1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31 #include <linux/bitmap.h>
32 #include <linux/bitops.h>
33 #include <linux/ctype.h>
34 #include <linux/errno.h>
35 #include <linux/export.h>
36 #include <linux/fcntl.h>
37 #include <linux/file.h>
38 #include <linux/jiffies.h>
39 #include <linux/math.h>
40 #include <linux/poll.h>
41 #include <linux/ratelimit.h>
42 #include <linux/sched.h>
43 #include <linux/signal.h>
44 #include <linux/slab.h>
45 #include <linux/string.h>
46 #include <linux/tty.h>
47 #include <linux/types.h>
48 #include <linux/uaccess.h>
49 #include <linux/vmalloc.h>
50
51 #include "tty.h"
52
53 /*
54 * Until this number of characters is queued in the xmit buffer, select will
55 * return "we have room for writes".
56 */
57 #define WAKEUP_CHARS 256
58
59 #define N_TTY_BUF_SIZE 4096
60
61 /*
62 * This defines the low- and high-watermarks for throttling and
63 * unthrottling the TTY driver. These watermarks are used for
64 * controlling the space in the read buffer.
65 */
66 #define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
67 #define TTY_THRESHOLD_UNTHROTTLE 128
68
69 /*
70 * Special byte codes used in the echo buffer to represent operations
71 * or special handling of characters. Bytes in the echo buffer that
72 * are not part of such special blocks are treated as normal character
73 * codes.
74 */
75 #define ECHO_OP_START 0xff
76 #define ECHO_OP_MOVE_BACK_COL 0x80
77 #define ECHO_OP_SET_CANON_COL 0x81
78 #define ECHO_OP_ERASE_TAB 0x82
79
80 #define ECHO_COMMIT_WATERMARK 256
81 #define ECHO_BLOCK 256
82 #define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
83
84 struct n_tty_data {
85 /* producer-published */
86 size_t read_head;
87 size_t commit_head;
88 size_t canon_head;
89 size_t echo_head;
90 size_t echo_commit;
91 size_t echo_mark;
92 DECLARE_BITMAP(char_map, 256);
93
94 /* private to n_tty_receive_overrun (single-threaded) */
95 unsigned long overrun_time;
96 unsigned int num_overrun;
97
98 /* non-atomic */
99 bool no_room;
100
101 /* must hold exclusive termios_rwsem to reset these */
102 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
103 unsigned char push:1;
104
105 /* shared by producer and consumer */
106 u8 read_buf[N_TTY_BUF_SIZE];
107 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
108 u8 echo_buf[N_TTY_BUF_SIZE];
109
110 /* consumer-published */
111 size_t read_tail;
112 size_t line_start;
113
114 /* # of chars looked ahead (to find software flow control chars) */
115 size_t lookahead_count;
116
117 /* protected by output lock */
118 unsigned int column;
119 unsigned int canon_column;
120 size_t echo_tail;
121
122 struct mutex atomic_read_lock;
123 struct mutex output_lock;
124 };
125
126 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
127
read_cnt(struct n_tty_data * ldata)128 static inline size_t read_cnt(struct n_tty_data *ldata)
129 {
130 return ldata->read_head - ldata->read_tail;
131 }
132
read_buf(struct n_tty_data * ldata,size_t i)133 static inline u8 read_buf(struct n_tty_data *ldata, size_t i)
134 {
135 return ldata->read_buf[MASK(i)];
136 }
137
read_buf_addr(struct n_tty_data * ldata,size_t i)138 static inline u8 *read_buf_addr(struct n_tty_data *ldata, size_t i)
139 {
140 return &ldata->read_buf[MASK(i)];
141 }
142
echo_buf(struct n_tty_data * ldata,size_t i)143 static inline u8 echo_buf(struct n_tty_data *ldata, size_t i)
144 {
145 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
146 return ldata->echo_buf[MASK(i)];
147 }
148
echo_buf_addr(struct n_tty_data * ldata,size_t i)149 static inline u8 *echo_buf_addr(struct n_tty_data *ldata, size_t i)
150 {
151 return &ldata->echo_buf[MASK(i)];
152 }
153
154 /* If we are not echoing the data, perhaps this is a secret so erase it */
zero_buffer(const struct tty_struct * tty,u8 * buffer,size_t size)155 static void zero_buffer(const struct tty_struct *tty, u8 *buffer, size_t size)
156 {
157 if (L_ICANON(tty) && !L_ECHO(tty))
158 memset(buffer, 0, size);
159 }
160
tty_copy(const struct tty_struct * tty,void * to,size_t tail,size_t n)161 static void tty_copy(const struct tty_struct *tty, void *to, size_t tail,
162 size_t n)
163 {
164 struct n_tty_data *ldata = tty->disc_data;
165 size_t size = N_TTY_BUF_SIZE - tail;
166 void *from = read_buf_addr(ldata, tail);
167
168 if (n > size) {
169 tty_audit_add_data(tty, from, size);
170 memcpy(to, from, size);
171 zero_buffer(tty, from, size);
172 to += size;
173 n -= size;
174 from = ldata->read_buf;
175 }
176
177 tty_audit_add_data(tty, from, n);
178 memcpy(to, from, n);
179 zero_buffer(tty, from, n);
180 }
181
182 /**
183 * n_tty_kick_worker - start input worker (if required)
184 * @tty: terminal
185 *
186 * Re-schedules the flip buffer work if it may have stopped.
187 *
188 * Locking:
189 * * Caller holds exclusive %termios_rwsem, or
190 * * n_tty_read()/consumer path:
191 * holds non-exclusive %termios_rwsem
192 */
n_tty_kick_worker(const struct tty_struct * tty)193 static void n_tty_kick_worker(const struct tty_struct *tty)
194 {
195 struct n_tty_data *ldata = tty->disc_data;
196
197 /* Did the input worker stop? Restart it */
198 if (unlikely(READ_ONCE(ldata->no_room))) {
199 WRITE_ONCE(ldata->no_room, 0);
200
201 WARN_RATELIMIT(tty->port->itty == NULL,
202 "scheduling with invalid itty\n");
203 /* see if ldisc has been killed - if so, this means that
204 * even though the ldisc has been halted and ->buf.work
205 * cancelled, ->buf.work is about to be rescheduled
206 */
207 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
208 "scheduling buffer work for halted ldisc\n");
209 tty_buffer_restart_work(tty->port);
210 }
211 }
212
chars_in_buffer(const struct tty_struct * tty)213 static ssize_t chars_in_buffer(const struct tty_struct *tty)
214 {
215 const struct n_tty_data *ldata = tty->disc_data;
216 size_t head = ldata->icanon ? ldata->canon_head : ldata->commit_head;
217
218 return head - ldata->read_tail;
219 }
220
221 /**
222 * n_tty_write_wakeup - asynchronous I/O notifier
223 * @tty: tty device
224 *
225 * Required for the ptys, serial driver etc. since processes that attach
226 * themselves to the master and rely on ASYNC IO must be woken up.
227 */
n_tty_write_wakeup(struct tty_struct * tty)228 static void n_tty_write_wakeup(struct tty_struct *tty)
229 {
230 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
231 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
232 }
233
n_tty_check_throttle(struct tty_struct * tty)234 static void n_tty_check_throttle(struct tty_struct *tty)
235 {
236 struct n_tty_data *ldata = tty->disc_data;
237
238 /*
239 * Check the remaining room for the input canonicalization
240 * mode. We don't want to throttle the driver if we're in
241 * canonical mode and don't have a newline yet!
242 */
243 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
244 return;
245
246 do {
247 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
248 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
249 break;
250 } while (!tty_throttle_safe(tty));
251
252 __tty_set_flow_change(tty, 0);
253 }
254
n_tty_check_unthrottle(struct tty_struct * tty)255 static void n_tty_check_unthrottle(struct tty_struct *tty)
256 {
257 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
258 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
259 return;
260 n_tty_kick_worker(tty);
261 tty_wakeup(tty->link);
262 return;
263 }
264
265 /* If there is enough space in the read buffer now, let the
266 * low-level driver know. We use chars_in_buffer() to
267 * check the buffer, as it now knows about canonical mode.
268 * Otherwise, if the driver is throttled and the line is
269 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
270 * we won't get any more characters.
271 */
272
273 do {
274 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
275 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
276 break;
277
278 n_tty_kick_worker(tty);
279 } while (!tty_unthrottle_safe(tty));
280
281 __tty_set_flow_change(tty, 0);
282 }
283
284 /**
285 * put_tty_queue - add character to tty
286 * @c: character
287 * @ldata: n_tty data
288 *
289 * Add a character to the tty read_buf queue.
290 *
291 * Locking:
292 * * n_tty_receive_buf()/producer path:
293 * caller holds non-exclusive %termios_rwsem
294 */
put_tty_queue(u8 c,struct n_tty_data * ldata)295 static inline void put_tty_queue(u8 c, struct n_tty_data *ldata)
296 {
297 *read_buf_addr(ldata, ldata->read_head) = c;
298 ldata->read_head++;
299 }
300
301 /**
302 * reset_buffer_flags - reset buffer state
303 * @ldata: line disc data to reset
304 *
305 * Reset the read buffer counters and clear the flags. Called from
306 * n_tty_open() and n_tty_flush_buffer().
307 *
308 * Locking:
309 * * caller holds exclusive %termios_rwsem, or
310 * * (locking is not required)
311 */
reset_buffer_flags(struct n_tty_data * ldata)312 static void reset_buffer_flags(struct n_tty_data *ldata)
313 {
314 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
315 ldata->commit_head = 0;
316 ldata->line_start = 0;
317
318 ldata->erasing = 0;
319 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
320 ldata->push = 0;
321
322 ldata->lookahead_count = 0;
323 }
324
n_tty_packet_mode_flush(struct tty_struct * tty)325 static void n_tty_packet_mode_flush(struct tty_struct *tty)
326 {
327 if (tty->link->ctrl.packet) {
328 scoped_guard(spinlock_irqsave, &tty->ctrl.lock)
329 tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
330 wake_up_interruptible(&tty->link->read_wait);
331 }
332 }
333
334 /**
335 * n_tty_flush_buffer - clean input queue
336 * @tty: terminal device
337 *
338 * Flush the input buffer. Called when the tty layer wants the buffer flushed
339 * (eg at hangup) or when the %N_TTY line discipline internally has to clean
340 * the pending queue (for example some signals).
341 *
342 * Holds %termios_rwsem to exclude producer/consumer while buffer indices are
343 * reset.
344 *
345 * Locking: %ctrl.lock, exclusive %termios_rwsem
346 */
n_tty_flush_buffer(struct tty_struct * tty)347 static void n_tty_flush_buffer(struct tty_struct *tty)
348 {
349 guard(rwsem_write)(&tty->termios_rwsem);
350 reset_buffer_flags(tty->disc_data);
351 n_tty_kick_worker(tty);
352
353 if (tty->link)
354 n_tty_packet_mode_flush(tty);
355 }
356
357 /**
358 * is_utf8_continuation - utf8 multibyte check
359 * @c: byte to check
360 *
361 * Returns: true if the utf8 character @c is a multibyte continuation
362 * character. We use this to correctly compute the on-screen size of the
363 * character when printing.
364 */
is_utf8_continuation(u8 c)365 static inline int is_utf8_continuation(u8 c)
366 {
367 return (c & 0xc0) == 0x80;
368 }
369
370 /**
371 * is_continuation - multibyte check
372 * @c: byte to check
373 * @tty: terminal device
374 *
375 * Returns: true if the utf8 character @c is a multibyte continuation character
376 * and the terminal is in unicode mode.
377 */
is_continuation(u8 c,const struct tty_struct * tty)378 static inline int is_continuation(u8 c, const struct tty_struct *tty)
379 {
380 return I_IUTF8(tty) && is_utf8_continuation(c);
381 }
382
383 /**
384 * do_output_char - output one character
385 * @c: character (or partial unicode symbol)
386 * @tty: terminal device
387 * @space: space available in tty driver write buffer
388 *
389 * This is a helper function that handles one output character (including
390 * special characters like TAB, CR, LF, etc.), doing OPOST processing and
391 * putting the results in the tty driver's write buffer.
392 *
393 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY and NLDLY.
394 * They simply aren't relevant in the world today. If you ever need them, add
395 * them here.
396 *
397 * Returns: the number of bytes of buffer space used or -1 if no space left.
398 *
399 * Locking: should be called under the %output_lock to protect the column state
400 * and space left in the buffer.
401 */
do_output_char(u8 c,struct tty_struct * tty,int space)402 static int do_output_char(u8 c, struct tty_struct *tty, int space)
403 {
404 struct n_tty_data *ldata = tty->disc_data;
405 int spaces;
406
407 if (!space)
408 return -1;
409
410 switch (c) {
411 case '\n':
412 if (O_ONLRET(tty))
413 ldata->column = 0;
414 if (O_ONLCR(tty)) {
415 if (space < 2)
416 return -1;
417 ldata->canon_column = ldata->column = 0;
418 tty->ops->write(tty, "\r\n", 2);
419 return 2;
420 }
421 ldata->canon_column = ldata->column;
422 break;
423 case '\r':
424 if (O_ONOCR(tty) && ldata->column == 0)
425 return 0;
426 if (O_OCRNL(tty)) {
427 c = '\n';
428 if (O_ONLRET(tty))
429 ldata->canon_column = ldata->column = 0;
430 break;
431 }
432 ldata->canon_column = ldata->column = 0;
433 break;
434 case '\t':
435 spaces = 8 - (ldata->column & 7);
436 if (O_TABDLY(tty) == XTABS) {
437 if (space < spaces)
438 return -1;
439 ldata->column += spaces;
440 tty->ops->write(tty, " ", spaces);
441 return spaces;
442 }
443 ldata->column += spaces;
444 break;
445 case '\b':
446 if (ldata->column > 0)
447 ldata->column--;
448 break;
449 default:
450 if (!iscntrl(c)) {
451 if (O_OLCUC(tty))
452 c = toupper(c);
453 if (!is_continuation(c, tty))
454 ldata->column++;
455 }
456 break;
457 }
458
459 tty_put_char(tty, c);
460 return 1;
461 }
462
463 /**
464 * process_output - output post processor
465 * @c: character (or partial unicode symbol)
466 * @tty: terminal device
467 *
468 * Output one character with OPOST processing.
469 *
470 * Returns: -1 when the output device is full and the character must be
471 * retried.
472 *
473 * Locking: %output_lock to protect column state and space left (also, this is
474 *called from n_tty_write() under the tty layer write lock).
475 */
process_output(u8 c,struct tty_struct * tty)476 static int process_output(u8 c, struct tty_struct *tty)
477 {
478 struct n_tty_data *ldata = tty->disc_data;
479
480 guard(mutex)(&ldata->output_lock);
481
482 if (do_output_char(c, tty, tty_write_room(tty)) < 0)
483 return -1;
484
485 return 0;
486 }
487
488 /**
489 * process_output_block - block post processor
490 * @tty: terminal device
491 * @buf: character buffer
492 * @nr: number of bytes to output
493 *
494 * Output a block of characters with OPOST processing.
495 *
496 * This path is used to speed up block console writes, among other things when
497 * processing blocks of output data. It handles only the simple cases normally
498 * found and helps to generate blocks of symbols for the console driver and
499 * thus improve performance.
500 *
501 * Returns: the number of characters output.
502 *
503 * Locking: %output_lock to protect column state and space left (also, this is
504 * called from n_tty_write() under the tty layer write lock).
505 */
process_output_block(struct tty_struct * tty,const u8 * buf,unsigned int nr)506 static ssize_t process_output_block(struct tty_struct *tty,
507 const u8 *buf, unsigned int nr)
508 {
509 struct n_tty_data *ldata = tty->disc_data;
510 unsigned int space, i;
511 const u8 *cp;
512
513 guard(mutex)(&ldata->output_lock);
514
515 space = tty_write_room(tty);
516 if (space == 0)
517 return 0;
518
519 if (nr > space)
520 nr = space;
521
522 for (i = 0, cp = buf; i < nr; i++, cp++) {
523 u8 c = *cp;
524
525 switch (c) {
526 case '\n':
527 if (O_ONLRET(tty))
528 ldata->column = 0;
529 if (O_ONLCR(tty))
530 goto do_write;
531 ldata->canon_column = ldata->column;
532 break;
533 case '\r':
534 if (O_ONOCR(tty) && ldata->column == 0)
535 goto do_write;
536 if (O_OCRNL(tty))
537 goto do_write;
538 ldata->canon_column = ldata->column = 0;
539 break;
540 case '\t':
541 goto do_write;
542 case '\b':
543 if (ldata->column > 0)
544 ldata->column--;
545 break;
546 default:
547 if (!iscntrl(c)) {
548 if (O_OLCUC(tty))
549 goto do_write;
550 if (!is_continuation(c, tty))
551 ldata->column++;
552 }
553 break;
554 }
555 }
556 do_write:
557 return tty->ops->write(tty, buf, i);
558 }
559
n_tty_process_echo_ops(struct tty_struct * tty,size_t * tail,int space)560 static int n_tty_process_echo_ops(struct tty_struct *tty, size_t *tail,
561 int space)
562 {
563 struct n_tty_data *ldata = tty->disc_data;
564 u8 op;
565
566 /*
567 * Since add_echo_byte() is called without holding output_lock, we
568 * might see only portion of multi-byte operation.
569 */
570 if (MASK(ldata->echo_commit) == MASK(*tail + 1))
571 return -ENODATA;
572
573 /*
574 * If the buffer byte is the start of a multi-byte operation, get the
575 * next byte, which is either the op code or a control character value.
576 */
577 op = echo_buf(ldata, *tail + 1);
578
579 switch (op) {
580 case ECHO_OP_ERASE_TAB: {
581 unsigned int num_chars, num_bs;
582
583 if (MASK(ldata->echo_commit) == MASK(*tail + 2))
584 return -ENODATA;
585
586 num_chars = echo_buf(ldata, *tail + 2);
587
588 /*
589 * Determine how many columns to go back in order to erase the
590 * tab. This depends on the number of columns used by other
591 * characters within the tab area. If this (modulo 8) count is
592 * from the start of input rather than from a previous tab, we
593 * offset by canon column. Otherwise, tab spacing is normal.
594 */
595 if (!(num_chars & 0x80))
596 num_chars += ldata->canon_column;
597 num_bs = 8 - (num_chars & 7);
598
599 if (num_bs > space)
600 return -ENOSPC;
601
602 space -= num_bs;
603 while (num_bs--) {
604 tty_put_char(tty, '\b');
605 if (ldata->column > 0)
606 ldata->column--;
607 }
608 *tail += 3;
609 break;
610 }
611 case ECHO_OP_SET_CANON_COL:
612 ldata->canon_column = ldata->column;
613 *tail += 2;
614 break;
615
616 case ECHO_OP_MOVE_BACK_COL:
617 if (ldata->column > 0)
618 ldata->column--;
619 *tail += 2;
620 break;
621
622 case ECHO_OP_START:
623 /* This is an escaped echo op start code */
624 if (!space)
625 return -ENOSPC;
626
627 tty_put_char(tty, ECHO_OP_START);
628 ldata->column++;
629 space--;
630 *tail += 2;
631 break;
632
633 default:
634 /*
635 * If the op is not a special byte code, it is a ctrl char
636 * tagged to be echoed as "^X" (where X is the letter
637 * representing the control char). Note that we must ensure
638 * there is enough space for the whole ctrl pair.
639 */
640 if (space < 2)
641 return -ENOSPC;
642
643 tty_put_char(tty, '^');
644 tty_put_char(tty, op ^ 0100);
645 ldata->column += 2;
646 space -= 2;
647 *tail += 2;
648 break;
649 }
650
651 return space;
652 }
653
654 /**
655 * __process_echoes - write pending echo characters
656 * @tty: terminal device
657 *
658 * Write previously buffered echo (and other ldisc-generated) characters to the
659 * tty.
660 *
661 * Characters generated by the ldisc (including echoes) need to be buffered
662 * because the driver's write buffer can fill during heavy program output.
663 * Echoing straight to the driver will often fail under these conditions,
664 * causing lost characters and resulting mismatches of ldisc state information.
665 *
666 * Since the ldisc state must represent the characters actually sent to the
667 * driver at the time of the write, operations like certain changes in column
668 * state are also saved in the buffer and executed here.
669 *
670 * A circular fifo buffer is used so that the most recent characters are
671 * prioritized. Also, when control characters are echoed with a prefixed "^",
672 * the pair is treated atomically and thus not separated.
673 *
674 * Locking: callers must hold %output_lock.
675 */
__process_echoes(struct tty_struct * tty)676 static size_t __process_echoes(struct tty_struct *tty)
677 {
678 struct n_tty_data *ldata = tty->disc_data;
679 unsigned int space, old_space;
680 size_t tail;
681 u8 c;
682
683 old_space = space = tty_write_room(tty);
684
685 tail = ldata->echo_tail;
686 while (MASK(ldata->echo_commit) != MASK(tail)) {
687 c = echo_buf(ldata, tail);
688 if (c == ECHO_OP_START) {
689 int ret = n_tty_process_echo_ops(tty, &tail, space);
690 if (ret == -ENODATA)
691 goto not_yet_stored;
692 if (ret < 0)
693 break;
694 space = ret;
695 } else {
696 if (O_OPOST(tty)) {
697 int retval = do_output_char(c, tty, space);
698 if (retval < 0)
699 break;
700 space -= retval;
701 } else {
702 if (!space)
703 break;
704 tty_put_char(tty, c);
705 space -= 1;
706 }
707 tail += 1;
708 }
709 }
710
711 /* If the echo buffer is nearly full (so that the possibility exists
712 * of echo overrun before the next commit), then discard enough
713 * data at the tail to prevent a subsequent overrun */
714 while (ldata->echo_commit > tail &&
715 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
716 if (echo_buf(ldata, tail) == ECHO_OP_START) {
717 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
718 tail += 3;
719 else
720 tail += 2;
721 } else
722 tail++;
723 }
724
725 not_yet_stored:
726 ldata->echo_tail = tail;
727 return old_space - space;
728 }
729
commit_echoes(struct tty_struct * tty)730 static void commit_echoes(struct tty_struct *tty)
731 {
732 struct n_tty_data *ldata = tty->disc_data;
733 size_t nr, old, echoed;
734 size_t head;
735
736 scoped_guard(mutex, &ldata->output_lock) {
737 head = ldata->echo_head;
738 ldata->echo_mark = head;
739 old = ldata->echo_commit - ldata->echo_tail;
740
741 /*
742 * Process committed echoes if the accumulated # of bytes is over the threshold
743 * (and try again each time another block is accumulated)
744 */
745 nr = head - ldata->echo_tail;
746 if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK))
747 return;
748
749 ldata->echo_commit = head;
750 echoed = __process_echoes(tty);
751 }
752
753 if (echoed && tty->ops->flush_chars)
754 tty->ops->flush_chars(tty);
755 }
756
process_echoes(struct tty_struct * tty)757 static void process_echoes(struct tty_struct *tty)
758 {
759 struct n_tty_data *ldata = tty->disc_data;
760 size_t echoed;
761
762 if (ldata->echo_mark == ldata->echo_tail)
763 return;
764
765 scoped_guard(mutex, &ldata->output_lock) {
766 ldata->echo_commit = ldata->echo_mark;
767 echoed = __process_echoes(tty);
768 }
769
770 if (echoed && tty->ops->flush_chars)
771 tty->ops->flush_chars(tty);
772 }
773
774 /* NB: echo_mark and echo_head should be equivalent here */
flush_echoes(struct tty_struct * tty)775 static void flush_echoes(struct tty_struct *tty)
776 {
777 struct n_tty_data *ldata = tty->disc_data;
778
779 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
780 ldata->echo_commit == ldata->echo_head)
781 return;
782
783 guard(mutex)(&ldata->output_lock);
784 ldata->echo_commit = ldata->echo_head;
785 __process_echoes(tty);
786 }
787
788 /**
789 * add_echo_byte - add a byte to the echo buffer
790 * @c: unicode byte to echo
791 * @ldata: n_tty data
792 *
793 * Add a character or operation byte to the echo buffer.
794 */
add_echo_byte(u8 c,struct n_tty_data * ldata)795 static inline void add_echo_byte(u8 c, struct n_tty_data *ldata)
796 {
797 *echo_buf_addr(ldata, ldata->echo_head) = c;
798 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
799 ldata->echo_head++;
800 }
801
802 /**
803 * echo_move_back_col - add operation to move back a column
804 * @ldata: n_tty data
805 *
806 * Add an operation to the echo buffer to move back one column.
807 */
echo_move_back_col(struct n_tty_data * ldata)808 static void echo_move_back_col(struct n_tty_data *ldata)
809 {
810 add_echo_byte(ECHO_OP_START, ldata);
811 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
812 }
813
814 /**
815 * echo_set_canon_col - add operation to set the canon column
816 * @ldata: n_tty data
817 *
818 * Add an operation to the echo buffer to set the canon column to the current
819 * column.
820 */
echo_set_canon_col(struct n_tty_data * ldata)821 static void echo_set_canon_col(struct n_tty_data *ldata)
822 {
823 add_echo_byte(ECHO_OP_START, ldata);
824 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
825 }
826
827 /**
828 * echo_erase_tab - add operation to erase a tab
829 * @num_chars: number of character columns already used
830 * @after_tab: true if num_chars starts after a previous tab
831 * @ldata: n_tty data
832 *
833 * Add an operation to the echo buffer to erase a tab.
834 *
835 * Called by the eraser function, which knows how many character columns have
836 * been used since either a previous tab or the start of input. This
837 * information will be used later, along with canon column (if applicable), to
838 * go back the correct number of columns.
839 */
echo_erase_tab(unsigned int num_chars,int after_tab,struct n_tty_data * ldata)840 static void echo_erase_tab(unsigned int num_chars, int after_tab,
841 struct n_tty_data *ldata)
842 {
843 add_echo_byte(ECHO_OP_START, ldata);
844 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
845
846 /* We only need to know this modulo 8 (tab spacing) */
847 num_chars &= 7;
848
849 /* Set the high bit as a flag if num_chars is after a previous tab */
850 if (after_tab)
851 num_chars |= 0x80;
852
853 add_echo_byte(num_chars, ldata);
854 }
855
856 /**
857 * echo_char_raw - echo a character raw
858 * @c: unicode byte to echo
859 * @ldata: line disc data
860 *
861 * Echo user input back onto the screen. This must be called only when
862 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
863 *
864 * This variant does not treat control characters specially.
865 */
echo_char_raw(u8 c,struct n_tty_data * ldata)866 static void echo_char_raw(u8 c, struct n_tty_data *ldata)
867 {
868 if (c == ECHO_OP_START) {
869 add_echo_byte(ECHO_OP_START, ldata);
870 add_echo_byte(ECHO_OP_START, ldata);
871 } else {
872 add_echo_byte(c, ldata);
873 }
874 }
875
876 /**
877 * echo_char - echo a character
878 * @c: unicode byte to echo
879 * @tty: terminal device
880 *
881 * Echo user input back onto the screen. This must be called only when
882 * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
883 *
884 * This variant tags control characters to be echoed as "^X" (where X is the
885 * letter representing the control char).
886 */
echo_char(u8 c,const struct tty_struct * tty)887 static void echo_char(u8 c, const struct tty_struct *tty)
888 {
889 struct n_tty_data *ldata = tty->disc_data;
890
891 if (c == ECHO_OP_START) {
892 add_echo_byte(ECHO_OP_START, ldata);
893 add_echo_byte(ECHO_OP_START, ldata);
894 } else {
895 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
896 add_echo_byte(ECHO_OP_START, ldata);
897 add_echo_byte(c, ldata);
898 }
899 }
900
901 /**
902 * finish_erasing - complete erase
903 * @ldata: n_tty data
904 */
finish_erasing(struct n_tty_data * ldata)905 static inline void finish_erasing(struct n_tty_data *ldata)
906 {
907 if (ldata->erasing) {
908 echo_char_raw('/', ldata);
909 ldata->erasing = 0;
910 }
911 }
912
913 /**
914 * eraser - handle erase function
915 * @c: character input
916 * @tty: terminal device
917 *
918 * Perform erase and necessary output when an erase character is present in the
919 * stream from the driver layer. Handles the complexities of UTF-8 multibyte
920 * symbols.
921 *
922 * Locking: n_tty_receive_buf()/producer path:
923 * caller holds non-exclusive %termios_rwsem
924 */
eraser(u8 c,const struct tty_struct * tty)925 static void eraser(u8 c, const struct tty_struct *tty)
926 {
927 struct n_tty_data *ldata = tty->disc_data;
928 enum { ERASE, WERASE, KILL } kill_type;
929 size_t head;
930 size_t cnt;
931 int seen_alnums;
932
933 if (ldata->read_head == ldata->canon_head) {
934 /* process_output('\a', tty); */ /* what do you think? */
935 return;
936 }
937 if (c == ERASE_CHAR(tty))
938 kill_type = ERASE;
939 else if (c == WERASE_CHAR(tty))
940 kill_type = WERASE;
941 else {
942 if (!L_ECHO(tty)) {
943 ldata->read_head = ldata->canon_head;
944 return;
945 }
946 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
947 ldata->read_head = ldata->canon_head;
948 finish_erasing(ldata);
949 echo_char(KILL_CHAR(tty), tty);
950 /* Add a newline if ECHOK is on and ECHOKE is off. */
951 if (L_ECHOK(tty))
952 echo_char_raw('\n', ldata);
953 return;
954 }
955 kill_type = KILL;
956 }
957
958 seen_alnums = 0;
959 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
960 head = ldata->read_head;
961
962 /* erase a single possibly multibyte character */
963 do {
964 head--;
965 c = read_buf(ldata, head);
966 } while (is_continuation(c, tty) &&
967 MASK(head) != MASK(ldata->canon_head));
968
969 /* do not partially erase */
970 if (is_continuation(c, tty))
971 break;
972
973 if (kill_type == WERASE) {
974 /* Equivalent to BSD's ALTWERASE. */
975 if (isalnum(c) || c == '_')
976 seen_alnums++;
977 else if (seen_alnums)
978 break;
979 }
980 cnt = ldata->read_head - head;
981 ldata->read_head = head;
982 if (L_ECHO(tty)) {
983 if (L_ECHOPRT(tty)) {
984 if (!ldata->erasing) {
985 echo_char_raw('\\', ldata);
986 ldata->erasing = 1;
987 }
988 /* if cnt > 1, output a multi-byte character */
989 echo_char(c, tty);
990 while (--cnt > 0) {
991 head++;
992 echo_char_raw(read_buf(ldata, head), ldata);
993 echo_move_back_col(ldata);
994 }
995 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
996 echo_char(ERASE_CHAR(tty), tty);
997 } else if (c == '\t') {
998 unsigned int num_chars = 0;
999 int after_tab = 0;
1000 size_t tail = ldata->read_head;
1001
1002 /*
1003 * Count the columns used for characters
1004 * since the start of input or after a
1005 * previous tab.
1006 * This info is used to go back the correct
1007 * number of columns.
1008 */
1009 while (MASK(tail) != MASK(ldata->canon_head)) {
1010 tail--;
1011 c = read_buf(ldata, tail);
1012 if (c == '\t') {
1013 after_tab = 1;
1014 break;
1015 } else if (iscntrl(c)) {
1016 if (L_ECHOCTL(tty))
1017 num_chars += 2;
1018 } else if (!is_continuation(c, tty)) {
1019 num_chars++;
1020 }
1021 }
1022 echo_erase_tab(num_chars, after_tab, ldata);
1023 } else {
1024 if (iscntrl(c) && L_ECHOCTL(tty)) {
1025 echo_char_raw('\b', ldata);
1026 echo_char_raw(' ', ldata);
1027 echo_char_raw('\b', ldata);
1028 }
1029 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1030 echo_char_raw('\b', ldata);
1031 echo_char_raw(' ', ldata);
1032 echo_char_raw('\b', ldata);
1033 }
1034 }
1035 }
1036 if (kill_type == ERASE)
1037 break;
1038 }
1039 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1040 finish_erasing(ldata);
1041 }
1042
1043
__isig(int sig,struct tty_struct * tty)1044 static void __isig(int sig, struct tty_struct *tty)
1045 {
1046 struct pid *tty_pgrp = tty_get_pgrp(tty);
1047 if (tty_pgrp) {
1048 kill_pgrp(tty_pgrp, sig, 1);
1049 put_pid(tty_pgrp);
1050 }
1051 }
1052
1053 /**
1054 * isig - handle the ISIG optio
1055 * @sig: signal
1056 * @tty: terminal
1057 *
1058 * Called when a signal is being sent due to terminal input. Called from the
1059 * &tty_driver.receive_buf() path, so serialized.
1060 *
1061 * Performs input and output flush if !NOFLSH. In this context, the echo
1062 * buffer is 'output'. The signal is processed first to alert any current
1063 * readers or writers to discontinue and exit their i/o loops.
1064 *
1065 * Locking: %ctrl.lock
1066 */
isig(int sig,struct tty_struct * tty)1067 static void isig(int sig, struct tty_struct *tty)
1068 {
1069 struct n_tty_data *ldata = tty->disc_data;
1070
1071 if (L_NOFLSH(tty)) {
1072 /* signal only */
1073 __isig(sig, tty);
1074 return;
1075 }
1076
1077 /* signal and flush */
1078 up_read(&tty->termios_rwsem);
1079 scoped_guard(rwsem_write, &tty->termios_rwsem) {
1080 __isig(sig, tty);
1081
1082 /* clear echo buffer */
1083 scoped_guard(mutex, &ldata->output_lock) {
1084 ldata->echo_head = ldata->echo_tail = 0;
1085 ldata->echo_mark = ldata->echo_commit = 0;
1086 }
1087
1088 /* clear output buffer */
1089 tty_driver_flush_buffer(tty);
1090
1091 /* clear input buffer */
1092 reset_buffer_flags(tty->disc_data);
1093
1094 /* notify pty master of flush */
1095 if (tty->link)
1096 n_tty_packet_mode_flush(tty);
1097 }
1098 down_read(&tty->termios_rwsem);
1099 }
1100
1101 /**
1102 * n_tty_receive_break - handle break
1103 * @tty: terminal
1104 *
1105 * An RS232 break event has been hit in the incoming bitstream. This can cause
1106 * a variety of events depending upon the termios settings.
1107 *
1108 * Locking: n_tty_receive_buf()/producer path:
1109 * caller holds non-exclusive termios_rwsem
1110 *
1111 * Note: may get exclusive %termios_rwsem if flushing input buffer
1112 */
n_tty_receive_break(struct tty_struct * tty)1113 static void n_tty_receive_break(struct tty_struct *tty)
1114 {
1115 struct n_tty_data *ldata = tty->disc_data;
1116
1117 if (I_IGNBRK(tty))
1118 return;
1119 if (I_BRKINT(tty)) {
1120 isig(SIGINT, tty);
1121 return;
1122 }
1123 if (I_PARMRK(tty)) {
1124 put_tty_queue('\377', ldata);
1125 put_tty_queue('\0', ldata);
1126 }
1127 put_tty_queue('\0', ldata);
1128 }
1129
1130 /**
1131 * n_tty_receive_overrun - handle overrun reporting
1132 * @tty: terminal
1133 *
1134 * Data arrived faster than we could process it. While the tty driver has
1135 * flagged this the bits that were missed are gone forever.
1136 *
1137 * Called from the receive_buf path so single threaded. Does not need locking
1138 * as num_overrun and overrun_time are function private.
1139 */
n_tty_receive_overrun(const struct tty_struct * tty)1140 static void n_tty_receive_overrun(const struct tty_struct *tty)
1141 {
1142 struct n_tty_data *ldata = tty->disc_data;
1143
1144 ldata->num_overrun++;
1145 if (time_is_before_jiffies(ldata->overrun_time + HZ)) {
1146 tty_warn(tty, "%u input overrun(s)\n", ldata->num_overrun);
1147 ldata->overrun_time = jiffies;
1148 ldata->num_overrun = 0;
1149 }
1150 }
1151
1152 /**
1153 * n_tty_receive_parity_error - error notifier
1154 * @tty: terminal device
1155 * @c: character
1156 *
1157 * Process a parity error and queue the right data to indicate the error case
1158 * if necessary.
1159 *
1160 * Locking: n_tty_receive_buf()/producer path:
1161 * caller holds non-exclusive %termios_rwsem
1162 */
n_tty_receive_parity_error(const struct tty_struct * tty,u8 c)1163 static void n_tty_receive_parity_error(const struct tty_struct *tty,
1164 u8 c)
1165 {
1166 struct n_tty_data *ldata = tty->disc_data;
1167
1168 if (I_INPCK(tty)) {
1169 if (I_IGNPAR(tty))
1170 return;
1171 if (I_PARMRK(tty)) {
1172 put_tty_queue('\377', ldata);
1173 put_tty_queue('\0', ldata);
1174 put_tty_queue(c, ldata);
1175 } else
1176 put_tty_queue('\0', ldata);
1177 } else
1178 put_tty_queue(c, ldata);
1179 }
1180
1181 static void
n_tty_receive_signal_char(struct tty_struct * tty,int signal,u8 c)1182 n_tty_receive_signal_char(struct tty_struct *tty, int signal, u8 c)
1183 {
1184 isig(signal, tty);
1185 if (I_IXON(tty))
1186 start_tty(tty);
1187 if (L_ECHO(tty)) {
1188 echo_char(c, tty);
1189 commit_echoes(tty);
1190 } else
1191 process_echoes(tty);
1192 }
1193
n_tty_is_char_flow_ctrl(struct tty_struct * tty,u8 c)1194 static bool n_tty_is_char_flow_ctrl(struct tty_struct *tty, u8 c)
1195 {
1196 return c == START_CHAR(tty) || c == STOP_CHAR(tty);
1197 }
1198
1199 /**
1200 * n_tty_receive_char_flow_ctrl - receive flow control chars
1201 * @tty: terminal device
1202 * @c: character
1203 * @lookahead_done: lookahead has processed this character already
1204 *
1205 * Receive and process flow control character actions.
1206 *
1207 * In case lookahead for flow control chars already handled the character in
1208 * advance to the normal receive, the actions are skipped during normal
1209 * receive.
1210 *
1211 * Returns true if @c is consumed as flow-control character, the character
1212 * must not be treated as normal character.
1213 */
n_tty_receive_char_flow_ctrl(struct tty_struct * tty,u8 c,bool lookahead_done)1214 static bool n_tty_receive_char_flow_ctrl(struct tty_struct *tty, u8 c,
1215 bool lookahead_done)
1216 {
1217 if (!n_tty_is_char_flow_ctrl(tty, c))
1218 return false;
1219
1220 if (lookahead_done)
1221 return true;
1222
1223 if (c == START_CHAR(tty)) {
1224 start_tty(tty);
1225 process_echoes(tty);
1226 return true;
1227 }
1228
1229 /* STOP_CHAR */
1230 stop_tty(tty);
1231 return true;
1232 }
1233
n_tty_receive_handle_newline(struct tty_struct * tty,u8 c)1234 static void n_tty_receive_handle_newline(struct tty_struct *tty, u8 c)
1235 {
1236 struct n_tty_data *ldata = tty->disc_data;
1237
1238 set_bit(MASK(ldata->read_head), ldata->read_flags);
1239 put_tty_queue(c, ldata);
1240 smp_store_release(&ldata->canon_head, ldata->read_head);
1241 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1242 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1243 }
1244
n_tty_receive_char_canon(struct tty_struct * tty,u8 c)1245 static bool n_tty_receive_char_canon(struct tty_struct *tty, u8 c)
1246 {
1247 struct n_tty_data *ldata = tty->disc_data;
1248
1249 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1250 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1251 eraser(c, tty);
1252 commit_echoes(tty);
1253
1254 return true;
1255 }
1256
1257 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1258 ldata->lnext = 1;
1259 if (L_ECHO(tty)) {
1260 finish_erasing(ldata);
1261 if (L_ECHOCTL(tty)) {
1262 echo_char_raw('^', ldata);
1263 echo_char_raw('\b', ldata);
1264 commit_echoes(tty);
1265 }
1266 }
1267
1268 return true;
1269 }
1270
1271 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1272 size_t tail = ldata->canon_head;
1273
1274 finish_erasing(ldata);
1275 echo_char(c, tty);
1276 echo_char_raw('\n', ldata);
1277 while (MASK(tail) != MASK(ldata->read_head)) {
1278 echo_char(read_buf(ldata, tail), tty);
1279 tail++;
1280 }
1281 commit_echoes(tty);
1282
1283 return true;
1284 }
1285
1286 if (c == '\n') {
1287 if (L_ECHO(tty) || L_ECHONL(tty)) {
1288 echo_char_raw('\n', ldata);
1289 commit_echoes(tty);
1290 }
1291 n_tty_receive_handle_newline(tty, c);
1292
1293 return true;
1294 }
1295
1296 if (c == EOF_CHAR(tty)) {
1297 c = __DISABLED_CHAR;
1298 n_tty_receive_handle_newline(tty, c);
1299
1300 return true;
1301 }
1302
1303 if ((c == EOL_CHAR(tty)) ||
1304 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1305 /*
1306 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1307 */
1308 if (L_ECHO(tty)) {
1309 /* Record the column of first canon char. */
1310 if (ldata->canon_head == ldata->read_head)
1311 echo_set_canon_col(ldata);
1312 echo_char(c, tty);
1313 commit_echoes(tty);
1314 }
1315 /*
1316 * XXX does PARMRK doubling happen for
1317 * EOL_CHAR and EOL2_CHAR?
1318 */
1319 if (c == '\377' && I_PARMRK(tty))
1320 put_tty_queue(c, ldata);
1321
1322 n_tty_receive_handle_newline(tty, c);
1323
1324 return true;
1325 }
1326
1327 return false;
1328 }
1329
n_tty_receive_char_special(struct tty_struct * tty,u8 c,bool lookahead_done)1330 static void n_tty_receive_char_special(struct tty_struct *tty, u8 c,
1331 bool lookahead_done)
1332 {
1333 struct n_tty_data *ldata = tty->disc_data;
1334
1335 if (I_IXON(tty) && n_tty_receive_char_flow_ctrl(tty, c, lookahead_done))
1336 return;
1337
1338 if (L_ISIG(tty)) {
1339 if (c == INTR_CHAR(tty)) {
1340 n_tty_receive_signal_char(tty, SIGINT, c);
1341 return;
1342 } else if (c == QUIT_CHAR(tty)) {
1343 n_tty_receive_signal_char(tty, SIGQUIT, c);
1344 return;
1345 } else if (c == SUSP_CHAR(tty)) {
1346 n_tty_receive_signal_char(tty, SIGTSTP, c);
1347 return;
1348 }
1349 }
1350
1351 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1352 start_tty(tty);
1353 process_echoes(tty);
1354 }
1355
1356 if (c == '\r') {
1357 if (I_IGNCR(tty))
1358 return;
1359 if (I_ICRNL(tty))
1360 c = '\n';
1361 } else if (c == '\n' && I_INLCR(tty))
1362 c = '\r';
1363
1364 if (ldata->icanon && n_tty_receive_char_canon(tty, c))
1365 return;
1366
1367 if (L_ECHO(tty)) {
1368 finish_erasing(ldata);
1369 if (c == '\n')
1370 echo_char_raw('\n', ldata);
1371 else {
1372 /* Record the column of first canon char. */
1373 if (ldata->canon_head == ldata->read_head)
1374 echo_set_canon_col(ldata);
1375 echo_char(c, tty);
1376 }
1377 commit_echoes(tty);
1378 }
1379
1380 /* PARMRK doubling check */
1381 if (c == '\377' && I_PARMRK(tty))
1382 put_tty_queue(c, ldata);
1383
1384 put_tty_queue(c, ldata);
1385 }
1386
1387 /**
1388 * n_tty_receive_char - perform processing
1389 * @tty: terminal device
1390 * @c: character
1391 *
1392 * Process an individual character of input received from the driver. This is
1393 * serialized with respect to itself by the rules for the driver above.
1394 *
1395 * Locking: n_tty_receive_buf()/producer path:
1396 * caller holds non-exclusive %termios_rwsem
1397 * publishes canon_head if canonical mode is active
1398 */
n_tty_receive_char(struct tty_struct * tty,u8 c)1399 static void n_tty_receive_char(struct tty_struct *tty, u8 c)
1400 {
1401 struct n_tty_data *ldata = tty->disc_data;
1402
1403 if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1404 start_tty(tty);
1405 process_echoes(tty);
1406 }
1407 if (L_ECHO(tty)) {
1408 finish_erasing(ldata);
1409 /* Record the column of first canon char. */
1410 if (ldata->canon_head == ldata->read_head)
1411 echo_set_canon_col(ldata);
1412 echo_char(c, tty);
1413 commit_echoes(tty);
1414 }
1415 /* PARMRK doubling check */
1416 if (c == '\377' && I_PARMRK(tty))
1417 put_tty_queue(c, ldata);
1418 put_tty_queue(c, ldata);
1419 }
1420
n_tty_receive_char_closing(struct tty_struct * tty,u8 c,bool lookahead_done)1421 static void n_tty_receive_char_closing(struct tty_struct *tty, u8 c,
1422 bool lookahead_done)
1423 {
1424 if (I_ISTRIP(tty))
1425 c &= 0x7f;
1426 if (I_IUCLC(tty) && L_IEXTEN(tty))
1427 c = tolower(c);
1428
1429 if (I_IXON(tty)) {
1430 if (!n_tty_receive_char_flow_ctrl(tty, c, lookahead_done) &&
1431 tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1432 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1433 c != SUSP_CHAR(tty)) {
1434 start_tty(tty);
1435 process_echoes(tty);
1436 }
1437 }
1438 }
1439
1440 static void
n_tty_receive_char_flagged(struct tty_struct * tty,u8 c,u8 flag)1441 n_tty_receive_char_flagged(struct tty_struct *tty, u8 c, u8 flag)
1442 {
1443 switch (flag) {
1444 case TTY_BREAK:
1445 n_tty_receive_break(tty);
1446 break;
1447 case TTY_PARITY:
1448 case TTY_FRAME:
1449 n_tty_receive_parity_error(tty, c);
1450 break;
1451 case TTY_OVERRUN:
1452 n_tty_receive_overrun(tty);
1453 break;
1454 default:
1455 tty_err(tty, "unknown flag %u\n", flag);
1456 break;
1457 }
1458 }
1459
1460 static void
n_tty_receive_char_lnext(struct tty_struct * tty,u8 c,u8 flag)1461 n_tty_receive_char_lnext(struct tty_struct *tty, u8 c, u8 flag)
1462 {
1463 struct n_tty_data *ldata = tty->disc_data;
1464
1465 ldata->lnext = 0;
1466 if (likely(flag == TTY_NORMAL)) {
1467 if (I_ISTRIP(tty))
1468 c &= 0x7f;
1469 if (I_IUCLC(tty) && L_IEXTEN(tty))
1470 c = tolower(c);
1471 n_tty_receive_char(tty, c);
1472 } else
1473 n_tty_receive_char_flagged(tty, c, flag);
1474 }
1475
1476 /* Caller must ensure count > 0 */
n_tty_lookahead_flow_ctrl(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1477 static void n_tty_lookahead_flow_ctrl(struct tty_struct *tty, const u8 *cp,
1478 const u8 *fp, size_t count)
1479 {
1480 struct n_tty_data *ldata = tty->disc_data;
1481 u8 flag = TTY_NORMAL;
1482
1483 ldata->lookahead_count += count;
1484
1485 if (!I_IXON(tty))
1486 return;
1487
1488 while (count--) {
1489 if (fp)
1490 flag = *fp++;
1491 if (likely(flag == TTY_NORMAL))
1492 n_tty_receive_char_flow_ctrl(tty, *cp, false);
1493 cp++;
1494 }
1495 }
1496
1497 static void
n_tty_receive_buf_real_raw(const struct tty_struct * tty,const u8 * cp,size_t count)1498 n_tty_receive_buf_real_raw(const struct tty_struct *tty, const u8 *cp,
1499 size_t count)
1500 {
1501 struct n_tty_data *ldata = tty->disc_data;
1502
1503 /* handle buffer wrap-around by a loop */
1504 for (unsigned int i = 0; i < 2; i++) {
1505 size_t head = MASK(ldata->read_head);
1506 size_t n = min(count, N_TTY_BUF_SIZE - head);
1507
1508 memcpy(read_buf_addr(ldata, head), cp, n);
1509
1510 ldata->read_head += n;
1511 cp += n;
1512 count -= n;
1513 }
1514 }
1515
1516 static void
n_tty_receive_buf_raw(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1517 n_tty_receive_buf_raw(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1518 size_t count)
1519 {
1520 struct n_tty_data *ldata = tty->disc_data;
1521 u8 flag = TTY_NORMAL;
1522
1523 while (count--) {
1524 if (fp)
1525 flag = *fp++;
1526 if (likely(flag == TTY_NORMAL))
1527 put_tty_queue(*cp++, ldata);
1528 else
1529 n_tty_receive_char_flagged(tty, *cp++, flag);
1530 }
1531 }
1532
1533 static void
n_tty_receive_buf_closing(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool lookahead_done)1534 n_tty_receive_buf_closing(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1535 size_t count, bool lookahead_done)
1536 {
1537 u8 flag = TTY_NORMAL;
1538
1539 while (count--) {
1540 if (fp)
1541 flag = *fp++;
1542 if (likely(flag == TTY_NORMAL))
1543 n_tty_receive_char_closing(tty, *cp++, lookahead_done);
1544 }
1545 }
1546
n_tty_receive_buf_standard(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool lookahead_done)1547 static void n_tty_receive_buf_standard(struct tty_struct *tty, const u8 *cp,
1548 const u8 *fp, size_t count,
1549 bool lookahead_done)
1550 {
1551 struct n_tty_data *ldata = tty->disc_data;
1552 u8 flag = TTY_NORMAL;
1553
1554 while (count--) {
1555 u8 c = *cp++;
1556
1557 if (fp)
1558 flag = *fp++;
1559
1560 if (ldata->lnext) {
1561 n_tty_receive_char_lnext(tty, c, flag);
1562 continue;
1563 }
1564
1565 if (unlikely(flag != TTY_NORMAL)) {
1566 n_tty_receive_char_flagged(tty, c, flag);
1567 continue;
1568 }
1569
1570 if (I_ISTRIP(tty))
1571 c &= 0x7f;
1572 if (I_IUCLC(tty) && L_IEXTEN(tty))
1573 c = tolower(c);
1574 if (L_EXTPROC(tty)) {
1575 put_tty_queue(c, ldata);
1576 continue;
1577 }
1578
1579 if (test_bit(c, ldata->char_map))
1580 n_tty_receive_char_special(tty, c, lookahead_done);
1581 else
1582 n_tty_receive_char(tty, c);
1583 }
1584 }
1585
__receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1586 static void __receive_buf(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1587 size_t count)
1588 {
1589 struct n_tty_data *ldata = tty->disc_data;
1590 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1591 size_t la_count = min(ldata->lookahead_count, count);
1592
1593 if (ldata->real_raw)
1594 n_tty_receive_buf_real_raw(tty, cp, count);
1595 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1596 n_tty_receive_buf_raw(tty, cp, fp, count);
1597 else if (tty->closing && !L_EXTPROC(tty)) {
1598 if (la_count > 0) {
1599 n_tty_receive_buf_closing(tty, cp, fp, la_count, true);
1600 cp += la_count;
1601 if (fp)
1602 fp += la_count;
1603 count -= la_count;
1604 }
1605 if (count > 0)
1606 n_tty_receive_buf_closing(tty, cp, fp, count, false);
1607 } else {
1608 if (la_count > 0) {
1609 n_tty_receive_buf_standard(tty, cp, fp, la_count, true);
1610 cp += la_count;
1611 if (fp)
1612 fp += la_count;
1613 count -= la_count;
1614 }
1615 if (count > 0)
1616 n_tty_receive_buf_standard(tty, cp, fp, count, false);
1617
1618 flush_echoes(tty);
1619 if (tty->ops->flush_chars)
1620 tty->ops->flush_chars(tty);
1621 }
1622
1623 ldata->lookahead_count -= la_count;
1624
1625 if (ldata->icanon && !L_EXTPROC(tty))
1626 return;
1627
1628 /* publish read_head to consumer */
1629 smp_store_release(&ldata->commit_head, ldata->read_head);
1630
1631 if (read_cnt(ldata)) {
1632 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1633 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1634 }
1635 }
1636
1637 /**
1638 * n_tty_receive_buf_common - process input
1639 * @tty: device to receive input
1640 * @cp: input chars
1641 * @fp: flags for each char (if %NULL, all chars are %TTY_NORMAL)
1642 * @count: number of input chars in @cp
1643 * @flow: enable flow control
1644 *
1645 * Called by the terminal driver when a block of characters has been received.
1646 * This function must be called from soft contexts not from interrupt context.
1647 * The driver is responsible for making calls one at a time and in order (or
1648 * using flush_to_ldisc()).
1649 *
1650 * Returns: the # of input chars from @cp which were processed.
1651 *
1652 * In canonical mode, the maximum line length is 4096 chars (including the line
1653 * termination char); lines longer than 4096 chars are truncated. After 4095
1654 * chars, input data is still processed but not stored. Overflow processing
1655 * ensures the tty can always receive more input until at least one line can be
1656 * read.
1657 *
1658 * In non-canonical mode, the read buffer will only accept 4095 chars; this
1659 * provides the necessary space for a newline char if the input mode is
1660 * switched to canonical.
1661 *
1662 * Note it is possible for the read buffer to _contain_ 4096 chars in
1663 * non-canonical mode: the read buffer could already contain the maximum canon
1664 * line of 4096 chars when the mode is switched to non-canonical.
1665 *
1666 * Locking: n_tty_receive_buf()/producer path:
1667 * claims non-exclusive %termios_rwsem
1668 * publishes commit_head or canon_head
1669 */
1670 static size_t
n_tty_receive_buf_common(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count,bool flow)1671 n_tty_receive_buf_common(struct tty_struct *tty, const u8 *cp, const u8 *fp,
1672 size_t count, bool flow)
1673 {
1674 struct n_tty_data *ldata = tty->disc_data;
1675 size_t n, rcvd = 0;
1676 int room, overflow;
1677
1678 guard(rwsem_read)(&tty->termios_rwsem);
1679
1680 do {
1681 /*
1682 * When PARMRK is set, each input char may take up to 3 chars
1683 * in the read buf; reduce the buffer space avail by 3x
1684 *
1685 * If we are doing input canonicalization, and there are no
1686 * pending newlines, let characters through without limit, so
1687 * that erase characters will be handled. Other excess
1688 * characters will be beeped.
1689 *
1690 * paired with store in *_copy_from_read_buf() -- guarantees
1691 * the consumer has loaded the data in read_buf up to the new
1692 * read_tail (so this producer will not overwrite unread data)
1693 */
1694 size_t tail = smp_load_acquire(&ldata->read_tail);
1695
1696 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1697 if (I_PARMRK(tty))
1698 room = DIV_ROUND_UP(room, 3);
1699 room--;
1700 if (room <= 0) {
1701 overflow = ldata->icanon && ldata->canon_head == tail;
1702 if (overflow && room < 0)
1703 ldata->read_head--;
1704 room = overflow;
1705 WRITE_ONCE(ldata->no_room, flow && !room);
1706 } else
1707 overflow = 0;
1708
1709 n = min_t(size_t, count, room);
1710 if (!n)
1711 break;
1712
1713 /* ignore parity errors if handling overflow */
1714 if (!overflow || !fp || *fp != TTY_PARITY)
1715 __receive_buf(tty, cp, fp, n);
1716
1717 cp += n;
1718 if (fp)
1719 fp += n;
1720 count -= n;
1721 rcvd += n;
1722 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1723
1724 tty->receive_room = room;
1725
1726 /* Unthrottle if handling overflow on pty */
1727 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1728 if (overflow) {
1729 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1730 tty_unthrottle_safe(tty);
1731 __tty_set_flow_change(tty, 0);
1732 }
1733 } else
1734 n_tty_check_throttle(tty);
1735
1736 if (unlikely(ldata->no_room)) {
1737 /*
1738 * Barrier here is to ensure to read the latest read_tail in
1739 * chars_in_buffer() and to make sure that read_tail is not loaded
1740 * before ldata->no_room is set.
1741 */
1742 smp_mb();
1743 if (!chars_in_buffer(tty))
1744 n_tty_kick_worker(tty);
1745 }
1746
1747 return rcvd;
1748 }
1749
n_tty_receive_buf(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1750 static void n_tty_receive_buf(struct tty_struct *tty, const u8 *cp,
1751 const u8 *fp, size_t count)
1752 {
1753 n_tty_receive_buf_common(tty, cp, fp, count, false);
1754 }
1755
n_tty_receive_buf2(struct tty_struct * tty,const u8 * cp,const u8 * fp,size_t count)1756 static size_t n_tty_receive_buf2(struct tty_struct *tty, const u8 *cp,
1757 const u8 *fp, size_t count)
1758 {
1759 return n_tty_receive_buf_common(tty, cp, fp, count, true);
1760 }
1761
1762 /**
1763 * n_tty_set_termios - termios data changed
1764 * @tty: terminal
1765 * @old: previous data
1766 *
1767 * Called by the tty layer when the user changes termios flags so that the line
1768 * discipline can plan ahead. This function cannot sleep and is protected from
1769 * re-entry by the tty layer. The user is guaranteed that this function will
1770 * not be re-entered or in progress when the ldisc is closed.
1771 *
1772 * Locking: Caller holds @tty->termios_rwsem
1773 */
n_tty_set_termios(struct tty_struct * tty,const struct ktermios * old)1774 static void n_tty_set_termios(struct tty_struct *tty, const struct ktermios *old)
1775 {
1776 struct n_tty_data *ldata = tty->disc_data;
1777
1778 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1779 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1780 ldata->line_start = ldata->read_tail;
1781 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1782 ldata->canon_head = ldata->read_tail;
1783 ldata->push = 0;
1784 } else {
1785 set_bit(MASK(ldata->read_head - 1), ldata->read_flags);
1786 ldata->canon_head = ldata->read_head;
1787 ldata->push = 1;
1788 }
1789 ldata->commit_head = ldata->read_head;
1790 ldata->erasing = 0;
1791 ldata->lnext = 0;
1792 }
1793
1794 ldata->icanon = (L_ICANON(tty) != 0);
1795
1796 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1797 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1798 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1799 I_PARMRK(tty)) {
1800 bitmap_zero(ldata->char_map, 256);
1801
1802 if (I_IGNCR(tty) || I_ICRNL(tty))
1803 set_bit('\r', ldata->char_map);
1804 if (I_INLCR(tty))
1805 set_bit('\n', ldata->char_map);
1806
1807 if (L_ICANON(tty)) {
1808 set_bit(ERASE_CHAR(tty), ldata->char_map);
1809 set_bit(KILL_CHAR(tty), ldata->char_map);
1810 set_bit(EOF_CHAR(tty), ldata->char_map);
1811 set_bit('\n', ldata->char_map);
1812 set_bit(EOL_CHAR(tty), ldata->char_map);
1813 if (L_IEXTEN(tty)) {
1814 set_bit(WERASE_CHAR(tty), ldata->char_map);
1815 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1816 set_bit(EOL2_CHAR(tty), ldata->char_map);
1817 if (L_ECHO(tty))
1818 set_bit(REPRINT_CHAR(tty),
1819 ldata->char_map);
1820 }
1821 }
1822 if (I_IXON(tty)) {
1823 set_bit(START_CHAR(tty), ldata->char_map);
1824 set_bit(STOP_CHAR(tty), ldata->char_map);
1825 }
1826 if (L_ISIG(tty)) {
1827 set_bit(INTR_CHAR(tty), ldata->char_map);
1828 set_bit(QUIT_CHAR(tty), ldata->char_map);
1829 set_bit(SUSP_CHAR(tty), ldata->char_map);
1830 }
1831 clear_bit(__DISABLED_CHAR, ldata->char_map);
1832 ldata->raw = 0;
1833 ldata->real_raw = 0;
1834 } else {
1835 ldata->raw = 1;
1836 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1837 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1838 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1839 ldata->real_raw = 1;
1840 else
1841 ldata->real_raw = 0;
1842 }
1843 /*
1844 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1845 * been stopped by STOP_CHAR(tty) before it.
1846 */
1847 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1848 start_tty(tty);
1849 process_echoes(tty);
1850 }
1851
1852 /* The termios change make the tty ready for I/O */
1853 wake_up_interruptible(&tty->write_wait);
1854 wake_up_interruptible(&tty->read_wait);
1855 }
1856
1857 /**
1858 * n_tty_close - close the ldisc for this tty
1859 * @tty: device
1860 *
1861 * Called from the terminal layer when this line discipline is being shut down,
1862 * either because of a close or becsuse of a discipline change. The function
1863 * will not be called while other ldisc methods are in progress.
1864 */
n_tty_close(struct tty_struct * tty)1865 static void n_tty_close(struct tty_struct *tty)
1866 {
1867 struct n_tty_data *ldata = tty->disc_data;
1868
1869 if (tty->link)
1870 n_tty_packet_mode_flush(tty);
1871
1872 guard(rwsem_write)(&tty->termios_rwsem);
1873 vfree(ldata);
1874 tty->disc_data = NULL;
1875 }
1876
1877 /**
1878 * n_tty_open - open an ldisc
1879 * @tty: terminal to open
1880 *
1881 * Called when this line discipline is being attached to the terminal device.
1882 * Can sleep. Called serialized so that no other events will occur in parallel.
1883 * No further open will occur until a close.
1884 */
n_tty_open(struct tty_struct * tty)1885 static int n_tty_open(struct tty_struct *tty)
1886 {
1887 struct n_tty_data *ldata;
1888
1889 /* Currently a malloc failure here can panic */
1890 ldata = vzalloc(sizeof(*ldata));
1891 if (!ldata)
1892 return -ENOMEM;
1893
1894 ldata->overrun_time = jiffies;
1895 mutex_init(&ldata->atomic_read_lock);
1896 mutex_init(&ldata->output_lock);
1897
1898 tty->disc_data = ldata;
1899 tty->closing = 0;
1900 /* indicate buffer work may resume */
1901 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1902 n_tty_set_termios(tty, NULL);
1903 tty_unthrottle(tty);
1904 return 0;
1905 }
1906
input_available_p(const struct tty_struct * tty,int poll)1907 static inline int input_available_p(const struct tty_struct *tty, int poll)
1908 {
1909 const struct n_tty_data *ldata = tty->disc_data;
1910 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1911
1912 if (ldata->icanon && !L_EXTPROC(tty))
1913 return ldata->canon_head != ldata->read_tail;
1914 else
1915 return ldata->commit_head - ldata->read_tail >= amt;
1916 }
1917
1918 /**
1919 * copy_from_read_buf - copy read data directly
1920 * @tty: terminal device
1921 * @kbp: data
1922 * @nr: size of data
1923 *
1924 * Helper function to speed up n_tty_read(). It is only called when %ICANON is
1925 * off; it copies characters straight from the tty queue.
1926 *
1927 * Returns: true if it successfully copied data, but there is still more data
1928 * to be had.
1929 *
1930 * Locking:
1931 * * called under the @ldata->atomic_read_lock sem
1932 * * n_tty_read()/consumer path:
1933 * caller holds non-exclusive %termios_rwsem;
1934 * read_tail published
1935 */
copy_from_read_buf(const struct tty_struct * tty,u8 ** kbp,size_t * nr)1936 static bool copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
1937 size_t *nr)
1938
1939 {
1940 struct n_tty_data *ldata = tty->disc_data;
1941 size_t n;
1942 bool is_eof;
1943 size_t head = smp_load_acquire(&ldata->commit_head);
1944 size_t tail = MASK(ldata->read_tail);
1945
1946 n = min3(head - ldata->read_tail, N_TTY_BUF_SIZE - tail, *nr);
1947 if (!n)
1948 return false;
1949
1950 u8 *from = read_buf_addr(ldata, tail);
1951 memcpy(*kbp, from, n);
1952 is_eof = n == 1 && *from == EOF_CHAR(tty);
1953 tty_audit_add_data(tty, from, n);
1954 zero_buffer(tty, from, n);
1955 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1956
1957 /* Turn single EOF into zero-length read */
1958 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1959 head == ldata->read_tail)
1960 return false;
1961
1962 *kbp += n;
1963 *nr -= n;
1964
1965 /* If we have more to copy, let the caller know */
1966 return head != ldata->read_tail;
1967 }
1968
1969 /**
1970 * canon_copy_from_read_buf - copy read data in canonical mode
1971 * @tty: terminal device
1972 * @kbp: data
1973 * @nr: size of data
1974 *
1975 * Helper function for n_tty_read(). It is only called when %ICANON is on; it
1976 * copies one line of input up to and including the line-delimiting character
1977 * into the result buffer.
1978 *
1979 * Note: When termios is changed from non-canonical to canonical mode and the
1980 * read buffer contains data, n_tty_set_termios() simulates an EOF push (as if
1981 * C-d were input) _without_ the %DISABLED_CHAR in the buffer. This causes data
1982 * already processed as input to be immediately available as input although a
1983 * newline has not been received.
1984 *
1985 * Locking:
1986 * * called under the %atomic_read_lock mutex
1987 * * n_tty_read()/consumer path:
1988 * caller holds non-exclusive %termios_rwsem;
1989 * read_tail published
1990 */
canon_copy_from_read_buf(const struct tty_struct * tty,u8 ** kbp,size_t * nr)1991 static bool canon_copy_from_read_buf(const struct tty_struct *tty, u8 **kbp,
1992 size_t *nr)
1993 {
1994 struct n_tty_data *ldata = tty->disc_data;
1995 size_t n, size, more, c;
1996 size_t eol;
1997 size_t tail, canon_head;
1998 int found = 0;
1999
2000 /* N.B. avoid overrun if nr == 0 */
2001 if (!*nr)
2002 return false;
2003
2004 canon_head = smp_load_acquire(&ldata->canon_head);
2005 n = min(*nr, canon_head - ldata->read_tail);
2006
2007 tail = MASK(ldata->read_tail);
2008 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2009
2010 eol = find_next_bit(ldata->read_flags, size, tail);
2011 more = n - (size - tail);
2012 if (eol == N_TTY_BUF_SIZE && more) {
2013 /* scan wrapped without finding set bit */
2014 eol = find_first_bit(ldata->read_flags, more);
2015 found = eol != more;
2016 } else
2017 found = eol != size;
2018
2019 n = eol - tail;
2020 if (n > N_TTY_BUF_SIZE)
2021 n += N_TTY_BUF_SIZE;
2022 c = n + found;
2023
2024 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2025 n = c;
2026
2027 tty_copy(tty, *kbp, tail, n);
2028 *kbp += n;
2029 *nr -= n;
2030
2031 if (found)
2032 clear_bit(eol, ldata->read_flags);
2033 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2034
2035 if (found) {
2036 if (!ldata->push)
2037 ldata->line_start = ldata->read_tail;
2038 else
2039 ldata->push = 0;
2040 tty_audit_push();
2041 return false;
2042 }
2043
2044 /* No EOL found - do a continuation retry if there is more data */
2045 return ldata->read_tail != canon_head;
2046 }
2047
2048 /*
2049 * If we finished a read at the exact location of an
2050 * EOF (special EOL character that's a __DISABLED_CHAR)
2051 * in the stream, silently eat the EOF.
2052 */
canon_skip_eof(struct n_tty_data * ldata)2053 static void canon_skip_eof(struct n_tty_data *ldata)
2054 {
2055 size_t tail, canon_head;
2056
2057 canon_head = smp_load_acquire(&ldata->canon_head);
2058 tail = ldata->read_tail;
2059
2060 // No data?
2061 if (tail == canon_head)
2062 return;
2063
2064 // See if the tail position is EOF in the circular buffer
2065 tail &= (N_TTY_BUF_SIZE - 1);
2066 if (!test_bit(tail, ldata->read_flags))
2067 return;
2068 if (read_buf(ldata, tail) != __DISABLED_CHAR)
2069 return;
2070
2071 // Clear the EOL bit, skip the EOF char.
2072 clear_bit(tail, ldata->read_flags);
2073 smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2074 }
2075
2076 /**
2077 * job_control - check job control
2078 * @tty: tty
2079 * @file: file handle
2080 *
2081 * Perform job control management checks on this @file/@tty descriptor and if
2082 * appropriate send any needed signals and return a negative error code if
2083 * action should be taken.
2084 *
2085 * Locking:
2086 * * redirected write test is safe
2087 * * current->signal->tty check is safe
2088 * * ctrl.lock to safely reference @tty->ctrl.pgrp
2089 */
job_control(struct tty_struct * tty,struct file * file)2090 static int job_control(struct tty_struct *tty, struct file *file)
2091 {
2092 /* Job control check -- must be done at start and after
2093 every sleep (POSIX.1 7.1.1.4). */
2094 /* NOTE: not yet done after every sleep pending a thorough
2095 check of the logic of this change. -- jlc */
2096 /* don't stop on /dev/console */
2097 if (file->f_op->write_iter == redirected_tty_write)
2098 return 0;
2099
2100 return __tty_check_change(tty, SIGTTIN);
2101 }
2102
2103 /*
2104 * We still hold the atomic_read_lock and the termios_rwsem, and can just
2105 * continue to copy data.
2106 */
n_tty_continue_cookie(struct tty_struct * tty,u8 * kbuf,size_t nr,void ** cookie)2107 static ssize_t n_tty_continue_cookie(struct tty_struct *tty, u8 *kbuf,
2108 size_t nr, void **cookie)
2109 {
2110 struct n_tty_data *ldata = tty->disc_data;
2111 u8 *kb = kbuf;
2112
2113 if (ldata->icanon && !L_EXTPROC(tty)) {
2114 /*
2115 * If we have filled the user buffer, see if we should skip an
2116 * EOF character before releasing the lock and returning done.
2117 */
2118 if (!nr)
2119 canon_skip_eof(ldata);
2120 else if (canon_copy_from_read_buf(tty, &kb, &nr))
2121 return kb - kbuf;
2122 } else {
2123 if (copy_from_read_buf(tty, &kb, &nr))
2124 return kb - kbuf;
2125 }
2126
2127 /* No more data - release locks and stop retries */
2128 n_tty_kick_worker(tty);
2129 n_tty_check_unthrottle(tty);
2130 up_read(&tty->termios_rwsem);
2131 mutex_unlock(&ldata->atomic_read_lock);
2132 *cookie = NULL;
2133
2134 return kb - kbuf;
2135 }
2136
n_tty_wait_for_input(struct tty_struct * tty,struct file * file,struct wait_queue_entry * wait,long * timeout)2137 static int n_tty_wait_for_input(struct tty_struct *tty, struct file *file,
2138 struct wait_queue_entry *wait, long *timeout)
2139 {
2140 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2141 return -EIO;
2142 if (tty_hung_up_p(file))
2143 return 0;
2144 /*
2145 * Abort readers for ttys which never actually get hung up.
2146 * See __tty_hangup().
2147 */
2148 if (test_bit(TTY_HUPPING, &tty->flags))
2149 return 0;
2150 if (!*timeout)
2151 return 0;
2152 if (tty_io_nonblock(tty, file))
2153 return -EAGAIN;
2154 if (signal_pending(current))
2155 return -ERESTARTSYS;
2156
2157 up_read(&tty->termios_rwsem);
2158 *timeout = wait_woken(wait, TASK_INTERRUPTIBLE, *timeout);
2159 down_read(&tty->termios_rwsem);
2160
2161 return 1;
2162 }
2163
2164 /**
2165 * n_tty_read - read function for tty
2166 * @tty: tty device
2167 * @file: file object
2168 * @kbuf: kernelspace buffer pointer
2169 * @nr: size of I/O
2170 * @cookie: if non-%NULL, this is a continuation read
2171 * @offset: where to continue reading from (unused in n_tty)
2172 *
2173 * Perform reads for the line discipline. We are guaranteed that the line
2174 * discipline will not be closed under us but we may get multiple parallel
2175 * readers and must handle this ourselves. We may also get a hangup. Always
2176 * called in user context, may sleep.
2177 *
2178 * This code must be sure never to sleep through a hangup.
2179 *
2180 * Locking: n_tty_read()/consumer path:
2181 * claims non-exclusive termios_rwsem;
2182 * publishes read_tail
2183 */
n_tty_read(struct tty_struct * tty,struct file * file,u8 * kbuf,size_t nr,void ** cookie,unsigned long offset)2184 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file, u8 *kbuf,
2185 size_t nr, void **cookie, unsigned long offset)
2186 {
2187 struct n_tty_data *ldata = tty->disc_data;
2188 u8 *kb = kbuf;
2189 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2190 int minimum, time;
2191 ssize_t retval;
2192 long timeout;
2193 bool packet;
2194 size_t old_tail;
2195
2196 /* Is this a continuation of a read started earlier? */
2197 if (*cookie)
2198 return n_tty_continue_cookie(tty, kbuf, nr, cookie);
2199
2200 retval = job_control(tty, file);
2201 if (retval < 0)
2202 return retval;
2203
2204 /*
2205 * Internal serialization of reads.
2206 */
2207 if (file->f_flags & O_NONBLOCK) {
2208 if (!mutex_trylock(&ldata->atomic_read_lock))
2209 return -EAGAIN;
2210 } else {
2211 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2212 return -ERESTARTSYS;
2213 }
2214
2215 down_read(&tty->termios_rwsem);
2216
2217 minimum = time = 0;
2218 timeout = MAX_SCHEDULE_TIMEOUT;
2219 if (!ldata->icanon) {
2220 minimum = MIN_CHAR(tty);
2221 if (minimum) {
2222 time = (HZ / 10) * TIME_CHAR(tty);
2223 } else {
2224 timeout = (HZ / 10) * TIME_CHAR(tty);
2225 minimum = 1;
2226 }
2227 }
2228
2229 packet = tty->ctrl.packet;
2230 old_tail = ldata->read_tail;
2231
2232 add_wait_queue(&tty->read_wait, &wait);
2233 while (nr) {
2234 /* First test for status change. */
2235 if (packet && tty->link->ctrl.pktstatus) {
2236 u8 cs;
2237 if (kb != kbuf)
2238 break;
2239 scoped_guard(spinlock_irq, &tty->link->ctrl.lock) {
2240 cs = tty->link->ctrl.pktstatus;
2241 tty->link->ctrl.pktstatus = 0;
2242 }
2243 *kb++ = cs;
2244 nr--;
2245 break;
2246 }
2247
2248 if (!input_available_p(tty, 0)) {
2249 up_read(&tty->termios_rwsem);
2250 tty_buffer_flush_work(tty->port);
2251 down_read(&tty->termios_rwsem);
2252 if (!input_available_p(tty, 0)) {
2253 int ret = n_tty_wait_for_input(tty, file, &wait,
2254 &timeout);
2255 if (ret <= 0) {
2256 retval = ret;
2257 break;
2258 }
2259 continue;
2260 }
2261 }
2262
2263 if (ldata->icanon && !L_EXTPROC(tty)) {
2264 if (canon_copy_from_read_buf(tty, &kb, &nr))
2265 goto more_to_be_read;
2266 } else {
2267 /* Deal with packet mode. */
2268 if (packet && kb == kbuf) {
2269 *kb++ = TIOCPKT_DATA;
2270 nr--;
2271 }
2272
2273 if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum)
2274 goto more_to_be_read;
2275 }
2276
2277 n_tty_check_unthrottle(tty);
2278
2279 if (kb - kbuf >= minimum)
2280 break;
2281 if (time)
2282 timeout = time;
2283 }
2284 if (old_tail != ldata->read_tail) {
2285 /*
2286 * Make sure no_room is not read in n_tty_kick_worker()
2287 * before setting ldata->read_tail in copy_from_read_buf().
2288 */
2289 smp_mb();
2290 n_tty_kick_worker(tty);
2291 }
2292 up_read(&tty->termios_rwsem);
2293
2294 remove_wait_queue(&tty->read_wait, &wait);
2295 mutex_unlock(&ldata->atomic_read_lock);
2296
2297 if (kb - kbuf)
2298 retval = kb - kbuf;
2299
2300 return retval;
2301 more_to_be_read:
2302 /*
2303 * There is more to be had and we have nothing more to wait for, so
2304 * let's mark us for retries.
2305 *
2306 * NOTE! We return here with both the termios_sem and atomic_read_lock
2307 * still held, the retries will release them when done.
2308 */
2309 remove_wait_queue(&tty->read_wait, &wait);
2310 *cookie = cookie;
2311
2312 return kb - kbuf;
2313 }
2314
2315 /**
2316 * n_tty_write - write function for tty
2317 * @tty: tty device
2318 * @file: file object
2319 * @buf: userspace buffer pointer
2320 * @nr: size of I/O
2321 *
2322 * Write function of the terminal device. This is serialized with respect to
2323 * other write callers but not to termios changes, reads and other such events.
2324 * Since the receive code will echo characters, thus calling driver write
2325 * methods, the %output_lock is used in the output processing functions called
2326 * here as well as in the echo processing function to protect the column state
2327 * and space left in the buffer.
2328 *
2329 * This code must be sure never to sleep through a hangup.
2330 *
2331 * Locking: output_lock to protect column state and space left
2332 * (note that the process_output*() functions take this lock themselves)
2333 */
2334
n_tty_write(struct tty_struct * tty,struct file * file,const u8 * buf,size_t nr)2335 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2336 const u8 *buf, size_t nr)
2337 {
2338 const u8 *b = buf;
2339 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2340 ssize_t num, retval = 0;
2341
2342 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2343 if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2344 retval = tty_check_change(tty);
2345 if (retval)
2346 return retval;
2347 }
2348
2349 guard(rwsem_read)(&tty->termios_rwsem);
2350
2351 /* Write out any echoed characters that are still pending */
2352 process_echoes(tty);
2353
2354 add_wait_queue(&tty->write_wait, &wait);
2355 while (1) {
2356 if (signal_pending(current)) {
2357 retval = -ERESTARTSYS;
2358 break;
2359 }
2360 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2361 retval = -EIO;
2362 break;
2363 }
2364 if (O_OPOST(tty)) {
2365 while (nr > 0) {
2366 num = process_output_block(tty, b, nr);
2367 if (num < 0) {
2368 if (num == -EAGAIN)
2369 break;
2370 retval = num;
2371 goto break_out;
2372 }
2373 b += num;
2374 nr -= num;
2375 if (nr == 0)
2376 break;
2377 if (process_output(*b, tty) < 0)
2378 break;
2379 b++; nr--;
2380 }
2381 if (tty->ops->flush_chars)
2382 tty->ops->flush_chars(tty);
2383 } else {
2384 struct n_tty_data *ldata = tty->disc_data;
2385
2386 while (nr > 0) {
2387 scoped_guard(mutex, &ldata->output_lock)
2388 num = tty->ops->write(tty, b, nr);
2389 if (num < 0) {
2390 retval = num;
2391 goto break_out;
2392 }
2393 if (!num)
2394 break;
2395 b += num;
2396 nr -= num;
2397 }
2398 }
2399 if (!nr)
2400 break;
2401 if (tty_io_nonblock(tty, file)) {
2402 retval = -EAGAIN;
2403 break;
2404 }
2405 up_read(&tty->termios_rwsem);
2406
2407 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2408
2409 down_read(&tty->termios_rwsem);
2410 }
2411 break_out:
2412 remove_wait_queue(&tty->write_wait, &wait);
2413 if (nr && tty->fasync)
2414 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2415
2416 return (b - buf) ? b - buf : retval;
2417 }
2418
2419 /**
2420 * n_tty_poll - poll method for N_TTY
2421 * @tty: terminal device
2422 * @file: file accessing it
2423 * @wait: poll table
2424 *
2425 * Called when the line discipline is asked to poll() for data or for special
2426 * events. This code is not serialized with respect to other events save
2427 * open/close.
2428 *
2429 * This code must be sure never to sleep through a hangup.
2430 *
2431 * Locking: called without the kernel lock held -- fine.
2432 */
n_tty_poll(struct tty_struct * tty,struct file * file,poll_table * wait)2433 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2434 poll_table *wait)
2435 {
2436 __poll_t mask = 0;
2437
2438 poll_wait(file, &tty->read_wait, wait);
2439 poll_wait(file, &tty->write_wait, wait);
2440 if (input_available_p(tty, 1))
2441 mask |= EPOLLIN | EPOLLRDNORM;
2442 else {
2443 tty_buffer_flush_work(tty->port);
2444 if (input_available_p(tty, 1))
2445 mask |= EPOLLIN | EPOLLRDNORM;
2446 }
2447 if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2448 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2449 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2450 mask |= EPOLLHUP;
2451 if (tty_hung_up_p(file))
2452 mask |= EPOLLHUP;
2453 if (tty->ops->write && !tty_is_writelocked(tty) &&
2454 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2455 tty_write_room(tty) > 0)
2456 mask |= EPOLLOUT | EPOLLWRNORM;
2457 return mask;
2458 }
2459
inq_canon(struct n_tty_data * ldata)2460 static unsigned long inq_canon(struct n_tty_data *ldata)
2461 {
2462 size_t nr, head, tail;
2463
2464 if (ldata->canon_head == ldata->read_tail)
2465 return 0;
2466 head = ldata->canon_head;
2467 tail = ldata->read_tail;
2468 nr = head - tail;
2469 /* Skip EOF-chars.. */
2470 while (MASK(head) != MASK(tail)) {
2471 if (test_bit(MASK(tail), ldata->read_flags) &&
2472 read_buf(ldata, tail) == __DISABLED_CHAR)
2473 nr--;
2474 tail++;
2475 }
2476 return nr;
2477 }
2478
n_tty_ioctl(struct tty_struct * tty,unsigned int cmd,unsigned long arg)2479 static int n_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
2480 unsigned long arg)
2481 {
2482 struct n_tty_data *ldata = tty->disc_data;
2483 unsigned int num;
2484
2485 switch (cmd) {
2486 case TIOCOUTQ:
2487 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2488 case TIOCINQ:
2489 scoped_guard(rwsem_write, &tty->termios_rwsem)
2490 if (L_ICANON(tty) && !L_EXTPROC(tty))
2491 num = inq_canon(ldata);
2492 else
2493 num = read_cnt(ldata);
2494 return put_user(num, (unsigned int __user *) arg);
2495 default:
2496 return n_tty_ioctl_helper(tty, cmd, arg);
2497 }
2498 }
2499
2500 static struct tty_ldisc_ops n_tty_ops = {
2501 .owner = THIS_MODULE,
2502 .num = N_TTY,
2503 .name = "n_tty",
2504 .open = n_tty_open,
2505 .close = n_tty_close,
2506 .flush_buffer = n_tty_flush_buffer,
2507 .read = n_tty_read,
2508 .write = n_tty_write,
2509 .ioctl = n_tty_ioctl,
2510 .set_termios = n_tty_set_termios,
2511 .poll = n_tty_poll,
2512 .receive_buf = n_tty_receive_buf,
2513 .write_wakeup = n_tty_write_wakeup,
2514 .receive_buf2 = n_tty_receive_buf2,
2515 .lookahead_buf = n_tty_lookahead_flow_ctrl,
2516 };
2517
2518 /**
2519 * n_tty_inherit_ops - inherit N_TTY methods
2520 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2521 *
2522 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2523 */
2524
n_tty_inherit_ops(struct tty_ldisc_ops * ops)2525 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2526 {
2527 *ops = n_tty_ops;
2528 ops->owner = NULL;
2529 }
2530 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2531
n_tty_init(void)2532 void __init n_tty_init(void)
2533 {
2534 tty_register_ldisc(&n_tty_ops);
2535 }
2536