1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/types.h>
32 #include <linux/major.h>
33 #include <linux/errno.h>
34 #include <linux/signal.h>
35 #include <linux/fcntl.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/tty.h>
39 #include <linux/timer.h>
40 #include <linux/ctype.h>
41 #include <linux/mm.h>
42 #include <linux/string.h>
43 #include <linux/slab.h>
44 #include <linux/poll.h>
45 #include <linux/bitops.h>
46 #include <linux/audit.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/ratelimit.h>
51 #include <linux/vmalloc.h>
52 #include "tty.h"
53
54 /*
55 * Until this number of characters is queued in the xmit buffer, select will
56 * return "we have room for writes".
57 */
58 #define WAKEUP_CHARS 256
59
60 /*
61 * This defines the low- and high-watermarks for throttling and
62 * unthrottling the TTY driver. These watermarks are used for
63 * controlling the space in the read buffer.
64 */
65 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
66 #define TTY_THRESHOLD_UNTHROTTLE 128
67
68 /*
69 * Special byte codes used in the echo buffer to represent operations
70 * or special handling of characters. Bytes in the echo buffer that
71 * are not part of such special blocks are treated as normal character
72 * codes.
73 */
74 #define ECHO_OP_START 0xff
75 #define ECHO_OP_MOVE_BACK_COL 0x80
76 #define ECHO_OP_SET_CANON_COL 0x81
77 #define ECHO_OP_ERASE_TAB 0x82
78
79 #define ECHO_COMMIT_WATERMARK 256
80 #define ECHO_BLOCK 256
81 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
82
83
84 #undef N_TTY_TRACE
85 #ifdef N_TTY_TRACE
86 # define n_tty_trace(f, args...) trace_printk(f, ##args)
87 #else
88 # define n_tty_trace(f, args...) no_printk(f, ##args)
89 #endif
90
91 struct n_tty_data {
92 /* producer-published */
93 size_t read_head;
94 size_t commit_head;
95 size_t canon_head;
96 size_t echo_head;
97 size_t echo_commit;
98 size_t echo_mark;
99 DECLARE_BITMAP(char_map, 256);
100
101 /* private to n_tty_receive_overrun (single-threaded) */
102 unsigned long overrun_time;
103 int num_overrun;
104
105 /* non-atomic */
106 bool no_room;
107
108 /* must hold exclusive termios_rwsem to reset these */
109 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
110 unsigned char push:1;
111
112 /* shared by producer and consumer */
113 char read_buf[N_TTY_BUF_SIZE];
114 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
115 unsigned char echo_buf[N_TTY_BUF_SIZE];
116
117 /* consumer-published */
118 size_t read_tail;
119 size_t line_start;
120
121 /* protected by output lock */
122 unsigned int column;
123 unsigned int canon_column;
124 size_t echo_tail;
125
126 struct mutex atomic_read_lock;
127 struct mutex output_lock;
128 };
129
130 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
131
read_cnt(struct n_tty_data * ldata)132 static inline size_t read_cnt(struct n_tty_data *ldata)
133 {
134 return ldata->read_head - ldata->read_tail;
135 }
136
read_buf(struct n_tty_data * ldata,size_t i)137 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
138 {
139 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
140 }
141
read_buf_addr(struct n_tty_data * ldata,size_t i)142 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
143 {
144 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
145 }
146
echo_buf(struct n_tty_data * ldata,size_t i)147 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
148 {
149 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
150 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
151 }
152
echo_buf_addr(struct n_tty_data * ldata,size_t i)153 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
154 {
155 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
156 }
157
158 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(struct tty_struct * tty,u8 * buffer,int size)159 static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
160 {
161 bool icanon = !!L_ICANON(tty);
162 bool no_echo = !L_ECHO(tty);
163
164 if (icanon && no_echo)
165 memset(buffer, 0x00, size);
166 }
167
tty_copy(struct tty_struct * tty,void * to,size_t tail,size_t n)168 static void tty_copy(struct tty_struct *tty, void *to, size_t tail, size_t n)
169 {
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173
174 if (n > size) {
175 tty_audit_add_data(tty, from, size);
176 memcpy(to, from, size);
177 zero_buffer(tty, from, size);
178 to += size;
179 n -= size;
180 from = ldata->read_buf;
181 }
182
183 tty_audit_add_data(tty, from, n);
184 memcpy(to, from, n);
185 zero_buffer(tty, from, n);
186 }
187
188 /**
189 * n_tty_kick_worker - start input worker (if required)
190 * @tty: terminal
191 *
192 * Re-schedules the flip buffer work if it may have stopped
193 *
194 * Caller holds exclusive termios_rwsem
195 * or
196 * n_tty_read()/consumer path:
197 * holds non-exclusive termios_rwsem
198 */
199
n_tty_kick_worker(struct tty_struct * tty)200 static void n_tty_kick_worker(struct tty_struct *tty)
201 {
202 struct n_tty_data *ldata = tty->disc_data;
203
204 /* Did the input worker stop? Restart it */
205 if (unlikely(READ_ONCE(ldata->no_room))) {
206 WRITE_ONCE(ldata->no_room, 0);
207
208 WARN_RATELIMIT(tty->port->itty == NULL,
209 "scheduling with invalid itty\n");
210 /* see if ldisc has been killed - if so, this means that
211 * even though the ldisc has been halted and ->buf.work
212 * cancelled, ->buf.work is about to be rescheduled
213 */
214 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
215 "scheduling buffer work for halted ldisc\n");
216 tty_buffer_restart_work(tty->port);
217 }
218 }
219
chars_in_buffer(struct tty_struct * tty)220 static ssize_t chars_in_buffer(struct tty_struct *tty)
221 {
222 struct n_tty_data *ldata = tty->disc_data;
223 ssize_t n = 0;
224
225 if (!ldata->icanon)
226 n = ldata->commit_head - ldata->read_tail;
227 else
228 n = ldata->canon_head - ldata->read_tail;
229 return n;
230 }
231
232 /**
233 * n_tty_write_wakeup - asynchronous I/O notifier
234 * @tty: tty device
235 *
236 * Required for the ptys, serial driver etc. since processes
237 * that attach themselves to the master and rely on ASYNC
238 * IO must be woken up
239 */
240
n_tty_write_wakeup(struct tty_struct * tty)241 static void n_tty_write_wakeup(struct tty_struct *tty)
242 {
243 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
244 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
245 }
246
n_tty_check_throttle(struct tty_struct * tty)247 static void n_tty_check_throttle(struct tty_struct *tty)
248 {
249 struct n_tty_data *ldata = tty->disc_data;
250
251 /*
252 * Check the remaining room for the input canonicalization
253 * mode. We don't want to throttle the driver if we're in
254 * canonical mode and don't have a newline yet!
255 */
256 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
257 return;
258
259 while (1) {
260 int throttled;
261 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
262 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
263 break;
264 throttled = tty_throttle_safe(tty);
265 if (!throttled)
266 break;
267 }
268 __tty_set_flow_change(tty, 0);
269 }
270
n_tty_check_unthrottle(struct tty_struct * tty)271 static void n_tty_check_unthrottle(struct tty_struct *tty)
272 {
273 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
274 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
275 return;
276 n_tty_kick_worker(tty);
277 tty_wakeup(tty->link);
278 return;
279 }
280
281 /* If there is enough space in the read buffer now, let the
282 * low-level driver know. We use chars_in_buffer() to
283 * check the buffer, as it now knows about canonical mode.
284 * Otherwise, if the driver is throttled and the line is
285 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
286 * we won't get any more characters.
287 */
288
289 while (1) {
290 int unthrottled;
291 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
292 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
293 break;
294 n_tty_kick_worker(tty);
295 unthrottled = tty_unthrottle_safe(tty);
296 if (!unthrottled)
297 break;
298 }
299 __tty_set_flow_change(tty, 0);
300 }
301
302 /**
303 * put_tty_queue - add character to tty
304 * @c: character
305 * @ldata: n_tty data
306 *
307 * Add a character to the tty read_buf queue.
308 *
309 * n_tty_receive_buf()/producer path:
310 * caller holds non-exclusive termios_rwsem
311 */
312
put_tty_queue(unsigned char c,struct n_tty_data * ldata)313 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
314 {
315 *read_buf_addr(ldata, ldata->read_head) = c;
316 ldata->read_head++;
317 }
318
319 /**
320 * reset_buffer_flags - reset buffer state
321 * @ldata: line disc data to reset
322 *
323 * Reset the read buffer counters and clear the flags.
324 * Called from n_tty_open() and n_tty_flush_buffer().
325 *
326 * Locking: caller holds exclusive termios_rwsem
327 * (or locking is not required)
328 */
329
reset_buffer_flags(struct n_tty_data * ldata)330 static void reset_buffer_flags(struct n_tty_data *ldata)
331 {
332 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
333 ldata->commit_head = 0;
334 ldata->line_start = 0;
335
336 ldata->erasing = 0;
337 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
338 ldata->push = 0;
339 }
340
n_tty_packet_mode_flush(struct tty_struct * tty)341 static void n_tty_packet_mode_flush(struct tty_struct *tty)
342 {
343 unsigned long flags;
344
345 if (tty->link->ctrl.packet) {
346 spin_lock_irqsave(&tty->ctrl.lock, flags);
347 tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
348 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
349 wake_up_interruptible(&tty->link->read_wait);
350 }
351 }
352
353 /**
354 * n_tty_flush_buffer - clean input queue
355 * @tty: terminal device
356 *
357 * Flush the input buffer. Called when the tty layer wants the
358 * buffer flushed (eg at hangup) or when the N_TTY line discipline
359 * internally has to clean the pending queue (for example some signals).
360 *
361 * Holds termios_rwsem to exclude producer/consumer while
362 * buffer indices are reset.
363 *
364 * Locking: ctrl.lock, exclusive termios_rwsem
365 */
366
n_tty_flush_buffer(struct tty_struct * tty)367 static void n_tty_flush_buffer(struct tty_struct *tty)
368 {
369 down_write(&tty->termios_rwsem);
370 reset_buffer_flags(tty->disc_data);
371 n_tty_kick_worker(tty);
372
373 if (tty->link)
374 n_tty_packet_mode_flush(tty);
375 up_write(&tty->termios_rwsem);
376 }
377
378 /**
379 * is_utf8_continuation - utf8 multibyte check
380 * @c: byte to check
381 *
382 * Returns true if the utf8 character 'c' is a multibyte continuation
383 * character. We use this to correctly compute the on screen size
384 * of the character when printing
385 */
386
is_utf8_continuation(unsigned char c)387 static inline int is_utf8_continuation(unsigned char c)
388 {
389 return (c & 0xc0) == 0x80;
390 }
391
392 /**
393 * is_continuation - multibyte check
394 * @c: byte to check
395 * @tty: terminal device
396 *
397 * Returns true if the utf8 character 'c' is a multibyte continuation
398 * character and the terminal is in unicode mode.
399 */
400
is_continuation(unsigned char c,struct tty_struct * tty)401 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
402 {
403 return I_IUTF8(tty) && is_utf8_continuation(c);
404 }
405
406 /**
407 * do_output_char - output one character
408 * @c: character (or partial unicode symbol)
409 * @tty: terminal device
410 * @space: space available in tty driver write buffer
411 *
412 * This is a helper function that handles one output character
413 * (including special characters like TAB, CR, LF, etc.),
414 * doing OPOST processing and putting the results in the
415 * tty driver's write buffer.
416 *
417 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
418 * and NLDLY. They simply aren't relevant in the world today.
419 * If you ever need them, add them here.
420 *
421 * Returns the number of bytes of buffer space used or -1 if
422 * no space left.
423 *
424 * Locking: should be called under the output_lock to protect
425 * the column state and space left in the buffer
426 */
427
do_output_char(unsigned char c,struct tty_struct * tty,int space)428 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
429 {
430 struct n_tty_data *ldata = tty->disc_data;
431 int spaces;
432
433 if (!space)
434 return -1;
435
436 switch (c) {
437 case '\n':
438 if (O_ONLRET(tty))
439 ldata->column = 0;
440 if (O_ONLCR(tty)) {
441 if (space < 2)
442 return -1;
443 ldata->canon_column = ldata->column = 0;
444 tty->ops->write(tty, "\r\n", 2);
445 return 2;
446 }
447 ldata->canon_column = ldata->column;
448 break;
449 case '\r':
450 if (O_ONOCR(tty) && ldata->column == 0)
451 return 0;
452 if (O_OCRNL(tty)) {
453 c = '\n';
454 if (O_ONLRET(tty))
455 ldata->canon_column = ldata->column = 0;
456 break;
457 }
458 ldata->canon_column = ldata->column = 0;
459 break;
460 case '\t':
461 spaces = 8 - (ldata->column & 7);
462 if (O_TABDLY(tty) == XTABS) {
463 if (space < spaces)
464 return -1;
465 ldata->column += spaces;
466 tty->ops->write(tty, " ", spaces);
467 return spaces;
468 }
469 ldata->column += spaces;
470 break;
471 case '\b':
472 if (ldata->column > 0)
473 ldata->column--;
474 break;
475 default:
476 if (!iscntrl(c)) {
477 if (O_OLCUC(tty))
478 c = toupper(c);
479 if (!is_continuation(c, tty))
480 ldata->column++;
481 }
482 break;
483 }
484
485 tty_put_char(tty, c);
486 return 1;
487 }
488
489 /**
490 * process_output - output post processor
491 * @c: character (or partial unicode symbol)
492 * @tty: terminal device
493 *
494 * Output one character with OPOST processing.
495 * Returns -1 when the output device is full and the character
496 * must be retried.
497 *
498 * Locking: output_lock to protect column state and space left
499 * (also, this is called from n_tty_write under the
500 * tty layer write lock)
501 */
502
process_output(unsigned char c,struct tty_struct * tty)503 static int process_output(unsigned char c, struct tty_struct *tty)
504 {
505 struct n_tty_data *ldata = tty->disc_data;
506 int space, retval;
507
508 mutex_lock(&ldata->output_lock);
509
510 space = tty_write_room(tty);
511 retval = do_output_char(c, tty, space);
512
513 mutex_unlock(&ldata->output_lock);
514 if (retval < 0)
515 return -1;
516 else
517 return 0;
518 }
519
520 /**
521 * process_output_block - block post processor
522 * @tty: terminal device
523 * @buf: character buffer
524 * @nr: number of bytes to output
525 *
526 * Output a block of characters with OPOST processing.
527 * Returns the number of characters output.
528 *
529 * This path is used to speed up block console writes, among other
530 * things when processing blocks of output data. It handles only
531 * the simple cases normally found and helps to generate blocks of
532 * symbols for the console driver and thus improve performance.
533 *
534 * Locking: output_lock to protect column state and space left
535 * (also, this is called from n_tty_write under the
536 * tty layer write lock)
537 */
538
process_output_block(struct tty_struct * tty,const unsigned char * buf,unsigned int nr)539 static ssize_t process_output_block(struct tty_struct *tty,
540 const unsigned char *buf, unsigned int nr)
541 {
542 struct n_tty_data *ldata = tty->disc_data;
543 int space;
544 int i;
545 const unsigned char *cp;
546
547 mutex_lock(&ldata->output_lock);
548
549 space = tty_write_room(tty);
550 if (space <= 0) {
551 mutex_unlock(&ldata->output_lock);
552 return space;
553 }
554 if (nr > space)
555 nr = space;
556
557 for (i = 0, cp = buf; i < nr; i++, cp++) {
558 unsigned char c = *cp;
559
560 switch (c) {
561 case '\n':
562 if (O_ONLRET(tty))
563 ldata->column = 0;
564 if (O_ONLCR(tty))
565 goto break_out;
566 ldata->canon_column = ldata->column;
567 break;
568 case '\r':
569 if (O_ONOCR(tty) && ldata->column == 0)
570 goto break_out;
571 if (O_OCRNL(tty))
572 goto break_out;
573 ldata->canon_column = ldata->column = 0;
574 break;
575 case '\t':
576 goto break_out;
577 case '\b':
578 if (ldata->column > 0)
579 ldata->column--;
580 break;
581 default:
582 if (!iscntrl(c)) {
583 if (O_OLCUC(tty))
584 goto break_out;
585 if (!is_continuation(c, tty))
586 ldata->column++;
587 }
588 break;
589 }
590 }
591 break_out:
592 i = tty->ops->write(tty, buf, i);
593
594 mutex_unlock(&ldata->output_lock);
595 return i;
596 }
597
598 /**
599 * process_echoes - write pending echo characters
600 * @tty: terminal device
601 *
602 * Write previously buffered echo (and other ldisc-generated)
603 * characters to the tty.
604 *
605 * Characters generated by the ldisc (including echoes) need to
606 * be buffered because the driver's write buffer can fill during
607 * heavy program output. Echoing straight to the driver will
608 * often fail under these conditions, causing lost characters and
609 * resulting mismatches of ldisc state information.
610 *
611 * Since the ldisc state must represent the characters actually sent
612 * to the driver at the time of the write, operations like certain
613 * changes in column state are also saved in the buffer and executed
614 * here.
615 *
616 * A circular fifo buffer is used so that the most recent characters
617 * are prioritized. Also, when control characters are echoed with a
618 * prefixed "^", the pair is treated atomically and thus not separated.
619 *
620 * Locking: callers must hold output_lock
621 */
622
__process_echoes(struct tty_struct * tty)623 static size_t __process_echoes(struct tty_struct *tty)
624 {
625 struct n_tty_data *ldata = tty->disc_data;
626 int space, old_space;
627 size_t tail;
628 unsigned char c;
629
630 old_space = space = tty_write_room(tty);
631
632 tail = ldata->echo_tail;
633 while (MASK(ldata->echo_commit) != MASK(tail)) {
634 c = echo_buf(ldata, tail);
635 if (c == ECHO_OP_START) {
636 unsigned char op;
637 int no_space_left = 0;
638
639 /*
640 * Since add_echo_byte() is called without holding
641 * output_lock, we might see only portion of multi-byte
642 * operation.
643 */
644 if (MASK(ldata->echo_commit) == MASK(tail + 1))
645 goto not_yet_stored;
646 /*
647 * If the buffer byte is the start of a multi-byte
648 * operation, get the next byte, which is either the
649 * op code or a control character value.
650 */
651 op = echo_buf(ldata, tail + 1);
652
653 switch (op) {
654 case ECHO_OP_ERASE_TAB: {
655 unsigned int num_chars, num_bs;
656
657 if (MASK(ldata->echo_commit) == MASK(tail + 2))
658 goto not_yet_stored;
659 num_chars = echo_buf(ldata, tail + 2);
660
661 /*
662 * Determine how many columns to go back
663 * in order to erase the tab.
664 * This depends on the number of columns
665 * used by other characters within the tab
666 * area. If this (modulo 8) count is from
667 * the start of input rather than from a
668 * previous tab, we offset by canon column.
669 * Otherwise, tab spacing is normal.
670 */
671 if (!(num_chars & 0x80))
672 num_chars += ldata->canon_column;
673 num_bs = 8 - (num_chars & 7);
674
675 if (num_bs > space) {
676 no_space_left = 1;
677 break;
678 }
679 space -= num_bs;
680 while (num_bs--) {
681 tty_put_char(tty, '\b');
682 if (ldata->column > 0)
683 ldata->column--;
684 }
685 tail += 3;
686 break;
687 }
688 case ECHO_OP_SET_CANON_COL:
689 ldata->canon_column = ldata->column;
690 tail += 2;
691 break;
692
693 case ECHO_OP_MOVE_BACK_COL:
694 if (ldata->column > 0)
695 ldata->column--;
696 tail += 2;
697 break;
698
699 case ECHO_OP_START:
700 /* This is an escaped echo op start code */
701 if (!space) {
702 no_space_left = 1;
703 break;
704 }
705 tty_put_char(tty, ECHO_OP_START);
706 ldata->column++;
707 space--;
708 tail += 2;
709 break;
710
711 default:
712 /*
713 * If the op is not a special byte code,
714 * it is a ctrl char tagged to be echoed
715 * as "^X" (where X is the letter
716 * representing the control char).
717 * Note that we must ensure there is
718 * enough space for the whole ctrl pair.
719 *
720 */
721 if (space < 2) {
722 no_space_left = 1;
723 break;
724 }
725 tty_put_char(tty, '^');
726 tty_put_char(tty, op ^ 0100);
727 ldata->column += 2;
728 space -= 2;
729 tail += 2;
730 }
731
732 if (no_space_left)
733 break;
734 } else {
735 if (O_OPOST(tty)) {
736 int retval = do_output_char(c, tty, space);
737 if (retval < 0)
738 break;
739 space -= retval;
740 } else {
741 if (!space)
742 break;
743 tty_put_char(tty, c);
744 space -= 1;
745 }
746 tail += 1;
747 }
748 }
749
750 /* If the echo buffer is nearly full (so that the possibility exists
751 * of echo overrun before the next commit), then discard enough
752 * data at the tail to prevent a subsequent overrun */
753 while (ldata->echo_commit > tail &&
754 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
755 if (echo_buf(ldata, tail) == ECHO_OP_START) {
756 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
757 tail += 3;
758 else
759 tail += 2;
760 } else
761 tail++;
762 }
763
764 not_yet_stored:
765 ldata->echo_tail = tail;
766 return old_space - space;
767 }
768
commit_echoes(struct tty_struct * tty)769 static void commit_echoes(struct tty_struct *tty)
770 {
771 struct n_tty_data *ldata = tty->disc_data;
772 size_t nr, old, echoed;
773 size_t head;
774
775 mutex_lock(&ldata->output_lock);
776 head = ldata->echo_head;
777 ldata->echo_mark = head;
778 old = ldata->echo_commit - ldata->echo_tail;
779
780 /* Process committed echoes if the accumulated # of bytes
781 * is over the threshold (and try again each time another
782 * block is accumulated) */
783 nr = head - ldata->echo_tail;
784 if (nr < ECHO_COMMIT_WATERMARK ||
785 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
786 mutex_unlock(&ldata->output_lock);
787 return;
788 }
789
790 ldata->echo_commit = head;
791 echoed = __process_echoes(tty);
792 mutex_unlock(&ldata->output_lock);
793
794 if (echoed && tty->ops->flush_chars)
795 tty->ops->flush_chars(tty);
796 }
797
process_echoes(struct tty_struct * tty)798 static void process_echoes(struct tty_struct *tty)
799 {
800 struct n_tty_data *ldata = tty->disc_data;
801 size_t echoed;
802
803 if (ldata->echo_mark == ldata->echo_tail)
804 return;
805
806 mutex_lock(&ldata->output_lock);
807 ldata->echo_commit = ldata->echo_mark;
808 echoed = __process_echoes(tty);
809 mutex_unlock(&ldata->output_lock);
810
811 if (echoed && tty->ops->flush_chars)
812 tty->ops->flush_chars(tty);
813 }
814
815 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)816 static void flush_echoes(struct tty_struct *tty)
817 {
818 struct n_tty_data *ldata = tty->disc_data;
819
820 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
821 ldata->echo_commit == ldata->echo_head)
822 return;
823
824 mutex_lock(&ldata->output_lock);
825 ldata->echo_commit = ldata->echo_head;
826 __process_echoes(tty);
827 mutex_unlock(&ldata->output_lock);
828 }
829
830 /**
831 * add_echo_byte - add a byte to the echo buffer
832 * @c: unicode byte to echo
833 * @ldata: n_tty data
834 *
835 * Add a character or operation byte to the echo buffer.
836 */
837
add_echo_byte(unsigned char c,struct n_tty_data * ldata)838 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
839 {
840 *echo_buf_addr(ldata, ldata->echo_head) = c;
841 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
842 ldata->echo_head++;
843 }
844
845 /**
846 * echo_move_back_col - add operation to move back a column
847 * @ldata: n_tty data
848 *
849 * Add an operation to the echo buffer to move back one column.
850 */
851
echo_move_back_col(struct n_tty_data * ldata)852 static void echo_move_back_col(struct n_tty_data *ldata)
853 {
854 add_echo_byte(ECHO_OP_START, ldata);
855 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
856 }
857
858 /**
859 * echo_set_canon_col - add operation to set the canon column
860 * @ldata: n_tty data
861 *
862 * Add an operation to the echo buffer to set the canon column
863 * to the current column.
864 */
865
echo_set_canon_col(struct n_tty_data * ldata)866 static void echo_set_canon_col(struct n_tty_data *ldata)
867 {
868 add_echo_byte(ECHO_OP_START, ldata);
869 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
870 }
871
872 /**
873 * echo_erase_tab - add operation to erase a tab
874 * @num_chars: number of character columns already used
875 * @after_tab: true if num_chars starts after a previous tab
876 * @ldata: n_tty data
877 *
878 * Add an operation to the echo buffer to erase a tab.
879 *
880 * Called by the eraser function, which knows how many character
881 * columns have been used since either a previous tab or the start
882 * of input. This information will be used later, along with
883 * canon column (if applicable), to go back the correct number
884 * of columns.
885 */
886
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)887 static void echo_erase_tab(unsigned int num_chars, int after_tab,
888 struct n_tty_data *ldata)
889 {
890 add_echo_byte(ECHO_OP_START, ldata);
891 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
892
893 /* We only need to know this modulo 8 (tab spacing) */
894 num_chars &= 7;
895
896 /* Set the high bit as a flag if num_chars is after a previous tab */
897 if (after_tab)
898 num_chars |= 0x80;
899
900 add_echo_byte(num_chars, ldata);
901 }
902
903 /**
904 * echo_char_raw - echo a character raw
905 * @c: unicode byte to echo
906 * @ldata: line disc data
907 *
908 * Echo user input back onto the screen. This must be called only when
909 * L_ECHO(tty) is true. Called from the driver receive_buf path.
910 *
911 * This variant does not treat control characters specially.
912 */
913
echo_char_raw(unsigned char c,struct n_tty_data * ldata)914 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
915 {
916 if (c == ECHO_OP_START) {
917 add_echo_byte(ECHO_OP_START, ldata);
918 add_echo_byte(ECHO_OP_START, ldata);
919 } else {
920 add_echo_byte(c, ldata);
921 }
922 }
923
924 /**
925 * echo_char - echo a character
926 * @c: unicode byte to echo
927 * @tty: terminal device
928 *
929 * Echo user input back onto the screen. This must be called only when
930 * L_ECHO(tty) is true. Called from the driver receive_buf path.
931 *
932 * This variant tags control characters to be echoed as "^X"
933 * (where X is the letter representing the control char).
934 */
935
echo_char(unsigned char c,struct tty_struct * tty)936 static void echo_char(unsigned char c, struct tty_struct *tty)
937 {
938 struct n_tty_data *ldata = tty->disc_data;
939
940 if (c == ECHO_OP_START) {
941 add_echo_byte(ECHO_OP_START, ldata);
942 add_echo_byte(ECHO_OP_START, ldata);
943 } else {
944 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
945 add_echo_byte(ECHO_OP_START, ldata);
946 add_echo_byte(c, ldata);
947 }
948 }
949
950 /**
951 * finish_erasing - complete erase
952 * @ldata: n_tty data
953 */
954
finish_erasing(struct n_tty_data * ldata)955 static inline void finish_erasing(struct n_tty_data *ldata)
956 {
957 if (ldata->erasing) {
958 echo_char_raw('/', ldata);
959 ldata->erasing = 0;
960 }
961 }
962
963 /**
964 * eraser - handle erase function
965 * @c: character input
966 * @tty: terminal device
967 *
968 * Perform erase and necessary output when an erase character is
969 * present in the stream from the driver layer. Handles the complexities
970 * of UTF-8 multibyte symbols.
971 *
972 * n_tty_receive_buf()/producer path:
973 * caller holds non-exclusive termios_rwsem
974 */
975
eraser(unsigned char c,struct tty_struct * tty)976 static void eraser(unsigned char c, struct tty_struct *tty)
977 {
978 struct n_tty_data *ldata = tty->disc_data;
979 enum { ERASE, WERASE, KILL } kill_type;
980 size_t head;
981 size_t cnt;
982 int seen_alnums;
983
984 if (ldata->read_head == ldata->canon_head) {
985 /* process_output('\a', tty); */ /* what do you think? */
986 return;
987 }
988 if (c == ERASE_CHAR(tty))
989 kill_type = ERASE;
990 else if (c == WERASE_CHAR(tty))
991 kill_type = WERASE;
992 else {
993 if (!L_ECHO(tty)) {
994 ldata->read_head = ldata->canon_head;
995 return;
996 }
997 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
998 ldata->read_head = ldata->canon_head;
999 finish_erasing(ldata);
1000 echo_char(KILL_CHAR(tty), tty);
1001 /* Add a newline if ECHOK is on and ECHOKE is off. */
1002 if (L_ECHOK(tty))
1003 echo_char_raw('\n', ldata);
1004 return;
1005 }
1006 kill_type = KILL;
1007 }
1008
1009 seen_alnums = 0;
1010 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
1011 head = ldata->read_head;
1012
1013 /* erase a single possibly multibyte character */
1014 do {
1015 head--;
1016 c = read_buf(ldata, head);
1017 } while (is_continuation(c, tty) &&
1018 MASK(head) != MASK(ldata->canon_head));
1019
1020 /* do not partially erase */
1021 if (is_continuation(c, tty))
1022 break;
1023
1024 if (kill_type == WERASE) {
1025 /* Equivalent to BSD's ALTWERASE. */
1026 if (isalnum(c) || c == '_')
1027 seen_alnums++;
1028 else if (seen_alnums)
1029 break;
1030 }
1031 cnt = ldata->read_head - head;
1032 ldata->read_head = head;
1033 if (L_ECHO(tty)) {
1034 if (L_ECHOPRT(tty)) {
1035 if (!ldata->erasing) {
1036 echo_char_raw('\\', ldata);
1037 ldata->erasing = 1;
1038 }
1039 /* if cnt > 1, output a multi-byte character */
1040 echo_char(c, tty);
1041 while (--cnt > 0) {
1042 head++;
1043 echo_char_raw(read_buf(ldata, head), ldata);
1044 echo_move_back_col(ldata);
1045 }
1046 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1047 echo_char(ERASE_CHAR(tty), tty);
1048 } else if (c == '\t') {
1049 unsigned int num_chars = 0;
1050 int after_tab = 0;
1051 size_t tail = ldata->read_head;
1052
1053 /*
1054 * Count the columns used for characters
1055 * since the start of input or after a
1056 * previous tab.
1057 * This info is used to go back the correct
1058 * number of columns.
1059 */
1060 while (MASK(tail) != MASK(ldata->canon_head)) {
1061 tail--;
1062 c = read_buf(ldata, tail);
1063 if (c == '\t') {
1064 after_tab = 1;
1065 break;
1066 } else if (iscntrl(c)) {
1067 if (L_ECHOCTL(tty))
1068 num_chars += 2;
1069 } else if (!is_continuation(c, tty)) {
1070 num_chars++;
1071 }
1072 }
1073 echo_erase_tab(num_chars, after_tab, ldata);
1074 } else {
1075 if (iscntrl(c) && L_ECHOCTL(tty)) {
1076 echo_char_raw('\b', ldata);
1077 echo_char_raw(' ', ldata);
1078 echo_char_raw('\b', ldata);
1079 }
1080 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1081 echo_char_raw('\b', ldata);
1082 echo_char_raw(' ', ldata);
1083 echo_char_raw('\b', ldata);
1084 }
1085 }
1086 }
1087 if (kill_type == ERASE)
1088 break;
1089 }
1090 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1091 finish_erasing(ldata);
1092 }
1093
1094 /**
1095 * isig - handle the ISIG optio
1096 * @sig: signal
1097 * @tty: terminal
1098 *
1099 * Called when a signal is being sent due to terminal input.
1100 * Called from the driver receive_buf path so serialized.
1101 *
1102 * Performs input and output flush if !NOFLSH. In this context, the echo
1103 * buffer is 'output'. The signal is processed first to alert any current
1104 * readers or writers to discontinue and exit their i/o loops.
1105 *
1106 * Locking: ctrl.lock
1107 */
1108
__isig(int sig,struct tty_struct * tty)1109 static void __isig(int sig, struct tty_struct *tty)
1110 {
1111 struct pid *tty_pgrp = tty_get_pgrp(tty);
1112 if (tty_pgrp) {
1113 kill_pgrp(tty_pgrp, sig, 1);
1114 put_pid(tty_pgrp);
1115 }
1116 }
1117
isig(int sig,struct tty_struct * tty)1118 static void isig(int sig, struct tty_struct *tty)
1119 {
1120 struct n_tty_data *ldata = tty->disc_data;
1121
1122 if (L_NOFLSH(tty)) {
1123 /* signal only */
1124 __isig(sig, tty);
1125
1126 } else { /* signal and flush */
1127 up_read(&tty->termios_rwsem);
1128 down_write(&tty->termios_rwsem);
1129
1130 __isig(sig, tty);
1131
1132 /* clear echo buffer */
1133 mutex_lock(&ldata->output_lock);
1134 ldata->echo_head = ldata->echo_tail = 0;
1135 ldata->echo_mark = ldata->echo_commit = 0;
1136 mutex_unlock(&ldata->output_lock);
1137
1138 /* clear output buffer */
1139 tty_driver_flush_buffer(tty);
1140
1141 /* clear input buffer */
1142 reset_buffer_flags(tty->disc_data);
1143
1144 /* notify pty master of flush */
1145 if (tty->link)
1146 n_tty_packet_mode_flush(tty);
1147
1148 up_write(&tty->termios_rwsem);
1149 down_read(&tty->termios_rwsem);
1150 }
1151 }
1152
1153 /**
1154 * n_tty_receive_break - handle break
1155 * @tty: terminal
1156 *
1157 * An RS232 break event has been hit in the incoming bitstream. This
1158 * can cause a variety of events depending upon the termios settings.
1159 *
1160 * n_tty_receive_buf()/producer path:
1161 * caller holds non-exclusive termios_rwsem
1162 *
1163 * Note: may get exclusive termios_rwsem if flushing input buffer
1164 */
1165
n_tty_receive_break(struct tty_struct * tty)1166 static void n_tty_receive_break(struct tty_struct *tty)
1167 {
1168 struct n_tty_data *ldata = tty->disc_data;
1169
1170 if (I_IGNBRK(tty))
1171 return;
1172 if (I_BRKINT(tty)) {
1173 isig(SIGINT, tty);
1174 return;
1175 }
1176 if (I_PARMRK(tty)) {
1177 put_tty_queue('\377', ldata);
1178 put_tty_queue('\0', ldata);
1179 }
1180 put_tty_queue('\0', ldata);
1181 }
1182
1183 /**
1184 * n_tty_receive_overrun - handle overrun reporting
1185 * @tty: terminal
1186 *
1187 * Data arrived faster than we could process it. While the tty
1188 * driver has flagged this the bits that were missed are gone
1189 * forever.
1190 *
1191 * Called from the receive_buf path so single threaded. Does not
1192 * need locking as num_overrun and overrun_time are function
1193 * private.
1194 */
1195
n_tty_receive_overrun(struct tty_struct * tty)1196 static void n_tty_receive_overrun(struct tty_struct *tty)
1197 {
1198 struct n_tty_data *ldata = tty->disc_data;
1199
1200 ldata->num_overrun++;
1201 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1202 time_after(ldata->overrun_time, jiffies)) {
1203 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1204 ldata->overrun_time = jiffies;
1205 ldata->num_overrun = 0;
1206 }
1207 }
1208
1209 /**
1210 * n_tty_receive_parity_error - error notifier
1211 * @tty: terminal device
1212 * @c: character
1213 *
1214 * Process a parity error and queue the right data to indicate
1215 * the error case if necessary.
1216 *
1217 * n_tty_receive_buf()/producer path:
1218 * caller holds non-exclusive termios_rwsem
1219 */
n_tty_receive_parity_error(struct tty_struct * tty,unsigned char c)1220 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1221 {
1222 struct n_tty_data *ldata = tty->disc_data;
1223
1224 if (I_INPCK(tty)) {
1225 if (I_IGNPAR(tty))
1226 return;
1227 if (I_PARMRK(tty)) {
1228 put_tty_queue('\377', ldata);
1229 put_tty_queue('\0', ldata);
1230 put_tty_queue(c, ldata);
1231 } else
1232 put_tty_queue('\0', ldata);
1233 } else
1234 put_tty_queue(c, ldata);
1235 }
1236
1237 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,unsigned char c)1238 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1239 {
1240 isig(signal, tty);
1241 if (I_IXON(tty))
1242 start_tty(tty);
1243 if (L_ECHO(tty)) {
1244 echo_char(c, tty);
1245 commit_echoes(tty);
1246 } else
1247 process_echoes(tty);
1248 }
1249
1250 /**
1251 * n_tty_receive_char - perform processing
1252 * @tty: terminal device
1253 * @c: character
1254 *
1255 * Process an individual character of input received from the driver.
1256 * This is serialized with respect to itself by the rules for the
1257 * driver above.
1258 *
1259 * n_tty_receive_buf()/producer path:
1260 * caller holds non-exclusive termios_rwsem
1261 * publishes canon_head if canonical mode is active
1262 */
n_tty_receive_char_special(struct tty_struct * tty,unsigned char c)1263 static void n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1264 {
1265 struct n_tty_data *ldata = tty->disc_data;
1266
1267 if (I_IXON(tty)) {
1268 if (c == START_CHAR(tty)) {
1269 start_tty(tty);
1270 process_echoes(tty);
1271 return;
1272 }
1273 if (c == STOP_CHAR(tty)) {
1274 stop_tty(tty);
1275 return;
1276 }
1277 }
1278
1279 if (L_ISIG(tty)) {
1280 if (c == INTR_CHAR(tty)) {
1281 n_tty_receive_signal_char(tty, SIGINT, c);
1282 return;
1283 } else if (c == QUIT_CHAR(tty)) {
1284 n_tty_receive_signal_char(tty, SIGQUIT, c);
1285 return;
1286 } else if (c == SUSP_CHAR(tty)) {
1287 n_tty_receive_signal_char(tty, SIGTSTP, c);
1288 return;
1289 }
1290 }
1291
1292 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1293 start_tty(tty);
1294 process_echoes(tty);
1295 }
1296
1297 if (c == '\r') {
1298 if (I_IGNCR(tty))
1299 return;
1300 if (I_ICRNL(tty))
1301 c = '\n';
1302 } else if (c == '\n' && I_INLCR(tty))
1303 c = '\r';
1304
1305 if (ldata->icanon) {
1306 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1307 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1308 eraser(c, tty);
1309 commit_echoes(tty);
1310 return;
1311 }
1312 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1313 ldata->lnext = 1;
1314 if (L_ECHO(tty)) {
1315 finish_erasing(ldata);
1316 if (L_ECHOCTL(tty)) {
1317 echo_char_raw('^', ldata);
1318 echo_char_raw('\b', ldata);
1319 commit_echoes(tty);
1320 }
1321 }
1322 return;
1323 }
1324 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1325 size_t tail = ldata->canon_head;
1326
1327 finish_erasing(ldata);
1328 echo_char(c, tty);
1329 echo_char_raw('\n', ldata);
1330 while (MASK(tail) != MASK(ldata->read_head)) {
1331 echo_char(read_buf(ldata, tail), tty);
1332 tail++;
1333 }
1334 commit_echoes(tty);
1335 return;
1336 }
1337 if (c == '\n') {
1338 if (L_ECHO(tty) || L_ECHONL(tty)) {
1339 echo_char_raw('\n', ldata);
1340 commit_echoes(tty);
1341 }
1342 goto handle_newline;
1343 }
1344 if (c == EOF_CHAR(tty)) {
1345 c = __DISABLED_CHAR;
1346 goto handle_newline;
1347 }
1348 if ((c == EOL_CHAR(tty)) ||
1349 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1350 /*
1351 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1352 */
1353 if (L_ECHO(tty)) {
1354 /* Record the column of first canon char. */
1355 if (ldata->canon_head == ldata->read_head)
1356 echo_set_canon_col(ldata);
1357 echo_char(c, tty);
1358 commit_echoes(tty);
1359 }
1360 /*
1361 * XXX does PARMRK doubling happen for
1362 * EOL_CHAR and EOL2_CHAR?
1363 */
1364 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1365 put_tty_queue(c, ldata);
1366
1367 handle_newline:
1368 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1369 put_tty_queue(c, ldata);
1370 smp_store_release(&ldata->canon_head, ldata->read_head);
1371 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1372 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1373 return;
1374 }
1375 }
1376
1377 if (L_ECHO(tty)) {
1378 finish_erasing(ldata);
1379 if (c == '\n')
1380 echo_char_raw('\n', ldata);
1381 else {
1382 /* Record the column of first canon char. */
1383 if (ldata->canon_head == ldata->read_head)
1384 echo_set_canon_col(ldata);
1385 echo_char(c, tty);
1386 }
1387 commit_echoes(tty);
1388 }
1389
1390 /* PARMRK doubling check */
1391 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1392 put_tty_queue(c, ldata);
1393
1394 put_tty_queue(c, ldata);
1395 }
1396
n_tty_receive_char(struct tty_struct * tty,unsigned char c)1397 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1398 {
1399 struct n_tty_data *ldata = tty->disc_data;
1400
1401 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1402 start_tty(tty);
1403 process_echoes(tty);
1404 }
1405 if (L_ECHO(tty)) {
1406 finish_erasing(ldata);
1407 /* Record the column of first canon char. */
1408 if (ldata->canon_head == ldata->read_head)
1409 echo_set_canon_col(ldata);
1410 echo_char(c, tty);
1411 commit_echoes(tty);
1412 }
1413 /* PARMRK doubling check */
1414 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1415 put_tty_queue(c, ldata);
1416 put_tty_queue(c, ldata);
1417 }
1418
n_tty_receive_char_closing(struct tty_struct * tty,unsigned char c)1419 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1420 {
1421 if (I_ISTRIP(tty))
1422 c &= 0x7f;
1423 if (I_IUCLC(tty) && L_IEXTEN(tty))
1424 c = tolower(c);
1425
1426 if (I_IXON(tty)) {
1427 if (c == STOP_CHAR(tty))
1428 stop_tty(tty);
1429 else if (c == START_CHAR(tty) ||
1430 (tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1431 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1432 c != SUSP_CHAR(tty))) {
1433 start_tty(tty);
1434 process_echoes(tty);
1435 }
1436 }
1437 }
1438
1439 static void
n_tty_receive_char_flagged(struct tty_struct * tty,unsigned char c,char flag)1440 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1441 {
1442 switch (flag) {
1443 case TTY_BREAK:
1444 n_tty_receive_break(tty);
1445 break;
1446 case TTY_PARITY:
1447 case TTY_FRAME:
1448 n_tty_receive_parity_error(tty, c);
1449 break;
1450 case TTY_OVERRUN:
1451 n_tty_receive_overrun(tty);
1452 break;
1453 default:
1454 tty_err(tty, "unknown flag %d\n", flag);
1455 break;
1456 }
1457 }
1458
1459 static void
n_tty_receive_char_lnext(struct tty_struct * tty,unsigned char c,char flag)1460 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1461 {
1462 struct n_tty_data *ldata = tty->disc_data;
1463
1464 ldata->lnext = 0;
1465 if (likely(flag == TTY_NORMAL)) {
1466 if (I_ISTRIP(tty))
1467 c &= 0x7f;
1468 if (I_IUCLC(tty) && L_IEXTEN(tty))
1469 c = tolower(c);
1470 n_tty_receive_char(tty, c);
1471 } else
1472 n_tty_receive_char_flagged(tty, c, flag);
1473 }
1474
1475 static void
n_tty_receive_buf_real_raw(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1476 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1477 const char *fp, int count)
1478 {
1479 struct n_tty_data *ldata = tty->disc_data;
1480 size_t n, head;
1481
1482 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1483 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1484 memcpy(read_buf_addr(ldata, head), cp, n);
1485 ldata->read_head += n;
1486 cp += n;
1487 count -= n;
1488
1489 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1490 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1491 memcpy(read_buf_addr(ldata, head), cp, n);
1492 ldata->read_head += n;
1493 }
1494
1495 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1496 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1497 const char *fp, int count)
1498 {
1499 struct n_tty_data *ldata = tty->disc_data;
1500 char flag = TTY_NORMAL;
1501
1502 while (count--) {
1503 if (fp)
1504 flag = *fp++;
1505 if (likely(flag == TTY_NORMAL))
1506 put_tty_queue(*cp++, ldata);
1507 else
1508 n_tty_receive_char_flagged(tty, *cp++, flag);
1509 }
1510 }
1511
1512 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1513 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1514 const char *fp, int count)
1515 {
1516 char flag = TTY_NORMAL;
1517
1518 while (count--) {
1519 if (fp)
1520 flag = *fp++;
1521 if (likely(flag == TTY_NORMAL))
1522 n_tty_receive_char_closing(tty, *cp++);
1523 }
1524 }
1525
n_tty_receive_buf_standard(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1526 static void n_tty_receive_buf_standard(struct tty_struct *tty,
1527 const unsigned char *cp, const char *fp, int count)
1528 {
1529 struct n_tty_data *ldata = tty->disc_data;
1530 char flag = TTY_NORMAL;
1531
1532 while (count--) {
1533 unsigned char c = *cp++;
1534
1535 if (fp)
1536 flag = *fp++;
1537
1538 if (ldata->lnext) {
1539 n_tty_receive_char_lnext(tty, c, flag);
1540 continue;
1541 }
1542
1543 if (unlikely(flag != TTY_NORMAL)) {
1544 n_tty_receive_char_flagged(tty, c, flag);
1545 continue;
1546 }
1547
1548 if (I_ISTRIP(tty))
1549 c &= 0x7f;
1550 if (I_IUCLC(tty) && L_IEXTEN(tty))
1551 c = tolower(c);
1552 if (L_EXTPROC(tty)) {
1553 put_tty_queue(c, ldata);
1554 continue;
1555 }
1556
1557 if (test_bit(c, ldata->char_map))
1558 n_tty_receive_char_special(tty, c);
1559 else
1560 n_tty_receive_char(tty, c);
1561 }
1562 }
1563
__receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1564 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1565 const char *fp, int count)
1566 {
1567 struct n_tty_data *ldata = tty->disc_data;
1568 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1569
1570 if (ldata->real_raw)
1571 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1572 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1573 n_tty_receive_buf_raw(tty, cp, fp, count);
1574 else if (tty->closing && !L_EXTPROC(tty))
1575 n_tty_receive_buf_closing(tty, cp, fp, count);
1576 else {
1577 n_tty_receive_buf_standard(tty, cp, fp, count);
1578
1579 flush_echoes(tty);
1580 if (tty->ops->flush_chars)
1581 tty->ops->flush_chars(tty);
1582 }
1583
1584 if (ldata->icanon && !L_EXTPROC(tty))
1585 return;
1586
1587 /* publish read_head to consumer */
1588 smp_store_release(&ldata->commit_head, ldata->read_head);
1589
1590 if (read_cnt(ldata)) {
1591 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1592 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1593 }
1594 }
1595
1596 /**
1597 * n_tty_receive_buf_common - process input
1598 * @tty: device to receive input
1599 * @cp: input chars
1600 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1601 * @count: number of input chars in @cp
1602 * @flow: enable flow control
1603 *
1604 * Called by the terminal driver when a block of characters has
1605 * been received. This function must be called from soft contexts
1606 * not from interrupt context. The driver is responsible for making
1607 * calls one at a time and in order (or using flush_to_ldisc)
1608 *
1609 * Returns the # of input chars from @cp which were processed.
1610 *
1611 * In canonical mode, the maximum line length is 4096 chars (including
1612 * the line termination char); lines longer than 4096 chars are
1613 * truncated. After 4095 chars, input data is still processed but
1614 * not stored. Overflow processing ensures the tty can always
1615 * receive more input until at least one line can be read.
1616 *
1617 * In non-canonical mode, the read buffer will only accept 4095 chars;
1618 * this provides the necessary space for a newline char if the input
1619 * mode is switched to canonical.
1620 *
1621 * Note it is possible for the read buffer to _contain_ 4096 chars
1622 * in non-canonical mode: the read buffer could already contain the
1623 * maximum canon line of 4096 chars when the mode is switched to
1624 * non-canonical.
1625 *
1626 * n_tty_receive_buf()/producer path:
1627 * claims non-exclusive termios_rwsem
1628 * publishes commit_head or canon_head
1629 */
1630 static int
n_tty_receive_buf_common(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count,int flow)1631 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1632 const char *fp, int count, int flow)
1633 {
1634 struct n_tty_data *ldata = tty->disc_data;
1635 int room, n, rcvd = 0, overflow;
1636
1637 down_read(&tty->termios_rwsem);
1638
1639 do {
1640 /*
1641 * When PARMRK is set, each input char may take up to 3 chars
1642 * in the read buf; reduce the buffer space avail by 3x
1643 *
1644 * If we are doing input canonicalization, and there are no
1645 * pending newlines, let characters through without limit, so
1646 * that erase characters will be handled. Other excess
1647 * characters will be beeped.
1648 *
1649 * paired with store in *_copy_from_read_buf() -- guarantees
1650 * the consumer has loaded the data in read_buf up to the new
1651 * read_tail (so this producer will not overwrite unread data)
1652 */
1653 size_t tail = smp_load_acquire(&ldata->read_tail);
1654
1655 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1656 if (I_PARMRK(tty))
1657 room = (room + 2) / 3;
1658 room--;
1659 if (room <= 0) {
1660 overflow = ldata->icanon && ldata->canon_head == tail;
1661 if (overflow && room < 0)
1662 ldata->read_head--;
1663 room = overflow;
1664 WRITE_ONCE(ldata->no_room, flow && !room);
1665 } else
1666 overflow = 0;
1667
1668 n = min(count, room);
1669 if (!n)
1670 break;
1671
1672 /* ignore parity errors if handling overflow */
1673 if (!overflow || !fp || *fp != TTY_PARITY)
1674 __receive_buf(tty, cp, fp, n);
1675
1676 cp += n;
1677 if (fp)
1678 fp += n;
1679 count -= n;
1680 rcvd += n;
1681 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1682
1683 tty->receive_room = room;
1684
1685 /* Unthrottle if handling overflow on pty */
1686 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1687 if (overflow) {
1688 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1689 tty_unthrottle_safe(tty);
1690 __tty_set_flow_change(tty, 0);
1691 }
1692 } else
1693 n_tty_check_throttle(tty);
1694
1695 if (unlikely(ldata->no_room)) {
1696 /*
1697 * Barrier here is to ensure to read the latest read_tail in
1698 * chars_in_buffer() and to make sure that read_tail is not loaded
1699 * before ldata->no_room is set.
1700 */
1701 smp_mb();
1702 if (!chars_in_buffer(tty))
1703 n_tty_kick_worker(tty);
1704 }
1705
1706 up_read(&tty->termios_rwsem);
1707
1708 return rcvd;
1709 }
1710
n_tty_receive_buf(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1711 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1712 const char *fp, int count)
1713 {
1714 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1715 }
1716
n_tty_receive_buf2(struct tty_struct * tty,const unsigned char * cp,const char * fp,int count)1717 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1718 const char *fp, int count)
1719 {
1720 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1721 }
1722
1723 /**
1724 * n_tty_set_termios - termios data changed
1725 * @tty: terminal
1726 * @old: previous data
1727 *
1728 * Called by the tty layer when the user changes termios flags so
1729 * that the line discipline can plan ahead. This function cannot sleep
1730 * and is protected from re-entry by the tty layer. The user is
1731 * guaranteed that this function will not be re-entered or in progress
1732 * when the ldisc is closed.
1733 *
1734 * Locking: Caller holds tty->termios_rwsem
1735 */
1736
n_tty_set_termios(struct tty_struct * tty,struct ktermios * old)1737 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1738 {
1739 struct n_tty_data *ldata = tty->disc_data;
1740
1741 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1742 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1743 ldata->line_start = ldata->read_tail;
1744 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1745 ldata->canon_head = ldata->read_tail;
1746 ldata->push = 0;
1747 } else {
1748 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1749 ldata->read_flags);
1750 ldata->canon_head = ldata->read_head;
1751 ldata->push = 1;
1752 }
1753 ldata->commit_head = ldata->read_head;
1754 ldata->erasing = 0;
1755 ldata->lnext = 0;
1756 }
1757
1758 ldata->icanon = (L_ICANON(tty) != 0);
1759
1760 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1761 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1762 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1763 I_PARMRK(tty)) {
1764 bitmap_zero(ldata->char_map, 256);
1765
1766 if (I_IGNCR(tty) || I_ICRNL(tty))
1767 set_bit('\r', ldata->char_map);
1768 if (I_INLCR(tty))
1769 set_bit('\n', ldata->char_map);
1770
1771 if (L_ICANON(tty)) {
1772 set_bit(ERASE_CHAR(tty), ldata->char_map);
1773 set_bit(KILL_CHAR(tty), ldata->char_map);
1774 set_bit(EOF_CHAR(tty), ldata->char_map);
1775 set_bit('\n', ldata->char_map);
1776 set_bit(EOL_CHAR(tty), ldata->char_map);
1777 if (L_IEXTEN(tty)) {
1778 set_bit(WERASE_CHAR(tty), ldata->char_map);
1779 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1780 set_bit(EOL2_CHAR(tty), ldata->char_map);
1781 if (L_ECHO(tty))
1782 set_bit(REPRINT_CHAR(tty),
1783 ldata->char_map);
1784 }
1785 }
1786 if (I_IXON(tty)) {
1787 set_bit(START_CHAR(tty), ldata->char_map);
1788 set_bit(STOP_CHAR(tty), ldata->char_map);
1789 }
1790 if (L_ISIG(tty)) {
1791 set_bit(INTR_CHAR(tty), ldata->char_map);
1792 set_bit(QUIT_CHAR(tty), ldata->char_map);
1793 set_bit(SUSP_CHAR(tty), ldata->char_map);
1794 }
1795 clear_bit(__DISABLED_CHAR, ldata->char_map);
1796 ldata->raw = 0;
1797 ldata->real_raw = 0;
1798 } else {
1799 ldata->raw = 1;
1800 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1801 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1802 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1803 ldata->real_raw = 1;
1804 else
1805 ldata->real_raw = 0;
1806 }
1807 /*
1808 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1809 * been stopped by STOP_CHAR(tty) before it.
1810 */
1811 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1812 start_tty(tty);
1813 process_echoes(tty);
1814 }
1815
1816 /* The termios change make the tty ready for I/O */
1817 wake_up_interruptible(&tty->write_wait);
1818 wake_up_interruptible(&tty->read_wait);
1819 }
1820
1821 /**
1822 * n_tty_close - close the ldisc for this tty
1823 * @tty: device
1824 *
1825 * Called from the terminal layer when this line discipline is
1826 * being shut down, either because of a close or becsuse of a
1827 * discipline change. The function will not be called while other
1828 * ldisc methods are in progress.
1829 */
1830
n_tty_close(struct tty_struct * tty)1831 static void n_tty_close(struct tty_struct *tty)
1832 {
1833 struct n_tty_data *ldata = tty->disc_data;
1834
1835 if (tty->link)
1836 n_tty_packet_mode_flush(tty);
1837
1838 down_write(&tty->termios_rwsem);
1839 vfree(ldata);
1840 tty->disc_data = NULL;
1841 up_write(&tty->termios_rwsem);
1842 }
1843
1844 /**
1845 * n_tty_open - open an ldisc
1846 * @tty: terminal to open
1847 *
1848 * Called when this line discipline is being attached to the
1849 * terminal device. Can sleep. Called serialized so that no
1850 * other events will occur in parallel. No further open will occur
1851 * until a close.
1852 */
1853
n_tty_open(struct tty_struct * tty)1854 static int n_tty_open(struct tty_struct *tty)
1855 {
1856 struct n_tty_data *ldata;
1857
1858 /* Currently a malloc failure here can panic */
1859 ldata = vzalloc(sizeof(*ldata));
1860 if (!ldata)
1861 return -ENOMEM;
1862
1863 ldata->overrun_time = jiffies;
1864 mutex_init(&ldata->atomic_read_lock);
1865 mutex_init(&ldata->output_lock);
1866
1867 tty->disc_data = ldata;
1868 tty->closing = 0;
1869 /* indicate buffer work may resume */
1870 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1871 n_tty_set_termios(tty, NULL);
1872 tty_unthrottle(tty);
1873 return 0;
1874 }
1875
input_available_p(struct tty_struct * tty,int poll)1876 static inline int input_available_p(struct tty_struct *tty, int poll)
1877 {
1878 struct n_tty_data *ldata = tty->disc_data;
1879 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1880
1881 if (ldata->icanon && !L_EXTPROC(tty))
1882 return ldata->canon_head != ldata->read_tail;
1883 else
1884 return ldata->commit_head - ldata->read_tail >= amt;
1885 }
1886
1887 /**
1888 * copy_from_read_buf - copy read data directly
1889 * @tty: terminal device
1890 * @kbp: data
1891 * @nr: size of data
1892 *
1893 * Helper function to speed up n_tty_read. It is only called when
1894 * ICANON is off; it copies characters straight from the tty queue.
1895 *
1896 * Called under the ldata->atomic_read_lock sem
1897 *
1898 * Returns true if it successfully copied data, but there is still
1899 * more data to be had.
1900 *
1901 * n_tty_read()/consumer path:
1902 * caller holds non-exclusive termios_rwsem
1903 * read_tail published
1904 */
1905
copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)1906 static bool copy_from_read_buf(struct tty_struct *tty,
1907 unsigned char **kbp,
1908 size_t *nr)
1909
1910 {
1911 struct n_tty_data *ldata = tty->disc_data;
1912 size_t n;
1913 bool is_eof;
1914 size_t head = smp_load_acquire(&ldata->commit_head);
1915 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1916
1917 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1918 n = min(*nr, n);
1919 if (n) {
1920 unsigned char *from = read_buf_addr(ldata, tail);
1921 memcpy(*kbp, from, n);
1922 is_eof = n == 1 && *from == EOF_CHAR(tty);
1923 tty_audit_add_data(tty, from, n);
1924 zero_buffer(tty, from, n);
1925 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1926 /* Turn single EOF into zero-length read */
1927 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1928 (head == ldata->read_tail))
1929 return false;
1930 *kbp += n;
1931 *nr -= n;
1932
1933 /* If we have more to copy, let the caller know */
1934 return head != ldata->read_tail;
1935 }
1936 return false;
1937 }
1938
1939 /**
1940 * canon_copy_from_read_buf - copy read data in canonical mode
1941 * @tty: terminal device
1942 * @kbp: data
1943 * @nr: size of data
1944 *
1945 * Helper function for n_tty_read. It is only called when ICANON is on;
1946 * it copies one line of input up to and including the line-delimiting
1947 * character into the result buffer.
1948 *
1949 * NB: When termios is changed from non-canonical to canonical mode and
1950 * the read buffer contains data, n_tty_set_termios() simulates an EOF
1951 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
1952 * This causes data already processed as input to be immediately available
1953 * as input although a newline has not been received.
1954 *
1955 * Called under the atomic_read_lock mutex
1956 *
1957 * n_tty_read()/consumer path:
1958 * caller holds non-exclusive termios_rwsem
1959 * read_tail published
1960 */
1961
canon_copy_from_read_buf(struct tty_struct * tty,unsigned char ** kbp,size_t * nr)1962 static bool canon_copy_from_read_buf(struct tty_struct *tty,
1963 unsigned char **kbp,
1964 size_t *nr)
1965 {
1966 struct n_tty_data *ldata = tty->disc_data;
1967 size_t n, size, more, c;
1968 size_t eol;
1969 size_t tail, canon_head;
1970 int found = 0;
1971
1972 /* N.B. avoid overrun if nr == 0 */
1973 if (!*nr)
1974 return false;
1975
1976 canon_head = smp_load_acquire(&ldata->canon_head);
1977 n = min(*nr, canon_head - ldata->read_tail);
1978
1979 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1980 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
1981
1982 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
1983 __func__, *nr, tail, n, size);
1984
1985 eol = find_next_bit(ldata->read_flags, size, tail);
1986 more = n - (size - tail);
1987 if (eol == N_TTY_BUF_SIZE && more) {
1988 /* scan wrapped without finding set bit */
1989 eol = find_next_bit(ldata->read_flags, more, 0);
1990 found = eol != more;
1991 } else
1992 found = eol != size;
1993
1994 n = eol - tail;
1995 if (n > N_TTY_BUF_SIZE)
1996 n += N_TTY_BUF_SIZE;
1997 c = n + found;
1998
1999 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2000 n = c;
2001
2002 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2003 __func__, eol, found, n, c, tail, more);
2004
2005 tty_copy(tty, *kbp, tail, n);
2006 *kbp += n;
2007 *nr -= n;
2008
2009 if (found)
2010 clear_bit(eol, ldata->read_flags);
2011 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2012
2013 if (found) {
2014 if (!ldata->push)
2015 ldata->line_start = ldata->read_tail;
2016 else
2017 ldata->push = 0;
2018 tty_audit_push();
2019 return false;
2020 }
2021
2022 /* No EOL found - do a continuation retry if there is more data */
2023 return ldata->read_tail != canon_head;
2024 }
2025
2026 /*
2027 * If we finished a read at the exact location of an
2028 * EOF (special EOL character that's a __DISABLED_CHAR)
2029 * in the stream, silently eat the EOF.
2030 */
canon_skip_eof(struct tty_struct * tty)2031 static void canon_skip_eof(struct tty_struct *tty)
2032 {
2033 struct n_tty_data *ldata = tty->disc_data;
2034 size_t tail, canon_head;
2035
2036 canon_head = smp_load_acquire(&ldata->canon_head);
2037 tail = ldata->read_tail;
2038
2039 // No data?
2040 if (tail == canon_head)
2041 return;
2042
2043 // See if the tail position is EOF in the circular buffer
2044 tail &= (N_TTY_BUF_SIZE - 1);
2045 if (!test_bit(tail, ldata->read_flags))
2046 return;
2047 if (read_buf(ldata, tail) != __DISABLED_CHAR)
2048 return;
2049
2050 // Clear the EOL bit, skip the EOF char.
2051 clear_bit(tail, ldata->read_flags);
2052 smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2053 }
2054
2055 /**
2056 * job_control - check job control
2057 * @tty: tty
2058 * @file: file handle
2059 *
2060 * Perform job control management checks on this file/tty descriptor
2061 * and if appropriate send any needed signals and return a negative
2062 * error code if action should be taken.
2063 *
2064 * Locking: redirected write test is safe
2065 * current->signal->tty check is safe
2066 * ctrl.lock to safely reference tty->ctrl.pgrp
2067 */
2068
job_control(struct tty_struct * tty,struct file * file)2069 static int job_control(struct tty_struct *tty, struct file *file)
2070 {
2071 /* Job control check -- must be done at start and after
2072 every sleep (POSIX.1 7.1.1.4). */
2073 /* NOTE: not yet done after every sleep pending a thorough
2074 check of the logic of this change. -- jlc */
2075 /* don't stop on /dev/console */
2076 if (file->f_op->write_iter == redirected_tty_write)
2077 return 0;
2078
2079 return __tty_check_change(tty, SIGTTIN);
2080 }
2081
2082
2083 /**
2084 * n_tty_read - read function for tty
2085 * @tty: tty device
2086 * @file: file object
2087 * @buf: userspace buffer pointer
2088 * @nr: size of I/O
2089 *
2090 * Perform reads for the line discipline. We are guaranteed that the
2091 * line discipline will not be closed under us but we may get multiple
2092 * parallel readers and must handle this ourselves. We may also get
2093 * a hangup. Always called in user context, may sleep.
2094 *
2095 * This code must be sure never to sleep through a hangup.
2096 *
2097 * n_tty_read()/consumer path:
2098 * claims non-exclusive termios_rwsem
2099 * publishes read_tail
2100 */
2101
n_tty_read(struct tty_struct * tty,struct file * file,unsigned char * kbuf,size_t nr,void ** cookie,unsigned long offset)2102 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2103 unsigned char *kbuf, size_t nr,
2104 void **cookie, unsigned long offset)
2105 {
2106 struct n_tty_data *ldata = tty->disc_data;
2107 unsigned char *kb = kbuf;
2108 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2109 int c;
2110 int minimum, time;
2111 ssize_t retval = 0;
2112 long timeout;
2113 bool packet;
2114 size_t old_tail;
2115
2116 /*
2117 * Is this a continuation of a read started earler?
2118 *
2119 * If so, we still hold the atomic_read_lock and the
2120 * termios_rwsem, and can just continue to copy data.
2121 */
2122 if (*cookie) {
2123 if (ldata->icanon && !L_EXTPROC(tty)) {
2124 /*
2125 * If we have filled the user buffer, see
2126 * if we should skip an EOF character before
2127 * releasing the lock and returning done.
2128 */
2129 if (!nr)
2130 canon_skip_eof(tty);
2131 else if (canon_copy_from_read_buf(tty, &kb, &nr))
2132 return kb - kbuf;
2133 } else {
2134 if (copy_from_read_buf(tty, &kb, &nr))
2135 return kb - kbuf;
2136 }
2137
2138 /* No more data - release locks and stop retries */
2139 n_tty_kick_worker(tty);
2140 n_tty_check_unthrottle(tty);
2141 up_read(&tty->termios_rwsem);
2142 mutex_unlock(&ldata->atomic_read_lock);
2143 *cookie = NULL;
2144 return kb - kbuf;
2145 }
2146
2147 c = job_control(tty, file);
2148 if (c < 0)
2149 return c;
2150
2151 /*
2152 * Internal serialization of reads.
2153 */
2154 if (file->f_flags & O_NONBLOCK) {
2155 if (!mutex_trylock(&ldata->atomic_read_lock))
2156 return -EAGAIN;
2157 } else {
2158 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2159 return -ERESTARTSYS;
2160 }
2161
2162 down_read(&tty->termios_rwsem);
2163
2164 minimum = time = 0;
2165 timeout = MAX_SCHEDULE_TIMEOUT;
2166 if (!ldata->icanon) {
2167 minimum = MIN_CHAR(tty);
2168 if (minimum) {
2169 time = (HZ / 10) * TIME_CHAR(tty);
2170 } else {
2171 timeout = (HZ / 10) * TIME_CHAR(tty);
2172 minimum = 1;
2173 }
2174 }
2175
2176 packet = tty->ctrl.packet;
2177 old_tail = ldata->read_tail;
2178
2179 add_wait_queue(&tty->read_wait, &wait);
2180 while (nr) {
2181 /* First test for status change. */
2182 if (packet && tty->link->ctrl.pktstatus) {
2183 unsigned char cs;
2184 if (kb != kbuf)
2185 break;
2186 spin_lock_irq(&tty->link->ctrl.lock);
2187 cs = tty->link->ctrl.pktstatus;
2188 tty->link->ctrl.pktstatus = 0;
2189 spin_unlock_irq(&tty->link->ctrl.lock);
2190 *kb++ = cs;
2191 nr--;
2192 break;
2193 }
2194
2195 if (!input_available_p(tty, 0)) {
2196 up_read(&tty->termios_rwsem);
2197 tty_buffer_flush_work(tty->port);
2198 down_read(&tty->termios_rwsem);
2199 if (!input_available_p(tty, 0)) {
2200 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2201 retval = -EIO;
2202 break;
2203 }
2204 if (tty_hung_up_p(file))
2205 break;
2206 /*
2207 * Abort readers for ttys which never actually
2208 * get hung up. See __tty_hangup().
2209 */
2210 if (test_bit(TTY_HUPPING, &tty->flags))
2211 break;
2212 if (!timeout)
2213 break;
2214 if (tty_io_nonblock(tty, file)) {
2215 retval = -EAGAIN;
2216 break;
2217 }
2218 if (signal_pending(current)) {
2219 retval = -ERESTARTSYS;
2220 break;
2221 }
2222 up_read(&tty->termios_rwsem);
2223
2224 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2225 timeout);
2226
2227 down_read(&tty->termios_rwsem);
2228 continue;
2229 }
2230 }
2231
2232 if (ldata->icanon && !L_EXTPROC(tty)) {
2233 if (canon_copy_from_read_buf(tty, &kb, &nr))
2234 goto more_to_be_read;
2235 } else {
2236 /* Deal with packet mode. */
2237 if (packet && kb == kbuf) {
2238 *kb++ = TIOCPKT_DATA;
2239 nr--;
2240 }
2241
2242 /*
2243 * Copy data, and if there is more to be had
2244 * and we have nothing more to wait for, then
2245 * let's mark us for retries.
2246 *
2247 * NOTE! We return here with both the termios_sem
2248 * and atomic_read_lock still held, the retries
2249 * will release them when done.
2250 */
2251 if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2252 more_to_be_read:
2253 remove_wait_queue(&tty->read_wait, &wait);
2254 *cookie = cookie;
2255 return kb - kbuf;
2256 }
2257 }
2258
2259 n_tty_check_unthrottle(tty);
2260
2261 if (kb - kbuf >= minimum)
2262 break;
2263 if (time)
2264 timeout = time;
2265 }
2266 if (old_tail != ldata->read_tail) {
2267 /*
2268 * Make sure no_room is not read in n_tty_kick_worker()
2269 * before setting ldata->read_tail in copy_from_read_buf().
2270 */
2271 smp_mb();
2272 n_tty_kick_worker(tty);
2273 }
2274 up_read(&tty->termios_rwsem);
2275
2276 remove_wait_queue(&tty->read_wait, &wait);
2277 mutex_unlock(&ldata->atomic_read_lock);
2278
2279 if (kb - kbuf)
2280 retval = kb - kbuf;
2281
2282 return retval;
2283 }
2284
2285 /**
2286 * n_tty_write - write function for tty
2287 * @tty: tty device
2288 * @file: file object
2289 * @buf: userspace buffer pointer
2290 * @nr: size of I/O
2291 *
2292 * Write function of the terminal device. This is serialized with
2293 * respect to other write callers but not to termios changes, reads
2294 * and other such events. Since the receive code will echo characters,
2295 * thus calling driver write methods, the output_lock is used in
2296 * the output processing functions called here as well as in the
2297 * echo processing function to protect the column state and space
2298 * left in the buffer.
2299 *
2300 * This code must be sure never to sleep through a hangup.
2301 *
2302 * Locking: output_lock to protect column state and space left
2303 * (note that the process_output*() functions take this
2304 * lock themselves)
2305 */
2306
n_tty_write(struct tty_struct * tty,struct file * file,const unsigned char * buf,size_t nr)2307 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2308 const unsigned char *buf, size_t nr)
2309 {
2310 const unsigned char *b = buf;
2311 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2312 int c;
2313 ssize_t retval = 0;
2314
2315 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2316 if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2317 retval = tty_check_change(tty);
2318 if (retval)
2319 return retval;
2320 }
2321
2322 down_read(&tty->termios_rwsem);
2323
2324 /* Write out any echoed characters that are still pending */
2325 process_echoes(tty);
2326
2327 add_wait_queue(&tty->write_wait, &wait);
2328 while (1) {
2329 if (signal_pending(current)) {
2330 retval = -ERESTARTSYS;
2331 break;
2332 }
2333 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2334 retval = -EIO;
2335 break;
2336 }
2337 if (O_OPOST(tty)) {
2338 while (nr > 0) {
2339 ssize_t num = process_output_block(tty, b, nr);
2340 if (num < 0) {
2341 if (num == -EAGAIN)
2342 break;
2343 retval = num;
2344 goto break_out;
2345 }
2346 b += num;
2347 nr -= num;
2348 if (nr == 0)
2349 break;
2350 c = *b;
2351 if (process_output(c, tty) < 0)
2352 break;
2353 b++; nr--;
2354 }
2355 if (tty->ops->flush_chars)
2356 tty->ops->flush_chars(tty);
2357 } else {
2358 struct n_tty_data *ldata = tty->disc_data;
2359
2360 while (nr > 0) {
2361 mutex_lock(&ldata->output_lock);
2362 c = tty->ops->write(tty, b, nr);
2363 mutex_unlock(&ldata->output_lock);
2364 if (c < 0) {
2365 retval = c;
2366 goto break_out;
2367 }
2368 if (!c)
2369 break;
2370 b += c;
2371 nr -= c;
2372 }
2373 }
2374 if (!nr)
2375 break;
2376 if (tty_io_nonblock(tty, file)) {
2377 retval = -EAGAIN;
2378 break;
2379 }
2380 up_read(&tty->termios_rwsem);
2381
2382 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2383
2384 down_read(&tty->termios_rwsem);
2385 }
2386 break_out:
2387 remove_wait_queue(&tty->write_wait, &wait);
2388 if (nr && tty->fasync)
2389 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2390 up_read(&tty->termios_rwsem);
2391 return (b - buf) ? b - buf : retval;
2392 }
2393
2394 /**
2395 * n_tty_poll - poll method for N_TTY
2396 * @tty: terminal device
2397 * @file: file accessing it
2398 * @wait: poll table
2399 *
2400 * Called when the line discipline is asked to poll() for data or
2401 * for special events. This code is not serialized with respect to
2402 * other events save open/close.
2403 *
2404 * This code must be sure never to sleep through a hangup.
2405 * Called without the kernel lock held - fine
2406 */
2407
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2408 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2409 poll_table *wait)
2410 {
2411 __poll_t mask = 0;
2412
2413 poll_wait(file, &tty->read_wait, wait);
2414 poll_wait(file, &tty->write_wait, wait);
2415 if (input_available_p(tty, 1))
2416 mask |= EPOLLIN | EPOLLRDNORM;
2417 else {
2418 tty_buffer_flush_work(tty->port);
2419 if (input_available_p(tty, 1))
2420 mask |= EPOLLIN | EPOLLRDNORM;
2421 }
2422 if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2423 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2424 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2425 mask |= EPOLLHUP;
2426 if (tty_hung_up_p(file))
2427 mask |= EPOLLHUP;
2428 if (tty->ops->write && !tty_is_writelocked(tty) &&
2429 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2430 tty_write_room(tty) > 0)
2431 mask |= EPOLLOUT | EPOLLWRNORM;
2432 return mask;
2433 }
2434
inq_canon(struct n_tty_data * ldata)2435 static unsigned long inq_canon(struct n_tty_data *ldata)
2436 {
2437 size_t nr, head, tail;
2438
2439 if (ldata->canon_head == ldata->read_tail)
2440 return 0;
2441 head = ldata->canon_head;
2442 tail = ldata->read_tail;
2443 nr = head - tail;
2444 /* Skip EOF-chars.. */
2445 while (MASK(head) != MASK(tail)) {
2446 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2447 read_buf(ldata, tail) == __DISABLED_CHAR)
2448 nr--;
2449 tail++;
2450 }
2451 return nr;
2452 }
2453
n_tty_ioctl(struct tty_struct * tty,struct file * file,unsigned int cmd,unsigned long arg)2454 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2455 unsigned int cmd, unsigned long arg)
2456 {
2457 struct n_tty_data *ldata = tty->disc_data;
2458 int retval;
2459
2460 switch (cmd) {
2461 case TIOCOUTQ:
2462 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2463 case TIOCINQ:
2464 down_write(&tty->termios_rwsem);
2465 if (L_ICANON(tty) && !L_EXTPROC(tty))
2466 retval = inq_canon(ldata);
2467 else
2468 retval = read_cnt(ldata);
2469 up_write(&tty->termios_rwsem);
2470 return put_user(retval, (unsigned int __user *) arg);
2471 default:
2472 return n_tty_ioctl_helper(tty, file, cmd, arg);
2473 }
2474 }
2475
2476 static struct tty_ldisc_ops n_tty_ops = {
2477 .owner = THIS_MODULE,
2478 .num = N_TTY,
2479 .name = "n_tty",
2480 .open = n_tty_open,
2481 .close = n_tty_close,
2482 .flush_buffer = n_tty_flush_buffer,
2483 .read = n_tty_read,
2484 .write = n_tty_write,
2485 .ioctl = n_tty_ioctl,
2486 .set_termios = n_tty_set_termios,
2487 .poll = n_tty_poll,
2488 .receive_buf = n_tty_receive_buf,
2489 .write_wakeup = n_tty_write_wakeup,
2490 .receive_buf2 = n_tty_receive_buf2,
2491 };
2492
2493 /**
2494 * n_tty_inherit_ops - inherit N_TTY methods
2495 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2496 *
2497 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2498 */
2499
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2500 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2501 {
2502 *ops = n_tty_ops;
2503 ops->owner = NULL;
2504 ops->flags = 0;
2505 }
2506 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2507
n_tty_init(void)2508 void __init n_tty_init(void)
2509 {
2510 tty_register_ldisc(&n_tty_ops);
2511 }
2512