1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/types.h>
32 #include <linux/major.h>
33 #include <linux/errno.h>
34 #include <linux/signal.h>
35 #include <linux/fcntl.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/tty.h>
39 #include <linux/timer.h>
40 #include <linux/ctype.h>
41 #include <linux/mm.h>
42 #include <linux/string.h>
43 #include <linux/slab.h>
44 #include <linux/poll.h>
45 #include <linux/bitops.h>
46 #include <linux/audit.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/ratelimit.h>
51 #include <linux/vmalloc.h>
52 #include "tty.h"
53
54 /*
55 * Until this number of characters is queued in the xmit buffer, select will
56 * return "we have room for writes".
57 */
58 #define WAKEUP_CHARS 256
59
60 /*
61 * This defines the low- and high-watermarks for throttling and
62 * unthrottling the TTY driver. These watermarks are used for
63 * controlling the space in the read buffer.
64 */
65 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
66 #define TTY_THRESHOLD_UNTHROTTLE 128
67
68 /*
69 * Special byte codes used in the echo buffer to represent operations
70 * or special handling of characters. Bytes in the echo buffer that
71 * are not part of such special blocks are treated as normal character
72 * codes.
73 */
74 #define ECHO_OP_START 0xff
75 #define ECHO_OP_MOVE_BACK_COL 0x80
76 #define ECHO_OP_SET_CANON_COL 0x81
77 #define ECHO_OP_ERASE_TAB 0x82
78
79 #define ECHO_COMMIT_WATERMARK 256
80 #define ECHO_BLOCK 256
81 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
82
83
84 #undef N_TTY_TRACE
85 #ifdef N_TTY_TRACE
86 # define n_tty_trace(f, args...) trace_printk(f, ##args)
87 #else
88 # define n_tty_trace(f, args...) no_printk(f, ##args)
89 #endif
90
91 struct n_tty_data {
92 /* producer-published */
93 size_t read_head;
94 size_t commit_head;
95 size_t canon_head;
96 size_t echo_head;
97 size_t echo_commit;
98 size_t echo_mark;
99 DECLARE_BITMAP(char_map, 256);
100
101 /* private to n_tty_receive_overrun (single-threaded) */
102 unsigned long overrun_time;
103 int num_overrun;
104
105 /* non-atomic */
106 bool no_room;
107
108 /* must hold exclusive termios_rwsem to reset these */
109 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
110 unsigned char push:1;
111
112 /* shared by producer and consumer */
113 char read_buf[N_TTY_BUF_SIZE];
114 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
115 unsigned char echo_buf[N_TTY_BUF_SIZE];
116
117 /* consumer-published */
118 size_t read_tail;
119 size_t line_start;
120
121 /* protected by output lock */
122 unsigned int column;
123 unsigned int canon_column;
124 size_t echo_tail;
125
126 struct mutex atomic_read_lock;
127 struct mutex output_lock;
128 };
129
130 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
131
read_cnt(struct n_tty_data * ldata)132 static inline size_t read_cnt(struct n_tty_data *ldata)
133 {
134 return ldata->read_head - ldata->read_tail;
135 }
136
read_buf(struct n_tty_data * ldata,size_t i)137 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
138 {
139 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
140 }
141
read_buf_addr(struct n_tty_data * ldata,size_t i)142 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
143 {
144 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
145 }
146
echo_buf(struct n_tty_data * ldata,size_t i)147 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
148 {
149 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
150 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
151 }
152
echo_buf_addr(struct n_tty_data * ldata,size_t i)153 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
154 {
155 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
156 }
157
158 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(struct tty_struct * tty,u8 * buffer,int size)159 static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
160 {
161 bool icanon = !!L_ICANON(tty);
162 bool no_echo = !L_ECHO(tty);
163
164 if (icanon && no_echo)
165 memset(buffer, 0x00, size);
166 }
167
tty_copy(struct tty_struct * tty,void * to,size_t tail,size_t n)168 static void tty_copy(struct tty_struct *tty, void *to, size_t tail, size_t n)
169 {
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173
174 if (n > size) {
175 tty_audit_add_data(tty, from, size);
176 memcpy(to, from, size);
177 zero_buffer(tty, from, size);
178 to += size;
179 n -= size;
180 from = ldata->read_buf;
181 }
182
183 tty_audit_add_data(tty, from, n);
184 memcpy(to, from, n);
185 zero_buffer(tty, from, n);
186 }
187
188 /**
189 * n_tty_kick_worker - start input worker (if required)
190 * @tty: terminal
191 *
192 * Re-schedules the flip buffer work if it may have stopped
193 *
194 * Caller holds exclusive termios_rwsem
195 * or
196 * n_tty_read()/consumer path:
197 * holds non-exclusive termios_rwsem
198 */
199
n_tty_kick_worker(struct tty_struct * tty)200 static void n_tty_kick_worker(struct tty_struct *tty)
201 {
202 struct n_tty_data *ldata = tty->disc_data;
203
204 /* Did the input worker stop? Restart it */
205 if (unlikely(ldata->no_room)) {
206 ldata->no_room = 0;
207
208 WARN_RATELIMIT(tty->port->itty == NULL,
209 "scheduling with invalid itty\n");
210 /* see if ldisc has been killed - if so, this means that
211 * even though the ldisc has been halted and ->buf.work
212 * cancelled, ->buf.work is about to be rescheduled
213 */
214 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
215 "scheduling buffer work for halted ldisc\n");
216 tty_buffer_restart_work(tty->port);
217 }
218 }
219
chars_in_buffer(struct tty_struct * tty)220 static ssize_t chars_in_buffer(struct tty_struct *tty)
221 {
222 struct n_tty_data *ldata = tty->disc_data;
223 ssize_t n = 0;
224
225 if (!ldata->icanon)
226 n = ldata->commit_head - ldata->read_tail;
227 else
228 n = ldata->canon_head - ldata->read_tail;
229 return n;
230 }
231
232 /**
233 * n_tty_write_wakeup - asynchronous I/O notifier
234 * @tty: tty device
235 *
236 * Required for the ptys, serial driver etc. since processes
237 * that attach themselves to the master and rely on ASYNC
238 * IO must be woken up
239 */
240
n_tty_write_wakeup(struct tty_struct * tty)241 static void n_tty_write_wakeup(struct tty_struct *tty)
242 {
243 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
244 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
245 }
246
n_tty_check_throttle(struct tty_struct * tty)247 static void n_tty_check_throttle(struct tty_struct *tty)
248 {
249 struct n_tty_data *ldata = tty->disc_data;
250
251 /*
252 * Check the remaining room for the input canonicalization
253 * mode. We don't want to throttle the driver if we're in
254 * canonical mode and don't have a newline yet!
255 */
256 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
257 return;
258
259 while (1) {
260 int throttled;
261 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
262 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
263 break;
264 throttled = tty_throttle_safe(tty);
265 if (!throttled)
266 break;
267 }
268 __tty_set_flow_change(tty, 0);
269 }
270
n_tty_check_unthrottle(struct tty_struct * tty)271 static void n_tty_check_unthrottle(struct tty_struct *tty)
272 {
273 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
274 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
275 return;
276 n_tty_kick_worker(tty);
277 tty_wakeup(tty->link);
278 return;
279 }
280
281 /* If there is enough space in the read buffer now, let the
282 * low-level driver know. We use chars_in_buffer() to
283 * check the buffer, as it now knows about canonical mode.
284 * Otherwise, if the driver is throttled and the line is
285 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
286 * we won't get any more characters.
287 */
288
289 while (1) {
290 int unthrottled;
291 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
292 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
293 break;
294 n_tty_kick_worker(tty);
295 unthrottled = tty_unthrottle_safe(tty);
296 if (!unthrottled)
297 break;
298 }
299 __tty_set_flow_change(tty, 0);
300 }
301
302 /**
303 * put_tty_queue - add character to tty
304 * @c: character
305 * @ldata: n_tty data
306 *
307 * Add a character to the tty read_buf queue.
308 *
309 * n_tty_receive_buf()/producer path:
310 * caller holds non-exclusive termios_rwsem
311 */
312
put_tty_queue(unsigned char c,struct n_tty_data * ldata)313 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
314 {
315 *read_buf_addr(ldata, ldata->read_head) = c;
316 ldata->read_head++;
317 }
318
319 /**
320 * reset_buffer_flags - reset buffer state
321 * @ldata: line disc data to reset
322 *
323 * Reset the read buffer counters and clear the flags.
324 * Called from n_tty_open() and n_tty_flush_buffer().
325 *
326 * Locking: caller holds exclusive termios_rwsem
327 * (or locking is not required)
328 */
329
reset_buffer_flags(struct n_tty_data * ldata)330 static void reset_buffer_flags(struct n_tty_data *ldata)
331 {
332 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
333 ldata->commit_head = 0;
334 ldata->line_start = 0;
335
336 ldata->erasing = 0;
337 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
338 ldata->push = 0;
339 }
340
n_tty_packet_mode_flush(struct tty_struct * tty)341 static void n_tty_packet_mode_flush(struct tty_struct *tty)
342 {
343 unsigned long flags;
344
345 if (tty->link->packet) {
346 spin_lock_irqsave(&tty->ctrl_lock, flags);
347 tty->ctrl_status |= TIOCPKT_FLUSHREAD;
348 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
349 wake_up_interruptible(&tty->link->read_wait);
350 }
351 }
352
353 /**
354 * n_tty_flush_buffer - clean input queue
355 * @tty: terminal device
356 *
357 * Flush the input buffer. Called when the tty layer wants the
358 * buffer flushed (eg at hangup) or when the N_TTY line discipline
359 * internally has to clean the pending queue (for example some signals).
360 *
361 * Holds termios_rwsem to exclude producer/consumer while
362 * buffer indices are reset.
363 *
364 * Locking: ctrl_lock, exclusive termios_rwsem
365 */
366
n_tty_flush_buffer(struct tty_struct * tty)367 static void n_tty_flush_buffer(struct tty_struct *tty)
368 {
369 down_write(&tty->termios_rwsem);
370 reset_buffer_flags(tty->disc_data);
371 n_tty_kick_worker(tty);
372
373 if (tty->link)
374 n_tty_packet_mode_flush(tty);
375 up_write(&tty->termios_rwsem);
376 }
377
378 /**
379 * is_utf8_continuation - utf8 multibyte check
380 * @c: byte to check
381 *
382 * Returns true if the utf8 character 'c' is a multibyte continuation
383 * character. We use this to correctly compute the on screen size
384 * of the character when printing
385 */
386
is_utf8_continuation(unsigned char c)387 static inline int is_utf8_continuation(unsigned char c)
388 {
389 return (c & 0xc0) == 0x80;
390 }
391
392 /**
393 * is_continuation - multibyte check
394 * @c: byte to check
395 *
396 * Returns true if the utf8 character 'c' is a multibyte continuation
397 * character and the terminal is in unicode mode.
398 */
399
is_continuation(unsigned char c,struct tty_struct * tty)400 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
401 {
402 return I_IUTF8(tty) && is_utf8_continuation(c);
403 }
404
405 /**
406 * do_output_char - output one character
407 * @c: character (or partial unicode symbol)
408 * @tty: terminal device
409 * @space: space available in tty driver write buffer
410 *
411 * This is a helper function that handles one output character
412 * (including special characters like TAB, CR, LF, etc.),
413 * doing OPOST processing and putting the results in the
414 * tty driver's write buffer.
415 *
416 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
417 * and NLDLY. They simply aren't relevant in the world today.
418 * If you ever need them, add them here.
419 *
420 * Returns the number of bytes of buffer space used or -1 if
421 * no space left.
422 *
423 * Locking: should be called under the output_lock to protect
424 * the column state and space left in the buffer
425 */
426
do_output_char(unsigned char c,struct tty_struct * tty,int space)427 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
428 {
429 struct n_tty_data *ldata = tty->disc_data;
430 int spaces;
431
432 if (!space)
433 return -1;
434
435 switch (c) {
436 case '\n':
437 if (O_ONLRET(tty))
438 ldata->column = 0;
439 if (O_ONLCR(tty)) {
440 if (space < 2)
441 return -1;
442 ldata->canon_column = ldata->column = 0;
443 tty->ops->write(tty, "\r\n", 2);
444 return 2;
445 }
446 ldata->canon_column = ldata->column;
447 break;
448 case '\r':
449 if (O_ONOCR(tty) && ldata->column == 0)
450 return 0;
451 if (O_OCRNL(tty)) {
452 c = '\n';
453 if (O_ONLRET(tty))
454 ldata->canon_column = ldata->column = 0;
455 break;
456 }
457 ldata->canon_column = ldata->column = 0;
458 break;
459 case '\t':
460 spaces = 8 - (ldata->column & 7);
461 if (O_TABDLY(tty) == XTABS) {
462 if (space < spaces)
463 return -1;
464 ldata->column += spaces;
465 tty->ops->write(tty, " ", spaces);
466 return spaces;
467 }
468 ldata->column += spaces;
469 break;
470 case '\b':
471 if (ldata->column > 0)
472 ldata->column--;
473 break;
474 default:
475 if (!iscntrl(c)) {
476 if (O_OLCUC(tty))
477 c = toupper(c);
478 if (!is_continuation(c, tty))
479 ldata->column++;
480 }
481 break;
482 }
483
484 tty_put_char(tty, c);
485 return 1;
486 }
487
488 /**
489 * process_output - output post processor
490 * @c: character (or partial unicode symbol)
491 * @tty: terminal device
492 *
493 * Output one character with OPOST processing.
494 * Returns -1 when the output device is full and the character
495 * must be retried.
496 *
497 * Locking: output_lock to protect column state and space left
498 * (also, this is called from n_tty_write under the
499 * tty layer write lock)
500 */
501
process_output(unsigned char c,struct tty_struct * tty)502 static int process_output(unsigned char c, struct tty_struct *tty)
503 {
504 struct n_tty_data *ldata = tty->disc_data;
505 int space, retval;
506
507 mutex_lock(&ldata->output_lock);
508
509 space = tty_write_room(tty);
510 retval = do_output_char(c, tty, space);
511
512 mutex_unlock(&ldata->output_lock);
513 if (retval < 0)
514 return -1;
515 else
516 return 0;
517 }
518
519 /**
520 * process_output_block - block post processor
521 * @tty: terminal device
522 * @buf: character buffer
523 * @nr: number of bytes to output
524 *
525 * Output a block of characters with OPOST processing.
526 * Returns the number of characters output.
527 *
528 * This path is used to speed up block console writes, among other
529 * things when processing blocks of output data. It handles only
530 * the simple cases normally found and helps to generate blocks of
531 * symbols for the console driver and thus improve performance.
532 *
533 * Locking: output_lock to protect column state and space left
534 * (also, this is called from n_tty_write under the
535 * tty layer write lock)
536 */
537
process_output_block(struct tty_struct * tty,const unsigned char * buf,unsigned int nr)538 static ssize_t process_output_block(struct tty_struct *tty,
539 const unsigned char *buf, unsigned int nr)
540 {
541 struct n_tty_data *ldata = tty->disc_data;
542 int space;
543 int i;
544 const unsigned char *cp;
545
546 mutex_lock(&ldata->output_lock);
547
548 space = tty_write_room(tty);
549 if (space <= 0) {
550 mutex_unlock(&ldata->output_lock);
551 return space;
552 }
553 if (nr > space)
554 nr = space;
555
556 for (i = 0, cp = buf; i < nr; i++, cp++) {
557 unsigned char c = *cp;
558
559 switch (c) {
560 case '\n':
561 if (O_ONLRET(tty))
562 ldata->column = 0;
563 if (O_ONLCR(tty))
564 goto break_out;
565 ldata->canon_column = ldata->column;
566 break;
567 case '\r':
568 if (O_ONOCR(tty) && ldata->column == 0)
569 goto break_out;
570 if (O_OCRNL(tty))
571 goto break_out;
572 ldata->canon_column = ldata->column = 0;
573 break;
574 case '\t':
575 goto break_out;
576 case '\b':
577 if (ldata->column > 0)
578 ldata->column--;
579 break;
580 default:
581 if (!iscntrl(c)) {
582 if (O_OLCUC(tty))
583 goto break_out;
584 if (!is_continuation(c, tty))
585 ldata->column++;
586 }
587 break;
588 }
589 }
590 break_out:
591 i = tty->ops->write(tty, buf, i);
592
593 mutex_unlock(&ldata->output_lock);
594 return i;
595 }
596
597 /**
598 * process_echoes - write pending echo characters
599 * @tty: terminal device
600 *
601 * Write previously buffered echo (and other ldisc-generated)
602 * characters to the tty.
603 *
604 * Characters generated by the ldisc (including echoes) need to
605 * be buffered because the driver's write buffer can fill during
606 * heavy program output. Echoing straight to the driver will
607 * often fail under these conditions, causing lost characters and
608 * resulting mismatches of ldisc state information.
609 *
610 * Since the ldisc state must represent the characters actually sent
611 * to the driver at the time of the write, operations like certain
612 * changes in column state are also saved in the buffer and executed
613 * here.
614 *
615 * A circular fifo buffer is used so that the most recent characters
616 * are prioritized. Also, when control characters are echoed with a
617 * prefixed "^", the pair is treated atomically and thus not separated.
618 *
619 * Locking: callers must hold output_lock
620 */
621
__process_echoes(struct tty_struct * tty)622 static size_t __process_echoes(struct tty_struct *tty)
623 {
624 struct n_tty_data *ldata = tty->disc_data;
625 int space, old_space;
626 size_t tail;
627 unsigned char c;
628
629 old_space = space = tty_write_room(tty);
630
631 tail = ldata->echo_tail;
632 while (MASK(ldata->echo_commit) != MASK(tail)) {
633 c = echo_buf(ldata, tail);
634 if (c == ECHO_OP_START) {
635 unsigned char op;
636 int no_space_left = 0;
637
638 /*
639 * Since add_echo_byte() is called without holding
640 * output_lock, we might see only portion of multi-byte
641 * operation.
642 */
643 if (MASK(ldata->echo_commit) == MASK(tail + 1))
644 goto not_yet_stored;
645 /*
646 * If the buffer byte is the start of a multi-byte
647 * operation, get the next byte, which is either the
648 * op code or a control character value.
649 */
650 op = echo_buf(ldata, tail + 1);
651
652 switch (op) {
653 case ECHO_OP_ERASE_TAB: {
654 unsigned int num_chars, num_bs;
655
656 if (MASK(ldata->echo_commit) == MASK(tail + 2))
657 goto not_yet_stored;
658 num_chars = echo_buf(ldata, tail + 2);
659
660 /*
661 * Determine how many columns to go back
662 * in order to erase the tab.
663 * This depends on the number of columns
664 * used by other characters within the tab
665 * area. If this (modulo 8) count is from
666 * the start of input rather than from a
667 * previous tab, we offset by canon column.
668 * Otherwise, tab spacing is normal.
669 */
670 if (!(num_chars & 0x80))
671 num_chars += ldata->canon_column;
672 num_bs = 8 - (num_chars & 7);
673
674 if (num_bs > space) {
675 no_space_left = 1;
676 break;
677 }
678 space -= num_bs;
679 while (num_bs--) {
680 tty_put_char(tty, '\b');
681 if (ldata->column > 0)
682 ldata->column--;
683 }
684 tail += 3;
685 break;
686 }
687 case ECHO_OP_SET_CANON_COL:
688 ldata->canon_column = ldata->column;
689 tail += 2;
690 break;
691
692 case ECHO_OP_MOVE_BACK_COL:
693 if (ldata->column > 0)
694 ldata->column--;
695 tail += 2;
696 break;
697
698 case ECHO_OP_START:
699 /* This is an escaped echo op start code */
700 if (!space) {
701 no_space_left = 1;
702 break;
703 }
704 tty_put_char(tty, ECHO_OP_START);
705 ldata->column++;
706 space--;
707 tail += 2;
708 break;
709
710 default:
711 /*
712 * If the op is not a special byte code,
713 * it is a ctrl char tagged to be echoed
714 * as "^X" (where X is the letter
715 * representing the control char).
716 * Note that we must ensure there is
717 * enough space for the whole ctrl pair.
718 *
719 */
720 if (space < 2) {
721 no_space_left = 1;
722 break;
723 }
724 tty_put_char(tty, '^');
725 tty_put_char(tty, op ^ 0100);
726 ldata->column += 2;
727 space -= 2;
728 tail += 2;
729 }
730
731 if (no_space_left)
732 break;
733 } else {
734 if (O_OPOST(tty)) {
735 int retval = do_output_char(c, tty, space);
736 if (retval < 0)
737 break;
738 space -= retval;
739 } else {
740 if (!space)
741 break;
742 tty_put_char(tty, c);
743 space -= 1;
744 }
745 tail += 1;
746 }
747 }
748
749 /* If the echo buffer is nearly full (so that the possibility exists
750 * of echo overrun before the next commit), then discard enough
751 * data at the tail to prevent a subsequent overrun */
752 while (ldata->echo_commit > tail &&
753 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
754 if (echo_buf(ldata, tail) == ECHO_OP_START) {
755 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
756 tail += 3;
757 else
758 tail += 2;
759 } else
760 tail++;
761 }
762
763 not_yet_stored:
764 ldata->echo_tail = tail;
765 return old_space - space;
766 }
767
commit_echoes(struct tty_struct * tty)768 static void commit_echoes(struct tty_struct *tty)
769 {
770 struct n_tty_data *ldata = tty->disc_data;
771 size_t nr, old, echoed;
772 size_t head;
773
774 mutex_lock(&ldata->output_lock);
775 head = ldata->echo_head;
776 ldata->echo_mark = head;
777 old = ldata->echo_commit - ldata->echo_tail;
778
779 /* Process committed echoes if the accumulated # of bytes
780 * is over the threshold (and try again each time another
781 * block is accumulated) */
782 nr = head - ldata->echo_tail;
783 if (nr < ECHO_COMMIT_WATERMARK ||
784 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
785 mutex_unlock(&ldata->output_lock);
786 return;
787 }
788
789 ldata->echo_commit = head;
790 echoed = __process_echoes(tty);
791 mutex_unlock(&ldata->output_lock);
792
793 if (echoed && tty->ops->flush_chars)
794 tty->ops->flush_chars(tty);
795 }
796
process_echoes(struct tty_struct * tty)797 static void process_echoes(struct tty_struct *tty)
798 {
799 struct n_tty_data *ldata = tty->disc_data;
800 size_t echoed;
801
802 if (ldata->echo_mark == ldata->echo_tail)
803 return;
804
805 mutex_lock(&ldata->output_lock);
806 ldata->echo_commit = ldata->echo_mark;
807 echoed = __process_echoes(tty);
808 mutex_unlock(&ldata->output_lock);
809
810 if (echoed && tty->ops->flush_chars)
811 tty->ops->flush_chars(tty);
812 }
813
814 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)815 static void flush_echoes(struct tty_struct *tty)
816 {
817 struct n_tty_data *ldata = tty->disc_data;
818
819 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
820 ldata->echo_commit == ldata->echo_head)
821 return;
822
823 mutex_lock(&ldata->output_lock);
824 ldata->echo_commit = ldata->echo_head;
825 __process_echoes(tty);
826 mutex_unlock(&ldata->output_lock);
827 }
828
829 /**
830 * add_echo_byte - add a byte to the echo buffer
831 * @c: unicode byte to echo
832 * @ldata: n_tty data
833 *
834 * Add a character or operation byte to the echo buffer.
835 */
836
add_echo_byte(unsigned char c,struct n_tty_data * ldata)837 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
838 {
839 *echo_buf_addr(ldata, ldata->echo_head) = c;
840 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
841 ldata->echo_head++;
842 }
843
844 /**
845 * echo_move_back_col - add operation to move back a column
846 * @ldata: n_tty data
847 *
848 * Add an operation to the echo buffer to move back one column.
849 */
850
echo_move_back_col(struct n_tty_data * ldata)851 static void echo_move_back_col(struct n_tty_data *ldata)
852 {
853 add_echo_byte(ECHO_OP_START, ldata);
854 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
855 }
856
857 /**
858 * echo_set_canon_col - add operation to set the canon column
859 * @ldata: n_tty data
860 *
861 * Add an operation to the echo buffer to set the canon column
862 * to the current column.
863 */
864
echo_set_canon_col(struct n_tty_data * ldata)865 static void echo_set_canon_col(struct n_tty_data *ldata)
866 {
867 add_echo_byte(ECHO_OP_START, ldata);
868 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
869 }
870
871 /**
872 * echo_erase_tab - add operation to erase a tab
873 * @num_chars: number of character columns already used
874 * @after_tab: true if num_chars starts after a previous tab
875 * @ldata: n_tty data
876 *
877 * Add an operation to the echo buffer to erase a tab.
878 *
879 * Called by the eraser function, which knows how many character
880 * columns have been used since either a previous tab or the start
881 * of input. This information will be used later, along with
882 * canon column (if applicable), to go back the correct number
883 * of columns.
884 */
885
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)886 static void echo_erase_tab(unsigned int num_chars, int after_tab,
887 struct n_tty_data *ldata)
888 {
889 add_echo_byte(ECHO_OP_START, ldata);
890 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
891
892 /* We only need to know this modulo 8 (tab spacing) */
893 num_chars &= 7;
894
895 /* Set the high bit as a flag if num_chars is after a previous tab */
896 if (after_tab)
897 num_chars |= 0x80;
898
899 add_echo_byte(num_chars, ldata);
900 }
901
902 /**
903 * echo_char_raw - echo a character raw
904 * @c: unicode byte to echo
905 * @ldata: line disc data
906 *
907 * Echo user input back onto the screen. This must be called only when
908 * L_ECHO(tty) is true. Called from the driver receive_buf path.
909 *
910 * This variant does not treat control characters specially.
911 */
912
echo_char_raw(unsigned char c,struct n_tty_data * ldata)913 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
914 {
915 if (c == ECHO_OP_START) {
916 add_echo_byte(ECHO_OP_START, ldata);
917 add_echo_byte(ECHO_OP_START, ldata);
918 } else {
919 add_echo_byte(c, ldata);
920 }
921 }
922
923 /**
924 * echo_char - echo a character
925 * @c: unicode byte to echo
926 * @tty: terminal device
927 *
928 * Echo user input back onto the screen. This must be called only when
929 * L_ECHO(tty) is true. Called from the driver receive_buf path.
930 *
931 * This variant tags control characters to be echoed as "^X"
932 * (where X is the letter representing the control char).
933 */
934
echo_char(unsigned char c,struct tty_struct * tty)935 static void echo_char(unsigned char c, struct tty_struct *tty)
936 {
937 struct n_tty_data *ldata = tty->disc_data;
938
939 if (c == ECHO_OP_START) {
940 add_echo_byte(ECHO_OP_START, ldata);
941 add_echo_byte(ECHO_OP_START, ldata);
942 } else {
943 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
944 add_echo_byte(ECHO_OP_START, ldata);
945 add_echo_byte(c, ldata);
946 }
947 }
948
949 /**
950 * finish_erasing - complete erase
951 * @ldata: n_tty data
952 */
953
finish_erasing(struct n_tty_data * ldata)954 static inline void finish_erasing(struct n_tty_data *ldata)
955 {
956 if (ldata->erasing) {
957 echo_char_raw('/', ldata);
958 ldata->erasing = 0;
959 }
960 }
961
962 /**
963 * eraser - handle erase function
964 * @c: character input
965 * @tty: terminal device
966 *
967 * Perform erase and necessary output when an erase character is
968 * present in the stream from the driver layer. Handles the complexities
969 * of UTF-8 multibyte symbols.
970 *
971 * n_tty_receive_buf()/producer path:
972 * caller holds non-exclusive termios_rwsem
973 */
974
eraser(unsigned char c,struct tty_struct * tty)975 static void eraser(unsigned char c, struct tty_struct *tty)
976 {
977 struct n_tty_data *ldata = tty->disc_data;
978 enum { ERASE, WERASE, KILL } kill_type;
979 size_t head;
980 size_t cnt;
981 int seen_alnums;
982
983 if (ldata->read_head == ldata->canon_head) {
984 /* process_output('\a', tty); */ /* what do you think? */
985 return;
986 }
987 if (c == ERASE_CHAR(tty))
988 kill_type = ERASE;
989 else if (c == WERASE_CHAR(tty))
990 kill_type = WERASE;
991 else {
992 if (!L_ECHO(tty)) {
993 ldata->read_head = ldata->canon_head;
994 return;
995 }
996 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
997 ldata->read_head = ldata->canon_head;
998 finish_erasing(ldata);
999 echo_char(KILL_CHAR(tty), tty);
1000 /* Add a newline if ECHOK is on and ECHOKE is off. */
1001 if (L_ECHOK(tty))
1002 echo_char_raw('\n', ldata);
1003 return;
1004 }
1005 kill_type = KILL;
1006 }
1007
1008 seen_alnums = 0;
1009 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
1010 head = ldata->read_head;
1011
1012 /* erase a single possibly multibyte character */
1013 do {
1014 head--;
1015 c = read_buf(ldata, head);
1016 } while (is_continuation(c, tty) &&
1017 MASK(head) != MASK(ldata->canon_head));
1018
1019 /* do not partially erase */
1020 if (is_continuation(c, tty))
1021 break;
1022
1023 if (kill_type == WERASE) {
1024 /* Equivalent to BSD's ALTWERASE. */
1025 if (isalnum(c) || c == '_')
1026 seen_alnums++;
1027 else if (seen_alnums)
1028 break;
1029 }
1030 cnt = ldata->read_head - head;
1031 ldata->read_head = head;
1032 if (L_ECHO(tty)) {
1033 if (L_ECHOPRT(tty)) {
1034 if (!ldata->erasing) {
1035 echo_char_raw('\\', ldata);
1036 ldata->erasing = 1;
1037 }
1038 /* if cnt > 1, output a multi-byte character */
1039 echo_char(c, tty);
1040 while (--cnt > 0) {
1041 head++;
1042 echo_char_raw(read_buf(ldata, head), ldata);
1043 echo_move_back_col(ldata);
1044 }
1045 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1046 echo_char(ERASE_CHAR(tty), tty);
1047 } else if (c == '\t') {
1048 unsigned int num_chars = 0;
1049 int after_tab = 0;
1050 size_t tail = ldata->read_head;
1051
1052 /*
1053 * Count the columns used for characters
1054 * since the start of input or after a
1055 * previous tab.
1056 * This info is used to go back the correct
1057 * number of columns.
1058 */
1059 while (MASK(tail) != MASK(ldata->canon_head)) {
1060 tail--;
1061 c = read_buf(ldata, tail);
1062 if (c == '\t') {
1063 after_tab = 1;
1064 break;
1065 } else if (iscntrl(c)) {
1066 if (L_ECHOCTL(tty))
1067 num_chars += 2;
1068 } else if (!is_continuation(c, tty)) {
1069 num_chars++;
1070 }
1071 }
1072 echo_erase_tab(num_chars, after_tab, ldata);
1073 } else {
1074 if (iscntrl(c) && L_ECHOCTL(tty)) {
1075 echo_char_raw('\b', ldata);
1076 echo_char_raw(' ', ldata);
1077 echo_char_raw('\b', ldata);
1078 }
1079 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1080 echo_char_raw('\b', ldata);
1081 echo_char_raw(' ', ldata);
1082 echo_char_raw('\b', ldata);
1083 }
1084 }
1085 }
1086 if (kill_type == ERASE)
1087 break;
1088 }
1089 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1090 finish_erasing(ldata);
1091 }
1092
1093 /**
1094 * isig - handle the ISIG optio
1095 * @sig: signal
1096 * @tty: terminal
1097 *
1098 * Called when a signal is being sent due to terminal input.
1099 * Called from the driver receive_buf path so serialized.
1100 *
1101 * Performs input and output flush if !NOFLSH. In this context, the echo
1102 * buffer is 'output'. The signal is processed first to alert any current
1103 * readers or writers to discontinue and exit their i/o loops.
1104 *
1105 * Locking: ctrl_lock
1106 */
1107
__isig(int sig,struct tty_struct * tty)1108 static void __isig(int sig, struct tty_struct *tty)
1109 {
1110 struct pid *tty_pgrp = tty_get_pgrp(tty);
1111 if (tty_pgrp) {
1112 kill_pgrp(tty_pgrp, sig, 1);
1113 put_pid(tty_pgrp);
1114 }
1115 }
1116
isig(int sig,struct tty_struct * tty)1117 static void isig(int sig, struct tty_struct *tty)
1118 {
1119 struct n_tty_data *ldata = tty->disc_data;
1120
1121 if (L_NOFLSH(tty)) {
1122 /* signal only */
1123 __isig(sig, tty);
1124
1125 } else { /* signal and flush */
1126 up_read(&tty->termios_rwsem);
1127 down_write(&tty->termios_rwsem);
1128
1129 __isig(sig, tty);
1130
1131 /* clear echo buffer */
1132 mutex_lock(&ldata->output_lock);
1133 ldata->echo_head = ldata->echo_tail = 0;
1134 ldata->echo_mark = ldata->echo_commit = 0;
1135 mutex_unlock(&ldata->output_lock);
1136
1137 /* clear output buffer */
1138 tty_driver_flush_buffer(tty);
1139
1140 /* clear input buffer */
1141 reset_buffer_flags(tty->disc_data);
1142
1143 /* notify pty master of flush */
1144 if (tty->link)
1145 n_tty_packet_mode_flush(tty);
1146
1147 up_write(&tty->termios_rwsem);
1148 down_read(&tty->termios_rwsem);
1149 }
1150 }
1151
1152 /**
1153 * n_tty_receive_break - handle break
1154 * @tty: terminal
1155 *
1156 * An RS232 break event has been hit in the incoming bitstream. This
1157 * can cause a variety of events depending upon the termios settings.
1158 *
1159 * n_tty_receive_buf()/producer path:
1160 * caller holds non-exclusive termios_rwsem
1161 *
1162 * Note: may get exclusive termios_rwsem if flushing input buffer
1163 */
1164
n_tty_receive_break(struct tty_struct * tty)1165 static void n_tty_receive_break(struct tty_struct *tty)
1166 {
1167 struct n_tty_data *ldata = tty->disc_data;
1168
1169 if (I_IGNBRK(tty))
1170 return;
1171 if (I_BRKINT(tty)) {
1172 isig(SIGINT, tty);
1173 return;
1174 }
1175 if (I_PARMRK(tty)) {
1176 put_tty_queue('\377', ldata);
1177 put_tty_queue('\0', ldata);
1178 }
1179 put_tty_queue('\0', ldata);
1180 }
1181
1182 /**
1183 * n_tty_receive_overrun - handle overrun reporting
1184 * @tty: terminal
1185 *
1186 * Data arrived faster than we could process it. While the tty
1187 * driver has flagged this the bits that were missed are gone
1188 * forever.
1189 *
1190 * Called from the receive_buf path so single threaded. Does not
1191 * need locking as num_overrun and overrun_time are function
1192 * private.
1193 */
1194
n_tty_receive_overrun(struct tty_struct * tty)1195 static void n_tty_receive_overrun(struct tty_struct *tty)
1196 {
1197 struct n_tty_data *ldata = tty->disc_data;
1198
1199 ldata->num_overrun++;
1200 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1201 time_after(ldata->overrun_time, jiffies)) {
1202 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1203 ldata->overrun_time = jiffies;
1204 ldata->num_overrun = 0;
1205 }
1206 }
1207
1208 /**
1209 * n_tty_receive_parity_error - error notifier
1210 * @tty: terminal device
1211 * @c: character
1212 *
1213 * Process a parity error and queue the right data to indicate
1214 * the error case if necessary.
1215 *
1216 * n_tty_receive_buf()/producer path:
1217 * caller holds non-exclusive termios_rwsem
1218 */
n_tty_receive_parity_error(struct tty_struct * tty,unsigned char c)1219 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1220 {
1221 struct n_tty_data *ldata = tty->disc_data;
1222
1223 if (I_INPCK(tty)) {
1224 if (I_IGNPAR(tty))
1225 return;
1226 if (I_PARMRK(tty)) {
1227 put_tty_queue('\377', ldata);
1228 put_tty_queue('\0', ldata);
1229 put_tty_queue(c, ldata);
1230 } else
1231 put_tty_queue('\0', ldata);
1232 } else
1233 put_tty_queue(c, ldata);
1234 }
1235
1236 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,unsigned char c)1237 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1238 {
1239 isig(signal, tty);
1240 if (I_IXON(tty))
1241 start_tty(tty);
1242 if (L_ECHO(tty)) {
1243 echo_char(c, tty);
1244 commit_echoes(tty);
1245 } else
1246 process_echoes(tty);
1247 return;
1248 }
1249
1250 /**
1251 * n_tty_receive_char - perform processing
1252 * @tty: terminal device
1253 * @c: character
1254 *
1255 * Process an individual character of input received from the driver.
1256 * This is serialized with respect to itself by the rules for the
1257 * driver above.
1258 *
1259 * n_tty_receive_buf()/producer path:
1260 * caller holds non-exclusive termios_rwsem
1261 * publishes canon_head if canonical mode is active
1262 *
1263 * Returns 1 if LNEXT was received, else returns 0
1264 */
1265
1266 static int
n_tty_receive_char_special(struct tty_struct * tty,unsigned char c)1267 n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1268 {
1269 struct n_tty_data *ldata = tty->disc_data;
1270
1271 if (I_IXON(tty)) {
1272 if (c == START_CHAR(tty)) {
1273 start_tty(tty);
1274 process_echoes(tty);
1275 return 0;
1276 }
1277 if (c == STOP_CHAR(tty)) {
1278 stop_tty(tty);
1279 return 0;
1280 }
1281 }
1282
1283 if (L_ISIG(tty)) {
1284 if (c == INTR_CHAR(tty)) {
1285 n_tty_receive_signal_char(tty, SIGINT, c);
1286 return 0;
1287 } else if (c == QUIT_CHAR(tty)) {
1288 n_tty_receive_signal_char(tty, SIGQUIT, c);
1289 return 0;
1290 } else if (c == SUSP_CHAR(tty)) {
1291 n_tty_receive_signal_char(tty, SIGTSTP, c);
1292 return 0;
1293 }
1294 }
1295
1296 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1297 start_tty(tty);
1298 process_echoes(tty);
1299 }
1300
1301 if (c == '\r') {
1302 if (I_IGNCR(tty))
1303 return 0;
1304 if (I_ICRNL(tty))
1305 c = '\n';
1306 } else if (c == '\n' && I_INLCR(tty))
1307 c = '\r';
1308
1309 if (ldata->icanon) {
1310 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1311 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1312 eraser(c, tty);
1313 commit_echoes(tty);
1314 return 0;
1315 }
1316 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1317 ldata->lnext = 1;
1318 if (L_ECHO(tty)) {
1319 finish_erasing(ldata);
1320 if (L_ECHOCTL(tty)) {
1321 echo_char_raw('^', ldata);
1322 echo_char_raw('\b', ldata);
1323 commit_echoes(tty);
1324 }
1325 }
1326 return 1;
1327 }
1328 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1329 size_t tail = ldata->canon_head;
1330
1331 finish_erasing(ldata);
1332 echo_char(c, tty);
1333 echo_char_raw('\n', ldata);
1334 while (MASK(tail) != MASK(ldata->read_head)) {
1335 echo_char(read_buf(ldata, tail), tty);
1336 tail++;
1337 }
1338 commit_echoes(tty);
1339 return 0;
1340 }
1341 if (c == '\n') {
1342 if (L_ECHO(tty) || L_ECHONL(tty)) {
1343 echo_char_raw('\n', ldata);
1344 commit_echoes(tty);
1345 }
1346 goto handle_newline;
1347 }
1348 if (c == EOF_CHAR(tty)) {
1349 c = __DISABLED_CHAR;
1350 goto handle_newline;
1351 }
1352 if ((c == EOL_CHAR(tty)) ||
1353 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1354 /*
1355 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1356 */
1357 if (L_ECHO(tty)) {
1358 /* Record the column of first canon char. */
1359 if (ldata->canon_head == ldata->read_head)
1360 echo_set_canon_col(ldata);
1361 echo_char(c, tty);
1362 commit_echoes(tty);
1363 }
1364 /*
1365 * XXX does PARMRK doubling happen for
1366 * EOL_CHAR and EOL2_CHAR?
1367 */
1368 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1369 put_tty_queue(c, ldata);
1370
1371 handle_newline:
1372 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1373 put_tty_queue(c, ldata);
1374 smp_store_release(&ldata->canon_head, ldata->read_head);
1375 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1376 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1377 return 0;
1378 }
1379 }
1380
1381 if (L_ECHO(tty)) {
1382 finish_erasing(ldata);
1383 if (c == '\n')
1384 echo_char_raw('\n', ldata);
1385 else {
1386 /* Record the column of first canon char. */
1387 if (ldata->canon_head == ldata->read_head)
1388 echo_set_canon_col(ldata);
1389 echo_char(c, tty);
1390 }
1391 commit_echoes(tty);
1392 }
1393
1394 /* PARMRK doubling check */
1395 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1396 put_tty_queue(c, ldata);
1397
1398 put_tty_queue(c, ldata);
1399 return 0;
1400 }
1401
1402 static inline void
n_tty_receive_char_inline(struct tty_struct * tty,unsigned char c)1403 n_tty_receive_char_inline(struct tty_struct *tty, unsigned char c)
1404 {
1405 struct n_tty_data *ldata = tty->disc_data;
1406
1407 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1408 start_tty(tty);
1409 process_echoes(tty);
1410 }
1411 if (L_ECHO(tty)) {
1412 finish_erasing(ldata);
1413 /* Record the column of first canon char. */
1414 if (ldata->canon_head == ldata->read_head)
1415 echo_set_canon_col(ldata);
1416 echo_char(c, tty);
1417 commit_echoes(tty);
1418 }
1419 /* PARMRK doubling check */
1420 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1421 put_tty_queue(c, ldata);
1422 put_tty_queue(c, ldata);
1423 }
1424
n_tty_receive_char(struct tty_struct * tty,unsigned char c)1425 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1426 {
1427 n_tty_receive_char_inline(tty, c);
1428 }
1429
1430 static inline void
n_tty_receive_char_fast(struct tty_struct * tty,unsigned char c)1431 n_tty_receive_char_fast(struct tty_struct *tty, unsigned char c)
1432 {
1433 struct n_tty_data *ldata = tty->disc_data;
1434
1435 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1436 start_tty(tty);
1437 process_echoes(tty);
1438 }
1439 if (L_ECHO(tty)) {
1440 finish_erasing(ldata);
1441 /* Record the column of first canon char. */
1442 if (ldata->canon_head == ldata->read_head)
1443 echo_set_canon_col(ldata);
1444 echo_char(c, tty);
1445 commit_echoes(tty);
1446 }
1447 put_tty_queue(c, ldata);
1448 }
1449
n_tty_receive_char_closing(struct tty_struct * tty,unsigned char c)1450 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1451 {
1452 if (I_ISTRIP(tty))
1453 c &= 0x7f;
1454 if (I_IUCLC(tty) && L_IEXTEN(tty))
1455 c = tolower(c);
1456
1457 if (I_IXON(tty)) {
1458 if (c == STOP_CHAR(tty))
1459 stop_tty(tty);
1460 else if (c == START_CHAR(tty) ||
1461 (tty->stopped && !tty->flow_stopped && I_IXANY(tty) &&
1462 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1463 c != SUSP_CHAR(tty))) {
1464 start_tty(tty);
1465 process_echoes(tty);
1466 }
1467 }
1468 }
1469
1470 static void
n_tty_receive_char_flagged(struct tty_struct * tty,unsigned char c,char flag)1471 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1472 {
1473 switch (flag) {
1474 case TTY_BREAK:
1475 n_tty_receive_break(tty);
1476 break;
1477 case TTY_PARITY:
1478 case TTY_FRAME:
1479 n_tty_receive_parity_error(tty, c);
1480 break;
1481 case TTY_OVERRUN:
1482 n_tty_receive_overrun(tty);
1483 break;
1484 default:
1485 tty_err(tty, "unknown flag %d\n", flag);
1486 break;
1487 }
1488 }
1489
1490 static void
n_tty_receive_char_lnext(struct tty_struct * tty,unsigned char c,char flag)1491 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1492 {
1493 struct n_tty_data *ldata = tty->disc_data;
1494
1495 ldata->lnext = 0;
1496 if (likely(flag == TTY_NORMAL)) {
1497 if (I_ISTRIP(tty))
1498 c &= 0x7f;
1499 if (I_IUCLC(tty) && L_IEXTEN(tty))
1500 c = tolower(c);
1501 n_tty_receive_char(tty, c);
1502 } else
1503 n_tty_receive_char_flagged(tty, c, flag);
1504 }
1505
1506 static void
n_tty_receive_buf_real_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1507 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1508 char *fp, int count)
1509 {
1510 struct n_tty_data *ldata = tty->disc_data;
1511 size_t n, head;
1512
1513 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1514 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1515 memcpy(read_buf_addr(ldata, head), cp, n);
1516 ldata->read_head += n;
1517 cp += n;
1518 count -= n;
1519
1520 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1521 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1522 memcpy(read_buf_addr(ldata, head), cp, n);
1523 ldata->read_head += n;
1524 }
1525
1526 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1527 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1528 char *fp, int count)
1529 {
1530 struct n_tty_data *ldata = tty->disc_data;
1531 char flag = TTY_NORMAL;
1532
1533 while (count--) {
1534 if (fp)
1535 flag = *fp++;
1536 if (likely(flag == TTY_NORMAL))
1537 put_tty_queue(*cp++, ldata);
1538 else
1539 n_tty_receive_char_flagged(tty, *cp++, flag);
1540 }
1541 }
1542
1543 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1544 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1545 char *fp, int count)
1546 {
1547 char flag = TTY_NORMAL;
1548
1549 while (count--) {
1550 if (fp)
1551 flag = *fp++;
1552 if (likely(flag == TTY_NORMAL))
1553 n_tty_receive_char_closing(tty, *cp++);
1554 }
1555 }
1556
1557 static void
n_tty_receive_buf_standard(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1558 n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
1559 char *fp, int count)
1560 {
1561 struct n_tty_data *ldata = tty->disc_data;
1562 char flag = TTY_NORMAL;
1563
1564 while (count--) {
1565 if (fp)
1566 flag = *fp++;
1567 if (likely(flag == TTY_NORMAL)) {
1568 unsigned char c = *cp++;
1569
1570 if (I_ISTRIP(tty))
1571 c &= 0x7f;
1572 if (I_IUCLC(tty) && L_IEXTEN(tty))
1573 c = tolower(c);
1574 if (L_EXTPROC(tty)) {
1575 put_tty_queue(c, ldata);
1576 continue;
1577 }
1578 if (!test_bit(c, ldata->char_map))
1579 n_tty_receive_char_inline(tty, c);
1580 else if (n_tty_receive_char_special(tty, c) && count) {
1581 if (fp)
1582 flag = *fp++;
1583 n_tty_receive_char_lnext(tty, *cp++, flag);
1584 count--;
1585 }
1586 } else
1587 n_tty_receive_char_flagged(tty, *cp++, flag);
1588 }
1589 }
1590
1591 static void
n_tty_receive_buf_fast(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1592 n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
1593 char *fp, int count)
1594 {
1595 struct n_tty_data *ldata = tty->disc_data;
1596 char flag = TTY_NORMAL;
1597
1598 while (count--) {
1599 if (fp)
1600 flag = *fp++;
1601 if (likely(flag == TTY_NORMAL)) {
1602 unsigned char c = *cp++;
1603
1604 if (!test_bit(c, ldata->char_map))
1605 n_tty_receive_char_fast(tty, c);
1606 else if (n_tty_receive_char_special(tty, c) && count) {
1607 if (fp)
1608 flag = *fp++;
1609 n_tty_receive_char_lnext(tty, *cp++, flag);
1610 count--;
1611 }
1612 } else
1613 n_tty_receive_char_flagged(tty, *cp++, flag);
1614 }
1615 }
1616
__receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1617 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1618 char *fp, int count)
1619 {
1620 struct n_tty_data *ldata = tty->disc_data;
1621 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1622
1623 if (ldata->real_raw)
1624 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1625 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1626 n_tty_receive_buf_raw(tty, cp, fp, count);
1627 else if (tty->closing && !L_EXTPROC(tty))
1628 n_tty_receive_buf_closing(tty, cp, fp, count);
1629 else {
1630 if (ldata->lnext) {
1631 char flag = TTY_NORMAL;
1632
1633 if (fp)
1634 flag = *fp++;
1635 n_tty_receive_char_lnext(tty, *cp++, flag);
1636 count--;
1637 }
1638
1639 if (!preops && !I_PARMRK(tty))
1640 n_tty_receive_buf_fast(tty, cp, fp, count);
1641 else
1642 n_tty_receive_buf_standard(tty, cp, fp, count);
1643
1644 flush_echoes(tty);
1645 if (tty->ops->flush_chars)
1646 tty->ops->flush_chars(tty);
1647 }
1648
1649 if (ldata->icanon && !L_EXTPROC(tty))
1650 return;
1651
1652 /* publish read_head to consumer */
1653 smp_store_release(&ldata->commit_head, ldata->read_head);
1654
1655 if (read_cnt(ldata)) {
1656 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1657 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1658 }
1659 }
1660
1661 /**
1662 * n_tty_receive_buf_common - process input
1663 * @tty: device to receive input
1664 * @cp: input chars
1665 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1666 * @count: number of input chars in @cp
1667 *
1668 * Called by the terminal driver when a block of characters has
1669 * been received. This function must be called from soft contexts
1670 * not from interrupt context. The driver is responsible for making
1671 * calls one at a time and in order (or using flush_to_ldisc)
1672 *
1673 * Returns the # of input chars from @cp which were processed.
1674 *
1675 * In canonical mode, the maximum line length is 4096 chars (including
1676 * the line termination char); lines longer than 4096 chars are
1677 * truncated. After 4095 chars, input data is still processed but
1678 * not stored. Overflow processing ensures the tty can always
1679 * receive more input until at least one line can be read.
1680 *
1681 * In non-canonical mode, the read buffer will only accept 4095 chars;
1682 * this provides the necessary space for a newline char if the input
1683 * mode is switched to canonical.
1684 *
1685 * Note it is possible for the read buffer to _contain_ 4096 chars
1686 * in non-canonical mode: the read buffer could already contain the
1687 * maximum canon line of 4096 chars when the mode is switched to
1688 * non-canonical.
1689 *
1690 * n_tty_receive_buf()/producer path:
1691 * claims non-exclusive termios_rwsem
1692 * publishes commit_head or canon_head
1693 */
1694 static int
n_tty_receive_buf_common(struct tty_struct * tty,const unsigned char * cp,char * fp,int count,int flow)1695 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1696 char *fp, int count, int flow)
1697 {
1698 struct n_tty_data *ldata = tty->disc_data;
1699 int room, n, rcvd = 0, overflow;
1700
1701 down_read(&tty->termios_rwsem);
1702
1703 do {
1704 /*
1705 * When PARMRK is set, each input char may take up to 3 chars
1706 * in the read buf; reduce the buffer space avail by 3x
1707 *
1708 * If we are doing input canonicalization, and there are no
1709 * pending newlines, let characters through without limit, so
1710 * that erase characters will be handled. Other excess
1711 * characters will be beeped.
1712 *
1713 * paired with store in *_copy_from_read_buf() -- guarantees
1714 * the consumer has loaded the data in read_buf up to the new
1715 * read_tail (so this producer will not overwrite unread data)
1716 */
1717 size_t tail = smp_load_acquire(&ldata->read_tail);
1718
1719 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1720 if (I_PARMRK(tty))
1721 room = (room + 2) / 3;
1722 room--;
1723 if (room <= 0) {
1724 overflow = ldata->icanon && ldata->canon_head == tail;
1725 if (overflow && room < 0)
1726 ldata->read_head--;
1727 room = overflow;
1728 ldata->no_room = flow && !room;
1729 } else
1730 overflow = 0;
1731
1732 n = min(count, room);
1733 if (!n)
1734 break;
1735
1736 /* ignore parity errors if handling overflow */
1737 if (!overflow || !fp || *fp != TTY_PARITY)
1738 __receive_buf(tty, cp, fp, n);
1739
1740 cp += n;
1741 if (fp)
1742 fp += n;
1743 count -= n;
1744 rcvd += n;
1745 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1746
1747 tty->receive_room = room;
1748
1749 /* Unthrottle if handling overflow on pty */
1750 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1751 if (overflow) {
1752 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1753 tty_unthrottle_safe(tty);
1754 __tty_set_flow_change(tty, 0);
1755 }
1756 } else
1757 n_tty_check_throttle(tty);
1758
1759 up_read(&tty->termios_rwsem);
1760
1761 return rcvd;
1762 }
1763
n_tty_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1764 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1765 char *fp, int count)
1766 {
1767 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1768 }
1769
n_tty_receive_buf2(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1770 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1771 char *fp, int count)
1772 {
1773 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1774 }
1775
1776 /**
1777 * n_tty_set_termios - termios data changed
1778 * @tty: terminal
1779 * @old: previous data
1780 *
1781 * Called by the tty layer when the user changes termios flags so
1782 * that the line discipline can plan ahead. This function cannot sleep
1783 * and is protected from re-entry by the tty layer. The user is
1784 * guaranteed that this function will not be re-entered or in progress
1785 * when the ldisc is closed.
1786 *
1787 * Locking: Caller holds tty->termios_rwsem
1788 */
1789
n_tty_set_termios(struct tty_struct * tty,struct ktermios * old)1790 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1791 {
1792 struct n_tty_data *ldata = tty->disc_data;
1793
1794 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1795 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1796 ldata->line_start = ldata->read_tail;
1797 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1798 ldata->canon_head = ldata->read_tail;
1799 ldata->push = 0;
1800 } else {
1801 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1802 ldata->read_flags);
1803 ldata->canon_head = ldata->read_head;
1804 ldata->push = 1;
1805 }
1806 ldata->commit_head = ldata->read_head;
1807 ldata->erasing = 0;
1808 ldata->lnext = 0;
1809 }
1810
1811 ldata->icanon = (L_ICANON(tty) != 0);
1812
1813 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1814 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1815 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1816 I_PARMRK(tty)) {
1817 bitmap_zero(ldata->char_map, 256);
1818
1819 if (I_IGNCR(tty) || I_ICRNL(tty))
1820 set_bit('\r', ldata->char_map);
1821 if (I_INLCR(tty))
1822 set_bit('\n', ldata->char_map);
1823
1824 if (L_ICANON(tty)) {
1825 set_bit(ERASE_CHAR(tty), ldata->char_map);
1826 set_bit(KILL_CHAR(tty), ldata->char_map);
1827 set_bit(EOF_CHAR(tty), ldata->char_map);
1828 set_bit('\n', ldata->char_map);
1829 set_bit(EOL_CHAR(tty), ldata->char_map);
1830 if (L_IEXTEN(tty)) {
1831 set_bit(WERASE_CHAR(tty), ldata->char_map);
1832 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1833 set_bit(EOL2_CHAR(tty), ldata->char_map);
1834 if (L_ECHO(tty))
1835 set_bit(REPRINT_CHAR(tty),
1836 ldata->char_map);
1837 }
1838 }
1839 if (I_IXON(tty)) {
1840 set_bit(START_CHAR(tty), ldata->char_map);
1841 set_bit(STOP_CHAR(tty), ldata->char_map);
1842 }
1843 if (L_ISIG(tty)) {
1844 set_bit(INTR_CHAR(tty), ldata->char_map);
1845 set_bit(QUIT_CHAR(tty), ldata->char_map);
1846 set_bit(SUSP_CHAR(tty), ldata->char_map);
1847 }
1848 clear_bit(__DISABLED_CHAR, ldata->char_map);
1849 ldata->raw = 0;
1850 ldata->real_raw = 0;
1851 } else {
1852 ldata->raw = 1;
1853 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1854 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1855 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1856 ldata->real_raw = 1;
1857 else
1858 ldata->real_raw = 0;
1859 }
1860 /*
1861 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1862 * been stopped by STOP_CHAR(tty) before it.
1863 */
1864 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow_stopped) {
1865 start_tty(tty);
1866 process_echoes(tty);
1867 }
1868
1869 /* The termios change make the tty ready for I/O */
1870 wake_up_interruptible(&tty->write_wait);
1871 wake_up_interruptible(&tty->read_wait);
1872 }
1873
1874 /**
1875 * n_tty_close - close the ldisc for this tty
1876 * @tty: device
1877 *
1878 * Called from the terminal layer when this line discipline is
1879 * being shut down, either because of a close or becsuse of a
1880 * discipline change. The function will not be called while other
1881 * ldisc methods are in progress.
1882 */
1883
n_tty_close(struct tty_struct * tty)1884 static void n_tty_close(struct tty_struct *tty)
1885 {
1886 struct n_tty_data *ldata = tty->disc_data;
1887
1888 if (tty->link)
1889 n_tty_packet_mode_flush(tty);
1890
1891 vfree(ldata);
1892 tty->disc_data = NULL;
1893 }
1894
1895 /**
1896 * n_tty_open - open an ldisc
1897 * @tty: terminal to open
1898 *
1899 * Called when this line discipline is being attached to the
1900 * terminal device. Can sleep. Called serialized so that no
1901 * other events will occur in parallel. No further open will occur
1902 * until a close.
1903 */
1904
n_tty_open(struct tty_struct * tty)1905 static int n_tty_open(struct tty_struct *tty)
1906 {
1907 struct n_tty_data *ldata;
1908
1909 /* Currently a malloc failure here can panic */
1910 ldata = vzalloc(sizeof(*ldata));
1911 if (!ldata)
1912 return -ENOMEM;
1913
1914 ldata->overrun_time = jiffies;
1915 mutex_init(&ldata->atomic_read_lock);
1916 mutex_init(&ldata->output_lock);
1917
1918 tty->disc_data = ldata;
1919 tty->closing = 0;
1920 /* indicate buffer work may resume */
1921 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1922 n_tty_set_termios(tty, NULL);
1923 tty_unthrottle(tty);
1924 return 0;
1925 }
1926
input_available_p(struct tty_struct * tty,int poll)1927 static inline int input_available_p(struct tty_struct *tty, int poll)
1928 {
1929 struct n_tty_data *ldata = tty->disc_data;
1930 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1931
1932 if (ldata->icanon && !L_EXTPROC(tty))
1933 return ldata->canon_head != ldata->read_tail;
1934 else
1935 return ldata->commit_head - ldata->read_tail >= amt;
1936 }
1937
1938 /**
1939 * copy_from_read_buf - copy read data directly
1940 * @tty: terminal device
1941 * @kbp: data
1942 * @nr: size of data
1943 *
1944 * Helper function to speed up n_tty_read. It is only called when
1945 * ICANON is off; it copies characters straight from the tty queue.
1946 *
1947 * Called under the ldata->atomic_read_lock sem
1948 *
1949 * Returns true if it successfully copied data, but there is still
1950 * more data to be had.
1951 *
1952 * n_tty_read()/consumer path:
1953 * caller holds non-exclusive termios_rwsem
1954 * read_tail published
1955 */
1956
copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)1957 static bool copy_from_read_buf(struct tty_struct *tty,
1958 unsigned char **kbp,
1959 size_t *nr)
1960
1961 {
1962 struct n_tty_data *ldata = tty->disc_data;
1963 size_t n;
1964 bool is_eof;
1965 size_t head = smp_load_acquire(&ldata->commit_head);
1966 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1967
1968 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1969 n = min(*nr, n);
1970 if (n) {
1971 unsigned char *from = read_buf_addr(ldata, tail);
1972 memcpy(*kbp, from, n);
1973 is_eof = n == 1 && *from == EOF_CHAR(tty);
1974 tty_audit_add_data(tty, from, n);
1975 zero_buffer(tty, from, n);
1976 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1977 /* Turn single EOF into zero-length read */
1978 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1979 (head == ldata->read_tail))
1980 return false;
1981 *kbp += n;
1982 *nr -= n;
1983
1984 /* If we have more to copy, let the caller know */
1985 return head != ldata->read_tail;
1986 }
1987 return false;
1988 }
1989
1990 /**
1991 * canon_copy_from_read_buf - copy read data in canonical mode
1992 * @tty: terminal device
1993 * @kbp: data
1994 * @nr: size of data
1995 *
1996 * Helper function for n_tty_read. It is only called when ICANON is on;
1997 * it copies one line of input up to and including the line-delimiting
1998 * character into the result buffer.
1999 *
2000 * NB: When termios is changed from non-canonical to canonical mode and
2001 * the read buffer contains data, n_tty_set_termios() simulates an EOF
2002 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
2003 * This causes data already processed as input to be immediately available
2004 * as input although a newline has not been received.
2005 *
2006 * Called under the atomic_read_lock mutex
2007 *
2008 * n_tty_read()/consumer path:
2009 * caller holds non-exclusive termios_rwsem
2010 * read_tail published
2011 */
2012
canon_copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)2013 static bool canon_copy_from_read_buf(struct tty_struct *tty,
2014 unsigned char **kbp,
2015 size_t *nr)
2016 {
2017 struct n_tty_data *ldata = tty->disc_data;
2018 size_t n, size, more, c;
2019 size_t eol;
2020 size_t tail, canon_head;
2021 int found = 0;
2022
2023 /* N.B. avoid overrun if nr == 0 */
2024 if (!*nr)
2025 return false;
2026
2027 canon_head = smp_load_acquire(&ldata->canon_head);
2028 n = min(*nr, canon_head - ldata->read_tail);
2029
2030 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
2031 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2032
2033 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2034 __func__, *nr, tail, n, size);
2035
2036 eol = find_next_bit(ldata->read_flags, size, tail);
2037 more = n - (size - tail);
2038 if (eol == N_TTY_BUF_SIZE && more) {
2039 /* scan wrapped without finding set bit */
2040 eol = find_next_bit(ldata->read_flags, more, 0);
2041 found = eol != more;
2042 } else
2043 found = eol != size;
2044
2045 n = eol - tail;
2046 if (n > N_TTY_BUF_SIZE)
2047 n += N_TTY_BUF_SIZE;
2048 c = n + found;
2049
2050 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2051 n = c;
2052
2053 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2054 __func__, eol, found, n, c, tail, more);
2055
2056 tty_copy(tty, *kbp, tail, n);
2057 *kbp += n;
2058 *nr -= n;
2059
2060 if (found)
2061 clear_bit(eol, ldata->read_flags);
2062 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2063
2064 if (found) {
2065 if (!ldata->push)
2066 ldata->line_start = ldata->read_tail;
2067 else
2068 ldata->push = 0;
2069 tty_audit_push();
2070 return false;
2071 }
2072
2073 /* No EOL found - do a continuation retry if there is more data */
2074 return ldata->read_tail != canon_head;
2075 }
2076
2077 /*
2078 * If we finished a read at the exact location of an
2079 * EOF (special EOL character that's a __DISABLED_CHAR)
2080 * in the stream, silently eat the EOF.
2081 */
canon_skip_eof(struct tty_struct * tty)2082 static void canon_skip_eof(struct tty_struct *tty)
2083 {
2084 struct n_tty_data *ldata = tty->disc_data;
2085 size_t tail, canon_head;
2086
2087 canon_head = smp_load_acquire(&ldata->canon_head);
2088 tail = ldata->read_tail;
2089
2090 // No data?
2091 if (tail == canon_head)
2092 return;
2093
2094 // See if the tail position is EOF in the circular buffer
2095 tail &= (N_TTY_BUF_SIZE - 1);
2096 if (!test_bit(tail, ldata->read_flags))
2097 return;
2098 if (read_buf(ldata, tail) != __DISABLED_CHAR)
2099 return;
2100
2101 // Clear the EOL bit, skip the EOF char.
2102 clear_bit(tail, ldata->read_flags);
2103 smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2104 }
2105
2106 /**
2107 * job_control - check job control
2108 * @tty: tty
2109 * @file: file handle
2110 *
2111 * Perform job control management checks on this file/tty descriptor
2112 * and if appropriate send any needed signals and return a negative
2113 * error code if action should be taken.
2114 *
2115 * Locking: redirected write test is safe
2116 * current->signal->tty check is safe
2117 * ctrl_lock to safely reference tty->pgrp
2118 */
2119
job_control(struct tty_struct * tty,struct file * file)2120 static int job_control(struct tty_struct *tty, struct file *file)
2121 {
2122 /* Job control check -- must be done at start and after
2123 every sleep (POSIX.1 7.1.1.4). */
2124 /* NOTE: not yet done after every sleep pending a thorough
2125 check of the logic of this change. -- jlc */
2126 /* don't stop on /dev/console */
2127 if (file->f_op->write_iter == redirected_tty_write)
2128 return 0;
2129
2130 return __tty_check_change(tty, SIGTTIN);
2131 }
2132
2133
2134 /**
2135 * n_tty_read - read function for tty
2136 * @tty: tty device
2137 * @file: file object
2138 * @buf: userspace buffer pointer
2139 * @nr: size of I/O
2140 *
2141 * Perform reads for the line discipline. We are guaranteed that the
2142 * line discipline will not be closed under us but we may get multiple
2143 * parallel readers and must handle this ourselves. We may also get
2144 * a hangup. Always called in user context, may sleep.
2145 *
2146 * This code must be sure never to sleep through a hangup.
2147 *
2148 * n_tty_read()/consumer path:
2149 * claims non-exclusive termios_rwsem
2150 * publishes read_tail
2151 */
2152
n_tty_read(struct tty_struct * tty,struct file * file,unsigned char * kbuf,size_t nr,void ** cookie,unsigned long offset)2153 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2154 unsigned char *kbuf, size_t nr,
2155 void **cookie, unsigned long offset)
2156 {
2157 struct n_tty_data *ldata = tty->disc_data;
2158 unsigned char *kb = kbuf;
2159 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2160 int c;
2161 int minimum, time;
2162 ssize_t retval = 0;
2163 long timeout;
2164 int packet;
2165 size_t tail;
2166
2167 /*
2168 * Is this a continuation of a read started earler?
2169 *
2170 * If so, we still hold the atomic_read_lock and the
2171 * termios_rwsem, and can just continue to copy data.
2172 */
2173 if (*cookie) {
2174 if (ldata->icanon && !L_EXTPROC(tty)) {
2175 /*
2176 * If we have filled the user buffer, see
2177 * if we should skip an EOF character before
2178 * releasing the lock and returning done.
2179 */
2180 if (!nr)
2181 canon_skip_eof(tty);
2182 else if (canon_copy_from_read_buf(tty, &kb, &nr))
2183 return kb - kbuf;
2184 } else {
2185 if (copy_from_read_buf(tty, &kb, &nr))
2186 return kb - kbuf;
2187 }
2188
2189 /* No more data - release locks and stop retries */
2190 n_tty_kick_worker(tty);
2191 n_tty_check_unthrottle(tty);
2192 up_read(&tty->termios_rwsem);
2193 mutex_unlock(&ldata->atomic_read_lock);
2194 *cookie = NULL;
2195 return kb - kbuf;
2196 }
2197
2198 c = job_control(tty, file);
2199 if (c < 0)
2200 return c;
2201
2202 /*
2203 * Internal serialization of reads.
2204 */
2205 if (file->f_flags & O_NONBLOCK) {
2206 if (!mutex_trylock(&ldata->atomic_read_lock))
2207 return -EAGAIN;
2208 } else {
2209 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2210 return -ERESTARTSYS;
2211 }
2212
2213 down_read(&tty->termios_rwsem);
2214
2215 minimum = time = 0;
2216 timeout = MAX_SCHEDULE_TIMEOUT;
2217 if (!ldata->icanon) {
2218 minimum = MIN_CHAR(tty);
2219 if (minimum) {
2220 time = (HZ / 10) * TIME_CHAR(tty);
2221 } else {
2222 timeout = (HZ / 10) * TIME_CHAR(tty);
2223 minimum = 1;
2224 }
2225 }
2226
2227 packet = tty->packet;
2228 tail = ldata->read_tail;
2229
2230 add_wait_queue(&tty->read_wait, &wait);
2231 while (nr) {
2232 /* First test for status change. */
2233 if (packet && tty->link->ctrl_status) {
2234 unsigned char cs;
2235 if (kb != kbuf)
2236 break;
2237 spin_lock_irq(&tty->link->ctrl_lock);
2238 cs = tty->link->ctrl_status;
2239 tty->link->ctrl_status = 0;
2240 spin_unlock_irq(&tty->link->ctrl_lock);
2241 *kb++ = cs;
2242 nr--;
2243 break;
2244 }
2245
2246 if (!input_available_p(tty, 0)) {
2247 up_read(&tty->termios_rwsem);
2248 tty_buffer_flush_work(tty->port);
2249 down_read(&tty->termios_rwsem);
2250 if (!input_available_p(tty, 0)) {
2251 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2252 retval = -EIO;
2253 break;
2254 }
2255 if (tty_hung_up_p(file))
2256 break;
2257 /*
2258 * Abort readers for ttys which never actually
2259 * get hung up. See __tty_hangup().
2260 */
2261 if (test_bit(TTY_HUPPING, &tty->flags))
2262 break;
2263 if (!timeout)
2264 break;
2265 if (tty_io_nonblock(tty, file)) {
2266 retval = -EAGAIN;
2267 break;
2268 }
2269 if (signal_pending(current)) {
2270 retval = -ERESTARTSYS;
2271 break;
2272 }
2273 up_read(&tty->termios_rwsem);
2274
2275 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2276 timeout);
2277
2278 down_read(&tty->termios_rwsem);
2279 continue;
2280 }
2281 }
2282
2283 if (ldata->icanon && !L_EXTPROC(tty)) {
2284 if (canon_copy_from_read_buf(tty, &kb, &nr))
2285 goto more_to_be_read;
2286 } else {
2287 /* Deal with packet mode. */
2288 if (packet && kb == kbuf) {
2289 *kb++ = TIOCPKT_DATA;
2290 nr--;
2291 }
2292
2293 /*
2294 * Copy data, and if there is more to be had
2295 * and we have nothing more to wait for, then
2296 * let's mark us for retries.
2297 *
2298 * NOTE! We return here with both the termios_sem
2299 * and atomic_read_lock still held, the retries
2300 * will release them when done.
2301 */
2302 if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2303 more_to_be_read:
2304 remove_wait_queue(&tty->read_wait, &wait);
2305 *cookie = cookie;
2306 return kb - kbuf;
2307 }
2308 }
2309
2310 n_tty_check_unthrottle(tty);
2311
2312 if (kb - kbuf >= minimum)
2313 break;
2314 if (time)
2315 timeout = time;
2316 }
2317 if (tail != ldata->read_tail)
2318 n_tty_kick_worker(tty);
2319 up_read(&tty->termios_rwsem);
2320
2321 remove_wait_queue(&tty->read_wait, &wait);
2322 mutex_unlock(&ldata->atomic_read_lock);
2323
2324 if (kb - kbuf)
2325 retval = kb - kbuf;
2326
2327 return retval;
2328 }
2329
2330 /**
2331 * n_tty_write - write function for tty
2332 * @tty: tty device
2333 * @file: file object
2334 * @buf: userspace buffer pointer
2335 * @nr: size of I/O
2336 *
2337 * Write function of the terminal device. This is serialized with
2338 * respect to other write callers but not to termios changes, reads
2339 * and other such events. Since the receive code will echo characters,
2340 * thus calling driver write methods, the output_lock is used in
2341 * the output processing functions called here as well as in the
2342 * echo processing function to protect the column state and space
2343 * left in the buffer.
2344 *
2345 * This code must be sure never to sleep through a hangup.
2346 *
2347 * Locking: output_lock to protect column state and space left
2348 * (note that the process_output*() functions take this
2349 * lock themselves)
2350 */
2351
n_tty_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2352 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2353 const unsigned char *buf, size_t nr)
2354 {
2355 const unsigned char *b = buf;
2356 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2357 int c;
2358 ssize_t retval = 0;
2359
2360 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2361 if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2362 retval = tty_check_change(tty);
2363 if (retval)
2364 return retval;
2365 }
2366
2367 down_read(&tty->termios_rwsem);
2368
2369 /* Write out any echoed characters that are still pending */
2370 process_echoes(tty);
2371
2372 add_wait_queue(&tty->write_wait, &wait);
2373 while (1) {
2374 if (signal_pending(current)) {
2375 retval = -ERESTARTSYS;
2376 break;
2377 }
2378 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2379 retval = -EIO;
2380 break;
2381 }
2382 if (O_OPOST(tty)) {
2383 while (nr > 0) {
2384 ssize_t num = process_output_block(tty, b, nr);
2385 if (num < 0) {
2386 if (num == -EAGAIN)
2387 break;
2388 retval = num;
2389 goto break_out;
2390 }
2391 b += num;
2392 nr -= num;
2393 if (nr == 0)
2394 break;
2395 c = *b;
2396 if (process_output(c, tty) < 0)
2397 break;
2398 b++; nr--;
2399 }
2400 if (tty->ops->flush_chars)
2401 tty->ops->flush_chars(tty);
2402 } else {
2403 struct n_tty_data *ldata = tty->disc_data;
2404
2405 while (nr > 0) {
2406 mutex_lock(&ldata->output_lock);
2407 c = tty->ops->write(tty, b, nr);
2408 mutex_unlock(&ldata->output_lock);
2409 if (c < 0) {
2410 retval = c;
2411 goto break_out;
2412 }
2413 if (!c)
2414 break;
2415 b += c;
2416 nr -= c;
2417 }
2418 }
2419 if (!nr)
2420 break;
2421 if (tty_io_nonblock(tty, file)) {
2422 retval = -EAGAIN;
2423 break;
2424 }
2425 up_read(&tty->termios_rwsem);
2426
2427 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2428
2429 down_read(&tty->termios_rwsem);
2430 }
2431 break_out:
2432 remove_wait_queue(&tty->write_wait, &wait);
2433 if (nr && tty->fasync)
2434 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2435 up_read(&tty->termios_rwsem);
2436 return (b - buf) ? b - buf : retval;
2437 }
2438
2439 /**
2440 * n_tty_poll - poll method for N_TTY
2441 * @tty: terminal device
2442 * @file: file accessing it
2443 * @wait: poll table
2444 *
2445 * Called when the line discipline is asked to poll() for data or
2446 * for special events. This code is not serialized with respect to
2447 * other events save open/close.
2448 *
2449 * This code must be sure never to sleep through a hangup.
2450 * Called without the kernel lock held - fine
2451 */
2452
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2453 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2454 poll_table *wait)
2455 {
2456 __poll_t mask = 0;
2457
2458 poll_wait(file, &tty->read_wait, wait);
2459 poll_wait(file, &tty->write_wait, wait);
2460 if (input_available_p(tty, 1))
2461 mask |= EPOLLIN | EPOLLRDNORM;
2462 else {
2463 tty_buffer_flush_work(tty->port);
2464 if (input_available_p(tty, 1))
2465 mask |= EPOLLIN | EPOLLRDNORM;
2466 }
2467 if (tty->packet && tty->link->ctrl_status)
2468 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2469 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2470 mask |= EPOLLHUP;
2471 if (tty_hung_up_p(file))
2472 mask |= EPOLLHUP;
2473 if (tty->ops->write && !tty_is_writelocked(tty) &&
2474 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2475 tty_write_room(tty) > 0)
2476 mask |= EPOLLOUT | EPOLLWRNORM;
2477 return mask;
2478 }
2479
inq_canon(struct n_tty_data * ldata)2480 static unsigned long inq_canon(struct n_tty_data *ldata)
2481 {
2482 size_t nr, head, tail;
2483
2484 if (ldata->canon_head == ldata->read_tail)
2485 return 0;
2486 head = ldata->canon_head;
2487 tail = ldata->read_tail;
2488 nr = head - tail;
2489 /* Skip EOF-chars.. */
2490 while (MASK(head) != MASK(tail)) {
2491 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2492 read_buf(ldata, tail) == __DISABLED_CHAR)
2493 nr--;
2494 tail++;
2495 }
2496 return nr;
2497 }
2498
n_tty_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2499 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2500 unsigned int cmd, unsigned long arg)
2501 {
2502 struct n_tty_data *ldata = tty->disc_data;
2503 int retval;
2504
2505 switch (cmd) {
2506 case TIOCOUTQ:
2507 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2508 case TIOCINQ:
2509 down_write(&tty->termios_rwsem);
2510 if (L_ICANON(tty) && !L_EXTPROC(tty))
2511 retval = inq_canon(ldata);
2512 else
2513 retval = read_cnt(ldata);
2514 up_write(&tty->termios_rwsem);
2515 return put_user(retval, (unsigned int __user *) arg);
2516 default:
2517 return n_tty_ioctl_helper(tty, file, cmd, arg);
2518 }
2519 }
2520
2521 static struct tty_ldisc_ops n_tty_ops = {
2522 .magic = TTY_LDISC_MAGIC,
2523 .name = "n_tty",
2524 .open = n_tty_open,
2525 .close = n_tty_close,
2526 .flush_buffer = n_tty_flush_buffer,
2527 .read = n_tty_read,
2528 .write = n_tty_write,
2529 .ioctl = n_tty_ioctl,
2530 .set_termios = n_tty_set_termios,
2531 .poll = n_tty_poll,
2532 .receive_buf = n_tty_receive_buf,
2533 .write_wakeup = n_tty_write_wakeup,
2534 .receive_buf2 = n_tty_receive_buf2,
2535 };
2536
2537 /**
2538 * n_tty_inherit_ops - inherit N_TTY methods
2539 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2540 *
2541 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2542 */
2543
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2544 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2545 {
2546 *ops = n_tty_ops;
2547 ops->owner = NULL;
2548 ops->refcount = ops->flags = 0;
2549 }
2550 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2551
n_tty_init(void)2552 void __init n_tty_init(void)
2553 {
2554 tty_register_ldisc(N_TTY, &n_tty_ops);
2555 }
2556