1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <[email protected]>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <[email protected]>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/bitmap.h>
32 #include <linux/bitops.h>
33 #include <linux/ctype.h>
34 #include <linux/errno.h>
35 #include <linux/export.h>
36 #include <linux/fcntl.h>
37 #include <linux/file.h>
38 #include <linux/jiffies.h>
39 #include <linux/math.h>
40 #include <linux/poll.h>
41 #include <linux/ratelimit.h>
42 #include <linux/sched.h>
43 #include <linux/signal.h>
44 #include <linux/slab.h>
45 #include <linux/string.h>
46 #include <linux/tty.h>
47 #include <linux/types.h>
48 #include <linux/uaccess.h>
49 #include <linux/vmalloc.h>
50
51 #include "tty.h"
52
53 /*
54 * Until this number of characters is queued in the xmit buffer, select will
55 * return "we have room for writes".
56 */
57 #define WAKEUP_CHARS 256
58
59 /*
60 * This defines the low- and high-watermarks for throttling and
61 * unthrottling the TTY driver. These watermarks are used for
62 * controlling the space in the read buffer.
63 */
64 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
65 #define TTY_THRESHOLD_UNTHROTTLE 128
66
67 /*
68 * Special byte codes used in the echo buffer to represent operations
69 * or special handling of characters. Bytes in the echo buffer that
70 * are not part of such special blocks are treated as normal character
71 * codes.
72 */
73 #define ECHO_OP_START 0xff
74 #define ECHO_OP_MOVE_BACK_COL 0x80
75 #define ECHO_OP_SET_CANON_COL 0x81
76 #define ECHO_OP_ERASE_TAB 0x82
77
78 #define ECHO_COMMIT_WATERMARK 256
79 #define ECHO_BLOCK 256
80 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
81
82
83 #undef N_TTY_TRACE
84 #ifdef N_TTY_TRACE
85 # define n_tty_trace(f, args...) trace_printk(f, ##args)
86 #else
87 # define n_tty_trace(f, args...) no_printk(f, ##args)
88 #endif
89
90 struct n_tty_data {
91 /* producer-published */
92 size_t read_head;
93 size_t commit_head;
94 size_t canon_head;
95 size_t echo_head;
96 size_t echo_commit;
97 size_t echo_mark;
98 DECLARE_BITMAP(char_map, 256);
99
100 /* private to n_tty_receive_overrun (single-threaded) */
101 unsigned long overrun_time;
102 unsigned int num_overrun;
103
104 /* non-atomic */
105 bool no_room;
106
107 /* must hold exclusive termios_rwsem to reset these */
108 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
109 unsigned char push:1;
110
111 /* shared by producer and consumer */
112 u8 read_buf[N_TTY_BUF_SIZE];
113 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
114 u8 echo_buf[N_TTY_BUF_SIZE];
115
116 /* consumer-published */
117 size_t read_tail;
118 size_t line_start;
119
120 /* # of chars looked ahead (to find software flow control chars) */
121 size_t lookahead_count;
122
123 /* protected by output lock */
124 unsigned int column;
125 unsigned int canon_column;
126 size_t echo_tail;
127
128 struct mutex atomic_read_lock;
129 struct mutex output_lock;
130 };
131
132 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
133
read_cnt(struct n_tty_data * ldata)134 static inline size_t read_cnt(struct n_tty_data *ldata)
135 {
136 return ldata->read_head - ldata->read_tail;
137 }
138
read_buf(struct n_tty_data * ldata,size_t i)139 static inline u8 read_buf(struct n_tty_data *ldata, size_t i)
140 {
141 return ldata->read_buf[MASK(i)];
142 }
143
read_buf_addr(struct n_tty_data * ldata,size_t i)144 static inline u8 *read_buf_addr(struct n_tty_data *ldata, size_t i)
145 {
146 return &ldata->read_buf[MASK(i)];
147 }
148
echo_buf(struct n_tty_data * ldata,size_t i)149 static inline u8 echo_buf(struct n_tty_data *ldata, size_t i)
150 {
151 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
152 return ldata->echo_buf[MASK(i)];
153 }
154
echo_buf_addr(struct n_tty_data * ldata,size_t i)155 static inline u8 *echo_buf_addr(struct n_tty_data *ldata, size_t i)
156 {
157 return &ldata->echo_buf[MASK(i)];
158 }
159
160 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(const struct tty_struct * tty,u8 * buffer,size_t size)161 static void zero_buffer(const struct tty_struct *tty, u8 *buffer, size_t size)
162 {
163 if (L_ICANON(tty) && !L_ECHO(tty))
164 memset(buffer, 0, size);
165 }
166
tty_copy(const struct tty_struct * tty,void * to,size_t tail,size_t n)167 static void tty_copy(const struct tty_struct *tty, void *to, size_t tail,
168 size_t n)
169 {
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173
174 if (n > size) {
175 tty_audit_add_data(tty, from, size);
176 memcpy(to, from, size);
177 zero_buffer(tty, from, size);
178 to += size;
179 n -= size;
180 from = ldata->read_buf;
181 }
182
183 tty_audit_add_data(tty, from, n);
184 memcpy(to, from, n);
185 zero_buffer(tty, from, n);
186 }
187
188 /**
189 * n_tty_kick_worker - start input worker (if required)
190 * @tty: terminal
191 *
192 * Re-schedules the flip buffer work if it may have stopped.
193 *
194 * Locking:
195 * * Caller holds exclusive %termios_rwsem, or
196 * * n_tty_read()/consumer path:
197 * holds non-exclusive %termios_rwsem
198 */
n_tty_kick_worker(const struct tty_struct * tty)199 static void n_tty_kick_worker(const struct tty_struct *tty)
200 {
201 struct n_tty_data *ldata = tty->disc_data;
202
203 /* Did the input worker stop? Restart it */
204 if (unlikely(READ_ONCE(ldata->no_room))) {
205 WRITE_ONCE(ldata->no_room, 0);
206
207 WARN_RATELIMIT(tty->port->itty == NULL,
208 "scheduling with invalid itty\n");
209 /* see if ldisc has been killed - if so, this means that
210 * even though the ldisc has been halted and ->buf.work
211 * cancelled, ->buf.work is about to be rescheduled
212 */
213 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
214 "scheduling buffer work for halted ldisc\n");
215 tty_buffer_restart_work(tty->port);
216 }
217 }
218
chars_in_buffer(const struct tty_struct * tty)219 static ssize_t chars_in_buffer(const struct tty_struct *tty)
220 {
221 const struct n_tty_data *ldata = tty->disc_data;
222 size_t head = ldata->icanon ? ldata->canon_head : ldata->commit_head;
223
224 return head - ldata->read_tail;
225 }
226
227 /**
228 * n_tty_write_wakeup - asynchronous I/O notifier
229 * @tty: tty device
230 *
231 * Required for the ptys, serial driver etc. since processes that attach
232 * themselves to the master and rely on ASYNC IO must be woken up.
233 */
n_tty_write_wakeup(struct tty_struct * tty)234 static void n_tty_write_wakeup(struct tty_struct *tty)
235 {
236 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
237 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
238 }
239
n_tty_check_throttle(struct tty_struct * tty)240 static void n_tty_check_throttle(struct tty_struct *tty)
241 {
242 struct n_tty_data *ldata = tty->disc_data;
243
244 /*
245 * Check the remaining room for the input canonicalization
246 * mode. We don't want to throttle the driver if we're in
247 * canonical mode and don't have a newline yet!
248 */
249 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
250 return;
251
252 do {
253 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
254 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
255 break;
256 } while (!tty_throttle_safe(tty));
257
258 __tty_set_flow_change(tty, 0);
259 }
260
n_tty_check_unthrottle(struct tty_struct * tty)261 static void n_tty_check_unthrottle(struct tty_struct *tty)
262 {
263 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
264 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
265 return;
266 n_tty_kick_worker(tty);
267 tty_wakeup(tty->link);
268 return;
269 }
270
271 /* If there is enough space in the read buffer now, let the
272 * low-level driver know. We use chars_in_buffer() to
273 * check the buffer, as it now knows about canonical mode.
274 * Otherwise, if the driver is throttled and the line is
275 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
276 * we won't get any more characters.
277 */
278
279 do {
280 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
281 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
282 break;
283
284 n_tty_kick_worker(tty);
285 } while (!tty_unthrottle_safe(tty));
286
287 __tty_set_flow_change(tty, 0);
288 }
289
290 /**
291 * put_tty_queue - add character to tty
292 * @c: character
293 * @ldata: n_tty data
294 *
295 * Add a character to the tty read_buf queue.
296 *
297 * Locking:
298 * * n_tty_receive_buf()/producer path:
299 * caller holds non-exclusive %termios_rwsem
300 */
put_tty_queue(u8 c,struct n_tty_data * ldata)301 static inline void put_tty_queue(u8 c, struct n_tty_data *ldata)
302 {
303 *read_buf_addr(ldata, ldata->read_head) = c;
304 ldata->read_head++;
305 }
306
307 /**
308 * reset_buffer_flags - reset buffer state
309 * @ldata: line disc data to reset
310 *
311 * Reset the read buffer counters and clear the flags. Called from
312 * n_tty_open() and n_tty_flush_buffer().
313 *
314 * Locking:
315 * * caller holds exclusive %termios_rwsem, or
316 * * (locking is not required)
317 */
reset_buffer_flags(struct n_tty_data * ldata)318 static void reset_buffer_flags(struct n_tty_data *ldata)
319 {
320 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
321 ldata->commit_head = 0;
322 ldata->line_start = 0;
323
324 ldata->erasing = 0;
325 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
326 ldata->push = 0;
327
328 ldata->lookahead_count = 0;
329 }
330
n_tty_packet_mode_flush(struct tty_struct * tty)331 static void n_tty_packet_mode_flush(struct tty_struct *tty)
332 {
333 unsigned long flags;
334
335 if (tty->link->ctrl.packet) {
336 spin_lock_irqsave(&tty->ctrl.lock, flags);
337 tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
338 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
339 wake_up_interruptible(&tty->link->read_wait);
340 }
341 }
342
343 /**
344 * n_tty_flush_buffer - clean input queue
345 * @tty: terminal device
346 *
347 * Flush the input buffer. Called when the tty layer wants the buffer flushed
348 * (eg at hangup) or when the %N_TTY line discipline internally has to clean
349 * the pending queue (for example some signals).
350 *
351 * Holds %termios_rwsem to exclude producer/consumer while buffer indices are
352 * reset.
353 *
354 * Locking: %ctrl.lock, exclusive %termios_rwsem
355 */
n_tty_flush_buffer(struct tty_struct * tty)356 static void n_tty_flush_buffer(struct tty_struct *tty)
357 {
358 down_write(&tty->termios_rwsem);
359 reset_buffer_flags(tty->disc_data);
360 n_tty_kick_worker(tty);
361
362 if (tty->link)
363 n_tty_packet_mode_flush(tty);
364 up_write(&tty->termios_rwsem);
365 }
366
367 /**
368 * is_utf8_continuation - utf8 multibyte check
369 * @c: byte to check
370 *
371 * Returns: true if the utf8 character @c is a multibyte continuation
372 * character. We use this to correctly compute the on-screen size of the
373 * character when printing.
374 */
is_utf8_continuation(u8 c)375 static inline int is_utf8_continuation(u8 c)
376 {
377 return (c & 0xc0) == 0x80;
378 }
379
380 /**
381 * is_continuation - multibyte check
382 * @c: byte to check
383 * @tty: terminal device
384 *
385 * Returns: true if the utf8 character @c is a multibyte continuation character
386 * and the terminal is in unicode mode.
387 */
is_continuation(u8 c,const struct tty_struct * tty)388 static inline int is_continuation(u8 c, const struct tty_struct *tty)
389 {
390 return I_IUTF8(tty) && is_utf8_continuation(c);
391 }
392
393 /**
394 * do_output_char - output one character
395 * @c: character (or partial unicode symbol)
396 * @tty: terminal device
397 * @space: space available in tty driver write buffer
398 *
399 * This is a helper function that handles one output character (including
400 * special characters like TAB, CR, LF, etc.), doing OPOST processing and
401 * putting the results in the tty driver's write buffer.
402 *
403 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY and NLDLY.
404 * They simply aren't relevant in the world today. If you ever need them, add
405 * them here.
406 *
407 * Returns: the number of bytes of buffer space used or -1 if no space left.
408 *
409 * Locking: should be called under the %output_lock to protect the column state
410 * and space left in the buffer.
411 */
do_output_char(u8 c,struct tty_struct * tty,int space)412 static int do_output_char(u8 c, struct tty_struct *tty, int space)
413 {
414 struct n_tty_data *ldata = tty->disc_data;
415 int spaces;
416
417 if (!space)
418 return -1;
419
420 switch (c) {
421 case '\n':
422 if (O_ONLRET(tty))
423 ldata->column = 0;
424 if (O_ONLCR(tty)) {
425 if (space < 2)
426 return -1;
427 ldata->canon_column = ldata->column = 0;
428 tty->ops->write(tty, "\r\n", 2);
429 return 2;
430 }
431 ldata->canon_column = ldata->column;
432 break;
433 case '\r':
434 if (O_ONOCR(tty) && ldata->column == 0)
435 return 0;
436 if (O_OCRNL(tty)) {
437 c = '\n';
438 if (O_ONLRET(tty))
439 ldata->canon_column = ldata->column = 0;
440 break;
441 }
442 ldata->canon_column = ldata->column = 0;
443 break;
444 case '\t':
445 spaces = 8 - (ldata->column & 7);
446 if (O_TABDLY(tty) == XTABS) {
447 if (space < spaces)
448 return -1;
449 ldata->column += spaces;
450 tty->ops->write(tty, " ", spaces);
451 return spaces;
452 }
453 ldata->column += spaces;
454 break;
455 case '\b':
456 if (ldata->column > 0)
457 ldata->column--;
458 break;
459 default:
460 if (!iscntrl(c)) {
461 if (O_OLCUC(tty))
462 c = toupper(c);
463 if (!is_continuation(c, tty))
464 ldata->column++;
465 }
466 break;
467 }
468
469 tty_put_char(tty, c);
470 return 1;
471 }
472
473 /**
474 * process_output - output post processor
475 * @c: character (or partial unicode symbol)
476 * @tty: terminal device
477 *
478 * Output one character with OPOST processing.
479 *
480 * Returns: -1 when the output device is full and the character must be
481 * retried.
482 *
483 * Locking: %output_lock to protect column state and space left (also, this is
484 *called from n_tty_write() under the tty layer write lock).
485 */
process_output(u8 c,struct tty_struct * tty)486 static int process_output(u8 c, struct tty_struct *tty)
487 {
488 struct n_tty_data *ldata = tty->disc_data;
489 unsigned int space;
490 int retval;
491
492 mutex_lock(&ldata->output_lock);
493
494 space = tty_write_room(tty);
495 retval = do_output_char(c, tty, space);
496
497 mutex_unlock(&ldata->output_lock);
498 if (retval < 0)
499 return -1;
500 else
501 return 0;
502 }
503
504 /**
505 * process_output_block - block post processor
506 * @tty: terminal device
507 * @buf: character buffer
508 * @nr: number of bytes to output
509 *
510 * Output a block of characters with OPOST processing.
511 *
512 * This path is used to speed up block console writes, among other things when
513 * processing blocks of output data. It handles only the simple cases normally
514 * found and helps to generate blocks of symbols for the console driver and
515 * thus improve performance.
516 *
517 * Returns: the number of characters output.
518 *
519 * Locking: %output_lock to protect column state and space left (also, this is
520 * called from n_tty_write() under the tty layer write lock).
521 */
process_output_block(struct tty_struct * tty,const u8 * buf,unsigned int nr)522 static ssize_t process_output_block(struct tty_struct *tty,
523 const u8 *buf, unsigned int nr)
524 {
525 struct n_tty_data *ldata = tty->disc_data;
526 unsigned int space;
527 int i;
528 const u8 *cp;
529
530 mutex_lock(&ldata->output_lock);
531
532 space = tty_write_room(tty);
533 if (space == 0) {
534 mutex_unlock(&ldata->output_lock);
535 return 0;
536 }
537 if (nr > space)
538 nr = space;
539
540 for (i = 0, cp = buf; i < nr; i++, cp++) {
541 u8 c = *cp;
542
543 switch (c) {
544 case '\n':
545 if (O_ONLRET(tty))
546 ldata->column = 0;
547 if (O_ONLCR(tty))
548 goto break_out;
549 ldata->canon_column = ldata->column;
550 break;
551 case '\r':
552 if (O_ONOCR(tty) && ldata->column == 0)
553 goto break_out;
554 if (O_OCRNL(tty))
555 goto break_out;
556 ldata->canon_column = ldata->column = 0;
557 break;
558 case '\t':
559 goto break_out;
560 case '\b':
561 if (ldata->column > 0)
562 ldata->column--;
563 break;
564 default:
565 if (!iscntrl(c)) {
566 if (O_OLCUC(tty))
567 goto break_out;
568 if (!is_continuation(c, tty))
569 ldata->column++;
570 }
571 break;
572 }
573 }
574 break_out:
575 i = tty->ops->write(tty, buf, i);
576
577 mutex_unlock(&ldata->output_lock);
578 return i;
579 }
580
n_tty_process_echo_ops(struct tty_struct * tty,size_t * tail,int space)581 static int n_tty_process_echo_ops(struct tty_struct *tty, size_t *tail,
582 int space)
583 {
584 struct n_tty_data *ldata = tty->disc_data;
585 u8 op;
586
587 /*
588 * Since add_echo_byte() is called without holding output_lock, we
589 * might see only portion of multi-byte operation.
590 */
591 if (MASK(ldata->echo_commit) == MASK(*tail + 1))
592 return -ENODATA;
593
594 /*
595 * If the buffer byte is the start of a multi-byte operation, get the
596 * next byte, which is either the op code or a control character value.
597 */
598 op = echo_buf(ldata, *tail + 1);
599
600 switch (op) {
601 case ECHO_OP_ERASE_TAB: {
602 unsigned int num_chars, num_bs;
603
604 if (MASK(ldata->echo_commit) == MASK(*tail + 2))
605 return -ENODATA;
606
607 num_chars = echo_buf(ldata, *tail + 2);
608
609 /*
610 * Determine how many columns to go back in order to erase the
611 * tab. This depends on the number of columns used by other
612 * characters within the tab area. If this (modulo 8) count is
613 * from the start of input rather than from a previous tab, we
614 * offset by canon column. Otherwise, tab spacing is normal.
615 */
616 if (!(num_chars & 0x80))
617 num_chars += ldata->canon_column;
618 num_bs = 8 - (num_chars & 7);
619
620 if (num_bs > space)
621 return -ENOSPC;
622
623 space -= num_bs;
624 while (num_bs--) {
625 tty_put_char(tty, '\b');
626 if (ldata->column > 0)
627 ldata->column--;
628 }
629 *tail += 3;
630 break;
631 }
632 case ECHO_OP_SET_CANON_COL:
633 ldata->canon_column = ldata->column;
634 *tail += 2;
635 break;
636
637 case ECHO_OP_MOVE_BACK_COL:
638 if (ldata->column > 0)
639 ldata->column--;
640 *tail += 2;
641 break;
642
643 case ECHO_OP_START:
644 /* This is an escaped echo op start code */
645 if (!space)
646 return -ENOSPC;
647
648 tty_put_char(tty, ECHO_OP_START);
649 ldata->column++;
650 space--;
651 *tail += 2;
652 break;
653
654 default:
655 /*
656 * If the op is not a special byte code, it is a ctrl char
657 * tagged to be echoed as "^X" (where X is the letter
658 * representing the control char). Note that we must ensure
659 * there is enough space for the whole ctrl pair.
660 */
661 if (space < 2)
662 return -ENOSPC;
663
664 tty_put_char(tty, '^');
665 tty_put_char(tty, op ^ 0100);
666 ldata->column += 2;
667 space -= 2;
668 *tail += 2;
669 break;
670 }
671
672 return space;
673 }
674
675 /**
676 * __process_echoes - write pending echo characters
677 * @tty: terminal device
678 *
679 * Write previously buffered echo (and other ldisc-generated) characters to the
680 * tty.
681 *
682 * Characters generated by the ldisc (including echoes) need to be buffered
683 * because the driver's write buffer can fill during heavy program output.
684 * Echoing straight to the driver will often fail under these conditions,
685 * causing lost characters and resulting mismatches of ldisc state information.
686 *
687 * Since the ldisc state must represent the characters actually sent to the
688 * driver at the time of the write, operations like certain changes in column
689 * state are also saved in the buffer and executed here.
690 *
691 * A circular fifo buffer is used so that the most recent characters are
692 * prioritized. Also, when control characters are echoed with a prefixed "^",
693 * the pair is treated atomically and thus not separated.
694 *
695 * Locking: callers must hold %output_lock.
696 */
__process_echoes(struct tty_struct * tty)697 static size_t __process_echoes(struct tty_struct *tty)
698 {
699 struct n_tty_data *ldata = tty->disc_data;
700 unsigned int space, old_space;
701 size_t tail;
702 u8 c;
703
704 old_space = space = tty_write_room(tty);
705
706 tail = ldata->echo_tail;
707 while (MASK(ldata->echo_commit) != MASK(tail)) {
708 c = echo_buf(ldata, tail);
709 if (c == ECHO_OP_START) {
710 int ret = n_tty_process_echo_ops(tty, &tail, space);
711 if (ret == -ENODATA)
712 goto not_yet_stored;
713 if (ret < 0)
714 break;
715 space = ret;
716 } else {
717 if (O_OPOST(tty)) {
718 int retval = do_output_char(c, tty, space);
719 if (retval < 0)
720 break;
721 space -= retval;
722 } else {
723 if (!space)
724 break;
725 tty_put_char(tty, c);
726 space -= 1;
727 }
728 tail += 1;
729 }
730 }
731
732 /* If the echo buffer is nearly full (so that the possibility exists
733 * of echo overrun before the next commit), then discard enough
734 * data at the tail to prevent a subsequent overrun */
735 while (ldata->echo_commit > tail &&
736 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
737 if (echo_buf(ldata, tail) == ECHO_OP_START) {
738 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
739 tail += 3;
740 else
741 tail += 2;
742 } else
743 tail++;
744 }
745
746 not_yet_stored:
747 ldata->echo_tail = tail;
748 return old_space - space;
749 }
750
commit_echoes(struct tty_struct * tty)751 static void commit_echoes(struct tty_struct *tty)
752 {
753 struct n_tty_data *ldata = tty->disc_data;
754 size_t nr, old, echoed;
755 size_t head;
756
757 mutex_lock(&ldata->output_lock);
758 head = ldata->echo_head;
759 ldata->echo_mark = head;
760 old = ldata->echo_commit - ldata->echo_tail;
761
762 /* Process committed echoes if the accumulated # of bytes
763 * is over the threshold (and try again each time another
764 * block is accumulated) */
765 nr = head - ldata->echo_tail;
766 if (nr < ECHO_COMMIT_WATERMARK ||
767 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
768 mutex_unlock(&ldata->output_lock);
769 return;
770 }
771
772 ldata->echo_commit = head;
773 echoed = __process_echoes(tty);
774 mutex_unlock(&ldata->output_lock);
775
776 if (echoed && tty->ops->flush_chars)
777 tty->ops->flush_chars(tty);
778 }
779
process_echoes(struct tty_struct * tty)780 static void process_echoes(struct tty_struct *tty)
781 {
782 struct n_tty_data *ldata = tty->disc_data;
783 size_t echoed;
784
785 if (ldata->echo_mark == ldata->echo_tail)
786 return;
787
788 mutex_lock(&ldata->output_lock);
789 ldata->echo_commit = ldata->echo_mark;
790 echoed = __process_echoes(tty);
791 mutex_unlock(&ldata->output_lock);
792
793 if (echoed && tty->ops->flush_chars)
794 tty->ops->flush_chars(tty);
795 }
796
797 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)798 static void flush_echoes(struct tty_struct *tty)
799 {
800 struct n_tty_data *ldata = tty->disc_data;
801
802 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
803 ldata->echo_commit == ldata->echo_head)
804 return;
805
806 mutex_lock(&ldata->output_lock);
807 ldata->echo_commit = ldata->echo_head;
808 __process_echoes(tty);
809 mutex_unlock(&ldata->output_lock);
810 }
811
812 /**
813 * add_echo_byte - add a byte to the echo buffer
814 * @c: unicode byte to echo
815 * @ldata: n_tty data
816 *
817 * Add a character or operation byte to the echo buffer.
818 */
add_echo_byte(u8 c,struct n_tty_data * ldata)819 static inline void add_echo_byte(u8 c, struct n_tty_data *ldata)
820 {
821 *echo_buf_addr(ldata, ldata->echo_head) = c;
822 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
823 ldata->echo_head++;
824 }
825
826 /**
827 * echo_move_back_col - add operation to move back a column
828 * @ldata: n_tty data
829 *
830 * Add an operation to the echo buffer to move back one column.
831 */
echo_move_back_col(struct n_tty_data * ldata)832 static void echo_move_back_col(struct n_tty_data *ldata)
833 {
834 add_echo_byte(ECHO_OP_START, ldata);
835 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
836 }
837
838 /**
839 * echo_set_canon_col - add operation to set the canon column
840 * @ldata: n_tty data
841 *
842 * Add an operation to the echo buffer to set the canon column to the current
843 * column.
844 */
echo_set_canon_col(struct n_tty_data * ldata)845 static void echo_set_canon_col(struct n_tty_data *ldata)
846 {
847 add_echo_byte(ECHO_OP_START, ldata);
848 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
849 }
850
851 /**
852 * echo_erase_tab - add operation to erase a tab
853 * @num_chars: number of character columns already used
854 * @after_tab: true if num_chars starts after a previous tab
855 * @ldata: n_tty data
856 *
857 * Add an operation to the echo buffer to erase a tab.
858 *
859 * Called by the eraser function, which knows how many character columns have
860 * been used since either a previous tab or the start of input. This
861 * information will be used later, along with canon column (if applicable), to
862 * go back the correct number of columns.
863 */
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)864 static void echo_erase_tab(unsigned int num_chars, int after_tab,
865 struct n_tty_data *ldata)
866 {
867 add_echo_byte(ECHO_OP_START, ldata);
868 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
869
870 /* We only need to know this modulo 8 (tab spacing) */
871 num_chars &= 7;
872
873 /* Set the high bit as a flag if num_chars is after a previous tab */
874 if (after_tab)
875 num_chars |= 0x80;
876
877 add_echo_byte(num_chars, ldata);
878 }
879
880 /**
881 * echo_char_raw - echo a character raw
882 * @c: unicode byte to echo
883 * @ldata: line disc data
884 *
885 * Echo user input back onto the screen. This must be called only when
886 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
887 *
888 * This variant does not treat control characters specially.
889 */
echo_char_raw(u8 c,struct n_tty_data * ldata)890 static void echo_char_raw(u8 c, struct n_tty_data *ldata)
891 {
892 if (c == ECHO_OP_START) {
893 add_echo_byte(ECHO_OP_START, ldata);
894 add_echo_byte(ECHO_OP_START, ldata);
895 } else {
896 add_echo_byte(c, ldata);
897 }
898 }
899
900 /**
901 * echo_char - echo a character
902 * @c: unicode byte to echo
903 * @tty: terminal device
904 *
905 * Echo user input back onto the screen. This must be called only when
906 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
907 *
908 * This variant tags control characters to be echoed as "^X" (where X is the
909 * letter representing the control char).
910 */
echo_char(u8 c,const struct tty_struct * tty)911 static void echo_char(u8 c, const struct tty_struct *tty)
912 {
913 struct n_tty_data *ldata = tty->disc_data;
914
915 if (c == ECHO_OP_START) {
916 add_echo_byte(ECHO_OP_START, ldata);
917 add_echo_byte(ECHO_OP_START, ldata);
918 } else {
919 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
920 add_echo_byte(ECHO_OP_START, ldata);
921 add_echo_byte(c, ldata);
922 }
923 }
924
925 /**
926 * finish_erasing - complete erase
927 * @ldata: n_tty data
928 */
finish_erasing(struct n_tty_data * ldata)929 static inline void finish_erasing(struct n_tty_data *ldata)
930 {
931 if (ldata->erasing) {
932 echo_char_raw('/', ldata);
933 ldata->erasing = 0;
934 }
935 }
936
937 /**
938 * eraser - handle erase function
939 * @c: character input
940 * @tty: terminal device
941 *
942 * Perform erase and necessary output when an erase character is present in the
943 * stream from the driver layer. Handles the complexities of UTF-8 multibyte
944 * symbols.
945 *
946 * Locking: n_tty_receive_buf()/producer path:
947 * caller holds non-exclusive %termios_rwsem
948 */
eraser(u8 c,const struct tty_struct * tty)949 static void eraser(u8 c, const struct tty_struct *tty)
950 {
951 struct n_tty_data *ldata = tty->disc_data;
952 enum { ERASE, WERASE, KILL } kill_type;
953 size_t head;
954 size_t cnt;
955 int seen_alnums;
956
957 if (ldata->read_head == ldata->canon_head) {
958 /* process_output('\a', tty); */ /* what do you think? */
959 return;
960 }
961 if (c == ERASE_CHAR(tty))
962 kill_type = ERASE;
963 else if (c == WERASE_CHAR(tty))
964 kill_type = WERASE;
965 else {
966 if (!L_ECHO(tty)) {
967 ldata->read_head = ldata->canon_head;
968 return;
969 }
970 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
971 ldata->read_head = ldata->canon_head;
972 finish_erasing(ldata);
973 echo_char(KILL_CHAR(tty), tty);
974 /* Add a newline if ECHOK is on and ECHOKE is off. */
975 if (L_ECHOK(tty))
976 echo_char_raw('\n', ldata);
977 return;
978 }
979 kill_type = KILL;
980 }
981
982 seen_alnums = 0;
983 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
984 head = ldata->read_head;
985
986 /* erase a single possibly multibyte character */
987 do {
988 head--;
989 c = read_buf(ldata, head);
990 } while (is_continuation(c, tty) &&
991 MASK(head) != MASK(ldata->canon_head));
992
993 /* do not partially erase */
994 if (is_continuation(c, tty))
995 break;
996
997 if (kill_type == WERASE) {
998 /* Equivalent to BSD's ALTWERASE. */
999 if (isalnum(c) || c == '_')
1000 seen_alnums++;
1001 else if (seen_alnums)
1002 break;
1003 }
1004 cnt = ldata->read_head - head;
1005 ldata->read_head = head;
1006 if (L_ECHO(tty)) {
1007 if (L_ECHOPRT(tty)) {
1008 if (!ldata->erasing) {
1009 echo_char_raw('\\', ldata);
1010 ldata->erasing = 1;
1011 }
1012 /* if cnt > 1, output a multi-byte character */
1013 echo_char(c, tty);
1014 while (--cnt > 0) {
1015 head++;
1016 echo_char_raw(read_buf(ldata, head), ldata);
1017 echo_move_back_col(ldata);
1018 }
1019 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1020 echo_char(ERASE_CHAR(tty), tty);
1021 } else if (c == '\t') {
1022 unsigned int num_chars = 0;
1023 int after_tab = 0;
1024 size_t tail = ldata->read_head;
1025
1026 /*
1027 * Count the columns used for characters
1028 * since the start of input or after a
1029 * previous tab.
1030 * This info is used to go back the correct
1031 * number of columns.
1032 */
1033 while (MASK(tail) != MASK(ldata->canon_head)) {
1034 tail--;
1035 c = read_buf(ldata, tail);
1036 if (c == '\t') {
1037 after_tab = 1;
1038 break;
1039 } else if (iscntrl(c)) {
1040 if (L_ECHOCTL(tty))
1041 num_chars += 2;
1042 } else if (!is_continuation(c, tty)) {
1043 num_chars++;
1044 }
1045 }
1046 echo_erase_tab(num_chars, after_tab, ldata);
1047 } else {
1048 if (iscntrl(c) && L_ECHOCTL(tty)) {
1049 echo_char_raw('\b', ldata);
1050 echo_char_raw(' ', ldata);
1051 echo_char_raw('\b', ldata);
1052 }
1053 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1054 echo_char_raw('\b', ldata);
1055 echo_char_raw(' ', ldata);
1056 echo_char_raw('\b', ldata);
1057 }
1058 }
1059 }
1060 if (kill_type == ERASE)
1061 break;
1062 }
1063 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1064 finish_erasing(ldata);
1065 }
1066
1067
__isig(int sig,struct tty_struct * tty)1068 static void __isig(int sig, struct tty_struct *tty)
1069 {
1070 struct pid *tty_pgrp = tty_get_pgrp(tty);
1071 if (tty_pgrp) {
1072 kill_pgrp(tty_pgrp, sig, 1);
1073 put_pid(tty_pgrp);
1074 }
1075 }
1076
1077 /**
1078 * isig - handle the ISIG optio
1079 * @sig: signal
1080 * @tty: terminal
1081 *
1082 * Called when a signal is being sent due to terminal input. Called from the
1083 * &tty_driver.receive_buf() path, so serialized.
1084 *
1085 * Performs input and output flush if !NOFLSH. In this context, the echo
1086 * buffer is 'output'. The signal is processed first to alert any current
1087 * readers or writers to discontinue and exit their i/o loops.
1088 *
1089 * Locking: %ctrl.lock
1090 */
isig(int sig,struct tty_struct * tty)1091 static void isig(int sig, struct tty_struct *tty)
1092 {
1093 struct n_tty_data *ldata = tty->disc_data;
1094
1095 if (L_NOFLSH(tty)) {
1096 /* signal only */
1097 __isig(sig, tty);
1098
1099 } else { /* signal and flush */
1100 up_read(&tty->termios_rwsem);
1101 down_write(&tty->termios_rwsem);
1102
1103 __isig(sig, tty);
1104
1105 /* clear echo buffer */
1106 mutex_lock(&ldata->output_lock);
1107 ldata->echo_head = ldata->echo_tail = 0;
1108 ldata->echo_mark = ldata->echo_commit = 0;
1109 mutex_unlock(&ldata->output_lock);
1110
1111 /* clear output buffer */
1112 tty_driver_flush_buffer(tty);
1113
1114 /* clear input buffer */
1115 reset_buffer_flags(tty->disc_data);
1116
1117 /* notify pty master of flush */
1118 if (tty->link)
1119 n_tty_packet_mode_flush(tty);
1120
1121 up_write(&tty->termios_rwsem);
1122 down_read(&tty->termios_rwsem);
1123 }
1124 }
1125
1126 /**
1127 * n_tty_receive_break - handle break
1128 * @tty: terminal
1129 *
1130 * An RS232 break event has been hit in the incoming bitstream. This can cause
1131 * a variety of events depending upon the termios settings.
1132 *
1133 * Locking: n_tty_receive_buf()/producer path:
1134 * caller holds non-exclusive termios_rwsem
1135 *
1136 * Note: may get exclusive %termios_rwsem if flushing input buffer
1137 */
n_tty_receive_break(struct tty_struct * tty)1138 static void n_tty_receive_break(struct tty_struct *tty)
1139 {
1140 struct n_tty_data *ldata = tty->disc_data;
1141
1142 if (I_IGNBRK(tty))
1143 return;
1144 if (I_BRKINT(tty)) {
1145 isig(SIGINT, tty);
1146 return;
1147 }
1148 if (I_PARMRK(tty)) {
1149 put_tty_queue('\377', ldata);
1150 put_tty_queue('\0', ldata);
1151 }
1152 put_tty_queue('\0', ldata);
1153 }
1154
1155 /**
1156 * n_tty_receive_overrun - handle overrun reporting
1157 * @tty: terminal
1158 *
1159 * Data arrived faster than we could process it. While the tty driver has
1160 * flagged this the bits that were missed are gone forever.
1161 *
1162 * Called from the receive_buf path so single threaded. Does not need locking
1163 * as num_overrun and overrun_time are function private.
1164 */
n_tty_receive_overrun(const struct tty_struct * tty)1165 static void n_tty_receive_overrun(const struct tty_struct *tty)
1166 {
1167 struct n_tty_data *ldata = tty->disc_data;
1168
1169 ldata->num_overrun++;
1170 if (time_is_before_jiffies(ldata->overrun_time + HZ)) {
1171 tty_warn(tty, "%u input overrun(s)\n", ldata->num_overrun);
1172 ldata->overrun_time = jiffies;
1173 ldata->num_overrun = 0;
1174 }
1175 }
1176
1177 /**
1178 * n_tty_receive_parity_error - error notifier
1179 * @tty: terminal device
1180 * @c: character
1181 *
1182 * Process a parity error and queue the right data to indicate the error case
1183 * if necessary.
1184 *
1185 * Locking: n_tty_receive_buf()/producer path:
1186 * caller holds non-exclusive %termios_rwsem
1187 */
n_tty_receive_parity_error(const struct tty_struct * tty,u8 c)1188 static void n_tty_receive_parity_error(const struct tty_struct *tty,
1189 u8 c)
1190 {
1191 struct n_tty_data *ldata = tty->disc_data;
1192
1193 if (I_INPCK(tty)) {
1194 if (I_IGNPAR(tty))
1195 return;
1196 if (I_PARMRK(tty)) {
1197 put_tty_queue('\377', ldata);
1198 put_tty_queue('\0', ldata);
1199 put_tty_queue(c, ldata);
1200 } else
1201 put_tty_queue('\0', ldata);
1202 } else
1203 put_tty_queue(c, ldata);
1204 }
1205
1206 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,u8 c)1207 n_tty_receive_signal_char(struct tty_struct *tty, int signal, u8 c)
1208 {
1209 isig(signal, tty);
1210 if (I_IXON(tty))
1211 start_tty(tty);
1212 if (L_ECHO(tty)) {
1213 echo_char(c, tty);
1214 commit_echoes(tty);
1215 } else
1216 process_echoes(tty);
1217 }
1218
n_tty_is_char_flow_ctrl(struct tty_struct * tty,u8 c)1219 static bool n_tty_is_char_flow_ctrl(struct tty_struct *tty, u8 c)
1220 {
1221 return c == START_CHAR(tty) || c == STOP_CHAR(tty);
1222 }
1223
1224 /**
1225 * n_tty_receive_char_flow_ctrl - receive flow control chars
1226 * @tty: terminal device
1227 * @c: character
1228 * @lookahead_done: lookahead has processed this character already
1229 *
1230 * Receive and process flow control character actions.
1231 *
1232 * In case lookahead for flow control chars already handled the character in
1233 * advance to the normal receive, the actions are skipped during normal
1234 * receive.
1235 *
1236 * Returns true if @c is consumed as flow-control character, the character
1237 * must not be treated as normal character.
1238 */
n_tty_receive_char_flow_ctrl(struct tty_struct * tty,u8 c,bool lookahead_done)1239 static bool n_tty_receive_char_flow_ctrl(struct tty_struct *tty, u8 c,
1240 bool lookahead_done)
1241 {
1242 if (!n_tty_is_char_flow_ctrl(tty, c))
1243 return false;
1244
1245 if (lookahead_done)
1246 return true;
1247
1248 if (c == START_CHAR(tty)) {
1249 start_tty(tty);
1250 process_echoes(tty);
1251 return true;
1252 }
1253
1254 /* STOP_CHAR */
1255 stop_tty(tty);
1256 return true;
1257 }
1258
n_tty_receive_handle_newline(struct tty_struct * tty,u8 c)1259 static void n_tty_receive_handle_newline(struct tty_struct *tty, u8 c)
1260 {
1261 struct n_tty_data *ldata = tty->disc_data;
1262
1263 set_bit(MASK(ldata->read_head), ldata->read_flags);
1264 put_tty_queue(c, ldata);
1265 smp_store_release(&ldata->canon_head, ldata->read_head);
1266 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1267 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1268 }
1269
n_tty_receive_char_canon(struct tty_struct * tty,u8 c)1270 static bool n_tty_receive_char_canon(struct tty_struct *tty, u8 c)
1271 {
1272 struct n_tty_data *ldata = tty->disc_data;
1273
1274 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1275 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1276 eraser(c, tty);
1277 commit_echoes(tty);
1278
1279 return true;
1280 }
1281
1282 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1283 ldata->lnext = 1;
1284 if (L_ECHO(tty)) {
1285 finish_erasing(ldata);
1286 if (L_ECHOCTL(tty)) {
1287 echo_char_raw('^', ldata);
1288 echo_char_raw('\b', ldata);
1289 commit_echoes(tty);
1290 }
1291 }
1292
1293 return true;
1294 }
1295
1296 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1297 size_t tail = ldata->canon_head;
1298
1299 finish_erasing(ldata);
1300 echo_char(c, tty);
1301 echo_char_raw('\n', ldata);
1302 while (MASK(tail) != MASK(ldata->read_head)) {
1303 echo_char(read_buf(ldata, tail), tty);
1304 tail++;
1305 }
1306 commit_echoes(tty);
1307
1308 return true;
1309 }
1310
1311 if (c == '\n') {
1312 if (L_ECHO(tty) || L_ECHONL(tty)) {
1313 echo_char_raw('\n', ldata);
1314 commit_echoes(tty);
1315 }
1316 n_tty_receive_handle_newline(tty, c);
1317
1318 return true;
1319 }
1320
1321 if (c == EOF_CHAR(tty)) {
1322 c = __DISABLED_CHAR;
1323 n_tty_receive_handle_newline(tty, c);
1324
1325 return true;
1326 }
1327
1328 if ((c == EOL_CHAR(tty)) ||
1329 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1330 /*
1331 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1332 */
1333 if (L_ECHO(tty)) {
1334 /* Record the column of first canon char. */
1335 if (ldata->canon_head == ldata->read_head)
1336 echo_set_canon_col(ldata);
1337 echo_char(c, tty);
1338 commit_echoes(tty);
1339 }
1340 /*
1341 * XXX does PARMRK doubling happen for
1342 * EOL_CHAR and EOL2_CHAR?
1343 */
1344 if (c == '\377' && I_PARMRK(tty))
1345 put_tty_queue(c, ldata);
1346
1347 n_tty_receive_handle_newline(tty, c);
1348
1349 return true;
1350 }
1351
1352 return false;
1353 }
1354
n_tty_receive_char_special(struct tty_struct * tty,u8 c,bool lookahead_done)1355 static void n_tty_receive_char_special(struct tty_struct *tty, u8 c,
1356 bool lookahead_done)
1357 {
1358 struct n_tty_data *ldata = tty->disc_data;
1359
1360 if (I_IXON(tty) && n_tty_receive_char_flow_ctrl(tty, c, lookahead_done))
1361 return;
1362
1363 if (L_ISIG(tty)) {
1364 if (c == INTR_CHAR(tty)) {
1365 n_tty_receive_signal_char(tty, SIGINT, c);
1366 return;
1367 } else if (c == QUIT_CHAR(tty)) {
1368 n_tty_receive_signal_char(tty, SIGQUIT, c);
1369 return;
1370 } else if (c == SUSP_CHAR(tty)) {
1371 n_tty_receive_signal_char(tty, SIGTSTP, c);
1372 return;
1373 }
1374 }
1375
1376 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1377 start_tty(tty);
1378 process_echoes(tty);
1379 }
1380
1381 if (c == '\r') {
1382 if (I_IGNCR(tty))
1383 return;
1384 if (I_ICRNL(tty))
1385 c = '\n';
1386 } else if (c == '\n' && I_INLCR(tty))
1387 c = '\r';
1388
1389 if (ldata->icanon && n_tty_receive_char_canon(tty, c))
1390 return;
1391
1392 if (L_ECHO(tty)) {
1393 finish_erasing(ldata);
1394 if (c == '\n')
1395 echo_char_raw('\n', ldata);
1396 else {
1397 /* Record the column of first canon char. */
1398 if (ldata->canon_head == ldata->read_head)
1399 echo_set_canon_col(ldata);
1400 echo_char(c, tty);
1401 }
1402 commit_echoes(tty);
1403 }
1404
1405 /* PARMRK doubling check */
1406 if (c == '\377' && I_PARMRK(tty))
1407 put_tty_queue(c, ldata);
1408
1409 put_tty_queue(c, ldata);
1410 }
1411
1412 /**
1413 * n_tty_receive_char - perform processing
1414 * @tty: terminal device
1415 * @c: character
1416 *
1417 * Process an individual character of input received from the driver. This is
1418 * serialized with respect to itself by the rules for the driver above.
1419 *
1420 * Locking: n_tty_receive_buf()/producer path:
1421 * caller holds non-exclusive %termios_rwsem
1422 * publishes canon_head if canonical mode is active
1423 */
n_tty_receive_char(struct tty_struct * tty,u8 c)1424 static void n_tty_receive_char(struct tty_struct *tty, u8 c)
1425 {
1426 struct n_tty_data *ldata = tty->disc_data;
1427
1428 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1429 start_tty(tty);
1430 process_echoes(tty);
1431 }
1432 if (L_ECHO(tty)) {
1433 finish_erasing(ldata);
1434 /* Record the column of first canon char. */
1435 if (ldata->canon_head == ldata->read_head)
1436 echo_set_canon_col(ldata);
1437 echo_char(c, tty);
1438 commit_echoes(tty);
1439 }
1440 /* PARMRK doubling check */
1441 if (c == '\377' && I_PARMRK(tty))
1442 put_tty_queue(c, ldata);
1443 put_tty_queue(c, ldata);
1444 }
1445
n_tty_receive_char_closing(struct tty_struct * tty,u8 c,bool lookahead_done)1446 static void n_tty_receive_char_closing(struct tty_struct *tty, u8 c,
1447 bool lookahead_done)
1448 {
1449 if (I_ISTRIP(tty))
1450 c &= 0x7f;
1451 if (I_IUCLC(tty) && L_IEXTEN(tty))
1452 c = tolower(c);
1453
1454 if (I_IXON(tty)) {
1455 if (!n_tty_receive_char_flow_ctrl(tty, c, lookahead_done) &&
1456 tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1457 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1458 c != SUSP_CHAR(tty)) {
1459 start_tty(tty);
1460 process_echoes(tty);
1461 }
1462 }
1463 }
1464
1465 static void
n_tty_receive_char_flagged(struct tty_struct * tty,u8 c,u8 flag)1466 n_tty_receive_char_flagged(struct tty_struct *tty, u8 c, u8 flag)
1467 {
1468 switch (flag) {
1469 case TTY_BREAK:
1470 n_tty_receive_break(tty);
1471 break;
1472 case TTY_PARITY:
1473 case TTY_FRAME:
1474 n_tty_receive_parity_error(tty, c);
1475 break;
1476 case TTY_OVERRUN:
1477 n_tty_receive_overrun(tty);
1478 break;
1479 default:
1480 tty_err(tty, "unknown flag %u\n", flag);
1481 break;
1482 }
1483 }
1484
1485 static void
n_tty_receive_char_lnext(struct tty_struct * tty,u8 c,u8 flag)1486 n_tty_receive_char_lnext(struct tty_struct *tty, u8 c, u8 flag)
1487 {
1488 struct n_tty_data *ldata = tty->disc_data;
1489
1490 ldata->lnext = 0;
1491 if (likely(flag == TTY_NORMAL)) {
1492 if (I_ISTRIP(tty))
1493 c &= 0x7f;
1494 if (I_IUCLC(tty) && L_IEXTEN(tty))
1495 c = tolower(c);
1496 n_tty_receive_char(tty, c);
1497 } else
1498 n_tty_receive_char_flagged(tty, c, flag);
1499 }
1500
1501 /* Caller must ensure count > 0 */
n_tty_lookahead_flow_ctrl(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1502 static void n_tty_lookahead_flow_ctrl(struct tty_struct *tty, const u8 *cp,
1503 const u8 *fp, size_t count)
1504 {
1505 struct n_tty_data *ldata = tty->disc_data;
1506 u8 flag = TTY_NORMAL;
1507
1508 ldata->lookahead_count += count;
1509
1510 if (!I_IXON(tty))
1511 return;
1512
1513 while (count--) {
1514 if (fp)
1515 flag = *fp++;
1516 if (likely(flag == TTY_NORMAL))
1517 n_tty_receive_char_flow_ctrl(tty, *cp, false);
1518 cp++;
1519 }
1520 }
1521
1522 static void
n_tty_receive_buf_real_raw(const struct tty_struct * tty,const u8 * cp,size_t count)1523 n_tty_receive_buf_real_raw(const struct tty_struct *tty, const u8 *cp,
1524 size_t count)
1525 {
1526 struct n_tty_data *ldata = tty->disc_data;
1527
1528 /* handle buffer wrap-around by a loop */
1529 for (unsigned int i = 0; i < 2; i++) {
1530 size_t head = MASK(ldata->read_head);
1531 size_t n = min(count, N_TTY_BUF_SIZE - head);
1532
1533 memcpy(read_buf_addr(ldata, head), cp, n);
1534
1535 ldata->read_head += n;
1536 cp += n;
1537 count -= n;
1538 }
1539 }
1540
1541 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1542 n_tty_receive_buf_raw(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1543 size_t count)
1544 {
1545 struct n_tty_data *ldata = tty->disc_data;
1546 u8 flag = TTY_NORMAL;
1547
1548 while (count--) {
1549 if (fp)
1550 flag = *fp++;
1551 if (likely(flag == TTY_NORMAL))
1552 put_tty_queue(*cp++, ldata);
1553 else
1554 n_tty_receive_char_flagged(tty, *cp++, flag);
1555 }
1556 }
1557
1558 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool lookahead_done)1559 n_tty_receive_buf_closing(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1560 size_t count, bool lookahead_done)
1561 {
1562 u8 flag = TTY_NORMAL;
1563
1564 while (count--) {
1565 if (fp)
1566 flag = *fp++;
1567 if (likely(flag == TTY_NORMAL))
1568 n_tty_receive_char_closing(tty, *cp++, lookahead_done);
1569 }
1570 }
1571
n_tty_receive_buf_standard(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool lookahead_done)1572 static void n_tty_receive_buf_standard(struct tty_struct *tty, const u8 *cp,
1573 const u8 *fp, size_t count,
1574 bool lookahead_done)
1575 {
1576 struct n_tty_data *ldata = tty->disc_data;
1577 u8 flag = TTY_NORMAL;
1578
1579 while (count--) {
1580 u8 c = *cp++;
1581
1582 if (fp)
1583 flag = *fp++;
1584
1585 if (ldata->lnext) {
1586 n_tty_receive_char_lnext(tty, c, flag);
1587 continue;
1588 }
1589
1590 if (unlikely(flag != TTY_NORMAL)) {
1591 n_tty_receive_char_flagged(tty, c, flag);
1592 continue;
1593 }
1594
1595 if (I_ISTRIP(tty))
1596 c &= 0x7f;
1597 if (I_IUCLC(tty) && L_IEXTEN(tty))
1598 c = tolower(c);
1599 if (L_EXTPROC(tty)) {
1600 put_tty_queue(c, ldata);
1601 continue;
1602 }
1603
1604 if (test_bit(c, ldata->char_map))
1605 n_tty_receive_char_special(tty, c, lookahead_done);
1606 else
1607 n_tty_receive_char(tty, c);
1608 }
1609 }
1610
__receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1611 static void __receive_buf(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1612 size_t count)
1613 {
1614 struct n_tty_data *ldata = tty->disc_data;
1615 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1616 size_t la_count = min(ldata->lookahead_count, count);
1617
1618 if (ldata->real_raw)
1619 n_tty_receive_buf_real_raw(tty, cp, count);
1620 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1621 n_tty_receive_buf_raw(tty, cp, fp, count);
1622 else if (tty->closing && !L_EXTPROC(tty)) {
1623 if (la_count > 0) {
1624 n_tty_receive_buf_closing(tty, cp, fp, la_count, true);
1625 cp += la_count;
1626 if (fp)
1627 fp += la_count;
1628 count -= la_count;
1629 }
1630 if (count > 0)
1631 n_tty_receive_buf_closing(tty, cp, fp, count, false);
1632 } else {
1633 if (la_count > 0) {
1634 n_tty_receive_buf_standard(tty, cp, fp, la_count, true);
1635 cp += la_count;
1636 if (fp)
1637 fp += la_count;
1638 count -= la_count;
1639 }
1640 if (count > 0)
1641 n_tty_receive_buf_standard(tty, cp, fp, count, false);
1642
1643 flush_echoes(tty);
1644 if (tty->ops->flush_chars)
1645 tty->ops->flush_chars(tty);
1646 }
1647
1648 ldata->lookahead_count -= la_count;
1649
1650 if (ldata->icanon && !L_EXTPROC(tty))
1651 return;
1652
1653 /* publish read_head to consumer */
1654 smp_store_release(&ldata->commit_head, ldata->read_head);
1655
1656 if (read_cnt(ldata)) {
1657 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1658 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1659 }
1660 }
1661
1662 /**
1663 * n_tty_receive_buf_common - process input
1664 * @tty: device to receive input
1665 * @cp: input chars
1666 * @fp: flags for each char (if %NULL, all chars are %TTY_NORMAL)
1667 * @count: number of input chars in @cp
1668 * @flow: enable flow control
1669 *
1670 * Called by the terminal driver when a block of characters has been received.
1671 * This function must be called from soft contexts not from interrupt context.
1672 * The driver is responsible for making calls one at a time and in order (or
1673 * using flush_to_ldisc()).
1674 *
1675 * Returns: the # of input chars from @cp which were processed.
1676 *
1677 * In canonical mode, the maximum line length is 4096 chars (including the line
1678 * termination char); lines longer than 4096 chars are truncated. After 4095
1679 * chars, input data is still processed but not stored. Overflow processing
1680 * ensures the tty can always receive more input until at least one line can be
1681 * read.
1682 *
1683 * In non-canonical mode, the read buffer will only accept 4095 chars; this
1684 * provides the necessary space for a newline char if the input mode is
1685 * switched to canonical.
1686 *
1687 * Note it is possible for the read buffer to _contain_ 4096 chars in
1688 * non-canonical mode: the read buffer could already contain the maximum canon
1689 * line of 4096 chars when the mode is switched to non-canonical.
1690 *
1691 * Locking: n_tty_receive_buf()/producer path:
1692 * claims non-exclusive %termios_rwsem
1693 * publishes commit_head or canon_head
1694 */
1695 static size_t
n_tty_receive_buf_common(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool flow)1696 n_tty_receive_buf_common(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1697 size_t count, bool flow)
1698 {
1699 struct n_tty_data *ldata = tty->disc_data;
1700 size_t n, rcvd = 0;
1701 int room, overflow;
1702
1703 down_read(&tty->termios_rwsem);
1704
1705 do {
1706 /*
1707 * When PARMRK is set, each input char may take up to 3 chars
1708 * in the read buf; reduce the buffer space avail by 3x
1709 *
1710 * If we are doing input canonicalization, and there are no
1711 * pending newlines, let characters through without limit, so
1712 * that erase characters will be handled. Other excess
1713 * characters will be beeped.
1714 *
1715 * paired with store in *_copy_from_read_buf() -- guarantees
1716 * the consumer has loaded the data in read_buf up to the new
1717 * read_tail (so this producer will not overwrite unread data)
1718 */
1719 size_t tail = smp_load_acquire(&ldata->read_tail);
1720
1721 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1722 if (I_PARMRK(tty))
1723 room = DIV_ROUND_UP(room, 3);
1724 room--;
1725 if (room <= 0) {
1726 overflow = ldata->icanon && ldata->canon_head == tail;
1727 if (overflow && room < 0)
1728 ldata->read_head--;
1729 room = overflow;
1730 WRITE_ONCE(ldata->no_room, flow && !room);
1731 } else
1732 overflow = 0;
1733
1734 n = min_t(size_t, count, room);
1735 if (!n)
1736 break;
1737
1738 /* ignore parity errors if handling overflow */
1739 if (!overflow || !fp || *fp != TTY_PARITY)
1740 __receive_buf(tty, cp, fp, n);
1741
1742 cp += n;
1743 if (fp)
1744 fp += n;
1745 count -= n;
1746 rcvd += n;
1747 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1748
1749 tty->receive_room = room;
1750
1751 /* Unthrottle if handling overflow on pty */
1752 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1753 if (overflow) {
1754 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1755 tty_unthrottle_safe(tty);
1756 __tty_set_flow_change(tty, 0);
1757 }
1758 } else
1759 n_tty_check_throttle(tty);
1760
1761 if (unlikely(ldata->no_room)) {
1762 /*
1763 * Barrier here is to ensure to read the latest read_tail in
1764 * chars_in_buffer() and to make sure that read_tail is not loaded
1765 * before ldata->no_room is set.
1766 */
1767 smp_mb();
1768 if (!chars_in_buffer(tty))
1769 n_tty_kick_worker(tty);
1770 }
1771
1772 up_read(&tty->termios_rwsem);
1773
1774 return rcvd;
1775 }
1776
n_tty_receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1777 static void n_tty_receive_buf(struct tty_struct *tty, const u8 *cp,
1778 const u8 *fp, size_t count)
1779 {
1780 n_tty_receive_buf_common(tty, cp, fp, count, false);
1781 }
1782
n_tty_receive_buf2(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1783 static size_t n_tty_receive_buf2(struct tty_struct *tty, const u8 *cp,
1784 const u8 *fp, size_t count)
1785 {
1786 return n_tty_receive_buf_common(tty, cp, fp, count, true);
1787 }
1788
1789 /**
1790 * n_tty_set_termios - termios data changed
1791 * @tty: terminal
1792 * @old: previous data
1793 *
1794 * Called by the tty layer when the user changes termios flags so that the line
1795 * discipline can plan ahead. This function cannot sleep and is protected from
1796 * re-entry by the tty layer. The user is guaranteed that this function will
1797 * not be re-entered or in progress when the ldisc is closed.
1798 *
1799 * Locking: Caller holds @tty->termios_rwsem
1800 */
n_tty_set_termios(struct tty_struct * tty,const struct ktermios * old)1801 static void n_tty_set_termios(struct tty_struct *tty, const struct ktermios *old)
1802 {
1803 struct n_tty_data *ldata = tty->disc_data;
1804
1805 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1806 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1807 ldata->line_start = ldata->read_tail;
1808 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1809 ldata->canon_head = ldata->read_tail;
1810 ldata->push = 0;
1811 } else {
1812 set_bit(MASK(ldata->read_head - 1), ldata->read_flags);
1813 ldata->canon_head = ldata->read_head;
1814 ldata->push = 1;
1815 }
1816 ldata->commit_head = ldata->read_head;
1817 ldata->erasing = 0;
1818 ldata->lnext = 0;
1819 }
1820
1821 ldata->icanon = (L_ICANON(tty) != 0);
1822
1823 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1824 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1825 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1826 I_PARMRK(tty)) {
1827 bitmap_zero(ldata->char_map, 256);
1828
1829 if (I_IGNCR(tty) || I_ICRNL(tty))
1830 set_bit('\r', ldata->char_map);
1831 if (I_INLCR(tty))
1832 set_bit('\n', ldata->char_map);
1833
1834 if (L_ICANON(tty)) {
1835 set_bit(ERASE_CHAR(tty), ldata->char_map);
1836 set_bit(KILL_CHAR(tty), ldata->char_map);
1837 set_bit(EOF_CHAR(tty), ldata->char_map);
1838 set_bit('\n', ldata->char_map);
1839 set_bit(EOL_CHAR(tty), ldata->char_map);
1840 if (L_IEXTEN(tty)) {
1841 set_bit(WERASE_CHAR(tty), ldata->char_map);
1842 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1843 set_bit(EOL2_CHAR(tty), ldata->char_map);
1844 if (L_ECHO(tty))
1845 set_bit(REPRINT_CHAR(tty),
1846 ldata->char_map);
1847 }
1848 }
1849 if (I_IXON(tty)) {
1850 set_bit(START_CHAR(tty), ldata->char_map);
1851 set_bit(STOP_CHAR(tty), ldata->char_map);
1852 }
1853 if (L_ISIG(tty)) {
1854 set_bit(INTR_CHAR(tty), ldata->char_map);
1855 set_bit(QUIT_CHAR(tty), ldata->char_map);
1856 set_bit(SUSP_CHAR(tty), ldata->char_map);
1857 }
1858 clear_bit(__DISABLED_CHAR, ldata->char_map);
1859 ldata->raw = 0;
1860 ldata->real_raw = 0;
1861 } else {
1862 ldata->raw = 1;
1863 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1864 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1865 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1866 ldata->real_raw = 1;
1867 else
1868 ldata->real_raw = 0;
1869 }
1870 /*
1871 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1872 * been stopped by STOP_CHAR(tty) before it.
1873 */
1874 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1875 start_tty(tty);
1876 process_echoes(tty);
1877 }
1878
1879 /* The termios change make the tty ready for I/O */
1880 wake_up_interruptible(&tty->write_wait);
1881 wake_up_interruptible(&tty->read_wait);
1882 }
1883
1884 /**
1885 * n_tty_close - close the ldisc for this tty
1886 * @tty: device
1887 *
1888 * Called from the terminal layer when this line discipline is being shut down,
1889 * either because of a close or becsuse of a discipline change. The function
1890 * will not be called while other ldisc methods are in progress.
1891 */
n_tty_close(struct tty_struct * tty)1892 static void n_tty_close(struct tty_struct *tty)
1893 {
1894 struct n_tty_data *ldata = tty->disc_data;
1895
1896 if (tty->link)
1897 n_tty_packet_mode_flush(tty);
1898
1899 down_write(&tty->termios_rwsem);
1900 vfree(ldata);
1901 tty->disc_data = NULL;
1902 up_write(&tty->termios_rwsem);
1903 }
1904
1905 /**
1906 * n_tty_open - open an ldisc
1907 * @tty: terminal to open
1908 *
1909 * Called when this line discipline is being attached to the terminal device.
1910 * Can sleep. Called serialized so that no other events will occur in parallel.
1911 * No further open will occur until a close.
1912 */
n_tty_open(struct tty_struct * tty)1913 static int n_tty_open(struct tty_struct *tty)
1914 {
1915 struct n_tty_data *ldata;
1916
1917 /* Currently a malloc failure here can panic */
1918 ldata = vzalloc(sizeof(*ldata));
1919 if (!ldata)
1920 return -ENOMEM;
1921
1922 ldata->overrun_time = jiffies;
1923 mutex_init(&ldata->atomic_read_lock);
1924 mutex_init(&ldata->output_lock);
1925
1926 tty->disc_data = ldata;
1927 tty->closing = 0;
1928 /* indicate buffer work may resume */
1929 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1930 n_tty_set_termios(tty, NULL);
1931 tty_unthrottle(tty);
1932 return 0;
1933 }
1934
input_available_p(const struct tty_struct * tty,int poll)1935 static inline int input_available_p(const struct tty_struct *tty, int poll)
1936 {
1937 const struct n_tty_data *ldata = tty->disc_data;
1938 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1939
1940 if (ldata->icanon && !L_EXTPROC(tty))
1941 return ldata->canon_head != ldata->read_tail;
1942 else
1943 return ldata->commit_head - ldata->read_tail >= amt;
1944 }
1945
1946 /**
1947 * copy_from_read_buf - copy read data directly
1948 * @tty: terminal device
1949 * @kbp: data
1950 * @nr: size of data
1951 *
1952 * Helper function to speed up n_tty_read(). It is only called when %ICANON is
1953 * off; it copies characters straight from the tty queue.
1954 *
1955 * Returns: true if it successfully copied data, but there is still more data
1956 * to be had.
1957 *
1958 * Locking:
1959 * * called under the @ldata->atomic_read_lock sem
1960 * * n_tty_read()/consumer path:
1961 * caller holds non-exclusive %termios_rwsem;
1962 * read_tail published
1963 */
copy_from_read_buf(const struct tty_struct * tty,u8 ** kbp,size_t * nr)1964 static bool copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
1965 size_t *nr)
1966
1967 {
1968 struct n_tty_data *ldata = tty->disc_data;
1969 size_t n;
1970 bool is_eof;
1971 size_t head = smp_load_acquire(&ldata->commit_head);
1972 size_t tail = MASK(ldata->read_tail);
1973
1974 n = min3(head - ldata->read_tail, N_TTY_BUF_SIZE - tail, *nr);
1975 if (!n)
1976 return false;
1977
1978 u8 *from = read_buf_addr(ldata, tail);
1979 memcpy(*kbp, from, n);
1980 is_eof = n == 1 && *from == EOF_CHAR(tty);
1981 tty_audit_add_data(tty, from, n);
1982 zero_buffer(tty, from, n);
1983 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1984
1985 /* Turn single EOF into zero-length read */
1986 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1987 head == ldata->read_tail)
1988 return false;
1989
1990 *kbp += n;
1991 *nr -= n;
1992
1993 /* If we have more to copy, let the caller know */
1994 return head != ldata->read_tail;
1995 }
1996
1997 /**
1998 * canon_copy_from_read_buf - copy read data in canonical mode
1999 * @tty: terminal device
2000 * @kbp: data
2001 * @nr: size of data
2002 *
2003 * Helper function for n_tty_read(). It is only called when %ICANON is on; it
2004 * copies one line of input up to and including the line-delimiting character
2005 * into the result buffer.
2006 *
2007 * Note: When termios is changed from non-canonical to canonical mode and the
2008 * read buffer contains data, n_tty_set_termios() simulates an EOF push (as if
2009 * C-d were input) _without_ the %DISABLED_CHAR in the buffer. This causes data
2010 * already processed as input to be immediately available as input although a
2011 * newline has not been received.
2012 *
2013 * Locking:
2014 * * called under the %atomic_read_lock mutex
2015 * * n_tty_read()/consumer path:
2016 * caller holds non-exclusive %termios_rwsem;
2017 * read_tail published
2018 */
canon_copy_from_read_buf(const struct tty_struct * tty,u8 ** kbp,size_t * nr)2019 static bool canon_copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
2020 size_t *nr)
2021 {
2022 struct n_tty_data *ldata = tty->disc_data;
2023 size_t n, size, more, c;
2024 size_t eol;
2025 size_t tail, canon_head;
2026 int found = 0;
2027
2028 /* N.B. avoid overrun if nr == 0 */
2029 if (!*nr)
2030 return false;
2031
2032 canon_head = smp_load_acquire(&ldata->canon_head);
2033 n = min(*nr, canon_head - ldata->read_tail);
2034
2035 tail = MASK(ldata->read_tail);
2036 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2037
2038 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2039 __func__, *nr, tail, n, size);
2040
2041 eol = find_next_bit(ldata->read_flags, size, tail);
2042 more = n - (size - tail);
2043 if (eol == N_TTY_BUF_SIZE && more) {
2044 /* scan wrapped without finding set bit */
2045 eol = find_first_bit(ldata->read_flags, more);
2046 found = eol != more;
2047 } else
2048 found = eol != size;
2049
2050 n = eol - tail;
2051 if (n > N_TTY_BUF_SIZE)
2052 n += N_TTY_BUF_SIZE;
2053 c = n + found;
2054
2055 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2056 n = c;
2057
2058 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2059 __func__, eol, found, n, c, tail, more);
2060
2061 tty_copy(tty, *kbp, tail, n);
2062 *kbp += n;
2063 *nr -= n;
2064
2065 if (found)
2066 clear_bit(eol, ldata->read_flags);
2067 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2068
2069 if (found) {
2070 if (!ldata->push)
2071 ldata->line_start = ldata->read_tail;
2072 else
2073 ldata->push = 0;
2074 tty_audit_push();
2075 return false;
2076 }
2077
2078 /* No EOL found - do a continuation retry if there is more data */
2079 return ldata->read_tail != canon_head;
2080 }
2081
2082 /*
2083 * If we finished a read at the exact location of an
2084 * EOF (special EOL character that's a __DISABLED_CHAR)
2085 * in the stream, silently eat the EOF.
2086 */
canon_skip_eof(struct n_tty_data * ldata)2087 static void canon_skip_eof(struct n_tty_data *ldata)
2088 {
2089 size_t tail, canon_head;
2090
2091 canon_head = smp_load_acquire(&ldata->canon_head);
2092 tail = ldata->read_tail;
2093
2094 // No data?
2095 if (tail == canon_head)
2096 return;
2097
2098 // See if the tail position is EOF in the circular buffer
2099 tail &= (N_TTY_BUF_SIZE - 1);
2100 if (!test_bit(tail, ldata->read_flags))
2101 return;
2102 if (read_buf(ldata, tail) != __DISABLED_CHAR)
2103 return;
2104
2105 // Clear the EOL bit, skip the EOF char.
2106 clear_bit(tail, ldata->read_flags);
2107 smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2108 }
2109
2110 /**
2111 * job_control - check job control
2112 * @tty: tty
2113 * @file: file handle
2114 *
2115 * Perform job control management checks on this @file/@tty descriptor and if
2116 * appropriate send any needed signals and return a negative error code if
2117 * action should be taken.
2118 *
2119 * Locking:
2120 * * redirected write test is safe
2121 * * current->signal->tty check is safe
2122 * * ctrl.lock to safely reference @tty->ctrl.pgrp
2123 */
job_control(struct tty_struct * tty,struct file * file)2124 static int job_control(struct tty_struct *tty, struct file *file)
2125 {
2126 /* Job control check -- must be done at start and after
2127 every sleep (POSIX.1 7.1.1.4). */
2128 /* NOTE: not yet done after every sleep pending a thorough
2129 check of the logic of this change. -- jlc */
2130 /* don't stop on /dev/console */
2131 if (file->f_op->write_iter == redirected_tty_write)
2132 return 0;
2133
2134 return __tty_check_change(tty, SIGTTIN);
2135 }
2136
2137
2138 /**
2139 * n_tty_read - read function for tty
2140 * @tty: tty device
2141 * @file: file object
2142 * @kbuf: kernelspace buffer pointer
2143 * @nr: size of I/O
2144 * @cookie: if non-%NULL, this is a continuation read
2145 * @offset: where to continue reading from (unused in n_tty)
2146 *
2147 * Perform reads for the line discipline. We are guaranteed that the line
2148 * discipline will not be closed under us but we may get multiple parallel
2149 * readers and must handle this ourselves. We may also get a hangup. Always
2150 * called in user context, may sleep.
2151 *
2152 * This code must be sure never to sleep through a hangup.
2153 *
2154 * Locking: n_tty_read()/consumer path:
2155 * claims non-exclusive termios_rwsem;
2156 * publishes read_tail
2157 */
n_tty_read(struct tty_struct * tty,struct file * file,u8 * kbuf,size_t nr,void ** cookie,unsigned long offset)2158 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, u8 *kbuf,
2159 size_t nr, void **cookie, unsigned long offset)
2160 {
2161 struct n_tty_data *ldata = tty->disc_data;
2162 u8 *kb = kbuf;
2163 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2164 int minimum, time;
2165 ssize_t retval;
2166 long timeout;
2167 bool packet;
2168 size_t old_tail;
2169
2170 /*
2171 * Is this a continuation of a read started earler?
2172 *
2173 * If so, we still hold the atomic_read_lock and the
2174 * termios_rwsem, and can just continue to copy data.
2175 */
2176 if (*cookie) {
2177 if (ldata->icanon && !L_EXTPROC(tty)) {
2178 /*
2179 * If we have filled the user buffer, see
2180 * if we should skip an EOF character before
2181 * releasing the lock and returning done.
2182 */
2183 if (!nr)
2184 canon_skip_eof(ldata);
2185 else if (canon_copy_from_read_buf(tty, &kb, &nr))
2186 return kb - kbuf;
2187 } else {
2188 if (copy_from_read_buf(tty, &kb, &nr))
2189 return kb - kbuf;
2190 }
2191
2192 /* No more data - release locks and stop retries */
2193 n_tty_kick_worker(tty);
2194 n_tty_check_unthrottle(tty);
2195 up_read(&tty->termios_rwsem);
2196 mutex_unlock(&ldata->atomic_read_lock);
2197 *cookie = NULL;
2198 return kb - kbuf;
2199 }
2200
2201 retval = job_control(tty, file);
2202 if (retval < 0)
2203 return retval;
2204
2205 /*
2206 * Internal serialization of reads.
2207 */
2208 if (file->f_flags & O_NONBLOCK) {
2209 if (!mutex_trylock(&ldata->atomic_read_lock))
2210 return -EAGAIN;
2211 } else {
2212 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2213 return -ERESTARTSYS;
2214 }
2215
2216 down_read(&tty->termios_rwsem);
2217
2218 minimum = time = 0;
2219 timeout = MAX_SCHEDULE_TIMEOUT;
2220 if (!ldata->icanon) {
2221 minimum = MIN_CHAR(tty);
2222 if (minimum) {
2223 time = (HZ / 10) * TIME_CHAR(tty);
2224 } else {
2225 timeout = (HZ / 10) * TIME_CHAR(tty);
2226 minimum = 1;
2227 }
2228 }
2229
2230 packet = tty->ctrl.packet;
2231 old_tail = ldata->read_tail;
2232
2233 add_wait_queue(&tty->read_wait, &wait);
2234 while (nr) {
2235 /* First test for status change. */
2236 if (packet && tty->link->ctrl.pktstatus) {
2237 u8 cs;
2238 if (kb != kbuf)
2239 break;
2240 spin_lock_irq(&tty->link->ctrl.lock);
2241 cs = tty->link->ctrl.pktstatus;
2242 tty->link->ctrl.pktstatus = 0;
2243 spin_unlock_irq(&tty->link->ctrl.lock);
2244 *kb++ = cs;
2245 nr--;
2246 break;
2247 }
2248
2249 if (!input_available_p(tty, 0)) {
2250 up_read(&tty->termios_rwsem);
2251 tty_buffer_flush_work(tty->port);
2252 down_read(&tty->termios_rwsem);
2253 if (!input_available_p(tty, 0)) {
2254 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2255 retval = -EIO;
2256 break;
2257 }
2258 if (tty_hung_up_p(file))
2259 break;
2260 /*
2261 * Abort readers for ttys which never actually
2262 * get hung up. See __tty_hangup().
2263 */
2264 if (test_bit(TTY_HUPPING, &tty->flags))
2265 break;
2266 if (!timeout)
2267 break;
2268 if (tty_io_nonblock(tty, file)) {
2269 retval = -EAGAIN;
2270 break;
2271 }
2272 if (signal_pending(current)) {
2273 retval = -ERESTARTSYS;
2274 break;
2275 }
2276 up_read(&tty->termios_rwsem);
2277
2278 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2279 timeout);
2280
2281 down_read(&tty->termios_rwsem);
2282 continue;
2283 }
2284 }
2285
2286 if (ldata->icanon && !L_EXTPROC(tty)) {
2287 if (canon_copy_from_read_buf(tty, &kb, &nr))
2288 goto more_to_be_read;
2289 } else {
2290 /* Deal with packet mode. */
2291 if (packet && kb == kbuf) {
2292 *kb++ = TIOCPKT_DATA;
2293 nr--;
2294 }
2295
2296 /*
2297 * Copy data, and if there is more to be had
2298 * and we have nothing more to wait for, then
2299 * let's mark us for retries.
2300 *
2301 * NOTE! We return here with both the termios_sem
2302 * and atomic_read_lock still held, the retries
2303 * will release them when done.
2304 */
2305 if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2306 more_to_be_read:
2307 remove_wait_queue(&tty->read_wait, &wait);
2308 *cookie = cookie;
2309 return kb - kbuf;
2310 }
2311 }
2312
2313 n_tty_check_unthrottle(tty);
2314
2315 if (kb - kbuf >= minimum)
2316 break;
2317 if (time)
2318 timeout = time;
2319 }
2320 if (old_tail != ldata->read_tail) {
2321 /*
2322 * Make sure no_room is not read in n_tty_kick_worker()
2323 * before setting ldata->read_tail in copy_from_read_buf().
2324 */
2325 smp_mb();
2326 n_tty_kick_worker(tty);
2327 }
2328 up_read(&tty->termios_rwsem);
2329
2330 remove_wait_queue(&tty->read_wait, &wait);
2331 mutex_unlock(&ldata->atomic_read_lock);
2332
2333 if (kb - kbuf)
2334 retval = kb - kbuf;
2335
2336 return retval;
2337 }
2338
2339 /**
2340 * n_tty_write - write function for tty
2341 * @tty: tty device
2342 * @file: file object
2343 * @buf: userspace buffer pointer
2344 * @nr: size of I/O
2345 *
2346 * Write function of the terminal device. This is serialized with respect to
2347 * other write callers but not to termios changes, reads and other such events.
2348 * Since the receive code will echo characters, thus calling driver write
2349 * methods, the %output_lock is used in the output processing functions called
2350 * here as well as in the echo processing function to protect the column state
2351 * and space left in the buffer.
2352 *
2353 * This code must be sure never to sleep through a hangup.
2354 *
2355 * Locking: output_lock to protect column state and space left
2356 * (note that the process_output*() functions take this lock themselves)
2357 */
2358
n_tty_write(struct tty_struct * tty,struct file * file,const u8 * buf,size_t nr)2359 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2360 const u8 *buf, size_t nr)
2361 {
2362 const u8 *b = buf;
2363 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2364 ssize_t num, retval = 0;
2365
2366 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2367 if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2368 retval = tty_check_change(tty);
2369 if (retval)
2370 return retval;
2371 }
2372
2373 down_read(&tty->termios_rwsem);
2374
2375 /* Write out any echoed characters that are still pending */
2376 process_echoes(tty);
2377
2378 add_wait_queue(&tty->write_wait, &wait);
2379 while (1) {
2380 if (signal_pending(current)) {
2381 retval = -ERESTARTSYS;
2382 break;
2383 }
2384 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2385 retval = -EIO;
2386 break;
2387 }
2388 if (O_OPOST(tty)) {
2389 while (nr > 0) {
2390 num = process_output_block(tty, b, nr);
2391 if (num < 0) {
2392 if (num == -EAGAIN)
2393 break;
2394 retval = num;
2395 goto break_out;
2396 }
2397 b += num;
2398 nr -= num;
2399 if (nr == 0)
2400 break;
2401 if (process_output(*b, tty) < 0)
2402 break;
2403 b++; nr--;
2404 }
2405 if (tty->ops->flush_chars)
2406 tty->ops->flush_chars(tty);
2407 } else {
2408 struct n_tty_data *ldata = tty->disc_data;
2409
2410 while (nr > 0) {
2411 mutex_lock(&ldata->output_lock);
2412 num = tty->ops->write(tty, b, nr);
2413 mutex_unlock(&ldata->output_lock);
2414 if (num < 0) {
2415 retval = num;
2416 goto break_out;
2417 }
2418 if (!num)
2419 break;
2420 b += num;
2421 nr -= num;
2422 }
2423 }
2424 if (!nr)
2425 break;
2426 if (tty_io_nonblock(tty, file)) {
2427 retval = -EAGAIN;
2428 break;
2429 }
2430 up_read(&tty->termios_rwsem);
2431
2432 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2433
2434 down_read(&tty->termios_rwsem);
2435 }
2436 break_out:
2437 remove_wait_queue(&tty->write_wait, &wait);
2438 if (nr && tty->fasync)
2439 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2440 up_read(&tty->termios_rwsem);
2441 return (b - buf) ? b - buf : retval;
2442 }
2443
2444 /**
2445 * n_tty_poll - poll method for N_TTY
2446 * @tty: terminal device
2447 * @file: file accessing it
2448 * @wait: poll table
2449 *
2450 * Called when the line discipline is asked to poll() for data or for special
2451 * events. This code is not serialized with respect to other events save
2452 * open/close.
2453 *
2454 * This code must be sure never to sleep through a hangup.
2455 *
2456 * Locking: called without the kernel lock held -- fine.
2457 */
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2458 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2459 poll_table *wait)
2460 {
2461 __poll_t mask = 0;
2462
2463 poll_wait(file, &tty->read_wait, wait);
2464 poll_wait(file, &tty->write_wait, wait);
2465 if (input_available_p(tty, 1))
2466 mask |= EPOLLIN | EPOLLRDNORM;
2467 else {
2468 tty_buffer_flush_work(tty->port);
2469 if (input_available_p(tty, 1))
2470 mask |= EPOLLIN | EPOLLRDNORM;
2471 }
2472 if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2473 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2474 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2475 mask |= EPOLLHUP;
2476 if (tty_hung_up_p(file))
2477 mask |= EPOLLHUP;
2478 if (tty->ops->write && !tty_is_writelocked(tty) &&
2479 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2480 tty_write_room(tty) > 0)
2481 mask |= EPOLLOUT | EPOLLWRNORM;
2482 return mask;
2483 }
2484
inq_canon(struct n_tty_data * ldata)2485 static unsigned long inq_canon(struct n_tty_data *ldata)
2486 {
2487 size_t nr, head, tail;
2488
2489 if (ldata->canon_head == ldata->read_tail)
2490 return 0;
2491 head = ldata->canon_head;
2492 tail = ldata->read_tail;
2493 nr = head - tail;
2494 /* Skip EOF-chars.. */
2495 while (MASK(head) != MASK(tail)) {
2496 if (test_bit(MASK(tail), ldata->read_flags) &&
2497 read_buf(ldata, tail) == __DISABLED_CHAR)
2498 nr--;
2499 tail++;
2500 }
2501 return nr;
2502 }
2503
n_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)2504 static int n_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
2505 unsigned long arg)
2506 {
2507 struct n_tty_data *ldata = tty->disc_data;
2508 unsigned int num;
2509
2510 switch (cmd) {
2511 case TIOCOUTQ:
2512 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2513 case TIOCINQ:
2514 down_write(&tty->termios_rwsem);
2515 if (L_ICANON(tty) && !L_EXTPROC(tty))
2516 num = inq_canon(ldata);
2517 else
2518 num = read_cnt(ldata);
2519 up_write(&tty->termios_rwsem);
2520 return put_user(num, (unsigned int __user *) arg);
2521 default:
2522 return n_tty_ioctl_helper(tty, cmd, arg);
2523 }
2524 }
2525
2526 static struct tty_ldisc_ops n_tty_ops = {
2527 .owner = THIS_MODULE,
2528 .num = N_TTY,
2529 .name = "n_tty",
2530 .open = n_tty_open,
2531 .close = n_tty_close,
2532 .flush_buffer = n_tty_flush_buffer,
2533 .read = n_tty_read,
2534 .write = n_tty_write,
2535 .ioctl = n_tty_ioctl,
2536 .set_termios = n_tty_set_termios,
2537 .poll = n_tty_poll,
2538 .receive_buf = n_tty_receive_buf,
2539 .write_wakeup = n_tty_write_wakeup,
2540 .receive_buf2 = n_tty_receive_buf2,
2541 .lookahead_buf = n_tty_lookahead_flow_ctrl,
2542 };
2543
2544 /**
2545 * n_tty_inherit_ops - inherit N_TTY methods
2546 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2547 *
2548 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2549 */
2550
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2551 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2552 {
2553 *ops = n_tty_ops;
2554 ops->owner = NULL;
2555 }
2556 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2557
n_tty_init(void)2558 void __init n_tty_init(void)
2559 {
2560 tty_register_ldisc(&n_tty_ops);
2561 }
2562