xref: /linux/drivers/tty/n_tty.c (revision 3c4fc7bf4c9e66fe71abcbf93f62f4ddb89b7f15)
1 // SPDX-License-Identifier: GPL-1.0+
2 /*
3  * n_tty.c --- implements the N_TTY line discipline.
4  *
5  * This code used to be in tty_io.c, but things are getting hairy
6  * enough that it made sense to split things off.  (The N_TTY
7  * processing has changed so much that it's hardly recognizable,
8  * anyway...)
9  *
10  * Note that the open routine for N_TTY is guaranteed never to return
11  * an error.  This is because Linux will fall back to setting a line
12  * to N_TTY if it can not switch to any other line discipline.
13  *
14  * Written by Theodore Ts'o, Copyright 1994.
15  *
16  * This file also contains code originally written by Linus Torvalds,
17  * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18  *
19  * Reduced memory usage for older ARM systems  - Russell King.
20  *
21  * 2000/01/20   Fixed SMP locking on put_tty_queue using bits of
22  *		the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23  *		who actually finally proved there really was a race.
24  *
25  * 2002/03/18   Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26  *		waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27  *		Also fixed a bug in BLOCKING mode where n_tty_write returns
28  *		EAGAIN
29  */
30 
31 #include <linux/types.h>
32 #include <linux/major.h>
33 #include <linux/errno.h>
34 #include <linux/signal.h>
35 #include <linux/fcntl.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/tty.h>
39 #include <linux/timer.h>
40 #include <linux/ctype.h>
41 #include <linux/mm.h>
42 #include <linux/string.h>
43 #include <linux/slab.h>
44 #include <linux/poll.h>
45 #include <linux/bitops.h>
46 #include <linux/audit.h>
47 #include <linux/file.h>
48 #include <linux/uaccess.h>
49 #include <linux/module.h>
50 #include <linux/ratelimit.h>
51 #include <linux/vmalloc.h>
52 #include "tty.h"
53 
54 /*
55  * Until this number of characters is queued in the xmit buffer, select will
56  * return "we have room for writes".
57  */
58 #define WAKEUP_CHARS 256
59 
60 /*
61  * This defines the low- and high-watermarks for throttling and
62  * unthrottling the TTY driver.  These watermarks are used for
63  * controlling the space in the read buffer.
64  */
65 #define TTY_THRESHOLD_THROTTLE		128 /* now based on remaining room */
66 #define TTY_THRESHOLD_UNTHROTTLE	128
67 
68 /*
69  * Special byte codes used in the echo buffer to represent operations
70  * or special handling of characters.  Bytes in the echo buffer that
71  * are not part of such special blocks are treated as normal character
72  * codes.
73  */
74 #define ECHO_OP_START 0xff
75 #define ECHO_OP_MOVE_BACK_COL 0x80
76 #define ECHO_OP_SET_CANON_COL 0x81
77 #define ECHO_OP_ERASE_TAB 0x82
78 
79 #define ECHO_COMMIT_WATERMARK	256
80 #define ECHO_BLOCK		256
81 #define ECHO_DISCARD_WATERMARK	N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
82 
83 
84 #undef N_TTY_TRACE
85 #ifdef N_TTY_TRACE
86 # define n_tty_trace(f, args...)	trace_printk(f, ##args)
87 #else
88 # define n_tty_trace(f, args...)	no_printk(f, ##args)
89 #endif
90 
91 struct n_tty_data {
92 	/* producer-published */
93 	size_t read_head;
94 	size_t commit_head;
95 	size_t canon_head;
96 	size_t echo_head;
97 	size_t echo_commit;
98 	size_t echo_mark;
99 	DECLARE_BITMAP(char_map, 256);
100 
101 	/* private to n_tty_receive_overrun (single-threaded) */
102 	unsigned long overrun_time;
103 	int num_overrun;
104 
105 	/* non-atomic */
106 	bool no_room;
107 
108 	/* must hold exclusive termios_rwsem to reset these */
109 	unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
110 	unsigned char push:1;
111 
112 	/* shared by producer and consumer */
113 	char read_buf[N_TTY_BUF_SIZE];
114 	DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
115 	unsigned char echo_buf[N_TTY_BUF_SIZE];
116 
117 	/* consumer-published */
118 	size_t read_tail;
119 	size_t line_start;
120 
121 	/* # of chars looked ahead (to find software flow control chars) */
122 	size_t lookahead_count;
123 
124 	/* protected by output lock */
125 	unsigned int column;
126 	unsigned int canon_column;
127 	size_t echo_tail;
128 
129 	struct mutex atomic_read_lock;
130 	struct mutex output_lock;
131 };
132 
133 #define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
134 
135 static inline size_t read_cnt(struct n_tty_data *ldata)
136 {
137 	return ldata->read_head - ldata->read_tail;
138 }
139 
140 static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
141 {
142 	return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
143 }
144 
145 static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
146 {
147 	return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
148 }
149 
150 static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
151 {
152 	smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
153 	return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
154 }
155 
156 static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
157 {
158 	return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
159 }
160 
161 /* If we are not echoing the data, perhaps this is a secret so erase it */
162 static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
163 {
164 	bool icanon = !!L_ICANON(tty);
165 	bool no_echo = !L_ECHO(tty);
166 
167 	if (icanon && no_echo)
168 		memset(buffer, 0x00, size);
169 }
170 
171 static void tty_copy(struct tty_struct *tty, void *to, size_t tail, size_t n)
172 {
173 	struct n_tty_data *ldata = tty->disc_data;
174 	size_t size = N_TTY_BUF_SIZE - tail;
175 	void *from = read_buf_addr(ldata, tail);
176 
177 	if (n > size) {
178 		tty_audit_add_data(tty, from, size);
179 		memcpy(to, from, size);
180 		zero_buffer(tty, from, size);
181 		to += size;
182 		n -= size;
183 		from = ldata->read_buf;
184 	}
185 
186 	tty_audit_add_data(tty, from, n);
187 	memcpy(to, from, n);
188 	zero_buffer(tty, from, n);
189 }
190 
191 /**
192  * n_tty_kick_worker - start input worker (if required)
193  * @tty: terminal
194  *
195  * Re-schedules the flip buffer work if it may have stopped.
196  *
197  * Locking:
198  *  * Caller holds exclusive %termios_rwsem, or
199  *  * n_tty_read()/consumer path:
200  *	holds non-exclusive %termios_rwsem
201  */
202 static void n_tty_kick_worker(struct tty_struct *tty)
203 {
204 	struct n_tty_data *ldata = tty->disc_data;
205 
206 	/* Did the input worker stop? Restart it */
207 	if (unlikely(ldata->no_room)) {
208 		ldata->no_room = 0;
209 
210 		WARN_RATELIMIT(tty->port->itty == NULL,
211 				"scheduling with invalid itty\n");
212 		/* see if ldisc has been killed - if so, this means that
213 		 * even though the ldisc has been halted and ->buf.work
214 		 * cancelled, ->buf.work is about to be rescheduled
215 		 */
216 		WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
217 			       "scheduling buffer work for halted ldisc\n");
218 		tty_buffer_restart_work(tty->port);
219 	}
220 }
221 
222 static ssize_t chars_in_buffer(struct tty_struct *tty)
223 {
224 	struct n_tty_data *ldata = tty->disc_data;
225 	ssize_t n = 0;
226 
227 	if (!ldata->icanon)
228 		n = ldata->commit_head - ldata->read_tail;
229 	else
230 		n = ldata->canon_head - ldata->read_tail;
231 	return n;
232 }
233 
234 /**
235  * n_tty_write_wakeup	-	asynchronous I/O notifier
236  * @tty: tty device
237  *
238  * Required for the ptys, serial driver etc. since processes that attach
239  * themselves to the master and rely on ASYNC IO must be woken up.
240  */
241 static void n_tty_write_wakeup(struct tty_struct *tty)
242 {
243 	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
244 	kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
245 }
246 
247 static void n_tty_check_throttle(struct tty_struct *tty)
248 {
249 	struct n_tty_data *ldata = tty->disc_data;
250 
251 	/*
252 	 * Check the remaining room for the input canonicalization
253 	 * mode.  We don't want to throttle the driver if we're in
254 	 * canonical mode and don't have a newline yet!
255 	 */
256 	if (ldata->icanon && ldata->canon_head == ldata->read_tail)
257 		return;
258 
259 	while (1) {
260 		int throttled;
261 		tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
262 		if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
263 			break;
264 		throttled = tty_throttle_safe(tty);
265 		if (!throttled)
266 			break;
267 	}
268 	__tty_set_flow_change(tty, 0);
269 }
270 
271 static void n_tty_check_unthrottle(struct tty_struct *tty)
272 {
273 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
274 		if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
275 			return;
276 		n_tty_kick_worker(tty);
277 		tty_wakeup(tty->link);
278 		return;
279 	}
280 
281 	/* If there is enough space in the read buffer now, let the
282 	 * low-level driver know. We use chars_in_buffer() to
283 	 * check the buffer, as it now knows about canonical mode.
284 	 * Otherwise, if the driver is throttled and the line is
285 	 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
286 	 * we won't get any more characters.
287 	 */
288 
289 	while (1) {
290 		int unthrottled;
291 		tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
292 		if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
293 			break;
294 		n_tty_kick_worker(tty);
295 		unthrottled = tty_unthrottle_safe(tty);
296 		if (!unthrottled)
297 			break;
298 	}
299 	__tty_set_flow_change(tty, 0);
300 }
301 
302 /**
303  * put_tty_queue		-	add character to tty
304  * @c: character
305  * @ldata: n_tty data
306  *
307  * Add a character to the tty read_buf queue.
308  *
309  * Locking:
310  *  * n_tty_receive_buf()/producer path:
311  *	caller holds non-exclusive %termios_rwsem
312  */
313 static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
314 {
315 	*read_buf_addr(ldata, ldata->read_head) = c;
316 	ldata->read_head++;
317 }
318 
319 /**
320  * reset_buffer_flags	-	reset buffer state
321  * @ldata: line disc data to reset
322  *
323  * Reset the read buffer counters and clear the flags. Called from
324  * n_tty_open() and n_tty_flush_buffer().
325  *
326  * Locking:
327  *  * caller holds exclusive %termios_rwsem, or
328  *  * (locking is not required)
329  */
330 static void reset_buffer_flags(struct n_tty_data *ldata)
331 {
332 	ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
333 	ldata->commit_head = 0;
334 	ldata->line_start = 0;
335 
336 	ldata->erasing = 0;
337 	bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
338 	ldata->push = 0;
339 
340 	ldata->lookahead_count = 0;
341 }
342 
343 static void n_tty_packet_mode_flush(struct tty_struct *tty)
344 {
345 	unsigned long flags;
346 
347 	if (tty->link->ctrl.packet) {
348 		spin_lock_irqsave(&tty->ctrl.lock, flags);
349 		tty->ctrl.pktstatus |= TIOCPKT_FLUSHREAD;
350 		spin_unlock_irqrestore(&tty->ctrl.lock, flags);
351 		wake_up_interruptible(&tty->link->read_wait);
352 	}
353 }
354 
355 /**
356  * n_tty_flush_buffer	-	clean input queue
357  * @tty: terminal device
358  *
359  * Flush the input buffer. Called when the tty layer wants the buffer flushed
360  * (eg at hangup) or when the %N_TTY line discipline internally has to clean
361  * the pending queue (for example some signals).
362  *
363  * Holds %termios_rwsem to exclude producer/consumer while buffer indices are
364  * reset.
365  *
366  * Locking: %ctrl.lock, exclusive %termios_rwsem
367  */
368 static void n_tty_flush_buffer(struct tty_struct *tty)
369 {
370 	down_write(&tty->termios_rwsem);
371 	reset_buffer_flags(tty->disc_data);
372 	n_tty_kick_worker(tty);
373 
374 	if (tty->link)
375 		n_tty_packet_mode_flush(tty);
376 	up_write(&tty->termios_rwsem);
377 }
378 
379 /**
380  * is_utf8_continuation	-	utf8 multibyte check
381  * @c: byte to check
382  *
383  * Returns: true if the utf8 character @c is a multibyte continuation
384  * character. We use this to correctly compute the on-screen size of the
385  * character when printing.
386  */
387 static inline int is_utf8_continuation(unsigned char c)
388 {
389 	return (c & 0xc0) == 0x80;
390 }
391 
392 /**
393  * is_continuation	-	multibyte check
394  * @c: byte to check
395  * @tty: terminal device
396  *
397  * Returns: true if the utf8 character @c is a multibyte continuation character
398  * and the terminal is in unicode mode.
399  */
400 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
401 {
402 	return I_IUTF8(tty) && is_utf8_continuation(c);
403 }
404 
405 /**
406  * do_output_char	-	output one character
407  * @c: character (or partial unicode symbol)
408  * @tty: terminal device
409  * @space: space available in tty driver write buffer
410  *
411  * This is a helper function that handles one output character (including
412  * special characters like TAB, CR, LF, etc.), doing OPOST processing and
413  * putting the results in the tty driver's write buffer.
414  *
415  * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY and NLDLY.
416  * They simply aren't relevant in the world today. If you ever need them, add
417  * them here.
418  *
419  * Returns: the number of bytes of buffer space used or -1 if no space left.
420  *
421  * Locking: should be called under the %output_lock to protect the column state
422  * and space left in the buffer.
423  */
424 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
425 {
426 	struct n_tty_data *ldata = tty->disc_data;
427 	int	spaces;
428 
429 	if (!space)
430 		return -1;
431 
432 	switch (c) {
433 	case '\n':
434 		if (O_ONLRET(tty))
435 			ldata->column = 0;
436 		if (O_ONLCR(tty)) {
437 			if (space < 2)
438 				return -1;
439 			ldata->canon_column = ldata->column = 0;
440 			tty->ops->write(tty, "\r\n", 2);
441 			return 2;
442 		}
443 		ldata->canon_column = ldata->column;
444 		break;
445 	case '\r':
446 		if (O_ONOCR(tty) && ldata->column == 0)
447 			return 0;
448 		if (O_OCRNL(tty)) {
449 			c = '\n';
450 			if (O_ONLRET(tty))
451 				ldata->canon_column = ldata->column = 0;
452 			break;
453 		}
454 		ldata->canon_column = ldata->column = 0;
455 		break;
456 	case '\t':
457 		spaces = 8 - (ldata->column & 7);
458 		if (O_TABDLY(tty) == XTABS) {
459 			if (space < spaces)
460 				return -1;
461 			ldata->column += spaces;
462 			tty->ops->write(tty, "        ", spaces);
463 			return spaces;
464 		}
465 		ldata->column += spaces;
466 		break;
467 	case '\b':
468 		if (ldata->column > 0)
469 			ldata->column--;
470 		break;
471 	default:
472 		if (!iscntrl(c)) {
473 			if (O_OLCUC(tty))
474 				c = toupper(c);
475 			if (!is_continuation(c, tty))
476 				ldata->column++;
477 		}
478 		break;
479 	}
480 
481 	tty_put_char(tty, c);
482 	return 1;
483 }
484 
485 /**
486  * process_output	-	output post processor
487  * @c: character (or partial unicode symbol)
488  * @tty: terminal device
489  *
490  * Output one character with OPOST processing.
491  *
492  * Returns: -1 when the output device is full and the character must be
493  * retried.
494  *
495  * Locking: %output_lock to protect column state and space left (also, this is
496  *called from n_tty_write() under the tty layer write lock).
497  */
498 static int process_output(unsigned char c, struct tty_struct *tty)
499 {
500 	struct n_tty_data *ldata = tty->disc_data;
501 	int	space, retval;
502 
503 	mutex_lock(&ldata->output_lock);
504 
505 	space = tty_write_room(tty);
506 	retval = do_output_char(c, tty, space);
507 
508 	mutex_unlock(&ldata->output_lock);
509 	if (retval < 0)
510 		return -1;
511 	else
512 		return 0;
513 }
514 
515 /**
516  * process_output_block	-	block post processor
517  * @tty: terminal device
518  * @buf: character buffer
519  * @nr: number of bytes to output
520  *
521  * Output a block of characters with OPOST processing.
522  *
523  * This path is used to speed up block console writes, among other things when
524  * processing blocks of output data. It handles only the simple cases normally
525  * found and helps to generate blocks of symbols for the console driver and
526  * thus improve performance.
527  *
528  * Returns: the number of characters output.
529  *
530  * Locking: %output_lock to protect column state and space left (also, this is
531  * called from n_tty_write() under the tty layer write lock).
532  */
533 static ssize_t process_output_block(struct tty_struct *tty,
534 				    const unsigned char *buf, unsigned int nr)
535 {
536 	struct n_tty_data *ldata = tty->disc_data;
537 	int	space;
538 	int	i;
539 	const unsigned char *cp;
540 
541 	mutex_lock(&ldata->output_lock);
542 
543 	space = tty_write_room(tty);
544 	if (space <= 0) {
545 		mutex_unlock(&ldata->output_lock);
546 		return space;
547 	}
548 	if (nr > space)
549 		nr = space;
550 
551 	for (i = 0, cp = buf; i < nr; i++, cp++) {
552 		unsigned char c = *cp;
553 
554 		switch (c) {
555 		case '\n':
556 			if (O_ONLRET(tty))
557 				ldata->column = 0;
558 			if (O_ONLCR(tty))
559 				goto break_out;
560 			ldata->canon_column = ldata->column;
561 			break;
562 		case '\r':
563 			if (O_ONOCR(tty) && ldata->column == 0)
564 				goto break_out;
565 			if (O_OCRNL(tty))
566 				goto break_out;
567 			ldata->canon_column = ldata->column = 0;
568 			break;
569 		case '\t':
570 			goto break_out;
571 		case '\b':
572 			if (ldata->column > 0)
573 				ldata->column--;
574 			break;
575 		default:
576 			if (!iscntrl(c)) {
577 				if (O_OLCUC(tty))
578 					goto break_out;
579 				if (!is_continuation(c, tty))
580 					ldata->column++;
581 			}
582 			break;
583 		}
584 	}
585 break_out:
586 	i = tty->ops->write(tty, buf, i);
587 
588 	mutex_unlock(&ldata->output_lock);
589 	return i;
590 }
591 
592 /**
593  * __process_echoes	-	write pending echo characters
594  * @tty: terminal device
595  *
596  * Write previously buffered echo (and other ldisc-generated) characters to the
597  * tty.
598  *
599  * Characters generated by the ldisc (including echoes) need to be buffered
600  * because the driver's write buffer can fill during heavy program output.
601  * Echoing straight to the driver will often fail under these conditions,
602  * causing lost characters and resulting mismatches of ldisc state information.
603  *
604  * Since the ldisc state must represent the characters actually sent to the
605  * driver at the time of the write, operations like certain changes in column
606  * state are also saved in the buffer and executed here.
607  *
608  * A circular fifo buffer is used so that the most recent characters are
609  * prioritized. Also, when control characters are echoed with a prefixed "^",
610  * the pair is treated atomically and thus not separated.
611  *
612  * Locking: callers must hold %output_lock.
613  */
614 static size_t __process_echoes(struct tty_struct *tty)
615 {
616 	struct n_tty_data *ldata = tty->disc_data;
617 	int	space, old_space;
618 	size_t tail;
619 	unsigned char c;
620 
621 	old_space = space = tty_write_room(tty);
622 
623 	tail = ldata->echo_tail;
624 	while (MASK(ldata->echo_commit) != MASK(tail)) {
625 		c = echo_buf(ldata, tail);
626 		if (c == ECHO_OP_START) {
627 			unsigned char op;
628 			int no_space_left = 0;
629 
630 			/*
631 			 * Since add_echo_byte() is called without holding
632 			 * output_lock, we might see only portion of multi-byte
633 			 * operation.
634 			 */
635 			if (MASK(ldata->echo_commit) == MASK(tail + 1))
636 				goto not_yet_stored;
637 			/*
638 			 * If the buffer byte is the start of a multi-byte
639 			 * operation, get the next byte, which is either the
640 			 * op code or a control character value.
641 			 */
642 			op = echo_buf(ldata, tail + 1);
643 
644 			switch (op) {
645 			case ECHO_OP_ERASE_TAB: {
646 				unsigned int num_chars, num_bs;
647 
648 				if (MASK(ldata->echo_commit) == MASK(tail + 2))
649 					goto not_yet_stored;
650 				num_chars = echo_buf(ldata, tail + 2);
651 
652 				/*
653 				 * Determine how many columns to go back
654 				 * in order to erase the tab.
655 				 * This depends on the number of columns
656 				 * used by other characters within the tab
657 				 * area.  If this (modulo 8) count is from
658 				 * the start of input rather than from a
659 				 * previous tab, we offset by canon column.
660 				 * Otherwise, tab spacing is normal.
661 				 */
662 				if (!(num_chars & 0x80))
663 					num_chars += ldata->canon_column;
664 				num_bs = 8 - (num_chars & 7);
665 
666 				if (num_bs > space) {
667 					no_space_left = 1;
668 					break;
669 				}
670 				space -= num_bs;
671 				while (num_bs--) {
672 					tty_put_char(tty, '\b');
673 					if (ldata->column > 0)
674 						ldata->column--;
675 				}
676 				tail += 3;
677 				break;
678 			}
679 			case ECHO_OP_SET_CANON_COL:
680 				ldata->canon_column = ldata->column;
681 				tail += 2;
682 				break;
683 
684 			case ECHO_OP_MOVE_BACK_COL:
685 				if (ldata->column > 0)
686 					ldata->column--;
687 				tail += 2;
688 				break;
689 
690 			case ECHO_OP_START:
691 				/* This is an escaped echo op start code */
692 				if (!space) {
693 					no_space_left = 1;
694 					break;
695 				}
696 				tty_put_char(tty, ECHO_OP_START);
697 				ldata->column++;
698 				space--;
699 				tail += 2;
700 				break;
701 
702 			default:
703 				/*
704 				 * If the op is not a special byte code,
705 				 * it is a ctrl char tagged to be echoed
706 				 * as "^X" (where X is the letter
707 				 * representing the control char).
708 				 * Note that we must ensure there is
709 				 * enough space for the whole ctrl pair.
710 				 *
711 				 */
712 				if (space < 2) {
713 					no_space_left = 1;
714 					break;
715 				}
716 				tty_put_char(tty, '^');
717 				tty_put_char(tty, op ^ 0100);
718 				ldata->column += 2;
719 				space -= 2;
720 				tail += 2;
721 			}
722 
723 			if (no_space_left)
724 				break;
725 		} else {
726 			if (O_OPOST(tty)) {
727 				int retval = do_output_char(c, tty, space);
728 				if (retval < 0)
729 					break;
730 				space -= retval;
731 			} else {
732 				if (!space)
733 					break;
734 				tty_put_char(tty, c);
735 				space -= 1;
736 			}
737 			tail += 1;
738 		}
739 	}
740 
741 	/* If the echo buffer is nearly full (so that the possibility exists
742 	 * of echo overrun before the next commit), then discard enough
743 	 * data at the tail to prevent a subsequent overrun */
744 	while (ldata->echo_commit > tail &&
745 	       ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
746 		if (echo_buf(ldata, tail) == ECHO_OP_START) {
747 			if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
748 				tail += 3;
749 			else
750 				tail += 2;
751 		} else
752 			tail++;
753 	}
754 
755  not_yet_stored:
756 	ldata->echo_tail = tail;
757 	return old_space - space;
758 }
759 
760 static void commit_echoes(struct tty_struct *tty)
761 {
762 	struct n_tty_data *ldata = tty->disc_data;
763 	size_t nr, old, echoed;
764 	size_t head;
765 
766 	mutex_lock(&ldata->output_lock);
767 	head = ldata->echo_head;
768 	ldata->echo_mark = head;
769 	old = ldata->echo_commit - ldata->echo_tail;
770 
771 	/* Process committed echoes if the accumulated # of bytes
772 	 * is over the threshold (and try again each time another
773 	 * block is accumulated) */
774 	nr = head - ldata->echo_tail;
775 	if (nr < ECHO_COMMIT_WATERMARK ||
776 	    (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
777 		mutex_unlock(&ldata->output_lock);
778 		return;
779 	}
780 
781 	ldata->echo_commit = head;
782 	echoed = __process_echoes(tty);
783 	mutex_unlock(&ldata->output_lock);
784 
785 	if (echoed && tty->ops->flush_chars)
786 		tty->ops->flush_chars(tty);
787 }
788 
789 static void process_echoes(struct tty_struct *tty)
790 {
791 	struct n_tty_data *ldata = tty->disc_data;
792 	size_t echoed;
793 
794 	if (ldata->echo_mark == ldata->echo_tail)
795 		return;
796 
797 	mutex_lock(&ldata->output_lock);
798 	ldata->echo_commit = ldata->echo_mark;
799 	echoed = __process_echoes(tty);
800 	mutex_unlock(&ldata->output_lock);
801 
802 	if (echoed && tty->ops->flush_chars)
803 		tty->ops->flush_chars(tty);
804 }
805 
806 /* NB: echo_mark and echo_head should be equivalent here */
807 static void flush_echoes(struct tty_struct *tty)
808 {
809 	struct n_tty_data *ldata = tty->disc_data;
810 
811 	if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
812 	    ldata->echo_commit == ldata->echo_head)
813 		return;
814 
815 	mutex_lock(&ldata->output_lock);
816 	ldata->echo_commit = ldata->echo_head;
817 	__process_echoes(tty);
818 	mutex_unlock(&ldata->output_lock);
819 }
820 
821 /**
822  * add_echo_byte	-	add a byte to the echo buffer
823  * @c: unicode byte to echo
824  * @ldata: n_tty data
825  *
826  * Add a character or operation byte to the echo buffer.
827  */
828 static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
829 {
830 	*echo_buf_addr(ldata, ldata->echo_head) = c;
831 	smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
832 	ldata->echo_head++;
833 }
834 
835 /**
836  * echo_move_back_col	-	add operation to move back a column
837  * @ldata: n_tty data
838  *
839  * Add an operation to the echo buffer to move back one column.
840  */
841 static void echo_move_back_col(struct n_tty_data *ldata)
842 {
843 	add_echo_byte(ECHO_OP_START, ldata);
844 	add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
845 }
846 
847 /**
848  * echo_set_canon_col	-	add operation to set the canon column
849  * @ldata: n_tty data
850  *
851  * Add an operation to the echo buffer to set the canon column to the current
852  * column.
853  */
854 static void echo_set_canon_col(struct n_tty_data *ldata)
855 {
856 	add_echo_byte(ECHO_OP_START, ldata);
857 	add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
858 }
859 
860 /**
861  * echo_erase_tab	-	add operation to erase a tab
862  * @num_chars: number of character columns already used
863  * @after_tab: true if num_chars starts after a previous tab
864  * @ldata: n_tty data
865  *
866  * Add an operation to the echo buffer to erase a tab.
867  *
868  * Called by the eraser function, which knows how many character columns have
869  * been used since either a previous tab or the start of input. This
870  * information will be used later, along with canon column (if applicable), to
871  * go back the correct number of columns.
872  */
873 static void echo_erase_tab(unsigned int num_chars, int after_tab,
874 			   struct n_tty_data *ldata)
875 {
876 	add_echo_byte(ECHO_OP_START, ldata);
877 	add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
878 
879 	/* We only need to know this modulo 8 (tab spacing) */
880 	num_chars &= 7;
881 
882 	/* Set the high bit as a flag if num_chars is after a previous tab */
883 	if (after_tab)
884 		num_chars |= 0x80;
885 
886 	add_echo_byte(num_chars, ldata);
887 }
888 
889 /**
890  * echo_char_raw	-	echo a character raw
891  * @c: unicode byte to echo
892  * @ldata: line disc data
893  *
894  * Echo user input back onto the screen. This must be called only when
895  * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
896  *
897  * This variant does not treat control characters specially.
898  */
899 static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
900 {
901 	if (c == ECHO_OP_START) {
902 		add_echo_byte(ECHO_OP_START, ldata);
903 		add_echo_byte(ECHO_OP_START, ldata);
904 	} else {
905 		add_echo_byte(c, ldata);
906 	}
907 }
908 
909 /**
910  * echo_char		-	echo a character
911  * @c: unicode byte to echo
912  * @tty: terminal device
913  *
914  * Echo user input back onto the screen. This must be called only when
915  * L_ECHO(tty) is true. Called from the &tty_driver.receive_buf() path.
916  *
917  * This variant tags control characters to be echoed as "^X" (where X is the
918  * letter representing the control char).
919  */
920 static void echo_char(unsigned char c, struct tty_struct *tty)
921 {
922 	struct n_tty_data *ldata = tty->disc_data;
923 
924 	if (c == ECHO_OP_START) {
925 		add_echo_byte(ECHO_OP_START, ldata);
926 		add_echo_byte(ECHO_OP_START, ldata);
927 	} else {
928 		if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
929 			add_echo_byte(ECHO_OP_START, ldata);
930 		add_echo_byte(c, ldata);
931 	}
932 }
933 
934 /**
935  * finish_erasing	-	complete erase
936  * @ldata: n_tty data
937  */
938 static inline void finish_erasing(struct n_tty_data *ldata)
939 {
940 	if (ldata->erasing) {
941 		echo_char_raw('/', ldata);
942 		ldata->erasing = 0;
943 	}
944 }
945 
946 /**
947  * eraser		-	handle erase function
948  * @c: character input
949  * @tty: terminal device
950  *
951  * Perform erase and necessary output when an erase character is present in the
952  * stream from the driver layer. Handles the complexities of UTF-8 multibyte
953  * symbols.
954  *
955  * Locking: n_tty_receive_buf()/producer path:
956  *	caller holds non-exclusive %termios_rwsem
957  */
958 static void eraser(unsigned char c, struct tty_struct *tty)
959 {
960 	struct n_tty_data *ldata = tty->disc_data;
961 	enum { ERASE, WERASE, KILL } kill_type;
962 	size_t head;
963 	size_t cnt;
964 	int seen_alnums;
965 
966 	if (ldata->read_head == ldata->canon_head) {
967 		/* process_output('\a', tty); */ /* what do you think? */
968 		return;
969 	}
970 	if (c == ERASE_CHAR(tty))
971 		kill_type = ERASE;
972 	else if (c == WERASE_CHAR(tty))
973 		kill_type = WERASE;
974 	else {
975 		if (!L_ECHO(tty)) {
976 			ldata->read_head = ldata->canon_head;
977 			return;
978 		}
979 		if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
980 			ldata->read_head = ldata->canon_head;
981 			finish_erasing(ldata);
982 			echo_char(KILL_CHAR(tty), tty);
983 			/* Add a newline if ECHOK is on and ECHOKE is off. */
984 			if (L_ECHOK(tty))
985 				echo_char_raw('\n', ldata);
986 			return;
987 		}
988 		kill_type = KILL;
989 	}
990 
991 	seen_alnums = 0;
992 	while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
993 		head = ldata->read_head;
994 
995 		/* erase a single possibly multibyte character */
996 		do {
997 			head--;
998 			c = read_buf(ldata, head);
999 		} while (is_continuation(c, tty) &&
1000 			 MASK(head) != MASK(ldata->canon_head));
1001 
1002 		/* do not partially erase */
1003 		if (is_continuation(c, tty))
1004 			break;
1005 
1006 		if (kill_type == WERASE) {
1007 			/* Equivalent to BSD's ALTWERASE. */
1008 			if (isalnum(c) || c == '_')
1009 				seen_alnums++;
1010 			else if (seen_alnums)
1011 				break;
1012 		}
1013 		cnt = ldata->read_head - head;
1014 		ldata->read_head = head;
1015 		if (L_ECHO(tty)) {
1016 			if (L_ECHOPRT(tty)) {
1017 				if (!ldata->erasing) {
1018 					echo_char_raw('\\', ldata);
1019 					ldata->erasing = 1;
1020 				}
1021 				/* if cnt > 1, output a multi-byte character */
1022 				echo_char(c, tty);
1023 				while (--cnt > 0) {
1024 					head++;
1025 					echo_char_raw(read_buf(ldata, head), ldata);
1026 					echo_move_back_col(ldata);
1027 				}
1028 			} else if (kill_type == ERASE && !L_ECHOE(tty)) {
1029 				echo_char(ERASE_CHAR(tty), tty);
1030 			} else if (c == '\t') {
1031 				unsigned int num_chars = 0;
1032 				int after_tab = 0;
1033 				size_t tail = ldata->read_head;
1034 
1035 				/*
1036 				 * Count the columns used for characters
1037 				 * since the start of input or after a
1038 				 * previous tab.
1039 				 * This info is used to go back the correct
1040 				 * number of columns.
1041 				 */
1042 				while (MASK(tail) != MASK(ldata->canon_head)) {
1043 					tail--;
1044 					c = read_buf(ldata, tail);
1045 					if (c == '\t') {
1046 						after_tab = 1;
1047 						break;
1048 					} else if (iscntrl(c)) {
1049 						if (L_ECHOCTL(tty))
1050 							num_chars += 2;
1051 					} else if (!is_continuation(c, tty)) {
1052 						num_chars++;
1053 					}
1054 				}
1055 				echo_erase_tab(num_chars, after_tab, ldata);
1056 			} else {
1057 				if (iscntrl(c) && L_ECHOCTL(tty)) {
1058 					echo_char_raw('\b', ldata);
1059 					echo_char_raw(' ', ldata);
1060 					echo_char_raw('\b', ldata);
1061 				}
1062 				if (!iscntrl(c) || L_ECHOCTL(tty)) {
1063 					echo_char_raw('\b', ldata);
1064 					echo_char_raw(' ', ldata);
1065 					echo_char_raw('\b', ldata);
1066 				}
1067 			}
1068 		}
1069 		if (kill_type == ERASE)
1070 			break;
1071 	}
1072 	if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1073 		finish_erasing(ldata);
1074 }
1075 
1076 
1077 static void __isig(int sig, struct tty_struct *tty)
1078 {
1079 	struct pid *tty_pgrp = tty_get_pgrp(tty);
1080 	if (tty_pgrp) {
1081 		kill_pgrp(tty_pgrp, sig, 1);
1082 		put_pid(tty_pgrp);
1083 	}
1084 }
1085 
1086 /**
1087  * isig			-	handle the ISIG optio
1088  * @sig: signal
1089  * @tty: terminal
1090  *
1091  * Called when a signal is being sent due to terminal input. Called from the
1092  * &tty_driver.receive_buf() path, so serialized.
1093  *
1094  * Performs input and output flush if !NOFLSH. In this context, the echo
1095  * buffer is 'output'. The signal is processed first to alert any current
1096  * readers or writers to discontinue and exit their i/o loops.
1097  *
1098  * Locking: %ctrl.lock
1099  */
1100 static void isig(int sig, struct tty_struct *tty)
1101 {
1102 	struct n_tty_data *ldata = tty->disc_data;
1103 
1104 	if (L_NOFLSH(tty)) {
1105 		/* signal only */
1106 		__isig(sig, tty);
1107 
1108 	} else { /* signal and flush */
1109 		up_read(&tty->termios_rwsem);
1110 		down_write(&tty->termios_rwsem);
1111 
1112 		__isig(sig, tty);
1113 
1114 		/* clear echo buffer */
1115 		mutex_lock(&ldata->output_lock);
1116 		ldata->echo_head = ldata->echo_tail = 0;
1117 		ldata->echo_mark = ldata->echo_commit = 0;
1118 		mutex_unlock(&ldata->output_lock);
1119 
1120 		/* clear output buffer */
1121 		tty_driver_flush_buffer(tty);
1122 
1123 		/* clear input buffer */
1124 		reset_buffer_flags(tty->disc_data);
1125 
1126 		/* notify pty master of flush */
1127 		if (tty->link)
1128 			n_tty_packet_mode_flush(tty);
1129 
1130 		up_write(&tty->termios_rwsem);
1131 		down_read(&tty->termios_rwsem);
1132 	}
1133 }
1134 
1135 /**
1136  * n_tty_receive_break	-	handle break
1137  * @tty: terminal
1138  *
1139  * An RS232 break event has been hit in the incoming bitstream. This can cause
1140  * a variety of events depending upon the termios settings.
1141  *
1142  * Locking: n_tty_receive_buf()/producer path:
1143  *	caller holds non-exclusive termios_rwsem
1144  *
1145  * Note: may get exclusive %termios_rwsem if flushing input buffer
1146  */
1147 static void n_tty_receive_break(struct tty_struct *tty)
1148 {
1149 	struct n_tty_data *ldata = tty->disc_data;
1150 
1151 	if (I_IGNBRK(tty))
1152 		return;
1153 	if (I_BRKINT(tty)) {
1154 		isig(SIGINT, tty);
1155 		return;
1156 	}
1157 	if (I_PARMRK(tty)) {
1158 		put_tty_queue('\377', ldata);
1159 		put_tty_queue('\0', ldata);
1160 	}
1161 	put_tty_queue('\0', ldata);
1162 }
1163 
1164 /**
1165  * n_tty_receive_overrun	-	handle overrun reporting
1166  * @tty: terminal
1167  *
1168  * Data arrived faster than we could process it. While the tty driver has
1169  * flagged this the bits that were missed are gone forever.
1170  *
1171  * Called from the receive_buf path so single threaded. Does not need locking
1172  * as num_overrun and overrun_time are function private.
1173  */
1174 static void n_tty_receive_overrun(struct tty_struct *tty)
1175 {
1176 	struct n_tty_data *ldata = tty->disc_data;
1177 
1178 	ldata->num_overrun++;
1179 	if (time_after(jiffies, ldata->overrun_time + HZ) ||
1180 			time_after(ldata->overrun_time, jiffies)) {
1181 		tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1182 		ldata->overrun_time = jiffies;
1183 		ldata->num_overrun = 0;
1184 	}
1185 }
1186 
1187 /**
1188  * n_tty_receive_parity_error	-	error notifier
1189  * @tty: terminal device
1190  * @c: character
1191  *
1192  * Process a parity error and queue the right data to indicate the error case
1193  * if necessary.
1194  *
1195  * Locking: n_tty_receive_buf()/producer path:
1196  * 	caller holds non-exclusive %termios_rwsem
1197  */
1198 static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1199 {
1200 	struct n_tty_data *ldata = tty->disc_data;
1201 
1202 	if (I_INPCK(tty)) {
1203 		if (I_IGNPAR(tty))
1204 			return;
1205 		if (I_PARMRK(tty)) {
1206 			put_tty_queue('\377', ldata);
1207 			put_tty_queue('\0', ldata);
1208 			put_tty_queue(c, ldata);
1209 		} else
1210 			put_tty_queue('\0', ldata);
1211 	} else
1212 		put_tty_queue(c, ldata);
1213 }
1214 
1215 static void
1216 n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1217 {
1218 	isig(signal, tty);
1219 	if (I_IXON(tty))
1220 		start_tty(tty);
1221 	if (L_ECHO(tty)) {
1222 		echo_char(c, tty);
1223 		commit_echoes(tty);
1224 	} else
1225 		process_echoes(tty);
1226 }
1227 
1228 static bool n_tty_is_char_flow_ctrl(struct tty_struct *tty, unsigned char c)
1229 {
1230 	return c == START_CHAR(tty) || c == STOP_CHAR(tty);
1231 }
1232 
1233 /**
1234  * n_tty_receive_char_flow_ctrl - receive flow control chars
1235  * @tty: terminal device
1236  * @c: character
1237  * @lookahead_done: lookahead has processed this character already
1238  *
1239  * Receive and process flow control character actions.
1240  *
1241  * In case lookahead for flow control chars already handled the character in
1242  * advance to the normal receive, the actions are skipped during normal
1243  * receive.
1244  *
1245  * Returns true if @c is consumed as flow-control character, the character
1246  * must not be treated as normal character.
1247  */
1248 static bool n_tty_receive_char_flow_ctrl(struct tty_struct *tty, unsigned char c,
1249 					 bool lookahead_done)
1250 {
1251 	if (!n_tty_is_char_flow_ctrl(tty, c))
1252 		return false;
1253 
1254 	if (lookahead_done)
1255 		return true;
1256 
1257 	if (c == START_CHAR(tty)) {
1258 		start_tty(tty);
1259 		process_echoes(tty);
1260 		return true;
1261 	}
1262 
1263 	/* STOP_CHAR */
1264 	stop_tty(tty);
1265 	return true;
1266 }
1267 
1268 static void n_tty_receive_char_special(struct tty_struct *tty, unsigned char c,
1269 				       bool lookahead_done)
1270 {
1271 	struct n_tty_data *ldata = tty->disc_data;
1272 
1273 	if (I_IXON(tty) && n_tty_receive_char_flow_ctrl(tty, c, lookahead_done))
1274 		return;
1275 
1276 	if (L_ISIG(tty)) {
1277 		if (c == INTR_CHAR(tty)) {
1278 			n_tty_receive_signal_char(tty, SIGINT, c);
1279 			return;
1280 		} else if (c == QUIT_CHAR(tty)) {
1281 			n_tty_receive_signal_char(tty, SIGQUIT, c);
1282 			return;
1283 		} else if (c == SUSP_CHAR(tty)) {
1284 			n_tty_receive_signal_char(tty, SIGTSTP, c);
1285 			return;
1286 		}
1287 	}
1288 
1289 	if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1290 		start_tty(tty);
1291 		process_echoes(tty);
1292 	}
1293 
1294 	if (c == '\r') {
1295 		if (I_IGNCR(tty))
1296 			return;
1297 		if (I_ICRNL(tty))
1298 			c = '\n';
1299 	} else if (c == '\n' && I_INLCR(tty))
1300 		c = '\r';
1301 
1302 	if (ldata->icanon) {
1303 		if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1304 		    (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1305 			eraser(c, tty);
1306 			commit_echoes(tty);
1307 			return;
1308 		}
1309 		if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1310 			ldata->lnext = 1;
1311 			if (L_ECHO(tty)) {
1312 				finish_erasing(ldata);
1313 				if (L_ECHOCTL(tty)) {
1314 					echo_char_raw('^', ldata);
1315 					echo_char_raw('\b', ldata);
1316 					commit_echoes(tty);
1317 				}
1318 			}
1319 			return;
1320 		}
1321 		if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1322 			size_t tail = ldata->canon_head;
1323 
1324 			finish_erasing(ldata);
1325 			echo_char(c, tty);
1326 			echo_char_raw('\n', ldata);
1327 			while (MASK(tail) != MASK(ldata->read_head)) {
1328 				echo_char(read_buf(ldata, tail), tty);
1329 				tail++;
1330 			}
1331 			commit_echoes(tty);
1332 			return;
1333 		}
1334 		if (c == '\n') {
1335 			if (L_ECHO(tty) || L_ECHONL(tty)) {
1336 				echo_char_raw('\n', ldata);
1337 				commit_echoes(tty);
1338 			}
1339 			goto handle_newline;
1340 		}
1341 		if (c == EOF_CHAR(tty)) {
1342 			c = __DISABLED_CHAR;
1343 			goto handle_newline;
1344 		}
1345 		if ((c == EOL_CHAR(tty)) ||
1346 		    (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1347 			/*
1348 			 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1349 			 */
1350 			if (L_ECHO(tty)) {
1351 				/* Record the column of first canon char. */
1352 				if (ldata->canon_head == ldata->read_head)
1353 					echo_set_canon_col(ldata);
1354 				echo_char(c, tty);
1355 				commit_echoes(tty);
1356 			}
1357 			/*
1358 			 * XXX does PARMRK doubling happen for
1359 			 * EOL_CHAR and EOL2_CHAR?
1360 			 */
1361 			if (c == (unsigned char) '\377' && I_PARMRK(tty))
1362 				put_tty_queue(c, ldata);
1363 
1364 handle_newline:
1365 			set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1366 			put_tty_queue(c, ldata);
1367 			smp_store_release(&ldata->canon_head, ldata->read_head);
1368 			kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1369 			wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1370 			return;
1371 		}
1372 	}
1373 
1374 	if (L_ECHO(tty)) {
1375 		finish_erasing(ldata);
1376 		if (c == '\n')
1377 			echo_char_raw('\n', ldata);
1378 		else {
1379 			/* Record the column of first canon char. */
1380 			if (ldata->canon_head == ldata->read_head)
1381 				echo_set_canon_col(ldata);
1382 			echo_char(c, tty);
1383 		}
1384 		commit_echoes(tty);
1385 	}
1386 
1387 	/* PARMRK doubling check */
1388 	if (c == (unsigned char) '\377' && I_PARMRK(tty))
1389 		put_tty_queue(c, ldata);
1390 
1391 	put_tty_queue(c, ldata);
1392 }
1393 
1394 /**
1395  * n_tty_receive_char	-	perform processing
1396  * @tty: terminal device
1397  * @c: character
1398  *
1399  * Process an individual character of input received from the driver.  This is
1400  * serialized with respect to itself by the rules for the driver above.
1401  *
1402  * Locking: n_tty_receive_buf()/producer path:
1403  *	caller holds non-exclusive %termios_rwsem
1404  *	publishes canon_head if canonical mode is active
1405  */
1406 static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1407 {
1408 	struct n_tty_data *ldata = tty->disc_data;
1409 
1410 	if (tty->flow.stopped && !tty->flow.tco_stopped && I_IXON(tty) && I_IXANY(tty)) {
1411 		start_tty(tty);
1412 		process_echoes(tty);
1413 	}
1414 	if (L_ECHO(tty)) {
1415 		finish_erasing(ldata);
1416 		/* Record the column of first canon char. */
1417 		if (ldata->canon_head == ldata->read_head)
1418 			echo_set_canon_col(ldata);
1419 		echo_char(c, tty);
1420 		commit_echoes(tty);
1421 	}
1422 	/* PARMRK doubling check */
1423 	if (c == (unsigned char) '\377' && I_PARMRK(tty))
1424 		put_tty_queue(c, ldata);
1425 	put_tty_queue(c, ldata);
1426 }
1427 
1428 static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c,
1429 				       bool lookahead_done)
1430 {
1431 	if (I_ISTRIP(tty))
1432 		c &= 0x7f;
1433 	if (I_IUCLC(tty) && L_IEXTEN(tty))
1434 		c = tolower(c);
1435 
1436 	if (I_IXON(tty)) {
1437 		if (!n_tty_receive_char_flow_ctrl(tty, c, lookahead_done) &&
1438 		    tty->flow.stopped && !tty->flow.tco_stopped && I_IXANY(tty) &&
1439 		    c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1440 		    c != SUSP_CHAR(tty)) {
1441 			start_tty(tty);
1442 			process_echoes(tty);
1443 		}
1444 	}
1445 }
1446 
1447 static void
1448 n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1449 {
1450 	switch (flag) {
1451 	case TTY_BREAK:
1452 		n_tty_receive_break(tty);
1453 		break;
1454 	case TTY_PARITY:
1455 	case TTY_FRAME:
1456 		n_tty_receive_parity_error(tty, c);
1457 		break;
1458 	case TTY_OVERRUN:
1459 		n_tty_receive_overrun(tty);
1460 		break;
1461 	default:
1462 		tty_err(tty, "unknown flag %d\n", flag);
1463 		break;
1464 	}
1465 }
1466 
1467 static void
1468 n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1469 {
1470 	struct n_tty_data *ldata = tty->disc_data;
1471 
1472 	ldata->lnext = 0;
1473 	if (likely(flag == TTY_NORMAL)) {
1474 		if (I_ISTRIP(tty))
1475 			c &= 0x7f;
1476 		if (I_IUCLC(tty) && L_IEXTEN(tty))
1477 			c = tolower(c);
1478 		n_tty_receive_char(tty, c);
1479 	} else
1480 		n_tty_receive_char_flagged(tty, c, flag);
1481 }
1482 
1483 /* Caller must ensure count > 0 */
1484 static void n_tty_lookahead_flow_ctrl(struct tty_struct *tty, const unsigned char *cp,
1485 				      const unsigned char *fp, unsigned int count)
1486 {
1487 	struct n_tty_data *ldata = tty->disc_data;
1488 	unsigned char flag = TTY_NORMAL;
1489 
1490 	ldata->lookahead_count += count;
1491 
1492 	if (!I_IXON(tty))
1493 		return;
1494 
1495 	while (count--) {
1496 		if (fp)
1497 			flag = *fp++;
1498 		if (likely(flag == TTY_NORMAL))
1499 			n_tty_receive_char_flow_ctrl(tty, *cp, false);
1500 		cp++;
1501 	}
1502 }
1503 
1504 static void
1505 n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1506 			   const char *fp, int count)
1507 {
1508 	struct n_tty_data *ldata = tty->disc_data;
1509 	size_t n, head;
1510 
1511 	head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1512 	n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1513 	memcpy(read_buf_addr(ldata, head), cp, n);
1514 	ldata->read_head += n;
1515 	cp += n;
1516 	count -= n;
1517 
1518 	head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1519 	n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1520 	memcpy(read_buf_addr(ldata, head), cp, n);
1521 	ldata->read_head += n;
1522 }
1523 
1524 static void
1525 n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1526 		      const char *fp, int count)
1527 {
1528 	struct n_tty_data *ldata = tty->disc_data;
1529 	char flag = TTY_NORMAL;
1530 
1531 	while (count--) {
1532 		if (fp)
1533 			flag = *fp++;
1534 		if (likely(flag == TTY_NORMAL))
1535 			put_tty_queue(*cp++, ldata);
1536 		else
1537 			n_tty_receive_char_flagged(tty, *cp++, flag);
1538 	}
1539 }
1540 
1541 static void
1542 n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1543 			  const char *fp, int count, bool lookahead_done)
1544 {
1545 	char flag = TTY_NORMAL;
1546 
1547 	while (count--) {
1548 		if (fp)
1549 			flag = *fp++;
1550 		if (likely(flag == TTY_NORMAL))
1551 			n_tty_receive_char_closing(tty, *cp++, lookahead_done);
1552 	}
1553 }
1554 
1555 static void n_tty_receive_buf_standard(struct tty_struct *tty,
1556 		const unsigned char *cp, const char *fp, int count, bool lookahead_done)
1557 {
1558 	struct n_tty_data *ldata = tty->disc_data;
1559 	char flag = TTY_NORMAL;
1560 
1561 	while (count--) {
1562 		unsigned char c = *cp++;
1563 
1564 		if (fp)
1565 			flag = *fp++;
1566 
1567 		if (ldata->lnext) {
1568 			n_tty_receive_char_lnext(tty, c, flag);
1569 			continue;
1570 		}
1571 
1572 		if (unlikely(flag != TTY_NORMAL)) {
1573 			n_tty_receive_char_flagged(tty, c, flag);
1574 			continue;
1575 		}
1576 
1577 		if (I_ISTRIP(tty))
1578 			c &= 0x7f;
1579 		if (I_IUCLC(tty) && L_IEXTEN(tty))
1580 			c = tolower(c);
1581 		if (L_EXTPROC(tty)) {
1582 			put_tty_queue(c, ldata);
1583 			continue;
1584 		}
1585 
1586 		if (test_bit(c, ldata->char_map))
1587 			n_tty_receive_char_special(tty, c, lookahead_done);
1588 		else
1589 			n_tty_receive_char(tty, c);
1590 	}
1591 }
1592 
1593 static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1594 			  const char *fp, int count)
1595 {
1596 	struct n_tty_data *ldata = tty->disc_data;
1597 	bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1598 	size_t la_count = min_t(size_t, ldata->lookahead_count, count);
1599 
1600 	if (ldata->real_raw)
1601 		n_tty_receive_buf_real_raw(tty, cp, fp, count);
1602 	else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1603 		n_tty_receive_buf_raw(tty, cp, fp, count);
1604 	else if (tty->closing && !L_EXTPROC(tty)) {
1605 		if (la_count > 0)
1606 			n_tty_receive_buf_closing(tty, cp, fp, la_count, true);
1607 		if (count > la_count)
1608 			n_tty_receive_buf_closing(tty, cp, fp, count - la_count, false);
1609 	} else {
1610 		if (la_count > 0)
1611 			n_tty_receive_buf_standard(tty, cp, fp, la_count, true);
1612 		if (count > la_count)
1613 			n_tty_receive_buf_standard(tty, cp, fp, count - la_count, false);
1614 
1615 		flush_echoes(tty);
1616 		if (tty->ops->flush_chars)
1617 			tty->ops->flush_chars(tty);
1618 	}
1619 
1620 	ldata->lookahead_count -= la_count;
1621 
1622 	if (ldata->icanon && !L_EXTPROC(tty))
1623 		return;
1624 
1625 	/* publish read_head to consumer */
1626 	smp_store_release(&ldata->commit_head, ldata->read_head);
1627 
1628 	if (read_cnt(ldata)) {
1629 		kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1630 		wake_up_interruptible_poll(&tty->read_wait, EPOLLIN | EPOLLRDNORM);
1631 	}
1632 }
1633 
1634 /**
1635  * n_tty_receive_buf_common	-	process input
1636  * @tty: device to receive input
1637  * @cp: input chars
1638  * @fp: flags for each char (if %NULL, all chars are %TTY_NORMAL)
1639  * @count: number of input chars in @cp
1640  * @flow: enable flow control
1641  *
1642  * Called by the terminal driver when a block of characters has been received.
1643  * This function must be called from soft contexts not from interrupt context.
1644  * The driver is responsible for making calls one at a time and in order (or
1645  * using flush_to_ldisc()).
1646  *
1647  * Returns: the # of input chars from @cp which were processed.
1648  *
1649  * In canonical mode, the maximum line length is 4096 chars (including the line
1650  * termination char); lines longer than 4096 chars are truncated. After 4095
1651  * chars, input data is still processed but not stored. Overflow processing
1652  * ensures the tty can always receive more input until at least one line can be
1653  * read.
1654  *
1655  * In non-canonical mode, the read buffer will only accept 4095 chars; this
1656  * provides the necessary space for a newline char if the input mode is
1657  * switched to canonical.
1658  *
1659  * Note it is possible for the read buffer to _contain_ 4096 chars in
1660  * non-canonical mode: the read buffer could already contain the maximum canon
1661  * line of 4096 chars when the mode is switched to non-canonical.
1662  *
1663  * Locking: n_tty_receive_buf()/producer path:
1664  *	claims non-exclusive %termios_rwsem
1665  *	publishes commit_head or canon_head
1666  */
1667 static int
1668 n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1669 			 const char *fp, int count, int flow)
1670 {
1671 	struct n_tty_data *ldata = tty->disc_data;
1672 	int room, n, rcvd = 0, overflow;
1673 
1674 	down_read(&tty->termios_rwsem);
1675 
1676 	do {
1677 		/*
1678 		 * When PARMRK is set, each input char may take up to 3 chars
1679 		 * in the read buf; reduce the buffer space avail by 3x
1680 		 *
1681 		 * If we are doing input canonicalization, and there are no
1682 		 * pending newlines, let characters through without limit, so
1683 		 * that erase characters will be handled.  Other excess
1684 		 * characters will be beeped.
1685 		 *
1686 		 * paired with store in *_copy_from_read_buf() -- guarantees
1687 		 * the consumer has loaded the data in read_buf up to the new
1688 		 * read_tail (so this producer will not overwrite unread data)
1689 		 */
1690 		size_t tail = smp_load_acquire(&ldata->read_tail);
1691 
1692 		room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1693 		if (I_PARMRK(tty))
1694 			room = (room + 2) / 3;
1695 		room--;
1696 		if (room <= 0) {
1697 			overflow = ldata->icanon && ldata->canon_head == tail;
1698 			if (overflow && room < 0)
1699 				ldata->read_head--;
1700 			room = overflow;
1701 			ldata->no_room = flow && !room;
1702 		} else
1703 			overflow = 0;
1704 
1705 		n = min(count, room);
1706 		if (!n)
1707 			break;
1708 
1709 		/* ignore parity errors if handling overflow */
1710 		if (!overflow || !fp || *fp != TTY_PARITY)
1711 			__receive_buf(tty, cp, fp, n);
1712 
1713 		cp += n;
1714 		if (fp)
1715 			fp += n;
1716 		count -= n;
1717 		rcvd += n;
1718 	} while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1719 
1720 	tty->receive_room = room;
1721 
1722 	/* Unthrottle if handling overflow on pty */
1723 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1724 		if (overflow) {
1725 			tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1726 			tty_unthrottle_safe(tty);
1727 			__tty_set_flow_change(tty, 0);
1728 		}
1729 	} else
1730 		n_tty_check_throttle(tty);
1731 
1732 	up_read(&tty->termios_rwsem);
1733 
1734 	return rcvd;
1735 }
1736 
1737 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1738 			      const char *fp, int count)
1739 {
1740 	n_tty_receive_buf_common(tty, cp, fp, count, 0);
1741 }
1742 
1743 static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1744 			      const char *fp, int count)
1745 {
1746 	return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1747 }
1748 
1749 /**
1750  * n_tty_set_termios	-	termios data changed
1751  * @tty: terminal
1752  * @old: previous data
1753  *
1754  * Called by the tty layer when the user changes termios flags so that the line
1755  * discipline can plan ahead. This function cannot sleep and is protected from
1756  * re-entry by the tty layer. The user is guaranteed that this function will
1757  * not be re-entered or in progress when the ldisc is closed.
1758  *
1759  * Locking: Caller holds @tty->termios_rwsem
1760  */
1761 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1762 {
1763 	struct n_tty_data *ldata = tty->disc_data;
1764 
1765 	if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1766 		bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1767 		ldata->line_start = ldata->read_tail;
1768 		if (!L_ICANON(tty) || !read_cnt(ldata)) {
1769 			ldata->canon_head = ldata->read_tail;
1770 			ldata->push = 0;
1771 		} else {
1772 			set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1773 				ldata->read_flags);
1774 			ldata->canon_head = ldata->read_head;
1775 			ldata->push = 1;
1776 		}
1777 		ldata->commit_head = ldata->read_head;
1778 		ldata->erasing = 0;
1779 		ldata->lnext = 0;
1780 	}
1781 
1782 	ldata->icanon = (L_ICANON(tty) != 0);
1783 
1784 	if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1785 	    I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1786 	    I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1787 	    I_PARMRK(tty)) {
1788 		bitmap_zero(ldata->char_map, 256);
1789 
1790 		if (I_IGNCR(tty) || I_ICRNL(tty))
1791 			set_bit('\r', ldata->char_map);
1792 		if (I_INLCR(tty))
1793 			set_bit('\n', ldata->char_map);
1794 
1795 		if (L_ICANON(tty)) {
1796 			set_bit(ERASE_CHAR(tty), ldata->char_map);
1797 			set_bit(KILL_CHAR(tty), ldata->char_map);
1798 			set_bit(EOF_CHAR(tty), ldata->char_map);
1799 			set_bit('\n', ldata->char_map);
1800 			set_bit(EOL_CHAR(tty), ldata->char_map);
1801 			if (L_IEXTEN(tty)) {
1802 				set_bit(WERASE_CHAR(tty), ldata->char_map);
1803 				set_bit(LNEXT_CHAR(tty), ldata->char_map);
1804 				set_bit(EOL2_CHAR(tty), ldata->char_map);
1805 				if (L_ECHO(tty))
1806 					set_bit(REPRINT_CHAR(tty),
1807 						ldata->char_map);
1808 			}
1809 		}
1810 		if (I_IXON(tty)) {
1811 			set_bit(START_CHAR(tty), ldata->char_map);
1812 			set_bit(STOP_CHAR(tty), ldata->char_map);
1813 		}
1814 		if (L_ISIG(tty)) {
1815 			set_bit(INTR_CHAR(tty), ldata->char_map);
1816 			set_bit(QUIT_CHAR(tty), ldata->char_map);
1817 			set_bit(SUSP_CHAR(tty), ldata->char_map);
1818 		}
1819 		clear_bit(__DISABLED_CHAR, ldata->char_map);
1820 		ldata->raw = 0;
1821 		ldata->real_raw = 0;
1822 	} else {
1823 		ldata->raw = 1;
1824 		if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1825 		    (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1826 		    (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1827 			ldata->real_raw = 1;
1828 		else
1829 			ldata->real_raw = 0;
1830 	}
1831 	/*
1832 	 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1833 	 * been stopped by STOP_CHAR(tty) before it.
1834 	 */
1835 	if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow.tco_stopped) {
1836 		start_tty(tty);
1837 		process_echoes(tty);
1838 	}
1839 
1840 	/* The termios change make the tty ready for I/O */
1841 	wake_up_interruptible(&tty->write_wait);
1842 	wake_up_interruptible(&tty->read_wait);
1843 }
1844 
1845 /**
1846  * n_tty_close		-	close the ldisc for this tty
1847  * @tty: device
1848  *
1849  * Called from the terminal layer when this line discipline is being shut down,
1850  * either because of a close or becsuse of a discipline change. The function
1851  * will not be called while other ldisc methods are in progress.
1852  */
1853 static void n_tty_close(struct tty_struct *tty)
1854 {
1855 	struct n_tty_data *ldata = tty->disc_data;
1856 
1857 	if (tty->link)
1858 		n_tty_packet_mode_flush(tty);
1859 
1860 	down_write(&tty->termios_rwsem);
1861 	vfree(ldata);
1862 	tty->disc_data = NULL;
1863 	up_write(&tty->termios_rwsem);
1864 }
1865 
1866 /**
1867  * n_tty_open		-	open an ldisc
1868  * @tty: terminal to open
1869  *
1870  * Called when this line discipline is being attached to the terminal device.
1871  * Can sleep. Called serialized so that no other events will occur in parallel.
1872  * No further open will occur until a close.
1873  */
1874 static int n_tty_open(struct tty_struct *tty)
1875 {
1876 	struct n_tty_data *ldata;
1877 
1878 	/* Currently a malloc failure here can panic */
1879 	ldata = vzalloc(sizeof(*ldata));
1880 	if (!ldata)
1881 		return -ENOMEM;
1882 
1883 	ldata->overrun_time = jiffies;
1884 	mutex_init(&ldata->atomic_read_lock);
1885 	mutex_init(&ldata->output_lock);
1886 
1887 	tty->disc_data = ldata;
1888 	tty->closing = 0;
1889 	/* indicate buffer work may resume */
1890 	clear_bit(TTY_LDISC_HALTED, &tty->flags);
1891 	n_tty_set_termios(tty, NULL);
1892 	tty_unthrottle(tty);
1893 	return 0;
1894 }
1895 
1896 static inline int input_available_p(struct tty_struct *tty, int poll)
1897 {
1898 	struct n_tty_data *ldata = tty->disc_data;
1899 	int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1900 
1901 	if (ldata->icanon && !L_EXTPROC(tty))
1902 		return ldata->canon_head != ldata->read_tail;
1903 	else
1904 		return ldata->commit_head - ldata->read_tail >= amt;
1905 }
1906 
1907 /**
1908  * copy_from_read_buf	-	copy read data directly
1909  * @tty: terminal device
1910  * @kbp: data
1911  * @nr: size of data
1912  *
1913  * Helper function to speed up n_tty_read(). It is only called when %ICANON is
1914  * off; it copies characters straight from the tty queue.
1915  *
1916  * Returns: true if it successfully copied data, but there is still more data
1917  * to be had.
1918  *
1919  * Locking:
1920  *  * called under the @ldata->atomic_read_lock sem
1921  *  * n_tty_read()/consumer path:
1922  *		caller holds non-exclusive %termios_rwsem;
1923  *		read_tail published
1924  */
1925 static bool copy_from_read_buf(struct tty_struct *tty,
1926 				      unsigned char **kbp,
1927 				      size_t *nr)
1928 
1929 {
1930 	struct n_tty_data *ldata = tty->disc_data;
1931 	size_t n;
1932 	bool is_eof;
1933 	size_t head = smp_load_acquire(&ldata->commit_head);
1934 	size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1935 
1936 	n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1937 	n = min(*nr, n);
1938 	if (n) {
1939 		unsigned char *from = read_buf_addr(ldata, tail);
1940 		memcpy(*kbp, from, n);
1941 		is_eof = n == 1 && *from == EOF_CHAR(tty);
1942 		tty_audit_add_data(tty, from, n);
1943 		zero_buffer(tty, from, n);
1944 		smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1945 		/* Turn single EOF into zero-length read */
1946 		if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1947 		    (head == ldata->read_tail))
1948 			return false;
1949 		*kbp += n;
1950 		*nr -= n;
1951 
1952 		/* If we have more to copy, let the caller know */
1953 		return head != ldata->read_tail;
1954 	}
1955 	return false;
1956 }
1957 
1958 /**
1959  * canon_copy_from_read_buf	-	copy read data in canonical mode
1960  * @tty: terminal device
1961  * @kbp: data
1962  * @nr: size of data
1963  *
1964  * Helper function for n_tty_read(). It is only called when %ICANON is on; it
1965  * copies one line of input up to and including the line-delimiting character
1966  * into the result buffer.
1967  *
1968  * Note: When termios is changed from non-canonical to canonical mode and the
1969  * read buffer contains data, n_tty_set_termios() simulates an EOF push (as if
1970  * C-d were input) _without_ the %DISABLED_CHAR in the buffer. This causes data
1971  * already processed as input to be immediately available as input although a
1972  * newline has not been received.
1973  *
1974  * Locking:
1975  *  * called under the %atomic_read_lock mutex
1976  *  * n_tty_read()/consumer path:
1977  *	caller holds non-exclusive %termios_rwsem;
1978  *	read_tail published
1979  */
1980 static bool canon_copy_from_read_buf(struct tty_struct *tty,
1981 				     unsigned char **kbp,
1982 				     size_t *nr)
1983 {
1984 	struct n_tty_data *ldata = tty->disc_data;
1985 	size_t n, size, more, c;
1986 	size_t eol;
1987 	size_t tail, canon_head;
1988 	int found = 0;
1989 
1990 	/* N.B. avoid overrun if nr == 0 */
1991 	if (!*nr)
1992 		return false;
1993 
1994 	canon_head = smp_load_acquire(&ldata->canon_head);
1995 	n = min(*nr, canon_head - ldata->read_tail);
1996 
1997 	tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1998 	size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
1999 
2000 	n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2001 		    __func__, *nr, tail, n, size);
2002 
2003 	eol = find_next_bit(ldata->read_flags, size, tail);
2004 	more = n - (size - tail);
2005 	if (eol == N_TTY_BUF_SIZE && more) {
2006 		/* scan wrapped without finding set bit */
2007 		eol = find_first_bit(ldata->read_flags, more);
2008 		found = eol != more;
2009 	} else
2010 		found = eol != size;
2011 
2012 	n = eol - tail;
2013 	if (n > N_TTY_BUF_SIZE)
2014 		n += N_TTY_BUF_SIZE;
2015 	c = n + found;
2016 
2017 	if (!found || read_buf(ldata, eol) != __DISABLED_CHAR)
2018 		n = c;
2019 
2020 	n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2021 		    __func__, eol, found, n, c, tail, more);
2022 
2023 	tty_copy(tty, *kbp, tail, n);
2024 	*kbp += n;
2025 	*nr -= n;
2026 
2027 	if (found)
2028 		clear_bit(eol, ldata->read_flags);
2029 	smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2030 
2031 	if (found) {
2032 		if (!ldata->push)
2033 			ldata->line_start = ldata->read_tail;
2034 		else
2035 			ldata->push = 0;
2036 		tty_audit_push();
2037 		return false;
2038 	}
2039 
2040 	/* No EOL found - do a continuation retry if there is more data */
2041 	return ldata->read_tail != canon_head;
2042 }
2043 
2044 /*
2045  * If we finished a read at the exact location of an
2046  * EOF (special EOL character that's a __DISABLED_CHAR)
2047  * in the stream, silently eat the EOF.
2048  */
2049 static void canon_skip_eof(struct tty_struct *tty)
2050 {
2051 	struct n_tty_data *ldata = tty->disc_data;
2052 	size_t tail, canon_head;
2053 
2054 	canon_head = smp_load_acquire(&ldata->canon_head);
2055 	tail = ldata->read_tail;
2056 
2057 	// No data?
2058 	if (tail == canon_head)
2059 		return;
2060 
2061 	// See if the tail position is EOF in the circular buffer
2062 	tail &= (N_TTY_BUF_SIZE - 1);
2063 	if (!test_bit(tail, ldata->read_flags))
2064 		return;
2065 	if (read_buf(ldata, tail) != __DISABLED_CHAR)
2066 		return;
2067 
2068 	// Clear the EOL bit, skip the EOF char.
2069 	clear_bit(tail, ldata->read_flags);
2070 	smp_store_release(&ldata->read_tail, ldata->read_tail + 1);
2071 }
2072 
2073 /**
2074  * job_control		-	check job control
2075  * @tty: tty
2076  * @file: file handle
2077  *
2078  * Perform job control management checks on this @file/@tty descriptor and if
2079  * appropriate send any needed signals and return a negative error code if
2080  * action should be taken.
2081  *
2082  * Locking:
2083  *  * redirected write test is safe
2084  *  * current->signal->tty check is safe
2085  *  * ctrl.lock to safely reference @tty->ctrl.pgrp
2086  */
2087 static int job_control(struct tty_struct *tty, struct file *file)
2088 {
2089 	/* Job control check -- must be done at start and after
2090 	   every sleep (POSIX.1 7.1.1.4). */
2091 	/* NOTE: not yet done after every sleep pending a thorough
2092 	   check of the logic of this change. -- jlc */
2093 	/* don't stop on /dev/console */
2094 	if (file->f_op->write_iter == redirected_tty_write)
2095 		return 0;
2096 
2097 	return __tty_check_change(tty, SIGTTIN);
2098 }
2099 
2100 
2101 /**
2102  * n_tty_read		-	read function for tty
2103  * @tty: tty device
2104  * @file: file object
2105  * @kbuf: kernelspace buffer pointer
2106  * @nr: size of I/O
2107  * @cookie: if non-%NULL, this is a continuation read
2108  * @offset: where to continue reading from (unused in n_tty)
2109  *
2110  * Perform reads for the line discipline. We are guaranteed that the line
2111  * discipline will not be closed under us but we may get multiple parallel
2112  * readers and must handle this ourselves. We may also get a hangup. Always
2113  * called in user context, may sleep.
2114  *
2115  * This code must be sure never to sleep through a hangup.
2116  *
2117  * Locking: n_tty_read()/consumer path:
2118  *	claims non-exclusive termios_rwsem;
2119  *	publishes read_tail
2120  */
2121 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2122 			  unsigned char *kbuf, size_t nr,
2123 			  void **cookie, unsigned long offset)
2124 {
2125 	struct n_tty_data *ldata = tty->disc_data;
2126 	unsigned char *kb = kbuf;
2127 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
2128 	int c;
2129 	int minimum, time;
2130 	ssize_t retval = 0;
2131 	long timeout;
2132 	bool packet;
2133 	size_t tail;
2134 
2135 	/*
2136 	 * Is this a continuation of a read started earler?
2137 	 *
2138 	 * If so, we still hold the atomic_read_lock and the
2139 	 * termios_rwsem, and can just continue to copy data.
2140 	 */
2141 	if (*cookie) {
2142 		if (ldata->icanon && !L_EXTPROC(tty)) {
2143 			/*
2144 			 * If we have filled the user buffer, see
2145 			 * if we should skip an EOF character before
2146 			 * releasing the lock and returning done.
2147 			 */
2148 			if (!nr)
2149 				canon_skip_eof(tty);
2150 			else if (canon_copy_from_read_buf(tty, &kb, &nr))
2151 				return kb - kbuf;
2152 		} else {
2153 			if (copy_from_read_buf(tty, &kb, &nr))
2154 				return kb - kbuf;
2155 		}
2156 
2157 		/* No more data - release locks and stop retries */
2158 		n_tty_kick_worker(tty);
2159 		n_tty_check_unthrottle(tty);
2160 		up_read(&tty->termios_rwsem);
2161 		mutex_unlock(&ldata->atomic_read_lock);
2162 		*cookie = NULL;
2163 		return kb - kbuf;
2164 	}
2165 
2166 	c = job_control(tty, file);
2167 	if (c < 0)
2168 		return c;
2169 
2170 	/*
2171 	 *	Internal serialization of reads.
2172 	 */
2173 	if (file->f_flags & O_NONBLOCK) {
2174 		if (!mutex_trylock(&ldata->atomic_read_lock))
2175 			return -EAGAIN;
2176 	} else {
2177 		if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2178 			return -ERESTARTSYS;
2179 	}
2180 
2181 	down_read(&tty->termios_rwsem);
2182 
2183 	minimum = time = 0;
2184 	timeout = MAX_SCHEDULE_TIMEOUT;
2185 	if (!ldata->icanon) {
2186 		minimum = MIN_CHAR(tty);
2187 		if (minimum) {
2188 			time = (HZ / 10) * TIME_CHAR(tty);
2189 		} else {
2190 			timeout = (HZ / 10) * TIME_CHAR(tty);
2191 			minimum = 1;
2192 		}
2193 	}
2194 
2195 	packet = tty->ctrl.packet;
2196 	tail = ldata->read_tail;
2197 
2198 	add_wait_queue(&tty->read_wait, &wait);
2199 	while (nr) {
2200 		/* First test for status change. */
2201 		if (packet && tty->link->ctrl.pktstatus) {
2202 			unsigned char cs;
2203 			if (kb != kbuf)
2204 				break;
2205 			spin_lock_irq(&tty->link->ctrl.lock);
2206 			cs = tty->link->ctrl.pktstatus;
2207 			tty->link->ctrl.pktstatus = 0;
2208 			spin_unlock_irq(&tty->link->ctrl.lock);
2209 			*kb++ = cs;
2210 			nr--;
2211 			break;
2212 		}
2213 
2214 		if (!input_available_p(tty, 0)) {
2215 			up_read(&tty->termios_rwsem);
2216 			tty_buffer_flush_work(tty->port);
2217 			down_read(&tty->termios_rwsem);
2218 			if (!input_available_p(tty, 0)) {
2219 				if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2220 					retval = -EIO;
2221 					break;
2222 				}
2223 				if (tty_hung_up_p(file))
2224 					break;
2225 				/*
2226 				 * Abort readers for ttys which never actually
2227 				 * get hung up.  See __tty_hangup().
2228 				 */
2229 				if (test_bit(TTY_HUPPING, &tty->flags))
2230 					break;
2231 				if (!timeout)
2232 					break;
2233 				if (tty_io_nonblock(tty, file)) {
2234 					retval = -EAGAIN;
2235 					break;
2236 				}
2237 				if (signal_pending(current)) {
2238 					retval = -ERESTARTSYS;
2239 					break;
2240 				}
2241 				up_read(&tty->termios_rwsem);
2242 
2243 				timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2244 						timeout);
2245 
2246 				down_read(&tty->termios_rwsem);
2247 				continue;
2248 			}
2249 		}
2250 
2251 		if (ldata->icanon && !L_EXTPROC(tty)) {
2252 			if (canon_copy_from_read_buf(tty, &kb, &nr))
2253 				goto more_to_be_read;
2254 		} else {
2255 			/* Deal with packet mode. */
2256 			if (packet && kb == kbuf) {
2257 				*kb++ = TIOCPKT_DATA;
2258 				nr--;
2259 			}
2260 
2261 			/*
2262 			 * Copy data, and if there is more to be had
2263 			 * and we have nothing more to wait for, then
2264 			 * let's mark us for retries.
2265 			 *
2266 			 * NOTE! We return here with both the termios_sem
2267 			 * and atomic_read_lock still held, the retries
2268 			 * will release them when done.
2269 			 */
2270 			if (copy_from_read_buf(tty, &kb, &nr) && kb - kbuf >= minimum) {
2271 more_to_be_read:
2272 				remove_wait_queue(&tty->read_wait, &wait);
2273 				*cookie = cookie;
2274 				return kb - kbuf;
2275 			}
2276 		}
2277 
2278 		n_tty_check_unthrottle(tty);
2279 
2280 		if (kb - kbuf >= minimum)
2281 			break;
2282 		if (time)
2283 			timeout = time;
2284 	}
2285 	if (tail != ldata->read_tail)
2286 		n_tty_kick_worker(tty);
2287 	up_read(&tty->termios_rwsem);
2288 
2289 	remove_wait_queue(&tty->read_wait, &wait);
2290 	mutex_unlock(&ldata->atomic_read_lock);
2291 
2292 	if (kb - kbuf)
2293 		retval = kb - kbuf;
2294 
2295 	return retval;
2296 }
2297 
2298 /**
2299  * n_tty_write		-	write function for tty
2300  * @tty: tty device
2301  * @file: file object
2302  * @buf: userspace buffer pointer
2303  * @nr: size of I/O
2304  *
2305  * Write function of the terminal device. This is serialized with respect to
2306  * other write callers but not to termios changes, reads and other such events.
2307  * Since the receive code will echo characters, thus calling driver write
2308  * methods, the %output_lock is used in the output processing functions called
2309  * here as well as in the echo processing function to protect the column state
2310  * and space left in the buffer.
2311  *
2312  * This code must be sure never to sleep through a hangup.
2313  *
2314  * Locking: output_lock to protect column state and space left
2315  *	 (note that the process_output*() functions take this lock themselves)
2316  */
2317 
2318 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2319 			   const unsigned char *buf, size_t nr)
2320 {
2321 	const unsigned char *b = buf;
2322 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
2323 	int c;
2324 	ssize_t retval = 0;
2325 
2326 	/* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2327 	if (L_TOSTOP(tty) && file->f_op->write_iter != redirected_tty_write) {
2328 		retval = tty_check_change(tty);
2329 		if (retval)
2330 			return retval;
2331 	}
2332 
2333 	down_read(&tty->termios_rwsem);
2334 
2335 	/* Write out any echoed characters that are still pending */
2336 	process_echoes(tty);
2337 
2338 	add_wait_queue(&tty->write_wait, &wait);
2339 	while (1) {
2340 		if (signal_pending(current)) {
2341 			retval = -ERESTARTSYS;
2342 			break;
2343 		}
2344 		if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2345 			retval = -EIO;
2346 			break;
2347 		}
2348 		if (O_OPOST(tty)) {
2349 			while (nr > 0) {
2350 				ssize_t num = process_output_block(tty, b, nr);
2351 				if (num < 0) {
2352 					if (num == -EAGAIN)
2353 						break;
2354 					retval = num;
2355 					goto break_out;
2356 				}
2357 				b += num;
2358 				nr -= num;
2359 				if (nr == 0)
2360 					break;
2361 				c = *b;
2362 				if (process_output(c, tty) < 0)
2363 					break;
2364 				b++; nr--;
2365 			}
2366 			if (tty->ops->flush_chars)
2367 				tty->ops->flush_chars(tty);
2368 		} else {
2369 			struct n_tty_data *ldata = tty->disc_data;
2370 
2371 			while (nr > 0) {
2372 				mutex_lock(&ldata->output_lock);
2373 				c = tty->ops->write(tty, b, nr);
2374 				mutex_unlock(&ldata->output_lock);
2375 				if (c < 0) {
2376 					retval = c;
2377 					goto break_out;
2378 				}
2379 				if (!c)
2380 					break;
2381 				b += c;
2382 				nr -= c;
2383 			}
2384 		}
2385 		if (!nr)
2386 			break;
2387 		if (tty_io_nonblock(tty, file)) {
2388 			retval = -EAGAIN;
2389 			break;
2390 		}
2391 		up_read(&tty->termios_rwsem);
2392 
2393 		wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2394 
2395 		down_read(&tty->termios_rwsem);
2396 	}
2397 break_out:
2398 	remove_wait_queue(&tty->write_wait, &wait);
2399 	if (nr && tty->fasync)
2400 		set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2401 	up_read(&tty->termios_rwsem);
2402 	return (b - buf) ? b - buf : retval;
2403 }
2404 
2405 /**
2406  * n_tty_poll		-	poll method for N_TTY
2407  * @tty: terminal device
2408  * @file: file accessing it
2409  * @wait: poll table
2410  *
2411  * Called when the line discipline is asked to poll() for data or for special
2412  * events. This code is not serialized with respect to other events save
2413  * open/close.
2414  *
2415  * This code must be sure never to sleep through a hangup.
2416  *
2417  * Locking: called without the kernel lock held -- fine.
2418  */
2419 static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2420 							poll_table *wait)
2421 {
2422 	__poll_t mask = 0;
2423 
2424 	poll_wait(file, &tty->read_wait, wait);
2425 	poll_wait(file, &tty->write_wait, wait);
2426 	if (input_available_p(tty, 1))
2427 		mask |= EPOLLIN | EPOLLRDNORM;
2428 	else {
2429 		tty_buffer_flush_work(tty->port);
2430 		if (input_available_p(tty, 1))
2431 			mask |= EPOLLIN | EPOLLRDNORM;
2432 	}
2433 	if (tty->ctrl.packet && tty->link->ctrl.pktstatus)
2434 		mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2435 	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2436 		mask |= EPOLLHUP;
2437 	if (tty_hung_up_p(file))
2438 		mask |= EPOLLHUP;
2439 	if (tty->ops->write && !tty_is_writelocked(tty) &&
2440 			tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2441 			tty_write_room(tty) > 0)
2442 		mask |= EPOLLOUT | EPOLLWRNORM;
2443 	return mask;
2444 }
2445 
2446 static unsigned long inq_canon(struct n_tty_data *ldata)
2447 {
2448 	size_t nr, head, tail;
2449 
2450 	if (ldata->canon_head == ldata->read_tail)
2451 		return 0;
2452 	head = ldata->canon_head;
2453 	tail = ldata->read_tail;
2454 	nr = head - tail;
2455 	/* Skip EOF-chars.. */
2456 	while (MASK(head) != MASK(tail)) {
2457 		if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2458 		    read_buf(ldata, tail) == __DISABLED_CHAR)
2459 			nr--;
2460 		tail++;
2461 	}
2462 	return nr;
2463 }
2464 
2465 static int n_tty_ioctl(struct tty_struct *tty, unsigned int cmd,
2466 		       unsigned long arg)
2467 {
2468 	struct n_tty_data *ldata = tty->disc_data;
2469 	int retval;
2470 
2471 	switch (cmd) {
2472 	case TIOCOUTQ:
2473 		return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2474 	case TIOCINQ:
2475 		down_write(&tty->termios_rwsem);
2476 		if (L_ICANON(tty) && !L_EXTPROC(tty))
2477 			retval = inq_canon(ldata);
2478 		else
2479 			retval = read_cnt(ldata);
2480 		up_write(&tty->termios_rwsem);
2481 		return put_user(retval, (unsigned int __user *) arg);
2482 	default:
2483 		return n_tty_ioctl_helper(tty, cmd, arg);
2484 	}
2485 }
2486 
2487 static struct tty_ldisc_ops n_tty_ops = {
2488 	.owner		 = THIS_MODULE,
2489 	.num		 = N_TTY,
2490 	.name            = "n_tty",
2491 	.open            = n_tty_open,
2492 	.close           = n_tty_close,
2493 	.flush_buffer    = n_tty_flush_buffer,
2494 	.read            = n_tty_read,
2495 	.write           = n_tty_write,
2496 	.ioctl           = n_tty_ioctl,
2497 	.set_termios     = n_tty_set_termios,
2498 	.poll            = n_tty_poll,
2499 	.receive_buf     = n_tty_receive_buf,
2500 	.write_wakeup    = n_tty_write_wakeup,
2501 	.receive_buf2	 = n_tty_receive_buf2,
2502 	.lookahead_buf	 = n_tty_lookahead_flow_ctrl,
2503 };
2504 
2505 /**
2506  *	n_tty_inherit_ops	-	inherit N_TTY methods
2507  *	@ops: struct tty_ldisc_ops where to save N_TTY methods
2508  *
2509  *	Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2510  */
2511 
2512 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2513 {
2514 	*ops = n_tty_ops;
2515 	ops->owner = NULL;
2516 }
2517 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2518 
2519 void __init n_tty_init(void)
2520 {
2521 	tty_register_ldisc(&n_tty_ops);
2522 }
2523