1 /*
2 * n_tty.c --- implements the N_TTY line discipline.
3 *
4 * This code used to be in tty_io.c, but things are getting hairy
5 * enough that it made sense to split things off. (The N_TTY
6 * processing has changed so much that it's hardly recognizable,
7 * anyway...)
8 *
9 * Note that the open routine for N_TTY is guaranteed never to return
10 * an error. This is because Linux will fall back to setting a line
11 * to N_TTY if it can not switch to any other line discipline.
12 *
13 * Written by Theodore Ts'o, Copyright 1994.
14 *
15 * This file also contains code originally written by Linus Torvalds,
16 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
17 *
18 * This file may be redistributed under the terms of the GNU General Public
19 * License.
20 *
21 * Reduced memory usage for older ARM systems - Russell King.
22 *
23 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
24 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
25 * who actually finally proved there really was a race.
26 *
27 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
28 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
29 * Also fixed a bug in BLOCKING mode where n_tty_write returns
30 * EAGAIN
31 */
32
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/timer.h>
42 #include <linux/ctype.h>
43 #include <linux/mm.h>
44 #include <linux/string.h>
45 #include <linux/slab.h>
46 #include <linux/poll.h>
47 #include <linux/bitops.h>
48 #include <linux/audit.h>
49 #include <linux/file.h>
50 #include <linux/uaccess.h>
51 #include <linux/module.h>
52 #include <linux/ratelimit.h>
53 #include <linux/vmalloc.h>
54
55
56 /* number of characters left in xmit buffer before select has we have room */
57 #define WAKEUP_CHARS 256
58
59 /*
60 * This defines the low- and high-watermarks for throttling and
61 * unthrottling the TTY driver. These watermarks are used for
62 * controlling the space in the read buffer.
63 */
64 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
65 #define TTY_THRESHOLD_UNTHROTTLE 128
66
67 /*
68 * Special byte codes used in the echo buffer to represent operations
69 * or special handling of characters. Bytes in the echo buffer that
70 * are not part of such special blocks are treated as normal character
71 * codes.
72 */
73 #define ECHO_OP_START 0xff
74 #define ECHO_OP_MOVE_BACK_COL 0x80
75 #define ECHO_OP_SET_CANON_COL 0x81
76 #define ECHO_OP_ERASE_TAB 0x82
77
78 #define ECHO_COMMIT_WATERMARK 256
79 #define ECHO_BLOCK 256
80 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
81
82
83 #undef N_TTY_TRACE
84 #ifdef N_TTY_TRACE
85 # define n_tty_trace(f, args...) trace_printk(f, ##args)
86 #else
87 # define n_tty_trace(f, args...)
88 #endif
89
90 struct n_tty_data {
91 /* producer-published */
92 size_t read_head;
93 size_t commit_head;
94 size_t canon_head;
95 size_t echo_head;
96 size_t echo_commit;
97 size_t echo_mark;
98 DECLARE_BITMAP(char_map, 256);
99
100 /* private to n_tty_receive_overrun (single-threaded) */
101 unsigned long overrun_time;
102 int num_overrun;
103
104 /* non-atomic */
105 bool no_room;
106
107 /* must hold exclusive termios_rwsem to reset these */
108 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
109 unsigned char push:1;
110
111 /* shared by producer and consumer */
112 char read_buf[N_TTY_BUF_SIZE];
113 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
114 unsigned char echo_buf[N_TTY_BUF_SIZE];
115
116 int minimum_to_wake;
117
118 /* consumer-published */
119 size_t read_tail;
120 size_t line_start;
121
122 /* protected by output lock */
123 unsigned int column;
124 unsigned int canon_column;
125 size_t echo_tail;
126
127 struct mutex atomic_read_lock;
128 struct mutex output_lock;
129 };
130
read_cnt(struct n_tty_data * ldata)131 static inline size_t read_cnt(struct n_tty_data *ldata)
132 {
133 return ldata->read_head - ldata->read_tail;
134 }
135
read_buf(struct n_tty_data * ldata,size_t i)136 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
137 {
138 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
139 }
140
read_buf_addr(struct n_tty_data * ldata,size_t i)141 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
142 {
143 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
144 }
145
echo_buf(struct n_tty_data * ldata,size_t i)146 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
147 {
148 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
149 }
150
echo_buf_addr(struct n_tty_data * ldata,size_t i)151 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
152 {
153 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
154 }
155
tty_put_user(struct tty_struct * tty,unsigned char x,unsigned char __user * ptr)156 static inline int tty_put_user(struct tty_struct *tty, unsigned char x,
157 unsigned char __user *ptr)
158 {
159 struct n_tty_data *ldata = tty->disc_data;
160
161 tty_audit_add_data(tty, &x, 1, ldata->icanon);
162 return put_user(x, ptr);
163 }
164
receive_room(struct tty_struct * tty)165 static int receive_room(struct tty_struct *tty)
166 {
167 struct n_tty_data *ldata = tty->disc_data;
168 int left;
169 size_t tail = smp_load_acquire(&ldata->read_tail);
170 size_t head = ldata->read_head;
171
172 if (I_PARMRK(tty)) {
173 /* Multiply read_cnt by 3, since each byte might take up to
174 * three times as many spaces when PARMRK is set (depending on
175 * its flags, e.g. parity error). */
176 left = N_TTY_BUF_SIZE - (head - tail) * 3 - 1;
177 } else
178 left = N_TTY_BUF_SIZE - (head - tail) - 1;
179
180 /*
181 * If we are doing input canonicalization, and there are no
182 * pending newlines, let characters through without limit, so
183 * that erase characters will be handled. Other excess
184 * characters will be beeped.
185 */
186 if (left <= 0)
187 left = ldata->icanon && ldata->canon_head == tail;
188
189 return left;
190 }
191
tty_copy_to_user(struct tty_struct * tty,void __user * to,const void * from,unsigned long n)192 static inline int tty_copy_to_user(struct tty_struct *tty,
193 void __user *to,
194 const void *from,
195 unsigned long n)
196 {
197 struct n_tty_data *ldata = tty->disc_data;
198
199 tty_audit_add_data(tty, to, n, ldata->icanon);
200 return copy_to_user(to, from, n);
201 }
202
203 /**
204 * n_tty_set_room - receive space
205 * @tty: terminal
206 *
207 * Re-schedules the flip buffer work if space just became available.
208 *
209 * Caller holds exclusive termios_rwsem
210 * or
211 * n_tty_read()/consumer path:
212 * holds non-exclusive termios_rwsem
213 */
214
n_tty_set_room(struct tty_struct * tty)215 static void n_tty_set_room(struct tty_struct *tty)
216 {
217 struct n_tty_data *ldata = tty->disc_data;
218
219 /* Did this open up the receive buffer? We may need to flip */
220 if (unlikely(ldata->no_room) && receive_room(tty)) {
221 ldata->no_room = 0;
222
223 WARN_RATELIMIT(tty->port->itty == NULL,
224 "scheduling with invalid itty\n");
225 /* see if ldisc has been killed - if so, this means that
226 * even though the ldisc has been halted and ->buf.work
227 * cancelled, ->buf.work is about to be rescheduled
228 */
229 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
230 "scheduling buffer work for halted ldisc\n");
231 queue_work(system_unbound_wq, &tty->port->buf.work);
232 }
233 }
234
chars_in_buffer(struct tty_struct * tty)235 static ssize_t chars_in_buffer(struct tty_struct *tty)
236 {
237 struct n_tty_data *ldata = tty->disc_data;
238 ssize_t n = 0;
239
240 if (!ldata->icanon)
241 n = ldata->commit_head - ldata->read_tail;
242 else
243 n = ldata->canon_head - ldata->read_tail;
244 return n;
245 }
246
247 /**
248 * n_tty_write_wakeup - asynchronous I/O notifier
249 * @tty: tty device
250 *
251 * Required for the ptys, serial driver etc. since processes
252 * that attach themselves to the master and rely on ASYNC
253 * IO must be woken up
254 */
255
n_tty_write_wakeup(struct tty_struct * tty)256 static void n_tty_write_wakeup(struct tty_struct *tty)
257 {
258 if (tty->fasync && test_and_clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags))
259 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
260 }
261
n_tty_check_throttle(struct tty_struct * tty)262 static void n_tty_check_throttle(struct tty_struct *tty)
263 {
264 /*
265 * Check the remaining room for the input canonicalization
266 * mode. We don't want to throttle the driver if we're in
267 * canonical mode and don't have a newline yet!
268 */
269 while (1) {
270 int throttled;
271 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
272 if (receive_room(tty) >= TTY_THRESHOLD_THROTTLE)
273 break;
274 throttled = tty_throttle_safe(tty);
275 if (!throttled)
276 break;
277 }
278 __tty_set_flow_change(tty, 0);
279 }
280
n_tty_check_unthrottle(struct tty_struct * tty)281 static void n_tty_check_unthrottle(struct tty_struct *tty)
282 {
283 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
284 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
285 return;
286 if (!tty->count)
287 return;
288 n_tty_set_room(tty);
289 tty_wakeup(tty->link);
290 return;
291 }
292
293 /* If there is enough space in the read buffer now, let the
294 * low-level driver know. We use chars_in_buffer() to
295 * check the buffer, as it now knows about canonical mode.
296 * Otherwise, if the driver is throttled and the line is
297 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
298 * we won't get any more characters.
299 */
300
301 while (1) {
302 int unthrottled;
303 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
304 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
305 break;
306 if (!tty->count)
307 break;
308 n_tty_set_room(tty);
309 unthrottled = tty_unthrottle_safe(tty);
310 if (!unthrottled)
311 break;
312 }
313 __tty_set_flow_change(tty, 0);
314 }
315
316 /**
317 * put_tty_queue - add character to tty
318 * @c: character
319 * @ldata: n_tty data
320 *
321 * Add a character to the tty read_buf queue.
322 *
323 * n_tty_receive_buf()/producer path:
324 * caller holds non-exclusive termios_rwsem
325 */
326
put_tty_queue(unsigned char c,struct n_tty_data * ldata)327 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
328 {
329 *read_buf_addr(ldata, ldata->read_head) = c;
330 ldata->read_head++;
331 }
332
333 /**
334 * reset_buffer_flags - reset buffer state
335 * @tty: terminal to reset
336 *
337 * Reset the read buffer counters and clear the flags.
338 * Called from n_tty_open() and n_tty_flush_buffer().
339 *
340 * Locking: caller holds exclusive termios_rwsem
341 * (or locking is not required)
342 */
343
reset_buffer_flags(struct n_tty_data * ldata)344 static void reset_buffer_flags(struct n_tty_data *ldata)
345 {
346 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
347 ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0;
348 ldata->commit_head = 0;
349 ldata->echo_mark = 0;
350 ldata->line_start = 0;
351
352 ldata->erasing = 0;
353 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
354 ldata->push = 0;
355 }
356
n_tty_packet_mode_flush(struct tty_struct * tty)357 static void n_tty_packet_mode_flush(struct tty_struct *tty)
358 {
359 unsigned long flags;
360
361 spin_lock_irqsave(&tty->ctrl_lock, flags);
362 if (tty->link->packet) {
363 tty->ctrl_status |= TIOCPKT_FLUSHREAD;
364 wake_up_interruptible(&tty->link->read_wait);
365 }
366 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
367 }
368
369 /**
370 * n_tty_flush_buffer - clean input queue
371 * @tty: terminal device
372 *
373 * Flush the input buffer. Called when the tty layer wants the
374 * buffer flushed (eg at hangup) or when the N_TTY line discipline
375 * internally has to clean the pending queue (for example some signals).
376 *
377 * Holds termios_rwsem to exclude producer/consumer while
378 * buffer indices are reset.
379 *
380 * Locking: ctrl_lock, exclusive termios_rwsem
381 */
382
n_tty_flush_buffer(struct tty_struct * tty)383 static void n_tty_flush_buffer(struct tty_struct *tty)
384 {
385 down_write(&tty->termios_rwsem);
386 reset_buffer_flags(tty->disc_data);
387 n_tty_set_room(tty);
388
389 if (tty->link)
390 n_tty_packet_mode_flush(tty);
391 up_write(&tty->termios_rwsem);
392 }
393
394 /**
395 * n_tty_chars_in_buffer - report available bytes
396 * @tty: tty device
397 *
398 * Report the number of characters buffered to be delivered to user
399 * at this instant in time.
400 *
401 * Locking: exclusive termios_rwsem
402 */
403
n_tty_chars_in_buffer(struct tty_struct * tty)404 static ssize_t n_tty_chars_in_buffer(struct tty_struct *tty)
405 {
406 ssize_t n;
407
408 WARN_ONCE(1, "%s is deprecated and scheduled for removal.", __func__);
409
410 down_write(&tty->termios_rwsem);
411 n = chars_in_buffer(tty);
412 up_write(&tty->termios_rwsem);
413 return n;
414 }
415
416 /**
417 * is_utf8_continuation - utf8 multibyte check
418 * @c: byte to check
419 *
420 * Returns true if the utf8 character 'c' is a multibyte continuation
421 * character. We use this to correctly compute the on screen size
422 * of the character when printing
423 */
424
is_utf8_continuation(unsigned char c)425 static inline int is_utf8_continuation(unsigned char c)
426 {
427 return (c & 0xc0) == 0x80;
428 }
429
430 /**
431 * is_continuation - multibyte check
432 * @c: byte to check
433 *
434 * Returns true if the utf8 character 'c' is a multibyte continuation
435 * character and the terminal is in unicode mode.
436 */
437
is_continuation(unsigned char c,struct tty_struct * tty)438 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
439 {
440 return I_IUTF8(tty) && is_utf8_continuation(c);
441 }
442
443 /**
444 * do_output_char - output one character
445 * @c: character (or partial unicode symbol)
446 * @tty: terminal device
447 * @space: space available in tty driver write buffer
448 *
449 * This is a helper function that handles one output character
450 * (including special characters like TAB, CR, LF, etc.),
451 * doing OPOST processing and putting the results in the
452 * tty driver's write buffer.
453 *
454 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
455 * and NLDLY. They simply aren't relevant in the world today.
456 * If you ever need them, add them here.
457 *
458 * Returns the number of bytes of buffer space used or -1 if
459 * no space left.
460 *
461 * Locking: should be called under the output_lock to protect
462 * the column state and space left in the buffer
463 */
464
do_output_char(unsigned char c,struct tty_struct * tty,int space)465 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
466 {
467 struct n_tty_data *ldata = tty->disc_data;
468 int spaces;
469
470 if (!space)
471 return -1;
472
473 switch (c) {
474 case '\n':
475 if (O_ONLRET(tty))
476 ldata->column = 0;
477 if (O_ONLCR(tty)) {
478 if (space < 2)
479 return -1;
480 ldata->canon_column = ldata->column = 0;
481 tty->ops->write(tty, "\r\n", 2);
482 return 2;
483 }
484 ldata->canon_column = ldata->column;
485 break;
486 case '\r':
487 if (O_ONOCR(tty) && ldata->column == 0)
488 return 0;
489 if (O_OCRNL(tty)) {
490 c = '\n';
491 if (O_ONLRET(tty))
492 ldata->canon_column = ldata->column = 0;
493 break;
494 }
495 ldata->canon_column = ldata->column = 0;
496 break;
497 case '\t':
498 spaces = 8 - (ldata->column & 7);
499 if (O_TABDLY(tty) == XTABS) {
500 if (space < spaces)
501 return -1;
502 ldata->column += spaces;
503 tty->ops->write(tty, " ", spaces);
504 return spaces;
505 }
506 ldata->column += spaces;
507 break;
508 case '\b':
509 if (ldata->column > 0)
510 ldata->column--;
511 break;
512 default:
513 if (!iscntrl(c)) {
514 if (O_OLCUC(tty))
515 c = toupper(c);
516 if (!is_continuation(c, tty))
517 ldata->column++;
518 }
519 break;
520 }
521
522 tty_put_char(tty, c);
523 return 1;
524 }
525
526 /**
527 * process_output - output post processor
528 * @c: character (or partial unicode symbol)
529 * @tty: terminal device
530 *
531 * Output one character with OPOST processing.
532 * Returns -1 when the output device is full and the character
533 * must be retried.
534 *
535 * Locking: output_lock to protect column state and space left
536 * (also, this is called from n_tty_write under the
537 * tty layer write lock)
538 */
539
process_output(unsigned char c,struct tty_struct * tty)540 static int process_output(unsigned char c, struct tty_struct *tty)
541 {
542 struct n_tty_data *ldata = tty->disc_data;
543 int space, retval;
544
545 mutex_lock(&ldata->output_lock);
546
547 space = tty_write_room(tty);
548 retval = do_output_char(c, tty, space);
549
550 mutex_unlock(&ldata->output_lock);
551 if (retval < 0)
552 return -1;
553 else
554 return 0;
555 }
556
557 /**
558 * process_output_block - block post processor
559 * @tty: terminal device
560 * @buf: character buffer
561 * @nr: number of bytes to output
562 *
563 * Output a block of characters with OPOST processing.
564 * Returns the number of characters output.
565 *
566 * This path is used to speed up block console writes, among other
567 * things when processing blocks of output data. It handles only
568 * the simple cases normally found and helps to generate blocks of
569 * symbols for the console driver and thus improve performance.
570 *
571 * Locking: output_lock to protect column state and space left
572 * (also, this is called from n_tty_write under the
573 * tty layer write lock)
574 */
575
process_output_block(struct tty_struct * tty,const unsigned char * buf,unsigned int nr)576 static ssize_t process_output_block(struct tty_struct *tty,
577 const unsigned char *buf, unsigned int nr)
578 {
579 struct n_tty_data *ldata = tty->disc_data;
580 int space;
581 int i;
582 const unsigned char *cp;
583
584 mutex_lock(&ldata->output_lock);
585
586 space = tty_write_room(tty);
587 if (!space) {
588 mutex_unlock(&ldata->output_lock);
589 return 0;
590 }
591 if (nr > space)
592 nr = space;
593
594 for (i = 0, cp = buf; i < nr; i++, cp++) {
595 unsigned char c = *cp;
596
597 switch (c) {
598 case '\n':
599 if (O_ONLRET(tty))
600 ldata->column = 0;
601 if (O_ONLCR(tty))
602 goto break_out;
603 ldata->canon_column = ldata->column;
604 break;
605 case '\r':
606 if (O_ONOCR(tty) && ldata->column == 0)
607 goto break_out;
608 if (O_OCRNL(tty))
609 goto break_out;
610 ldata->canon_column = ldata->column = 0;
611 break;
612 case '\t':
613 goto break_out;
614 case '\b':
615 if (ldata->column > 0)
616 ldata->column--;
617 break;
618 default:
619 if (!iscntrl(c)) {
620 if (O_OLCUC(tty))
621 goto break_out;
622 if (!is_continuation(c, tty))
623 ldata->column++;
624 }
625 break;
626 }
627 }
628 break_out:
629 i = tty->ops->write(tty, buf, i);
630
631 mutex_unlock(&ldata->output_lock);
632 return i;
633 }
634
635 /**
636 * process_echoes - write pending echo characters
637 * @tty: terminal device
638 *
639 * Write previously buffered echo (and other ldisc-generated)
640 * characters to the tty.
641 *
642 * Characters generated by the ldisc (including echoes) need to
643 * be buffered because the driver's write buffer can fill during
644 * heavy program output. Echoing straight to the driver will
645 * often fail under these conditions, causing lost characters and
646 * resulting mismatches of ldisc state information.
647 *
648 * Since the ldisc state must represent the characters actually sent
649 * to the driver at the time of the write, operations like certain
650 * changes in column state are also saved in the buffer and executed
651 * here.
652 *
653 * A circular fifo buffer is used so that the most recent characters
654 * are prioritized. Also, when control characters are echoed with a
655 * prefixed "^", the pair is treated atomically and thus not separated.
656 *
657 * Locking: callers must hold output_lock
658 */
659
__process_echoes(struct tty_struct * tty)660 static size_t __process_echoes(struct tty_struct *tty)
661 {
662 struct n_tty_data *ldata = tty->disc_data;
663 int space, old_space;
664 size_t tail;
665 unsigned char c;
666
667 old_space = space = tty_write_room(tty);
668
669 tail = ldata->echo_tail;
670 while (ldata->echo_commit != tail) {
671 c = echo_buf(ldata, tail);
672 if (c == ECHO_OP_START) {
673 unsigned char op;
674 int no_space_left = 0;
675
676 /*
677 * If the buffer byte is the start of a multi-byte
678 * operation, get the next byte, which is either the
679 * op code or a control character value.
680 */
681 op = echo_buf(ldata, tail + 1);
682
683 switch (op) {
684 unsigned int num_chars, num_bs;
685
686 case ECHO_OP_ERASE_TAB:
687 num_chars = echo_buf(ldata, tail + 2);
688
689 /*
690 * Determine how many columns to go back
691 * in order to erase the tab.
692 * This depends on the number of columns
693 * used by other characters within the tab
694 * area. If this (modulo 8) count is from
695 * the start of input rather than from a
696 * previous tab, we offset by canon column.
697 * Otherwise, tab spacing is normal.
698 */
699 if (!(num_chars & 0x80))
700 num_chars += ldata->canon_column;
701 num_bs = 8 - (num_chars & 7);
702
703 if (num_bs > space) {
704 no_space_left = 1;
705 break;
706 }
707 space -= num_bs;
708 while (num_bs--) {
709 tty_put_char(tty, '\b');
710 if (ldata->column > 0)
711 ldata->column--;
712 }
713 tail += 3;
714 break;
715
716 case ECHO_OP_SET_CANON_COL:
717 ldata->canon_column = ldata->column;
718 tail += 2;
719 break;
720
721 case ECHO_OP_MOVE_BACK_COL:
722 if (ldata->column > 0)
723 ldata->column--;
724 tail += 2;
725 break;
726
727 case ECHO_OP_START:
728 /* This is an escaped echo op start code */
729 if (!space) {
730 no_space_left = 1;
731 break;
732 }
733 tty_put_char(tty, ECHO_OP_START);
734 ldata->column++;
735 space--;
736 tail += 2;
737 break;
738
739 default:
740 /*
741 * If the op is not a special byte code,
742 * it is a ctrl char tagged to be echoed
743 * as "^X" (where X is the letter
744 * representing the control char).
745 * Note that we must ensure there is
746 * enough space for the whole ctrl pair.
747 *
748 */
749 if (space < 2) {
750 no_space_left = 1;
751 break;
752 }
753 tty_put_char(tty, '^');
754 tty_put_char(tty, op ^ 0100);
755 ldata->column += 2;
756 space -= 2;
757 tail += 2;
758 }
759
760 if (no_space_left)
761 break;
762 } else {
763 if (O_OPOST(tty)) {
764 int retval = do_output_char(c, tty, space);
765 if (retval < 0)
766 break;
767 space -= retval;
768 } else {
769 if (!space)
770 break;
771 tty_put_char(tty, c);
772 space -= 1;
773 }
774 tail += 1;
775 }
776 }
777
778 /* If the echo buffer is nearly full (so that the possibility exists
779 * of echo overrun before the next commit), then discard enough
780 * data at the tail to prevent a subsequent overrun */
781 while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
782 if (echo_buf(ldata, tail) == ECHO_OP_START) {
783 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
784 tail += 3;
785 else
786 tail += 2;
787 } else
788 tail++;
789 }
790
791 ldata->echo_tail = tail;
792 return old_space - space;
793 }
794
commit_echoes(struct tty_struct * tty)795 static void commit_echoes(struct tty_struct *tty)
796 {
797 struct n_tty_data *ldata = tty->disc_data;
798 size_t nr, old, echoed;
799 size_t head;
800
801 head = ldata->echo_head;
802 ldata->echo_mark = head;
803 old = ldata->echo_commit - ldata->echo_tail;
804
805 /* Process committed echoes if the accumulated # of bytes
806 * is over the threshold (and try again each time another
807 * block is accumulated) */
808 nr = head - ldata->echo_tail;
809 if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK))
810 return;
811
812 mutex_lock(&ldata->output_lock);
813 ldata->echo_commit = head;
814 echoed = __process_echoes(tty);
815 mutex_unlock(&ldata->output_lock);
816
817 if (echoed && tty->ops->flush_chars)
818 tty->ops->flush_chars(tty);
819 }
820
process_echoes(struct tty_struct * tty)821 static void process_echoes(struct tty_struct *tty)
822 {
823 struct n_tty_data *ldata = tty->disc_data;
824 size_t echoed;
825
826 if (ldata->echo_mark == ldata->echo_tail)
827 return;
828
829 mutex_lock(&ldata->output_lock);
830 ldata->echo_commit = ldata->echo_mark;
831 echoed = __process_echoes(tty);
832 mutex_unlock(&ldata->output_lock);
833
834 if (echoed && tty->ops->flush_chars)
835 tty->ops->flush_chars(tty);
836 }
837
838 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)839 static void flush_echoes(struct tty_struct *tty)
840 {
841 struct n_tty_data *ldata = tty->disc_data;
842
843 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
844 ldata->echo_commit == ldata->echo_head)
845 return;
846
847 mutex_lock(&ldata->output_lock);
848 ldata->echo_commit = ldata->echo_head;
849 __process_echoes(tty);
850 mutex_unlock(&ldata->output_lock);
851 }
852
853 /**
854 * add_echo_byte - add a byte to the echo buffer
855 * @c: unicode byte to echo
856 * @ldata: n_tty data
857 *
858 * Add a character or operation byte to the echo buffer.
859 */
860
add_echo_byte(unsigned char c,struct n_tty_data * ldata)861 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
862 {
863 *echo_buf_addr(ldata, ldata->echo_head++) = c;
864 }
865
866 /**
867 * echo_move_back_col - add operation to move back a column
868 * @ldata: n_tty data
869 *
870 * Add an operation to the echo buffer to move back one column.
871 */
872
echo_move_back_col(struct n_tty_data * ldata)873 static void echo_move_back_col(struct n_tty_data *ldata)
874 {
875 add_echo_byte(ECHO_OP_START, ldata);
876 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
877 }
878
879 /**
880 * echo_set_canon_col - add operation to set the canon column
881 * @ldata: n_tty data
882 *
883 * Add an operation to the echo buffer to set the canon column
884 * to the current column.
885 */
886
echo_set_canon_col(struct n_tty_data * ldata)887 static void echo_set_canon_col(struct n_tty_data *ldata)
888 {
889 add_echo_byte(ECHO_OP_START, ldata);
890 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
891 }
892
893 /**
894 * echo_erase_tab - add operation to erase a tab
895 * @num_chars: number of character columns already used
896 * @after_tab: true if num_chars starts after a previous tab
897 * @ldata: n_tty data
898 *
899 * Add an operation to the echo buffer to erase a tab.
900 *
901 * Called by the eraser function, which knows how many character
902 * columns have been used since either a previous tab or the start
903 * of input. This information will be used later, along with
904 * canon column (if applicable), to go back the correct number
905 * of columns.
906 */
907
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)908 static void echo_erase_tab(unsigned int num_chars, int after_tab,
909 struct n_tty_data *ldata)
910 {
911 add_echo_byte(ECHO_OP_START, ldata);
912 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
913
914 /* We only need to know this modulo 8 (tab spacing) */
915 num_chars &= 7;
916
917 /* Set the high bit as a flag if num_chars is after a previous tab */
918 if (after_tab)
919 num_chars |= 0x80;
920
921 add_echo_byte(num_chars, ldata);
922 }
923
924 /**
925 * echo_char_raw - echo a character raw
926 * @c: unicode byte to echo
927 * @tty: terminal device
928 *
929 * Echo user input back onto the screen. This must be called only when
930 * L_ECHO(tty) is true. Called from the driver receive_buf path.
931 *
932 * This variant does not treat control characters specially.
933 */
934
echo_char_raw(unsigned char c,struct n_tty_data * ldata)935 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
936 {
937 if (c == ECHO_OP_START) {
938 add_echo_byte(ECHO_OP_START, ldata);
939 add_echo_byte(ECHO_OP_START, ldata);
940 } else {
941 add_echo_byte(c, ldata);
942 }
943 }
944
945 /**
946 * echo_char - echo a character
947 * @c: unicode byte to echo
948 * @tty: terminal device
949 *
950 * Echo user input back onto the screen. This must be called only when
951 * L_ECHO(tty) is true. Called from the driver receive_buf path.
952 *
953 * This variant tags control characters to be echoed as "^X"
954 * (where X is the letter representing the control char).
955 */
956
echo_char(unsigned char c,struct tty_struct * tty)957 static void echo_char(unsigned char c, struct tty_struct *tty)
958 {
959 struct n_tty_data *ldata = tty->disc_data;
960
961 if (c == ECHO_OP_START) {
962 add_echo_byte(ECHO_OP_START, ldata);
963 add_echo_byte(ECHO_OP_START, ldata);
964 } else {
965 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
966 add_echo_byte(ECHO_OP_START, ldata);
967 add_echo_byte(c, ldata);
968 }
969 }
970
971 /**
972 * finish_erasing - complete erase
973 * @ldata: n_tty data
974 */
975
finish_erasing(struct n_tty_data * ldata)976 static inline void finish_erasing(struct n_tty_data *ldata)
977 {
978 if (ldata->erasing) {
979 echo_char_raw('/', ldata);
980 ldata->erasing = 0;
981 }
982 }
983
984 /**
985 * eraser - handle erase function
986 * @c: character input
987 * @tty: terminal device
988 *
989 * Perform erase and necessary output when an erase character is
990 * present in the stream from the driver layer. Handles the complexities
991 * of UTF-8 multibyte symbols.
992 *
993 * n_tty_receive_buf()/producer path:
994 * caller holds non-exclusive termios_rwsem
995 */
996
eraser(unsigned char c,struct tty_struct * tty)997 static void eraser(unsigned char c, struct tty_struct *tty)
998 {
999 struct n_tty_data *ldata = tty->disc_data;
1000 enum { ERASE, WERASE, KILL } kill_type;
1001 size_t head;
1002 size_t cnt;
1003 int seen_alnums;
1004
1005 if (ldata->read_head == ldata->canon_head) {
1006 /* process_output('\a', tty); */ /* what do you think? */
1007 return;
1008 }
1009 if (c == ERASE_CHAR(tty))
1010 kill_type = ERASE;
1011 else if (c == WERASE_CHAR(tty))
1012 kill_type = WERASE;
1013 else {
1014 if (!L_ECHO(tty)) {
1015 ldata->read_head = ldata->canon_head;
1016 return;
1017 }
1018 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
1019 ldata->read_head = ldata->canon_head;
1020 finish_erasing(ldata);
1021 echo_char(KILL_CHAR(tty), tty);
1022 /* Add a newline if ECHOK is on and ECHOKE is off. */
1023 if (L_ECHOK(tty))
1024 echo_char_raw('\n', ldata);
1025 return;
1026 }
1027 kill_type = KILL;
1028 }
1029
1030 seen_alnums = 0;
1031 while (ldata->read_head != ldata->canon_head) {
1032 head = ldata->read_head;
1033
1034 /* erase a single possibly multibyte character */
1035 do {
1036 head--;
1037 c = read_buf(ldata, head);
1038 } while (is_continuation(c, tty) && head != ldata->canon_head);
1039
1040 /* do not partially erase */
1041 if (is_continuation(c, tty))
1042 break;
1043
1044 if (kill_type == WERASE) {
1045 /* Equivalent to BSD's ALTWERASE. */
1046 if (isalnum(c) || c == '_')
1047 seen_alnums++;
1048 else if (seen_alnums)
1049 break;
1050 }
1051 cnt = ldata->read_head - head;
1052 ldata->read_head = head;
1053 if (L_ECHO(tty)) {
1054 if (L_ECHOPRT(tty)) {
1055 if (!ldata->erasing) {
1056 echo_char_raw('\\', ldata);
1057 ldata->erasing = 1;
1058 }
1059 /* if cnt > 1, output a multi-byte character */
1060 echo_char(c, tty);
1061 while (--cnt > 0) {
1062 head++;
1063 echo_char_raw(read_buf(ldata, head), ldata);
1064 echo_move_back_col(ldata);
1065 }
1066 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1067 echo_char(ERASE_CHAR(tty), tty);
1068 } else if (c == '\t') {
1069 unsigned int num_chars = 0;
1070 int after_tab = 0;
1071 size_t tail = ldata->read_head;
1072
1073 /*
1074 * Count the columns used for characters
1075 * since the start of input or after a
1076 * previous tab.
1077 * This info is used to go back the correct
1078 * number of columns.
1079 */
1080 while (tail != ldata->canon_head) {
1081 tail--;
1082 c = read_buf(ldata, tail);
1083 if (c == '\t') {
1084 after_tab = 1;
1085 break;
1086 } else if (iscntrl(c)) {
1087 if (L_ECHOCTL(tty))
1088 num_chars += 2;
1089 } else if (!is_continuation(c, tty)) {
1090 num_chars++;
1091 }
1092 }
1093 echo_erase_tab(num_chars, after_tab, ldata);
1094 } else {
1095 if (iscntrl(c) && L_ECHOCTL(tty)) {
1096 echo_char_raw('\b', ldata);
1097 echo_char_raw(' ', ldata);
1098 echo_char_raw('\b', ldata);
1099 }
1100 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1101 echo_char_raw('\b', ldata);
1102 echo_char_raw(' ', ldata);
1103 echo_char_raw('\b', ldata);
1104 }
1105 }
1106 }
1107 if (kill_type == ERASE)
1108 break;
1109 }
1110 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1111 finish_erasing(ldata);
1112 }
1113
1114 /**
1115 * isig - handle the ISIG optio
1116 * @sig: signal
1117 * @tty: terminal
1118 *
1119 * Called when a signal is being sent due to terminal input.
1120 * Called from the driver receive_buf path so serialized.
1121 *
1122 * Locking: ctrl_lock
1123 */
1124
isig(int sig,struct tty_struct * tty)1125 static void isig(int sig, struct tty_struct *tty)
1126 {
1127 struct pid *tty_pgrp = tty_get_pgrp(tty);
1128 if (tty_pgrp) {
1129 kill_pgrp(tty_pgrp, sig, 1);
1130 put_pid(tty_pgrp);
1131 }
1132 }
1133
1134 /**
1135 * n_tty_receive_break - handle break
1136 * @tty: terminal
1137 *
1138 * An RS232 break event has been hit in the incoming bitstream. This
1139 * can cause a variety of events depending upon the termios settings.
1140 *
1141 * n_tty_receive_buf()/producer path:
1142 * caller holds non-exclusive termios_rwsem
1143 *
1144 * Note: may get exclusive termios_rwsem if flushing input buffer
1145 */
1146
n_tty_receive_break(struct tty_struct * tty)1147 static void n_tty_receive_break(struct tty_struct *tty)
1148 {
1149 struct n_tty_data *ldata = tty->disc_data;
1150
1151 if (I_IGNBRK(tty))
1152 return;
1153 if (I_BRKINT(tty)) {
1154 isig(SIGINT, tty);
1155 if (!L_NOFLSH(tty)) {
1156 /* flushing needs exclusive termios_rwsem */
1157 up_read(&tty->termios_rwsem);
1158 n_tty_flush_buffer(tty);
1159 tty_driver_flush_buffer(tty);
1160 down_read(&tty->termios_rwsem);
1161 }
1162 return;
1163 }
1164 if (I_PARMRK(tty)) {
1165 put_tty_queue('\377', ldata);
1166 put_tty_queue('\0', ldata);
1167 }
1168 put_tty_queue('\0', ldata);
1169 if (waitqueue_active(&tty->read_wait))
1170 wake_up_interruptible_poll(&tty->read_wait, POLLIN);
1171 }
1172
1173 /**
1174 * n_tty_receive_overrun - handle overrun reporting
1175 * @tty: terminal
1176 *
1177 * Data arrived faster than we could process it. While the tty
1178 * driver has flagged this the bits that were missed are gone
1179 * forever.
1180 *
1181 * Called from the receive_buf path so single threaded. Does not
1182 * need locking as num_overrun and overrun_time are function
1183 * private.
1184 */
1185
n_tty_receive_overrun(struct tty_struct * tty)1186 static void n_tty_receive_overrun(struct tty_struct *tty)
1187 {
1188 struct n_tty_data *ldata = tty->disc_data;
1189 char buf[64];
1190
1191 ldata->num_overrun++;
1192 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1193 time_after(ldata->overrun_time, jiffies)) {
1194 printk(KERN_WARNING "%s: %d input overrun(s)\n",
1195 tty_name(tty, buf),
1196 ldata->num_overrun);
1197 ldata->overrun_time = jiffies;
1198 ldata->num_overrun = 0;
1199 }
1200 }
1201
1202 /**
1203 * n_tty_receive_parity_error - error notifier
1204 * @tty: terminal device
1205 * @c: character
1206 *
1207 * Process a parity error and queue the right data to indicate
1208 * the error case if necessary.
1209 *
1210 * n_tty_receive_buf()/producer path:
1211 * caller holds non-exclusive termios_rwsem
1212 */
n_tty_receive_parity_error(struct tty_struct * tty,unsigned char c)1213 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1214 {
1215 struct n_tty_data *ldata = tty->disc_data;
1216
1217 if (I_INPCK(tty)) {
1218 if (I_IGNPAR(tty))
1219 return;
1220 if (I_PARMRK(tty)) {
1221 put_tty_queue('\377', ldata);
1222 put_tty_queue('\0', ldata);
1223 put_tty_queue(c, ldata);
1224 } else
1225 put_tty_queue('\0', ldata);
1226 } else
1227 put_tty_queue(c, ldata);
1228 if (waitqueue_active(&tty->read_wait))
1229 wake_up_interruptible_poll(&tty->read_wait, POLLIN);
1230 }
1231
1232 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,unsigned char c)1233 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1234 {
1235 if (!L_NOFLSH(tty)) {
1236 /* flushing needs exclusive termios_rwsem */
1237 up_read(&tty->termios_rwsem);
1238 n_tty_flush_buffer(tty);
1239 tty_driver_flush_buffer(tty);
1240 down_read(&tty->termios_rwsem);
1241 }
1242 if (I_IXON(tty))
1243 start_tty(tty);
1244 if (L_ECHO(tty)) {
1245 echo_char(c, tty);
1246 commit_echoes(tty);
1247 } else
1248 process_echoes(tty);
1249 isig(signal, tty);
1250 return;
1251 }
1252
1253 /**
1254 * n_tty_receive_char - perform processing
1255 * @tty: terminal device
1256 * @c: character
1257 *
1258 * Process an individual character of input received from the driver.
1259 * This is serialized with respect to itself by the rules for the
1260 * driver above.
1261 *
1262 * n_tty_receive_buf()/producer path:
1263 * caller holds non-exclusive termios_rwsem
1264 * publishes canon_head if canonical mode is active
1265 *
1266 * Returns 1 if LNEXT was received, else returns 0
1267 */
1268
1269 static int
n_tty_receive_char_special(struct tty_struct * tty,unsigned char c)1270 n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1271 {
1272 struct n_tty_data *ldata = tty->disc_data;
1273
1274 if (I_IXON(tty)) {
1275 if (c == START_CHAR(tty)) {
1276 start_tty(tty);
1277 process_echoes(tty);
1278 return 0;
1279 }
1280 if (c == STOP_CHAR(tty)) {
1281 stop_tty(tty);
1282 return 0;
1283 }
1284 }
1285
1286 if (L_ISIG(tty)) {
1287 if (c == INTR_CHAR(tty)) {
1288 n_tty_receive_signal_char(tty, SIGINT, c);
1289 return 0;
1290 } else if (c == QUIT_CHAR(tty)) {
1291 n_tty_receive_signal_char(tty, SIGQUIT, c);
1292 return 0;
1293 } else if (c == SUSP_CHAR(tty)) {
1294 n_tty_receive_signal_char(tty, SIGTSTP, c);
1295 return 0;
1296 }
1297 }
1298
1299 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1300 start_tty(tty);
1301 process_echoes(tty);
1302 }
1303
1304 if (c == '\r') {
1305 if (I_IGNCR(tty))
1306 return 0;
1307 if (I_ICRNL(tty))
1308 c = '\n';
1309 } else if (c == '\n' && I_INLCR(tty))
1310 c = '\r';
1311
1312 if (ldata->icanon) {
1313 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1314 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1315 eraser(c, tty);
1316 commit_echoes(tty);
1317 return 0;
1318 }
1319 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1320 ldata->lnext = 1;
1321 if (L_ECHO(tty)) {
1322 finish_erasing(ldata);
1323 if (L_ECHOCTL(tty)) {
1324 echo_char_raw('^', ldata);
1325 echo_char_raw('\b', ldata);
1326 commit_echoes(tty);
1327 }
1328 }
1329 return 1;
1330 }
1331 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1332 size_t tail = ldata->canon_head;
1333
1334 finish_erasing(ldata);
1335 echo_char(c, tty);
1336 echo_char_raw('\n', ldata);
1337 while (tail != ldata->read_head) {
1338 echo_char(read_buf(ldata, tail), tty);
1339 tail++;
1340 }
1341 commit_echoes(tty);
1342 return 0;
1343 }
1344 if (c == '\n') {
1345 if (L_ECHO(tty) || L_ECHONL(tty)) {
1346 echo_char_raw('\n', ldata);
1347 commit_echoes(tty);
1348 }
1349 goto handle_newline;
1350 }
1351 if (c == EOF_CHAR(tty)) {
1352 c = __DISABLED_CHAR;
1353 goto handle_newline;
1354 }
1355 if ((c == EOL_CHAR(tty)) ||
1356 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1357 /*
1358 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1359 */
1360 if (L_ECHO(tty)) {
1361 /* Record the column of first canon char. */
1362 if (ldata->canon_head == ldata->read_head)
1363 echo_set_canon_col(ldata);
1364 echo_char(c, tty);
1365 commit_echoes(tty);
1366 }
1367 /*
1368 * XXX does PARMRK doubling happen for
1369 * EOL_CHAR and EOL2_CHAR?
1370 */
1371 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1372 put_tty_queue(c, ldata);
1373
1374 handle_newline:
1375 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1376 put_tty_queue(c, ldata);
1377 smp_store_release(&ldata->canon_head, ldata->read_head);
1378 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1379 wake_up_interruptible_poll(&tty->read_wait, POLLIN);
1380 return 0;
1381 }
1382 }
1383
1384 if (L_ECHO(tty)) {
1385 finish_erasing(ldata);
1386 if (c == '\n')
1387 echo_char_raw('\n', ldata);
1388 else {
1389 /* Record the column of first canon char. */
1390 if (ldata->canon_head == ldata->read_head)
1391 echo_set_canon_col(ldata);
1392 echo_char(c, tty);
1393 }
1394 commit_echoes(tty);
1395 }
1396
1397 /* PARMRK doubling check */
1398 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1399 put_tty_queue(c, ldata);
1400
1401 put_tty_queue(c, ldata);
1402 return 0;
1403 }
1404
1405 static inline void
n_tty_receive_char_inline(struct tty_struct * tty,unsigned char c)1406 n_tty_receive_char_inline(struct tty_struct *tty, unsigned char c)
1407 {
1408 struct n_tty_data *ldata = tty->disc_data;
1409
1410 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1411 start_tty(tty);
1412 process_echoes(tty);
1413 }
1414 if (L_ECHO(tty)) {
1415 finish_erasing(ldata);
1416 /* Record the column of first canon char. */
1417 if (ldata->canon_head == ldata->read_head)
1418 echo_set_canon_col(ldata);
1419 echo_char(c, tty);
1420 commit_echoes(tty);
1421 }
1422 /* PARMRK doubling check */
1423 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1424 put_tty_queue(c, ldata);
1425 put_tty_queue(c, ldata);
1426 }
1427
n_tty_receive_char(struct tty_struct * tty,unsigned char c)1428 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1429 {
1430 n_tty_receive_char_inline(tty, c);
1431 }
1432
1433 static inline void
n_tty_receive_char_fast(struct tty_struct * tty,unsigned char c)1434 n_tty_receive_char_fast(struct tty_struct *tty, unsigned char c)
1435 {
1436 struct n_tty_data *ldata = tty->disc_data;
1437
1438 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1439 start_tty(tty);
1440 process_echoes(tty);
1441 }
1442 if (L_ECHO(tty)) {
1443 finish_erasing(ldata);
1444 /* Record the column of first canon char. */
1445 if (ldata->canon_head == ldata->read_head)
1446 echo_set_canon_col(ldata);
1447 echo_char(c, tty);
1448 commit_echoes(tty);
1449 }
1450 put_tty_queue(c, ldata);
1451 }
1452
n_tty_receive_char_closing(struct tty_struct * tty,unsigned char c)1453 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1454 {
1455 if (I_ISTRIP(tty))
1456 c &= 0x7f;
1457 if (I_IUCLC(tty) && L_IEXTEN(tty))
1458 c = tolower(c);
1459
1460 if (I_IXON(tty)) {
1461 if (c == STOP_CHAR(tty))
1462 stop_tty(tty);
1463 else if (c == START_CHAR(tty) ||
1464 (tty->stopped && !tty->flow_stopped && I_IXANY(tty) &&
1465 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1466 c != SUSP_CHAR(tty))) {
1467 start_tty(tty);
1468 process_echoes(tty);
1469 }
1470 }
1471 }
1472
1473 static void
n_tty_receive_char_flagged(struct tty_struct * tty,unsigned char c,char flag)1474 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1475 {
1476 char buf[64];
1477
1478 switch (flag) {
1479 case TTY_BREAK:
1480 n_tty_receive_break(tty);
1481 break;
1482 case TTY_PARITY:
1483 case TTY_FRAME:
1484 n_tty_receive_parity_error(tty, c);
1485 break;
1486 case TTY_OVERRUN:
1487 n_tty_receive_overrun(tty);
1488 break;
1489 default:
1490 printk(KERN_ERR "%s: unknown flag %d\n",
1491 tty_name(tty, buf), flag);
1492 break;
1493 }
1494 }
1495
1496 static void
n_tty_receive_char_lnext(struct tty_struct * tty,unsigned char c,char flag)1497 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1498 {
1499 struct n_tty_data *ldata = tty->disc_data;
1500
1501 ldata->lnext = 0;
1502 if (likely(flag == TTY_NORMAL)) {
1503 if (I_ISTRIP(tty))
1504 c &= 0x7f;
1505 if (I_IUCLC(tty) && L_IEXTEN(tty))
1506 c = tolower(c);
1507 n_tty_receive_char(tty, c);
1508 } else
1509 n_tty_receive_char_flagged(tty, c, flag);
1510 }
1511
1512 static void
n_tty_receive_buf_real_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1513 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1514 char *fp, int count)
1515 {
1516 struct n_tty_data *ldata = tty->disc_data;
1517 size_t n, head;
1518
1519 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1520 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1521 memcpy(read_buf_addr(ldata, head), cp, n);
1522 ldata->read_head += n;
1523 cp += n;
1524 count -= n;
1525
1526 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1527 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1528 memcpy(read_buf_addr(ldata, head), cp, n);
1529 ldata->read_head += n;
1530 }
1531
1532 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1533 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1534 char *fp, int count)
1535 {
1536 struct n_tty_data *ldata = tty->disc_data;
1537 char flag = TTY_NORMAL;
1538
1539 while (count--) {
1540 if (fp)
1541 flag = *fp++;
1542 if (likely(flag == TTY_NORMAL))
1543 put_tty_queue(*cp++, ldata);
1544 else
1545 n_tty_receive_char_flagged(tty, *cp++, flag);
1546 }
1547 }
1548
1549 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1550 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1551 char *fp, int count)
1552 {
1553 char flag = TTY_NORMAL;
1554
1555 while (count--) {
1556 if (fp)
1557 flag = *fp++;
1558 if (likely(flag == TTY_NORMAL))
1559 n_tty_receive_char_closing(tty, *cp++);
1560 else
1561 n_tty_receive_char_flagged(tty, *cp++, flag);
1562 }
1563 }
1564
1565 static void
n_tty_receive_buf_standard(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1566 n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
1567 char *fp, int count)
1568 {
1569 struct n_tty_data *ldata = tty->disc_data;
1570 char flag = TTY_NORMAL;
1571
1572 while (count--) {
1573 if (fp)
1574 flag = *fp++;
1575 if (likely(flag == TTY_NORMAL)) {
1576 unsigned char c = *cp++;
1577
1578 if (I_ISTRIP(tty))
1579 c &= 0x7f;
1580 if (I_IUCLC(tty) && L_IEXTEN(tty))
1581 c = tolower(c);
1582 if (L_EXTPROC(tty)) {
1583 put_tty_queue(c, ldata);
1584 continue;
1585 }
1586 if (!test_bit(c, ldata->char_map))
1587 n_tty_receive_char_inline(tty, c);
1588 else if (n_tty_receive_char_special(tty, c) && count) {
1589 if (fp)
1590 flag = *fp++;
1591 n_tty_receive_char_lnext(tty, *cp++, flag);
1592 count--;
1593 }
1594 } else
1595 n_tty_receive_char_flagged(tty, *cp++, flag);
1596 }
1597 }
1598
1599 static void
n_tty_receive_buf_fast(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1600 n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
1601 char *fp, int count)
1602 {
1603 struct n_tty_data *ldata = tty->disc_data;
1604 char flag = TTY_NORMAL;
1605
1606 while (count--) {
1607 if (fp)
1608 flag = *fp++;
1609 if (likely(flag == TTY_NORMAL)) {
1610 unsigned char c = *cp++;
1611
1612 if (!test_bit(c, ldata->char_map))
1613 n_tty_receive_char_fast(tty, c);
1614 else if (n_tty_receive_char_special(tty, c) && count) {
1615 if (fp)
1616 flag = *fp++;
1617 n_tty_receive_char_lnext(tty, *cp++, flag);
1618 count--;
1619 }
1620 } else
1621 n_tty_receive_char_flagged(tty, *cp++, flag);
1622 }
1623 }
1624
__receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1625 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1626 char *fp, int count)
1627 {
1628 struct n_tty_data *ldata = tty->disc_data;
1629 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1630
1631 if (ldata->real_raw)
1632 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1633 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1634 n_tty_receive_buf_raw(tty, cp, fp, count);
1635 else if (tty->closing && !L_EXTPROC(tty))
1636 n_tty_receive_buf_closing(tty, cp, fp, count);
1637 else {
1638 if (ldata->lnext) {
1639 char flag = TTY_NORMAL;
1640
1641 if (fp)
1642 flag = *fp++;
1643 n_tty_receive_char_lnext(tty, *cp++, flag);
1644 count--;
1645 }
1646
1647 if (!preops && !I_PARMRK(tty))
1648 n_tty_receive_buf_fast(tty, cp, fp, count);
1649 else
1650 n_tty_receive_buf_standard(tty, cp, fp, count);
1651
1652 flush_echoes(tty);
1653 if (tty->ops->flush_chars)
1654 tty->ops->flush_chars(tty);
1655 }
1656
1657 if (ldata->icanon && !L_EXTPROC(tty))
1658 return;
1659
1660 /* publish read head to consumer */
1661 smp_store_release(&ldata->commit_head, ldata->read_head);
1662
1663 if ((read_cnt(ldata) >= ldata->minimum_to_wake) || L_EXTPROC(tty)) {
1664 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1665 wake_up_interruptible_poll(&tty->read_wait, POLLIN);
1666 }
1667 }
1668
1669 /**
1670 * n_tty_receive_buf_common - process input
1671 * @tty: device to receive input
1672 * @cp: input chars
1673 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1674 * @count: number of input chars in @cp
1675 *
1676 * Called by the terminal driver when a block of characters has
1677 * been received. This function must be called from soft contexts
1678 * not from interrupt context. The driver is responsible for making
1679 * calls one at a time and in order (or using flush_to_ldisc)
1680 *
1681 * Returns the # of input chars from @cp which were processed.
1682 *
1683 * In canonical mode, the maximum line length is 4096 chars (including
1684 * the line termination char); lines longer than 4096 chars are
1685 * truncated. After 4095 chars, input data is still processed but
1686 * not stored. Overflow processing ensures the tty can always
1687 * receive more input until at least one line can be read.
1688 *
1689 * In non-canonical mode, the read buffer will only accept 4095 chars;
1690 * this provides the necessary space for a newline char if the input
1691 * mode is switched to canonical.
1692 *
1693 * Note it is possible for the read buffer to _contain_ 4096 chars
1694 * in non-canonical mode: the read buffer could already contain the
1695 * maximum canon line of 4096 chars when the mode is switched to
1696 * non-canonical.
1697 *
1698 * n_tty_receive_buf()/producer path:
1699 * claims non-exclusive termios_rwsem
1700 * publishes commit_head or canon_head
1701 */
1702 static int
n_tty_receive_buf_common(struct tty_struct * tty,const unsigned char * cp,char * fp,int count,int flow)1703 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1704 char *fp, int count, int flow)
1705 {
1706 struct n_tty_data *ldata = tty->disc_data;
1707 int room, n, rcvd = 0, overflow;
1708
1709 down_read(&tty->termios_rwsem);
1710
1711 while (1) {
1712 /*
1713 * When PARMRK is set, each input char may take up to 3 chars
1714 * in the read buf; reduce the buffer space avail by 3x
1715 *
1716 * If we are doing input canonicalization, and there are no
1717 * pending newlines, let characters through without limit, so
1718 * that erase characters will be handled. Other excess
1719 * characters will be beeped.
1720 *
1721 * paired with store in *_copy_from_read_buf() -- guarantees
1722 * the consumer has loaded the data in read_buf up to the new
1723 * read_tail (so this producer will not overwrite unread data)
1724 */
1725 size_t tail = ldata->read_tail;
1726
1727 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1728 if (I_PARMRK(tty))
1729 room = (room + 2) / 3;
1730 room--;
1731 if (room <= 0) {
1732 overflow = ldata->icanon && ldata->canon_head == tail;
1733 if (overflow && room < 0)
1734 ldata->read_head--;
1735 room = overflow;
1736 ldata->no_room = flow && !room;
1737 } else
1738 overflow = 0;
1739
1740 n = min(count, room);
1741 if (!n)
1742 break;
1743
1744 /* ignore parity errors if handling overflow */
1745 if (!overflow || !fp || *fp != TTY_PARITY)
1746 __receive_buf(tty, cp, fp, n);
1747
1748 cp += n;
1749 if (fp)
1750 fp += n;
1751 count -= n;
1752 rcvd += n;
1753 }
1754
1755 tty->receive_room = room;
1756
1757 /* Unthrottle if handling overflow on pty */
1758 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1759 if (overflow) {
1760 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1761 tty_unthrottle_safe(tty);
1762 __tty_set_flow_change(tty, 0);
1763 }
1764 } else
1765 n_tty_check_throttle(tty);
1766
1767 up_read(&tty->termios_rwsem);
1768
1769 return rcvd;
1770 }
1771
n_tty_receive_buf(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1772 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1773 char *fp, int count)
1774 {
1775 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1776 }
1777
n_tty_receive_buf2(struct tty_struct * tty,const unsigned char * cp,char * fp,int count)1778 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1779 char *fp, int count)
1780 {
1781 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1782 }
1783
is_ignored(int sig)1784 int is_ignored(int sig)
1785 {
1786 return (sigismember(¤t->blocked, sig) ||
1787 current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
1788 }
1789
1790 /**
1791 * n_tty_set_termios - termios data changed
1792 * @tty: terminal
1793 * @old: previous data
1794 *
1795 * Called by the tty layer when the user changes termios flags so
1796 * that the line discipline can plan ahead. This function cannot sleep
1797 * and is protected from re-entry by the tty layer. The user is
1798 * guaranteed that this function will not be re-entered or in progress
1799 * when the ldisc is closed.
1800 *
1801 * Locking: Caller holds tty->termios_rwsem
1802 */
1803
n_tty_set_termios(struct tty_struct * tty,struct ktermios * old)1804 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1805 {
1806 struct n_tty_data *ldata = tty->disc_data;
1807
1808 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1809 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1810 ldata->line_start = ldata->read_tail;
1811 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1812 ldata->canon_head = ldata->read_tail;
1813 ldata->push = 0;
1814 } else {
1815 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1816 ldata->read_flags);
1817 ldata->canon_head = ldata->read_head;
1818 ldata->push = 1;
1819 }
1820 ldata->commit_head = ldata->read_head;
1821 ldata->erasing = 0;
1822 ldata->lnext = 0;
1823 }
1824
1825 ldata->icanon = (L_ICANON(tty) != 0);
1826
1827 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1828 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1829 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1830 I_PARMRK(tty)) {
1831 bitmap_zero(ldata->char_map, 256);
1832
1833 if (I_IGNCR(tty) || I_ICRNL(tty))
1834 set_bit('\r', ldata->char_map);
1835 if (I_INLCR(tty))
1836 set_bit('\n', ldata->char_map);
1837
1838 if (L_ICANON(tty)) {
1839 set_bit(ERASE_CHAR(tty), ldata->char_map);
1840 set_bit(KILL_CHAR(tty), ldata->char_map);
1841 set_bit(EOF_CHAR(tty), ldata->char_map);
1842 set_bit('\n', ldata->char_map);
1843 set_bit(EOL_CHAR(tty), ldata->char_map);
1844 if (L_IEXTEN(tty)) {
1845 set_bit(WERASE_CHAR(tty), ldata->char_map);
1846 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1847 set_bit(EOL2_CHAR(tty), ldata->char_map);
1848 if (L_ECHO(tty))
1849 set_bit(REPRINT_CHAR(tty),
1850 ldata->char_map);
1851 }
1852 }
1853 if (I_IXON(tty)) {
1854 set_bit(START_CHAR(tty), ldata->char_map);
1855 set_bit(STOP_CHAR(tty), ldata->char_map);
1856 }
1857 if (L_ISIG(tty)) {
1858 set_bit(INTR_CHAR(tty), ldata->char_map);
1859 set_bit(QUIT_CHAR(tty), ldata->char_map);
1860 set_bit(SUSP_CHAR(tty), ldata->char_map);
1861 }
1862 clear_bit(__DISABLED_CHAR, ldata->char_map);
1863 ldata->raw = 0;
1864 ldata->real_raw = 0;
1865 } else {
1866 ldata->raw = 1;
1867 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1868 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1869 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1870 ldata->real_raw = 1;
1871 else
1872 ldata->real_raw = 0;
1873 }
1874 n_tty_set_room(tty);
1875 /*
1876 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1877 * been stopped by STOP_CHAR(tty) before it.
1878 */
1879 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow_stopped) {
1880 start_tty(tty);
1881 process_echoes(tty);
1882 }
1883
1884 /* The termios change make the tty ready for I/O */
1885 wake_up_interruptible(&tty->write_wait);
1886 wake_up_interruptible(&tty->read_wait);
1887 }
1888
1889 /**
1890 * n_tty_close - close the ldisc for this tty
1891 * @tty: device
1892 *
1893 * Called from the terminal layer when this line discipline is
1894 * being shut down, either because of a close or becsuse of a
1895 * discipline change. The function will not be called while other
1896 * ldisc methods are in progress.
1897 */
1898
n_tty_close(struct tty_struct * tty)1899 static void n_tty_close(struct tty_struct *tty)
1900 {
1901 struct n_tty_data *ldata = tty->disc_data;
1902
1903 if (tty->link)
1904 n_tty_packet_mode_flush(tty);
1905
1906 vfree(ldata);
1907 tty->disc_data = NULL;
1908 }
1909
1910 /**
1911 * n_tty_open - open an ldisc
1912 * @tty: terminal to open
1913 *
1914 * Called when this line discipline is being attached to the
1915 * terminal device. Can sleep. Called serialized so that no
1916 * other events will occur in parallel. No further open will occur
1917 * until a close.
1918 */
1919
n_tty_open(struct tty_struct * tty)1920 static int n_tty_open(struct tty_struct *tty)
1921 {
1922 struct n_tty_data *ldata;
1923
1924 /* Currently a malloc failure here can panic */
1925 ldata = vmalloc(sizeof(*ldata));
1926 if (!ldata)
1927 goto err;
1928
1929 ldata->overrun_time = jiffies;
1930 mutex_init(&ldata->atomic_read_lock);
1931 mutex_init(&ldata->output_lock);
1932
1933 tty->disc_data = ldata;
1934 reset_buffer_flags(tty->disc_data);
1935 ldata->column = 0;
1936 ldata->canon_column = 0;
1937 ldata->minimum_to_wake = 1;
1938 ldata->num_overrun = 0;
1939 ldata->no_room = 0;
1940 ldata->lnext = 0;
1941 tty->closing = 0;
1942 /* indicate buffer work may resume */
1943 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1944 n_tty_set_termios(tty, NULL);
1945 tty_unthrottle(tty);
1946
1947 return 0;
1948 err:
1949 return -ENOMEM;
1950 }
1951
input_available_p(struct tty_struct * tty,int poll)1952 static inline int input_available_p(struct tty_struct *tty, int poll)
1953 {
1954 struct n_tty_data *ldata = tty->disc_data;
1955 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1956
1957 if (ldata->icanon && !L_EXTPROC(tty))
1958 return ldata->canon_head != ldata->read_tail;
1959 else
1960 return ldata->commit_head - ldata->read_tail >= amt;
1961 }
1962
1963 /**
1964 * copy_from_read_buf - copy read data directly
1965 * @tty: terminal device
1966 * @b: user data
1967 * @nr: size of data
1968 *
1969 * Helper function to speed up n_tty_read. It is only called when
1970 * ICANON is off; it copies characters straight from the tty queue to
1971 * user space directly. It can be profitably called twice; once to
1972 * drain the space from the tail pointer to the (physical) end of the
1973 * buffer, and once to drain the space from the (physical) beginning of
1974 * the buffer to head pointer.
1975 *
1976 * Called under the ldata->atomic_read_lock sem
1977 *
1978 * n_tty_read()/consumer path:
1979 * caller holds non-exclusive termios_rwsem
1980 * read_tail published
1981 */
1982
copy_from_read_buf(struct tty_struct * tty,unsigned char __user ** b,size_t * nr)1983 static int copy_from_read_buf(struct tty_struct *tty,
1984 unsigned char __user **b,
1985 size_t *nr)
1986
1987 {
1988 struct n_tty_data *ldata = tty->disc_data;
1989 int retval;
1990 size_t n;
1991 bool is_eof;
1992 size_t head = smp_load_acquire(&ldata->commit_head);
1993 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1994
1995 retval = 0;
1996 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1997 n = min(*nr, n);
1998 if (n) {
1999 retval = copy_to_user(*b, read_buf_addr(ldata, tail), n);
2000 n -= retval;
2001 is_eof = n == 1 && read_buf(ldata, tail) == EOF_CHAR(tty);
2002 tty_audit_add_data(tty, read_buf_addr(ldata, tail), n,
2003 ldata->icanon);
2004 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
2005 /* Turn single EOF into zero-length read */
2006 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
2007 (head == ldata->read_tail))
2008 n = 0;
2009 *b += n;
2010 *nr -= n;
2011 }
2012 return retval;
2013 }
2014
2015 /**
2016 * canon_copy_from_read_buf - copy read data in canonical mode
2017 * @tty: terminal device
2018 * @b: user data
2019 * @nr: size of data
2020 *
2021 * Helper function for n_tty_read. It is only called when ICANON is on;
2022 * it copies one line of input up to and including the line-delimiting
2023 * character into the user-space buffer.
2024 *
2025 * NB: When termios is changed from non-canonical to canonical mode and
2026 * the read buffer contains data, n_tty_set_termios() simulates an EOF
2027 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
2028 * This causes data already processed as input to be immediately available
2029 * as input although a newline has not been received.
2030 *
2031 * Called under the atomic_read_lock mutex
2032 *
2033 * n_tty_read()/consumer path:
2034 * caller holds non-exclusive termios_rwsem
2035 * read_tail published
2036 */
2037
canon_copy_from_read_buf(struct tty_struct * tty,unsigned char __user ** b,size_t * nr)2038 static int canon_copy_from_read_buf(struct tty_struct *tty,
2039 unsigned char __user **b,
2040 size_t *nr)
2041 {
2042 struct n_tty_data *ldata = tty->disc_data;
2043 size_t n, size, more, c;
2044 size_t eol;
2045 size_t tail;
2046 int ret, found = 0;
2047 bool eof_push = 0;
2048
2049 /* N.B. avoid overrun if nr == 0 */
2050 n = min(*nr, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
2051 if (!n)
2052 return 0;
2053
2054 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
2055 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2056
2057 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2058 __func__, *nr, tail, n, size);
2059
2060 eol = find_next_bit(ldata->read_flags, size, tail);
2061 more = n - (size - tail);
2062 if (eol == N_TTY_BUF_SIZE && more) {
2063 /* scan wrapped without finding set bit */
2064 eol = find_next_bit(ldata->read_flags, more, 0);
2065 if (eol != more)
2066 found = 1;
2067 } else if (eol != size)
2068 found = 1;
2069
2070 size = N_TTY_BUF_SIZE - tail;
2071 n = eol - tail;
2072 if (n > 4096)
2073 n += 4096;
2074 n += found;
2075 c = n;
2076
2077 if (found && !ldata->push && read_buf(ldata, eol) == __DISABLED_CHAR) {
2078 n--;
2079 eof_push = !n && ldata->read_tail != ldata->line_start;
2080 }
2081
2082 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu size:%zu more:%zu\n",
2083 __func__, eol, found, n, c, size, more);
2084
2085 if (n > size) {
2086 ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), size);
2087 if (ret)
2088 return -EFAULT;
2089 ret = tty_copy_to_user(tty, *b + size, ldata->read_buf, n - size);
2090 } else
2091 ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), n);
2092
2093 if (ret)
2094 return -EFAULT;
2095 *b += n;
2096 *nr -= n;
2097
2098 if (found)
2099 clear_bit(eol, ldata->read_flags);
2100 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2101
2102 if (found) {
2103 if (!ldata->push)
2104 ldata->line_start = ldata->read_tail;
2105 else
2106 ldata->push = 0;
2107 tty_audit_push(tty);
2108 }
2109 return eof_push ? -EAGAIN : 0;
2110 }
2111
2112 extern ssize_t redirected_tty_write(struct file *, const char __user *,
2113 size_t, loff_t *);
2114
2115 /**
2116 * job_control - check job control
2117 * @tty: tty
2118 * @file: file handle
2119 *
2120 * Perform job control management checks on this file/tty descriptor
2121 * and if appropriate send any needed signals and return a negative
2122 * error code if action should be taken.
2123 *
2124 * Locking: redirected write test is safe
2125 * current->signal->tty check is safe
2126 * ctrl_lock to safely reference tty->pgrp
2127 */
2128
job_control(struct tty_struct * tty,struct file * file)2129 static int job_control(struct tty_struct *tty, struct file *file)
2130 {
2131 /* Job control check -- must be done at start and after
2132 every sleep (POSIX.1 7.1.1.4). */
2133 /* NOTE: not yet done after every sleep pending a thorough
2134 check of the logic of this change. -- jlc */
2135 /* don't stop on /dev/console */
2136 if (file->f_op->write == redirected_tty_write ||
2137 current->signal->tty != tty)
2138 return 0;
2139
2140 spin_lock_irq(&tty->ctrl_lock);
2141 if (!tty->pgrp)
2142 printk(KERN_ERR "n_tty_read: no tty->pgrp!\n");
2143 else if (task_pgrp(current) != tty->pgrp) {
2144 spin_unlock_irq(&tty->ctrl_lock);
2145 if (is_ignored(SIGTTIN) || is_current_pgrp_orphaned())
2146 return -EIO;
2147 kill_pgrp(task_pgrp(current), SIGTTIN, 1);
2148 set_thread_flag(TIF_SIGPENDING);
2149 return -ERESTARTSYS;
2150 }
2151 spin_unlock_irq(&tty->ctrl_lock);
2152 return 0;
2153 }
2154
2155
2156 /**
2157 * n_tty_read - read function for tty
2158 * @tty: tty device
2159 * @file: file object
2160 * @buf: userspace buffer pointer
2161 * @nr: size of I/O
2162 *
2163 * Perform reads for the line discipline. We are guaranteed that the
2164 * line discipline will not be closed under us but we may get multiple
2165 * parallel readers and must handle this ourselves. We may also get
2166 * a hangup. Always called in user context, may sleep.
2167 *
2168 * This code must be sure never to sleep through a hangup.
2169 *
2170 * n_tty_read()/consumer path:
2171 * claims non-exclusive termios_rwsem
2172 * publishes read_tail
2173 */
2174
n_tty_read(struct tty_struct * tty,struct file * file,unsigned char __user * buf,size_t nr)2175 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2176 unsigned char __user *buf, size_t nr)
2177 {
2178 struct n_tty_data *ldata = tty->disc_data;
2179 unsigned char __user *b = buf;
2180 DECLARE_WAITQUEUE(wait, current);
2181 int c;
2182 int minimum, time;
2183 ssize_t retval = 0;
2184 long timeout;
2185 unsigned long flags;
2186 int packet;
2187
2188 c = job_control(tty, file);
2189 if (c < 0)
2190 return c;
2191
2192 /*
2193 * Internal serialization of reads.
2194 */
2195 if (file->f_flags & O_NONBLOCK) {
2196 if (!mutex_trylock(&ldata->atomic_read_lock))
2197 return -EAGAIN;
2198 } else {
2199 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2200 return -ERESTARTSYS;
2201 }
2202
2203 down_read(&tty->termios_rwsem);
2204
2205 minimum = time = 0;
2206 timeout = MAX_SCHEDULE_TIMEOUT;
2207 if (!ldata->icanon) {
2208 minimum = MIN_CHAR(tty);
2209 if (minimum) {
2210 time = (HZ / 10) * TIME_CHAR(tty);
2211 if (time)
2212 ldata->minimum_to_wake = 1;
2213 else if (!waitqueue_active(&tty->read_wait) ||
2214 (ldata->minimum_to_wake > minimum))
2215 ldata->minimum_to_wake = minimum;
2216 } else {
2217 timeout = (HZ / 10) * TIME_CHAR(tty);
2218 ldata->minimum_to_wake = minimum = 1;
2219 }
2220 }
2221
2222 packet = tty->packet;
2223
2224 add_wait_queue(&tty->read_wait, &wait);
2225 while (nr) {
2226 /* First test for status change. */
2227 if (packet && tty->link->ctrl_status) {
2228 unsigned char cs;
2229 if (b != buf)
2230 break;
2231 spin_lock_irqsave(&tty->link->ctrl_lock, flags);
2232 cs = tty->link->ctrl_status;
2233 tty->link->ctrl_status = 0;
2234 spin_unlock_irqrestore(&tty->link->ctrl_lock, flags);
2235 if (tty_put_user(tty, cs, b++)) {
2236 retval = -EFAULT;
2237 b--;
2238 break;
2239 }
2240 nr--;
2241 break;
2242 }
2243 /* This statement must be first before checking for input
2244 so that any interrupt will set the state back to
2245 TASK_RUNNING. */
2246 set_current_state(TASK_INTERRUPTIBLE);
2247
2248 if (((minimum - (b - buf)) < ldata->minimum_to_wake) &&
2249 ((minimum - (b - buf)) >= 1))
2250 ldata->minimum_to_wake = (minimum - (b - buf));
2251
2252 if (!input_available_p(tty, 0)) {
2253 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2254 up_read(&tty->termios_rwsem);
2255 tty_flush_to_ldisc(tty);
2256 down_read(&tty->termios_rwsem);
2257 if (!input_available_p(tty, 0)) {
2258 retval = -EIO;
2259 break;
2260 }
2261 } else {
2262 if (tty_hung_up_p(file))
2263 break;
2264 if (!timeout)
2265 break;
2266 if (file->f_flags & O_NONBLOCK) {
2267 retval = -EAGAIN;
2268 break;
2269 }
2270 if (signal_pending(current)) {
2271 retval = -ERESTARTSYS;
2272 break;
2273 }
2274 n_tty_set_room(tty);
2275 up_read(&tty->termios_rwsem);
2276
2277 timeout = schedule_timeout(timeout);
2278
2279 down_read(&tty->termios_rwsem);
2280 continue;
2281 }
2282 }
2283 __set_current_state(TASK_RUNNING);
2284
2285 /* Deal with packet mode. */
2286 if (packet && b == buf) {
2287 if (tty_put_user(tty, TIOCPKT_DATA, b++)) {
2288 retval = -EFAULT;
2289 b--;
2290 break;
2291 }
2292 nr--;
2293 }
2294
2295 if (ldata->icanon && !L_EXTPROC(tty)) {
2296 retval = canon_copy_from_read_buf(tty, &b, &nr);
2297 if (retval == -EAGAIN) {
2298 retval = 0;
2299 continue;
2300 } else if (retval)
2301 break;
2302 } else {
2303 int uncopied;
2304 /* The copy function takes the read lock and handles
2305 locking internally for this case */
2306 uncopied = copy_from_read_buf(tty, &b, &nr);
2307 uncopied += copy_from_read_buf(tty, &b, &nr);
2308 if (uncopied) {
2309 retval = -EFAULT;
2310 break;
2311 }
2312 }
2313
2314 n_tty_check_unthrottle(tty);
2315
2316 if (b - buf >= minimum)
2317 break;
2318 if (time)
2319 timeout = time;
2320 }
2321 n_tty_set_room(tty);
2322 up_read(&tty->termios_rwsem);
2323
2324 remove_wait_queue(&tty->read_wait, &wait);
2325 if (!waitqueue_active(&tty->read_wait))
2326 ldata->minimum_to_wake = minimum;
2327
2328 mutex_unlock(&ldata->atomic_read_lock);
2329
2330 __set_current_state(TASK_RUNNING);
2331 if (b - buf)
2332 retval = b - buf;
2333
2334 return retval;
2335 }
2336
2337 /**
2338 * n_tty_write - write function for tty
2339 * @tty: tty device
2340 * @file: file object
2341 * @buf: userspace buffer pointer
2342 * @nr: size of I/O
2343 *
2344 * Write function of the terminal device. This is serialized with
2345 * respect to other write callers but not to termios changes, reads
2346 * and other such events. Since the receive code will echo characters,
2347 * thus calling driver write methods, the output_lock is used in
2348 * the output processing functions called here as well as in the
2349 * echo processing function to protect the column state and space
2350 * left in the buffer.
2351 *
2352 * This code must be sure never to sleep through a hangup.
2353 *
2354 * Locking: output_lock to protect column state and space left
2355 * (note that the process_output*() functions take this
2356 * lock themselves)
2357 */
2358
n_tty_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2359 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2360 const unsigned char *buf, size_t nr)
2361 {
2362 const unsigned char *b = buf;
2363 DECLARE_WAITQUEUE(wait, current);
2364 int c;
2365 ssize_t retval = 0;
2366
2367 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2368 if (L_TOSTOP(tty) && file->f_op->write != redirected_tty_write) {
2369 retval = tty_check_change(tty);
2370 if (retval)
2371 return retval;
2372 }
2373
2374 down_read(&tty->termios_rwsem);
2375
2376 /* Write out any echoed characters that are still pending */
2377 process_echoes(tty);
2378
2379 add_wait_queue(&tty->write_wait, &wait);
2380 while (1) {
2381 set_current_state(TASK_INTERRUPTIBLE);
2382 if (signal_pending(current)) {
2383 retval = -ERESTARTSYS;
2384 break;
2385 }
2386 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2387 retval = -EIO;
2388 break;
2389 }
2390 if (O_OPOST(tty)) {
2391 while (nr > 0) {
2392 ssize_t num = process_output_block(tty, b, nr);
2393 if (num < 0) {
2394 if (num == -EAGAIN)
2395 break;
2396 retval = num;
2397 goto break_out;
2398 }
2399 b += num;
2400 nr -= num;
2401 if (nr == 0)
2402 break;
2403 c = *b;
2404 if (process_output(c, tty) < 0)
2405 break;
2406 b++; nr--;
2407 }
2408 if (tty->ops->flush_chars)
2409 tty->ops->flush_chars(tty);
2410 } else {
2411 struct n_tty_data *ldata = tty->disc_data;
2412
2413 while (nr > 0) {
2414 mutex_lock(&ldata->output_lock);
2415 c = tty->ops->write(tty, b, nr);
2416 mutex_unlock(&ldata->output_lock);
2417 if (c < 0) {
2418 retval = c;
2419 goto break_out;
2420 }
2421 if (!c)
2422 break;
2423 b += c;
2424 nr -= c;
2425 }
2426 }
2427 if (!nr)
2428 break;
2429 if (file->f_flags & O_NONBLOCK) {
2430 retval = -EAGAIN;
2431 break;
2432 }
2433 up_read(&tty->termios_rwsem);
2434
2435 schedule();
2436
2437 down_read(&tty->termios_rwsem);
2438 }
2439 break_out:
2440 __set_current_state(TASK_RUNNING);
2441 remove_wait_queue(&tty->write_wait, &wait);
2442 if (b - buf != nr && tty->fasync)
2443 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2444 up_read(&tty->termios_rwsem);
2445 return (b - buf) ? b - buf : retval;
2446 }
2447
2448 /**
2449 * n_tty_poll - poll method for N_TTY
2450 * @tty: terminal device
2451 * @file: file accessing it
2452 * @wait: poll table
2453 *
2454 * Called when the line discipline is asked to poll() for data or
2455 * for special events. This code is not serialized with respect to
2456 * other events save open/close.
2457 *
2458 * This code must be sure never to sleep through a hangup.
2459 * Called without the kernel lock held - fine
2460 */
2461
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2462 static unsigned int n_tty_poll(struct tty_struct *tty, struct file *file,
2463 poll_table *wait)
2464 {
2465 struct n_tty_data *ldata = tty->disc_data;
2466 unsigned int mask = 0;
2467
2468 poll_wait(file, &tty->read_wait, wait);
2469 poll_wait(file, &tty->write_wait, wait);
2470 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2471 mask |= POLLHUP;
2472 if (input_available_p(tty, 1))
2473 mask |= POLLIN | POLLRDNORM;
2474 else if (mask & POLLHUP) {
2475 tty_flush_to_ldisc(tty);
2476 if (input_available_p(tty, 1))
2477 mask |= POLLIN | POLLRDNORM;
2478 }
2479 if (tty->packet && tty->link->ctrl_status)
2480 mask |= POLLPRI | POLLIN | POLLRDNORM;
2481 if (tty_hung_up_p(file))
2482 mask |= POLLHUP;
2483 if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) {
2484 if (MIN_CHAR(tty) && !TIME_CHAR(tty))
2485 ldata->minimum_to_wake = MIN_CHAR(tty);
2486 else
2487 ldata->minimum_to_wake = 1;
2488 }
2489 if (tty->ops->write && !tty_is_writelocked(tty) &&
2490 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2491 tty_write_room(tty) > 0)
2492 mask |= POLLOUT | POLLWRNORM;
2493 return mask;
2494 }
2495
inq_canon(struct n_tty_data * ldata)2496 static unsigned long inq_canon(struct n_tty_data *ldata)
2497 {
2498 size_t nr, head, tail;
2499
2500 if (ldata->canon_head == ldata->read_tail)
2501 return 0;
2502 head = ldata->canon_head;
2503 tail = ldata->read_tail;
2504 nr = head - tail;
2505 /* Skip EOF-chars.. */
2506 while (head != tail) {
2507 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2508 read_buf(ldata, tail) == __DISABLED_CHAR)
2509 nr--;
2510 tail++;
2511 }
2512 return nr;
2513 }
2514
n_tty_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2515 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2516 unsigned int cmd, unsigned long arg)
2517 {
2518 struct n_tty_data *ldata = tty->disc_data;
2519 int retval;
2520
2521 switch (cmd) {
2522 case TIOCOUTQ:
2523 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2524 case TIOCINQ:
2525 down_write(&tty->termios_rwsem);
2526 if (L_ICANON(tty) && !L_EXTPROC(tty))
2527 retval = inq_canon(ldata);
2528 else
2529 retval = read_cnt(ldata);
2530 up_write(&tty->termios_rwsem);
2531 return put_user(retval, (unsigned int __user *) arg);
2532 default:
2533 return n_tty_ioctl_helper(tty, file, cmd, arg);
2534 }
2535 }
2536
n_tty_fasync(struct tty_struct * tty,int on)2537 static void n_tty_fasync(struct tty_struct *tty, int on)
2538 {
2539 struct n_tty_data *ldata = tty->disc_data;
2540
2541 if (!waitqueue_active(&tty->read_wait)) {
2542 if (on)
2543 ldata->minimum_to_wake = 1;
2544 else if (!tty->fasync)
2545 ldata->minimum_to_wake = N_TTY_BUF_SIZE;
2546 }
2547 }
2548
2549 struct tty_ldisc_ops tty_ldisc_N_TTY = {
2550 .magic = TTY_LDISC_MAGIC,
2551 .name = "n_tty",
2552 .open = n_tty_open,
2553 .close = n_tty_close,
2554 .flush_buffer = n_tty_flush_buffer,
2555 .chars_in_buffer = n_tty_chars_in_buffer,
2556 .read = n_tty_read,
2557 .write = n_tty_write,
2558 .ioctl = n_tty_ioctl,
2559 .set_termios = n_tty_set_termios,
2560 .poll = n_tty_poll,
2561 .receive_buf = n_tty_receive_buf,
2562 .write_wakeup = n_tty_write_wakeup,
2563 .fasync = n_tty_fasync,
2564 .receive_buf2 = n_tty_receive_buf2,
2565 };
2566
2567 /**
2568 * n_tty_inherit_ops - inherit N_TTY methods
2569 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2570 *
2571 * Enables a 'subclass' line discipline to 'inherit' N_TTY
2572 * methods.
2573 */
2574
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2575 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2576 {
2577 *ops = tty_ldisc_N_TTY;
2578 ops->owner = NULL;
2579 ops->refcount = ops->flags = 0;
2580 }
2581 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2582