;
1853 mutex_init(&ldata->atomic_read_lock);
1854 mutex_init(&ldata->output_lock);
1855
1856 tty->disc_data = ldata;
1857 tty->closing = 0;
1858 /* indicate buffer work may resume */
1859 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1860 n_tty_set_termios(tty, NULL);
1861 tty_unthrottle(tty);
1862 return 0;
1863 }
1864
input_available_p(struct tty_struct * tty,int poll)1865 static inline int input_available_p(struct tty_struct *tty, int poll)
1866 {
1867 struct n_tty_data *ldata = tty->disc_data;
1868 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1869
1870 if (ldata->icanon && !L_EXTPROC(tty))
1871 return ldata->canon_head != ldata->read_tail;
1872 else
1873 return ldata->commit_head - ldata->read_tail >= amt;
1874 }
1875
1876 /**
1877 * copy_from_read_buf - copy read data directly
1878 * @tty: terminal device
1879 * @kbp: data
1880 * @nr: size of data
1881 *
1882 * Helper function to speed up n_tty_read. It is only called when
1883 * ICANON is off; it copies characters straight from the tty queue.
1884 *
1885 * Called under the ldata->atomic_read_lock sem
1886 *
1887 * Returns true if it successfully copied data, but there is still
1888 * more data to be had.
1889 *
1890 * n_tty_read()/consumer path:
1891 * caller holds non-exclusive termios_rwsem
1892 * read_tail published
1893 */
1894
copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)1895 static bool copy_from_read_buf(struct tty_struct *tty,
1896 unsigned char **kbp,
1897 size_t *nr)
1898
1899 {
1900 struct n_tty_data *ldata = tty->disc_data;
1901 size_t n;
1902 bool is_eof;
1903 size_t head = smp_load_acquire(&ldata->commit_head);
1904 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1905
1906 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1907 n = min(*nr, n);
1908 if (n) {
1909 unsigned char *from = read_buf_addr(ldata, tail);
1910 memcpy(*kbp, from, n);
1911 is_eof = n == 1 && *from == EOF_CHAR(tty);
1912 tty_audit_add_data(tty, from, n);
1913 zero_buffer(tty, from, n);
1914 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1915 /* Turn single EOF into zero-length read */
1916 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1917 (head == ldata->read_tail))
1918 return false;
1919 *kbp += n;
1920 *nr -= n;
1921
1922 /* If we have more to copy, let the caller know */
1923 return head != ldata->read_tail;
1924 }
1925 return false;
1926 }
1927
1928 /**
1929 * canon_copy_from_read_buf - copy read data in canonical mode
1930 * @tty: terminal device
1931 * @kbp: data
1932 * @nr: size of data
1933 *
1934 * Helper function for n_tty_read. It is only called when ICANON is on;
1935 * it copies one line of input up to and including the line-delimiting
1936 * character into the result buffer.
1937 *
1938 * NB: When termios is changed from non-canonical to canonical mode and
1939 * the read buffer contains data, n_tty_set_termios() simulates an EOF
1940 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
1941 * This causes data already processed as input to be immediately available
1942 * as input although a newline has not been received.
1943 *
1944 * Called under the atomic_read_lock mutex
1945 *
1946 * n_tty_read()/consumer path:
1947 * caller holds non-exclusive termios_rwsem
1948 * read_tail published
1949 */
1950
canon_copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)1951 static bool canon_copy_from_read_buf(struct tty_struct *tty,
1952 unsigned char **kbp,
1953 size_t *nr)
1954 {
1955 struct n_tty_data *ldata = tty->disc_data;
1956 size_t n, size, more, c;
1957 size_t eol;
1958 size_t tail, canon_head;
1959 int found = 0;
1960
1961 /* N.B. avoid overrun if nr == 0 */
1962 if (!*nr)
1963 return false;
1964
1965 canon_head = smp_load_acquire(&ldata->canon_head);
1966 n = min(*nr + 1, canon_head - ldata->read_tail);
1967
1968 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1969 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
1970
1971 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
1972 __func__, *nr, tail, n, size);
1973
1974 eol = find_next_bit(ldata->read_flags, size, tail);
1975 more = n - (size - tail);
1976 if (eol == N_TTY_BUF_SIZE && more) {
1977 /* scan wrapped without finding set bit */
1978 eol = find_next_bit(ldata->read_flags, more, 0);
1979 found = eol != more;
1980 } else
1981 found = eol != size;
1982
1983 n = eol - tail;
1984 if (n > N_TTY_BUF_SIZE)
1985 n += N_TTY_BUF_SIZE;
1986 c = n + found;
1987
1988 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
1989 c = min(*nr, c);
1990 n = c;
1991 }
1992
1993 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
1994 __func__, eol, found, n, c, tail, more);
1995
1996 tty_copy(tty, *kbp, tail, n);
1997 *kbp += n;
1998 *nr -= n;
1999
2000 if (found)
2001 clear_bit(eol, ldata->read_flags);
2002 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2003
2004 if (found) {
2005 if (!ldata->push)
2006 ldata->line_start = ldata->read_tail;
2007 else
2008 ldata->push = 0;
2009 tty_audit_push();
2010 return false;
2011 }
2012
2013 /* No EOL found - do a continuation retry if there is more data */
2014 return ldata->read_tail != canon_head;
2015 }
2016
2017 /**
2018 * job_control - check job control
2019 * @tty: tty
2020 * @file: file handle
2021 *
2022 * Perform job control management checks on this file/tty descriptor
2023 * and if appropriate send any needed signals and return a negative
2024 * error code if action should be taken.
2025 *
2026 * Locking: redirected write test is safe
2027 * current->signal->tty check is safe
2028 * ctrl.lock to safely reference tty->ctrl.pgrp
2029 */
2030
job_control(struct tty_struct * tty,struct file * file)2031 static int job_control(struct tty_struct *tty, struct file *file)
2032 {
2033 /* Job control check -- must be done at start and after
2034 every sleep (POSIX.1 7.1.1.4). */
2035 /* NOTE: not yet done after every sleep pending a thorough
2036 check of the logic of this change. -- jlc */
2037 /* don't stop on /dev/console */
2038 if (file->f_op->write_iter == redirected_tty_write)
2039 return 0;
2040
2041 return __tty_check_change(tty, SIGTTIN);
2042 }
2043
2044
2045 /**
2046 * n_tty_read - read function for tty
2047 * @tty: tty device
2048 * @file: file object
2049 * @buf: userspace buffer pointer
2050 * @nr: size of I/O
2051 *
2052 * Perform reads for the line discipline. We are guaranteed that the
2053 * line discipline will not be closed under us but we may get multiple
2054 * parallel readers and must handle this ourselves. We may also get
2055 * a hangup. Always called in user context, may sleep.
2056 *
2057 * This code must be sure never to sleep through a hangup.
2058 *
2059 * n_tty_read()/consumer path:
2060 * claims non-exclusive termios_rwsem
2061 * publishes read_tail
2062 */
2063
n_tty_read(struct tty_struct * tty,struct file * file,unsigned char * kbuf,size_t nr,void ** cookie,unsigned long offset)2064 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2065 unsigned char *kbuf, size_t nr,
2066 void **cookie, unsigned long offset)
2067 {
2068 struct n_tty_data *ldata = tty->disc_data;
2069 unsigned char *kb = kbuf;
2070 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2071 int c;
2072 int minimum, time;
2073 ssize_t retval = 0;
2074 long timeout;
2075 bool packet;
2076 size_t tail;
2077
2078 /*
2079 * Is this a continuation of a read started earler?
2080 *
2081 * If so, we still hold the atomic_read_lock and the
2082 * termios_rwsem, and can just continue to copy data.
2083 */
2084 if (*cookie) {
2085 if (ldata->icanon && !L_EXTPROC(tty)) {
2086 if (canon_copy_from_read_buf(tty, &kb, &nr))
2087 return kb - kbuf;
2088 } else {
2089 if (copy_from_read_buf(tty, &kb, &nr))
2090 return kb - kbuf;
2091 }
2092
2093 /* No more data - release locks and stop retries */
2094 n_tty_kick_worker(tty);
2095 n_tty_check_unthrottle(tty);
2096 up_read(&tty->termios_rwsem);
2097 mutex_unlock(&ldata->atomic_read_lock);
2098 *cookie = NULL;
2099 return kb - kbuf;
2100 }
2101
2102 c = job_control(tty, file);
2103 if (c < 0)
2104 return c;
2105
2106 /*
2107 * Internal serialization of reads.
2108 */
2109 if (file->f_flags & O_NONBLOCK) {
2110 if (!mutex_trylock(&ldata->atomic_read_lock))
2111 return -EAGAIN;
2112 } else {
2113 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2114 return -ERESTARTSYS;
2115 }
2116
2117 down_read(&tty->termios_rwsem);
2118
2119 minimum = time = 0;
2120 timeout = MAX_SCHEDULE_TIMEOUT;
2121 if (!ldata->icanon) {
2122 minimum = MIN_CHAR(tty);
2123 if (minimum) {
2124 time = (HZ / 10) * TIME_CHAR(tty);
2125 } else {
2126 timeout = (HZ / 10) * TIME_CHAR(tty);
2127 minimum = 1;
2128 }
2129 }
2130
2131 packet = tty->ctrl.packet;
2132 tail = ldata->read_tail;
2133
2134 add_wait_queue(&tty->read_wait, &wait);
2135 while (nr) {
2136 /* First test for status change. */
2137 if (packet && tty->link->ctrl.pktstatus) {
2138 unsigned char cs;
2139 if (kb != kbuf)
2140 break;
2141 spin_lock_irq(&tty->link->ctrl.lock);
2142 cs = tty->link->ctrl.pktstatus;
2143 tty->link->ctrl.pktstatus = 0;
2144 spin_unlock_irq(&tty->link->ctrl.lock);
2145 *kb++ = cs;
2146 nr--;
2147 break;
2148 }
2149
2150 if (!input_available_p(tty, 0)) {
2151 up_read(&tty->termios_rwsem);
2152 tty_buffer_flush_work(tty->port);
2153 down_read(&tty->termios_rwsem);
2154 if (!input_available_p(tty, 0)) {
2155 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2156 retval = -EIO;
2157 break;
2158 }
2159 if (tty_hung_up_p(file))
2160 break;
2161 /*
2162 * Abort readers for ttys which never actually
2163 * get hung up. See __tty_hangup().
2164 */
2165 if (test_bit(TTY_HUPPING, &tty->flags))
2166 break;
2167 if (!timeout)
2168 break;
2169 if (tty_io_nonblock(tty, file)) {
2170 retval = -EAGAIN;
2171 break;
2172 }
2173 if (signal_pending(current)) {
2174 retval = -ERESTARTSYS;
2175 break;
2176 }
2177 up_read(&tty->termios_rwsem);
2178
2179 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2180 timeout);
2181
2182 down_read(&tty->termios_rwsem);
2183 continue;
2184 }
2185 }
2186
2187 if (ldata->icanon && !L_EXTPROC(tty)) {
2188 if (canon_copy_from_read_buf(tty, &kb, &nr))
2189 goto more_to_be_read;
2190 } else {
2191 /* Deal with packet mode. */
2192 if (packet && kb == kbuf) {
2193 *kb++ = TIOCPKT_DATA;
2194 nr--;
2195 }
2196
2197 /*
2198 * Copy data, and if there is more to be had
2199 * and we have nothing more to wait for, then
2200 * let's mark us for retries.
2201 *
2202 * NOTE! We return here with both the termios_sem
2203 * and atomic_read_lock still held, the retries
2204 * will release them when done.
2205 */
2206 if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2207 more_to_be_read:
2208 remove_wait_queue(&tty->read_wait, &wait);
2209 *cookie = cookie;
2210 return kb - kbuf;
2211 }
2212 }
2213
2214 n_tty_check_unthrottle(tty);
2215
2216 if (kb - kbuf >= minimum)
2217 break;
2218 if (time)
2219 timeout = time;
2220 }
2221 if (tail != ldata->read_tail)
2222 n_tty_kick_worker(tty);
2223 up_read(&tty->termios_rwsem);
2224
2225 remove_wait_queue(&tty->read_wait, &wait);
2226 mutex_unlock(&ldata->atomic_read_lock);
2227
2228 if (kb - kbuf)
2229 retval = kb - kbuf;
2230
2231 return retval;
2232 }
2233
2234 /**
2235 * n_tty_write - write function for tty
2236 * @tty: tty device
2237 * @file: file object
2238 * @buf: userspace buffer pointer
2239 * @nr: size of I/O
2240 *
2241 * Write function of the terminal device. This is serialized with
2242 * respect to other write callers but not to termios changes, reads
2243 * and other such events. Since the receive code will echo characters,
2244 * thus calling driver write methods, the output_lock is used in
2245 * the output processing functions called here as well as in the
2246 * echo processing function to protect the column state and space
2247 * left in the buffer.
2248 *
2249 * This code must be sure never to sleep through a hangup.
2250 *
2251 * Locking: output_lock to protect column state and space left
2252 * (note that the process_output*() functions take this
2253 * lock themselves)
2254 */
2255
n_tty_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2256 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2257 const unsigned char *buf, size_t nr)
2258 {
2259 const unsigned char *b = buf;
2260 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2261 int c;
2262 ssize_t retval = 0;
2263
2264 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2265 if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2266 retval = tty_check_change(tty);
2267 if (retval)
2268 return retval;
2269 }
2270
2271 down_read(&tty->termios_rwsem);
2272
2273 /* Write out any echoed characters that are still pending */
2274 process_echoes(tty);
2275
2276 add_wait_queue(&tty->write_wait, &wait);
2277 while (1) {
2278 if (signal_pending(current)) {
2279 retval = -ERESTARTSYS;
2280 break;
2281 }
2282 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2283 retval = -EIO;
2284 break;
2285 }
2286 if (O_OPOST(tty)) {
2287 while (nr > 0) {
2288 ssize_t num = process_output_block(tty, b, nr);
2289 if (num < 0) {
2290 if (num == -EAGAIN)
2291 break;
2292 retval = num;
2293 goto break_out;
2294 }
2295 b += num;
2296 nr -= num;
2297 if (nr == 0)
2298 break;
2299 c = *b;
2300 if (process_output(c, tty) < 0)
2301 break;
2302 b++; nr--;
2303 }
2304 if (tty->ops->flush_chars)
2305 tty->ops->flush_chars(tty);
2306 } else {
2307 struct n_tty_data *ldata = tty->disc_data;
2308
2309 while (nr > 0) {
2310 mutex_lock(&ldata->output_lock);
2311 c = tty->ops->write(tty, b, nr);
2312 mutex_unlock(&ldata->output_lock);
2313 if (c < 0) {
2314 retval = c;
2315 goto break_out;
2316 }
2317 if (!c)
2318 break;
2319 b += c;
2320 nr -= c;
2321 }
2322 }
2323 if (!nr)
2324 break;
2325 if (tty_io_nonblock(tty, file)) {
2326 retval = -EAGAIN;
2327 break;
2328 }
2329 up_read(&tty->termios_rwsem);
2330
2331 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2332
2333 down_read(&tty->termios_rwsem);
2334 }
2335 break_out:
2336 remove_wait_queue(&tty->write_wait, &wait);
2337 if (nr && tty->fasync)
2338 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2339 up_read(&tty->termios_rwsem);
2340 return (b - buf) ? b - buf : retval;
2341 }
2342
2343 /**
2344 * n_tty_poll - poll method for N_TTY
2345 * @tty: terminal device
2346 * @file: file accessing it
2347 * @wait: poll table
2348 *
2349 * Called when the line discipline is asked to poll() for data or
2350 * for special events. This code is not serialized with respect to
2351 * other events save open/close.
2352 *
2353 * This code must be sure never to sleep through a hangup.
2354 * Called without the kernel lock held - fine
2355 */
2356
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2357 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2358 poll_table *wait)
2359 {
2360 __poll_t mask = 0;
2361
2362 poll_wait(file, &tty->read_wait, wait);
2363 poll_wait(file, &tty->write_wait, wait);
2364 if (input_available_p(tty, 1))
2365 mask |= EPOLLIN | EPOLLRDNORM;
2366 else {
2367 tty_buffer_flush_work(tty->port);
2368 if (input_available_p(tty, 1))
2369 mask |= EPOLLIN | EPOLLRDNORM;
2370 }
2371 if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2372 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2373 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2374 mask |= EPOLLHUP;
2375 if (tty_hung_up_p(file))
2376 mask |= EPOLLHUP;
2377 if (tty->ops->write && !tty_is_writelocked(tty) &&
2378 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2379 tty_write_room(tty) > 0)
2380 mask |= EPOLLOUT | EPOLLWRNORM;
2381 return mask;
2382 }
2383
inq_canon(struct n_tty_data * ldata)2384 static unsigned long inq_canon(struct n_tty_data *ldata)
2385 {
2386 size_t nr, head, tail;
2387
2388 if (ldata->canon_head == ldata->read_tail)
2389 return 0;
2390 head = ldata->canon_head;
2391 tail = ldata->read_tail;
2392 nr = head - tail;
2393 /* Skip EOF-chars.. */
2394 while (MASK(head) != MASK(tail)) {
2395 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2396 read_buf(ldata, tail) == __DISABLED_CHAR)
2397 nr--;
2398 tail++;
2399 }
2400 return nr;
2401 }
2402
n_tty_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2403 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2404 unsigned int cmd, unsigned long arg)
2405 {
2406 struct n_tty_data *ldata = tty->disc_data;
2407 int retval;
2408
2409 switch (cmd) {
2410 case TIOCOUTQ:
2411 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2412 case TIOCINQ:
2413 down_write(&tty->termios_rwsem);
2414 if (L_ICANON(tty) && !L_EXTPROC(tty))
2415 retval = inq_canon(ldata);
2416 else
2417 retval = read_cnt(ldata);
2418 up_write(&tty->termios_rwsem);
2419 return put_user(retval, (unsigned int __user *) arg);
2420 default:
2421 return n_tty_ioctl_helper(tty, file, cmd, arg);
2422 }
2423 }
2424
2425 static struct tty_ldisc_ops n_tty_ops = {
2426 .owner = THIS_MODULE,
2427 .num = N_TTY,
2428 .name = "n_tty",
2429 .open = n_tty_open,
2430 .close = n_tty_close,
2431 .flush_buffer = n_tty_flush_buffer,
2432 .read = n_tty_read,
2433 .write = n_tty_write,
2434 .ioctl = n_tty_ioctl,
2435 .set_termios = n_tty_set_termios,
2436 .poll = n_tty_poll,
2437 .receive_buf = n_tty_receive_buf,
2438 .write_wakeup = n_tty_write_wakeup,
2439 .receive_buf2 = n_tty_receive_buf2,
2440 };
2441
2442 /**
2443 * n_tty_inherit_ops - inherit N_TTY methods
2444 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2445 *
2446 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2447 */
2448
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2449 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2450 {
2451 *ops = n_tty_ops;
2452 ops->owner = NULL;
2453 ops->flags = 0;
2454 }
2455 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2456
n_tty_init(void)2457 void __init n_tty_init(void)
2458 {
2459 tty_register_ldisc(&n_tty_ops);
2460 }
2461
