xref: /openbmc/linux/drivers/tty/n_tty.c (revision 171f1bc7)
1 /*
2  * n_tty.c --- implements the N_TTY line discipline.
3  *
4  * This code used to be in tty_io.c, but things are getting hairy
5  * enough that it made sense to split things off.  (The N_TTY
6  * processing has changed so much that it's hardly recognizable,
7  * anyway...)
8  *
9  * Note that the open routine for N_TTY is guaranteed never to return
10  * an error.  This is because Linux will fall back to setting a line
11  * to N_TTY if it can not switch to any other line discipline.
12  *
13  * Written by Theodore Ts'o, Copyright 1994.
14  *
15  * This file also contains code originally written by Linus Torvalds,
16  * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
17  *
18  * This file may be redistributed under the terms of the GNU General Public
19  * License.
20  *
21  * Reduced memory usage for older ARM systems  - Russell King.
22  *
23  * 2000/01/20   Fixed SMP locking on put_tty_queue using bits of
24  *		the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
25  *		who actually finally proved there really was a race.
26  *
27  * 2002/03/18   Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
28  *		waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
29  *		Also fixed a bug in BLOCKING mode where n_tty_write returns
30  *		EAGAIN
31  */
32 
33 #include <linux/types.h>
34 #include <linux/major.h>
35 #include <linux/errno.h>
36 #include <linux/signal.h>
37 #include <linux/fcntl.h>
38 #include <linux/sched.h>
39 #include <linux/interrupt.h>
40 #include <linux/tty.h>
41 #include <linux/timer.h>
42 #include <linux/ctype.h>
43 #include <linux/mm.h>
44 #include <linux/string.h>
45 #include <linux/slab.h>
46 #include <linux/poll.h>
47 #include <linux/bitops.h>
48 #include <linux/audit.h>
49 #include <linux/file.h>
50 #include <linux/uaccess.h>
51 #include <linux/module.h>
52 
53 #include <asm/system.h>
54 
55 /* number of characters left in xmit buffer before select has we have room */
56 #define WAKEUP_CHARS 256
57 
58 /*
59  * This defines the low- and high-watermarks for throttling and
60  * unthrottling the TTY driver.  These watermarks are used for
61  * controlling the space in the read buffer.
62  */
63 #define TTY_THRESHOLD_THROTTLE		128 /* now based on remaining room */
64 #define TTY_THRESHOLD_UNTHROTTLE 	128
65 
66 /*
67  * Special byte codes used in the echo buffer to represent operations
68  * or special handling of characters.  Bytes in the echo buffer that
69  * are not part of such special blocks are treated as normal character
70  * codes.
71  */
72 #define ECHO_OP_START 0xff
73 #define ECHO_OP_MOVE_BACK_COL 0x80
74 #define ECHO_OP_SET_CANON_COL 0x81
75 #define ECHO_OP_ERASE_TAB 0x82
76 
77 static inline int tty_put_user(struct tty_struct *tty, unsigned char x,
78 			       unsigned char __user *ptr)
79 {
80 	tty_audit_add_data(tty, &x, 1);
81 	return put_user(x, ptr);
82 }
83 
84 /**
85  *	n_tty_set__room	-	receive space
86  *	@tty: terminal
87  *
88  *	Called by the driver to find out how much data it is
89  *	permitted to feed to the line discipline without any being lost
90  *	and thus to manage flow control. Not serialized. Answers for the
91  *	"instant".
92  */
93 
94 static void n_tty_set_room(struct tty_struct *tty)
95 {
96 	/* tty->read_cnt is not read locked ? */
97 	int	left = N_TTY_BUF_SIZE - tty->read_cnt - 1;
98 	int old_left;
99 
100 	/*
101 	 * If we are doing input canonicalization, and there are no
102 	 * pending newlines, let characters through without limit, so
103 	 * that erase characters will be handled.  Other excess
104 	 * characters will be beeped.
105 	 */
106 	if (left <= 0)
107 		left = tty->icanon && !tty->canon_data;
108 	old_left = tty->receive_room;
109 	tty->receive_room = left;
110 
111 	/* Did this open up the receive buffer? We may need to flip */
112 	if (left && !old_left)
113 		schedule_work(&tty->buf.work);
114 }
115 
116 static void put_tty_queue_nolock(unsigned char c, struct tty_struct *tty)
117 {
118 	if (tty->read_cnt < N_TTY_BUF_SIZE) {
119 		tty->read_buf[tty->read_head] = c;
120 		tty->read_head = (tty->read_head + 1) & (N_TTY_BUF_SIZE-1);
121 		tty->read_cnt++;
122 	}
123 }
124 
125 /**
126  *	put_tty_queue		-	add character to tty
127  *	@c: character
128  *	@tty: tty device
129  *
130  *	Add a character to the tty read_buf queue. This is done under the
131  *	read_lock to serialize character addition and also to protect us
132  *	against parallel reads or flushes
133  */
134 
135 static void put_tty_queue(unsigned char c, struct tty_struct *tty)
136 {
137 	unsigned long flags;
138 	/*
139 	 *	The problem of stomping on the buffers ends here.
140 	 *	Why didn't anyone see this one coming? --AJK
141 	*/
142 	spin_lock_irqsave(&tty->read_lock, flags);
143 	put_tty_queue_nolock(c, tty);
144 	spin_unlock_irqrestore(&tty->read_lock, flags);
145 }
146 
147 /**
148  *	check_unthrottle	-	allow new receive data
149  *	@tty; tty device
150  *
151  *	Check whether to call the driver unthrottle functions
152  *
153  *	Can sleep, may be called under the atomic_read_lock mutex but
154  *	this is not guaranteed.
155  */
156 static void check_unthrottle(struct tty_struct *tty)
157 {
158 	if (tty->count)
159 		tty_unthrottle(tty);
160 }
161 
162 /**
163  *	reset_buffer_flags	-	reset buffer state
164  *	@tty: terminal to reset
165  *
166  *	Reset the read buffer counters, clear the flags,
167  *	and make sure the driver is unthrottled. Called
168  *	from n_tty_open() and n_tty_flush_buffer().
169  *
170  *	Locking: tty_read_lock for read fields.
171  */
172 
173 static void reset_buffer_flags(struct tty_struct *tty)
174 {
175 	unsigned long flags;
176 
177 	spin_lock_irqsave(&tty->read_lock, flags);
178 	tty->read_head = tty->read_tail = tty->read_cnt = 0;
179 	spin_unlock_irqrestore(&tty->read_lock, flags);
180 
181 	mutex_lock(&tty->echo_lock);
182 	tty->echo_pos = tty->echo_cnt = tty->echo_overrun = 0;
183 	mutex_unlock(&tty->echo_lock);
184 
185 	tty->canon_head = tty->canon_data = tty->erasing = 0;
186 	memset(&tty->read_flags, 0, sizeof tty->read_flags);
187 	n_tty_set_room(tty);
188 }
189 
190 /**
191  *	n_tty_flush_buffer	-	clean input queue
192  *	@tty:	terminal device
193  *
194  *	Flush the input buffer. Called when the line discipline is
195  *	being closed, when the tty layer wants the buffer flushed (eg
196  *	at hangup) or when the N_TTY line discipline internally has to
197  *	clean the pending queue (for example some signals).
198  *
199  *	Locking: ctrl_lock, read_lock.
200  */
201 
202 static void n_tty_flush_buffer(struct tty_struct *tty)
203 {
204 	unsigned long flags;
205 	/* clear everything and unthrottle the driver */
206 	reset_buffer_flags(tty);
207 
208 	if (!tty->link)
209 		return;
210 
211 	spin_lock_irqsave(&tty->ctrl_lock, flags);
212 	if (tty->link->packet) {
213 		tty->ctrl_status |= TIOCPKT_FLUSHREAD;
214 		wake_up_interruptible(&tty->link->read_wait);
215 	}
216 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
217 }
218 
219 /**
220  *	n_tty_chars_in_buffer	-	report available bytes
221  *	@tty: tty device
222  *
223  *	Report the number of characters buffered to be delivered to user
224  *	at this instant in time.
225  *
226  *	Locking: read_lock
227  */
228 
229 static ssize_t n_tty_chars_in_buffer(struct tty_struct *tty)
230 {
231 	unsigned long flags;
232 	ssize_t n = 0;
233 
234 	spin_lock_irqsave(&tty->read_lock, flags);
235 	if (!tty->icanon) {
236 		n = tty->read_cnt;
237 	} else if (tty->canon_data) {
238 		n = (tty->canon_head > tty->read_tail) ?
239 			tty->canon_head - tty->read_tail :
240 			tty->canon_head + (N_TTY_BUF_SIZE - tty->read_tail);
241 	}
242 	spin_unlock_irqrestore(&tty->read_lock, flags);
243 	return n;
244 }
245 
246 /**
247  *	is_utf8_continuation	-	utf8 multibyte check
248  *	@c: byte to check
249  *
250  *	Returns true if the utf8 character 'c' is a multibyte continuation
251  *	character. We use this to correctly compute the on screen size
252  *	of the character when printing
253  */
254 
255 static inline int is_utf8_continuation(unsigned char c)
256 {
257 	return (c & 0xc0) == 0x80;
258 }
259 
260 /**
261  *	is_continuation		-	multibyte check
262  *	@c: byte to check
263  *
264  *	Returns true if the utf8 character 'c' is a multibyte continuation
265  *	character and the terminal is in unicode mode.
266  */
267 
268 static inline int is_continuation(unsigned char c, struct tty_struct *tty)
269 {
270 	return I_IUTF8(tty) && is_utf8_continuation(c);
271 }
272 
273 /**
274  *	do_output_char			-	output one character
275  *	@c: character (or partial unicode symbol)
276  *	@tty: terminal device
277  *	@space: space available in tty driver write buffer
278  *
279  *	This is a helper function that handles one output character
280  *	(including special characters like TAB, CR, LF, etc.),
281  *	doing OPOST processing and putting the results in the
282  *	tty driver's write buffer.
283  *
284  *	Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
285  *	and NLDLY.  They simply aren't relevant in the world today.
286  *	If you ever need them, add them here.
287  *
288  *	Returns the number of bytes of buffer space used or -1 if
289  *	no space left.
290  *
291  *	Locking: should be called under the output_lock to protect
292  *		 the column state and space left in the buffer
293  */
294 
295 static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
296 {
297 	int	spaces;
298 
299 	if (!space)
300 		return -1;
301 
302 	switch (c) {
303 	case '\n':
304 		if (O_ONLRET(tty))
305 			tty->column = 0;
306 		if (O_ONLCR(tty)) {
307 			if (space < 2)
308 				return -1;
309 			tty->canon_column = tty->column = 0;
310 			tty->ops->write(tty, "\r\n", 2);
311 			return 2;
312 		}
313 		tty->canon_column = tty->column;
314 		break;
315 	case '\r':
316 		if (O_ONOCR(tty) && tty->column == 0)
317 			return 0;
318 		if (O_OCRNL(tty)) {
319 			c = '\n';
320 			if (O_ONLRET(tty))
321 				tty->canon_column = tty->column = 0;
322 			break;
323 		}
324 		tty->canon_column = tty->column = 0;
325 		break;
326 	case '\t':
327 		spaces = 8 - (tty->column & 7);
328 		if (O_TABDLY(tty) == XTABS) {
329 			if (space < spaces)
330 				return -1;
331 			tty->column += spaces;
332 			tty->ops->write(tty, "        ", spaces);
333 			return spaces;
334 		}
335 		tty->column += spaces;
336 		break;
337 	case '\b':
338 		if (tty->column > 0)
339 			tty->column--;
340 		break;
341 	default:
342 		if (!iscntrl(c)) {
343 			if (O_OLCUC(tty))
344 				c = toupper(c);
345 			if (!is_continuation(c, tty))
346 				tty->column++;
347 		}
348 		break;
349 	}
350 
351 	tty_put_char(tty, c);
352 	return 1;
353 }
354 
355 /**
356  *	process_output			-	output post processor
357  *	@c: character (or partial unicode symbol)
358  *	@tty: terminal device
359  *
360  *	Output one character with OPOST processing.
361  *	Returns -1 when the output device is full and the character
362  *	must be retried.
363  *
364  *	Locking: output_lock to protect column state and space left
365  *		 (also, this is called from n_tty_write under the
366  *		  tty layer write lock)
367  */
368 
369 static int process_output(unsigned char c, struct tty_struct *tty)
370 {
371 	int	space, retval;
372 
373 	mutex_lock(&tty->output_lock);
374 
375 	space = tty_write_room(tty);
376 	retval = do_output_char(c, tty, space);
377 
378 	mutex_unlock(&tty->output_lock);
379 	if (retval < 0)
380 		return -1;
381 	else
382 		return 0;
383 }
384 
385 /**
386  *	process_output_block		-	block post processor
387  *	@tty: terminal device
388  *	@buf: character buffer
389  *	@nr: number of bytes to output
390  *
391  *	Output a block of characters with OPOST processing.
392  *	Returns the number of characters output.
393  *
394  *	This path is used to speed up block console writes, among other
395  *	things when processing blocks of output data. It handles only
396  *	the simple cases normally found and helps to generate blocks of
397  *	symbols for the console driver and thus improve performance.
398  *
399  *	Locking: output_lock to protect column state and space left
400  *		 (also, this is called from n_tty_write under the
401  *		  tty layer write lock)
402  */
403 
404 static ssize_t process_output_block(struct tty_struct *tty,
405 				    const unsigned char *buf, unsigned int nr)
406 {
407 	int	space;
408 	int 	i;
409 	const unsigned char *cp;
410 
411 	mutex_lock(&tty->output_lock);
412 
413 	space = tty_write_room(tty);
414 	if (!space) {
415 		mutex_unlock(&tty->output_lock);
416 		return 0;
417 	}
418 	if (nr > space)
419 		nr = space;
420 
421 	for (i = 0, cp = buf; i < nr; i++, cp++) {
422 		unsigned char c = *cp;
423 
424 		switch (c) {
425 		case '\n':
426 			if (O_ONLRET(tty))
427 				tty->column = 0;
428 			if (O_ONLCR(tty))
429 				goto break_out;
430 			tty->canon_column = tty->column;
431 			break;
432 		case '\r':
433 			if (O_ONOCR(tty) && tty->column == 0)
434 				goto break_out;
435 			if (O_OCRNL(tty))
436 				goto break_out;
437 			tty->canon_column = tty->column = 0;
438 			break;
439 		case '\t':
440 			goto break_out;
441 		case '\b':
442 			if (tty->column > 0)
443 				tty->column--;
444 			break;
445 		default:
446 			if (!iscntrl(c)) {
447 				if (O_OLCUC(tty))
448 					goto break_out;
449 				if (!is_continuation(c, tty))
450 					tty->column++;
451 			}
452 			break;
453 		}
454 	}
455 break_out:
456 	i = tty->ops->write(tty, buf, i);
457 
458 	mutex_unlock(&tty->output_lock);
459 	return i;
460 }
461 
462 /**
463  *	process_echoes	-	write pending echo characters
464  *	@tty: terminal device
465  *
466  *	Write previously buffered echo (and other ldisc-generated)
467  *	characters to the tty.
468  *
469  *	Characters generated by the ldisc (including echoes) need to
470  *	be buffered because the driver's write buffer can fill during
471  *	heavy program output.  Echoing straight to the driver will
472  *	often fail under these conditions, causing lost characters and
473  *	resulting mismatches of ldisc state information.
474  *
475  *	Since the ldisc state must represent the characters actually sent
476  *	to the driver at the time of the write, operations like certain
477  *	changes in column state are also saved in the buffer and executed
478  *	here.
479  *
480  *	A circular fifo buffer is used so that the most recent characters
481  *	are prioritized.  Also, when control characters are echoed with a
482  *	prefixed "^", the pair is treated atomically and thus not separated.
483  *
484  *	Locking: output_lock to protect column state and space left,
485  *		 echo_lock to protect the echo buffer
486  */
487 
488 static void process_echoes(struct tty_struct *tty)
489 {
490 	int	space, nr;
491 	unsigned char c;
492 	unsigned char *cp, *buf_end;
493 
494 	if (!tty->echo_cnt)
495 		return;
496 
497 	mutex_lock(&tty->output_lock);
498 	mutex_lock(&tty->echo_lock);
499 
500 	space = tty_write_room(tty);
501 
502 	buf_end = tty->echo_buf + N_TTY_BUF_SIZE;
503 	cp = tty->echo_buf + tty->echo_pos;
504 	nr = tty->echo_cnt;
505 	while (nr > 0) {
506 		c = *cp;
507 		if (c == ECHO_OP_START) {
508 			unsigned char op;
509 			unsigned char *opp;
510 			int no_space_left = 0;
511 
512 			/*
513 			 * If the buffer byte is the start of a multi-byte
514 			 * operation, get the next byte, which is either the
515 			 * op code or a control character value.
516 			 */
517 			opp = cp + 1;
518 			if (opp == buf_end)
519 				opp -= N_TTY_BUF_SIZE;
520 			op = *opp;
521 
522 			switch (op) {
523 				unsigned int num_chars, num_bs;
524 
525 			case ECHO_OP_ERASE_TAB:
526 				if (++opp == buf_end)
527 					opp -= N_TTY_BUF_SIZE;
528 				num_chars = *opp;
529 
530 				/*
531 				 * Determine how many columns to go back
532 				 * in order to erase the tab.
533 				 * This depends on the number of columns
534 				 * used by other characters within the tab
535 				 * area.  If this (modulo 8) count is from
536 				 * the start of input rather than from a
537 				 * previous tab, we offset by canon column.
538 				 * Otherwise, tab spacing is normal.
539 				 */
540 				if (!(num_chars & 0x80))
541 					num_chars += tty->canon_column;
542 				num_bs = 8 - (num_chars & 7);
543 
544 				if (num_bs > space) {
545 					no_space_left = 1;
546 					break;
547 				}
548 				space -= num_bs;
549 				while (num_bs--) {
550 					tty_put_char(tty, '\b');
551 					if (tty->column > 0)
552 						tty->column--;
553 				}
554 				cp += 3;
555 				nr -= 3;
556 				break;
557 
558 			case ECHO_OP_SET_CANON_COL:
559 				tty->canon_column = tty->column;
560 				cp += 2;
561 				nr -= 2;
562 				break;
563 
564 			case ECHO_OP_MOVE_BACK_COL:
565 				if (tty->column > 0)
566 					tty->column--;
567 				cp += 2;
568 				nr -= 2;
569 				break;
570 
571 			case ECHO_OP_START:
572 				/* This is an escaped echo op start code */
573 				if (!space) {
574 					no_space_left = 1;
575 					break;
576 				}
577 				tty_put_char(tty, ECHO_OP_START);
578 				tty->column++;
579 				space--;
580 				cp += 2;
581 				nr -= 2;
582 				break;
583 
584 			default:
585 				/*
586 				 * If the op is not a special byte code,
587 				 * it is a ctrl char tagged to be echoed
588 				 * as "^X" (where X is the letter
589 				 * representing the control char).
590 				 * Note that we must ensure there is
591 				 * enough space for the whole ctrl pair.
592 				 *
593 				 */
594 				if (space < 2) {
595 					no_space_left = 1;
596 					break;
597 				}
598 				tty_put_char(tty, '^');
599 				tty_put_char(tty, op ^ 0100);
600 				tty->column += 2;
601 				space -= 2;
602 				cp += 2;
603 				nr -= 2;
604 			}
605 
606 			if (no_space_left)
607 				break;
608 		} else {
609 			if (O_OPOST(tty) &&
610 			    !(test_bit(TTY_HW_COOK_OUT, &tty->flags))) {
611 				int retval = do_output_char(c, tty, space);
612 				if (retval < 0)
613 					break;
614 				space -= retval;
615 			} else {
616 				if (!space)
617 					break;
618 				tty_put_char(tty, c);
619 				space -= 1;
620 			}
621 			cp += 1;
622 			nr -= 1;
623 		}
624 
625 		/* When end of circular buffer reached, wrap around */
626 		if (cp >= buf_end)
627 			cp -= N_TTY_BUF_SIZE;
628 	}
629 
630 	if (nr == 0) {
631 		tty->echo_pos = 0;
632 		tty->echo_cnt = 0;
633 		tty->echo_overrun = 0;
634 	} else {
635 		int num_processed = tty->echo_cnt - nr;
636 		tty->echo_pos += num_processed;
637 		tty->echo_pos &= N_TTY_BUF_SIZE - 1;
638 		tty->echo_cnt = nr;
639 		if (num_processed > 0)
640 			tty->echo_overrun = 0;
641 	}
642 
643 	mutex_unlock(&tty->echo_lock);
644 	mutex_unlock(&tty->output_lock);
645 
646 	if (tty->ops->flush_chars)
647 		tty->ops->flush_chars(tty);
648 }
649 
650 /**
651  *	add_echo_byte	-	add a byte to the echo buffer
652  *	@c: unicode byte to echo
653  *	@tty: terminal device
654  *
655  *	Add a character or operation byte to the echo buffer.
656  *
657  *	Should be called under the echo lock to protect the echo buffer.
658  */
659 
660 static void add_echo_byte(unsigned char c, struct tty_struct *tty)
661 {
662 	int	new_byte_pos;
663 
664 	if (tty->echo_cnt == N_TTY_BUF_SIZE) {
665 		/* Circular buffer is already at capacity */
666 		new_byte_pos = tty->echo_pos;
667 
668 		/*
669 		 * Since the buffer start position needs to be advanced,
670 		 * be sure to step by a whole operation byte group.
671 		 */
672 		if (tty->echo_buf[tty->echo_pos] == ECHO_OP_START) {
673 			if (tty->echo_buf[(tty->echo_pos + 1) &
674 					  (N_TTY_BUF_SIZE - 1)] ==
675 						ECHO_OP_ERASE_TAB) {
676 				tty->echo_pos += 3;
677 				tty->echo_cnt -= 2;
678 			} else {
679 				tty->echo_pos += 2;
680 				tty->echo_cnt -= 1;
681 			}
682 		} else {
683 			tty->echo_pos++;
684 		}
685 		tty->echo_pos &= N_TTY_BUF_SIZE - 1;
686 
687 		tty->echo_overrun = 1;
688 	} else {
689 		new_byte_pos = tty->echo_pos + tty->echo_cnt;
690 		new_byte_pos &= N_TTY_BUF_SIZE - 1;
691 		tty->echo_cnt++;
692 	}
693 
694 	tty->echo_buf[new_byte_pos] = c;
695 }
696 
697 /**
698  *	echo_move_back_col	-	add operation to move back a column
699  *	@tty: terminal device
700  *
701  *	Add an operation to the echo buffer to move back one column.
702  *
703  *	Locking: echo_lock to protect the echo buffer
704  */
705 
706 static void echo_move_back_col(struct tty_struct *tty)
707 {
708 	mutex_lock(&tty->echo_lock);
709 
710 	add_echo_byte(ECHO_OP_START, tty);
711 	add_echo_byte(ECHO_OP_MOVE_BACK_COL, tty);
712 
713 	mutex_unlock(&tty->echo_lock);
714 }
715 
716 /**
717  *	echo_set_canon_col	-	add operation to set the canon column
718  *	@tty: terminal device
719  *
720  *	Add an operation to the echo buffer to set the canon column
721  *	to the current column.
722  *
723  *	Locking: echo_lock to protect the echo buffer
724  */
725 
726 static void echo_set_canon_col(struct tty_struct *tty)
727 {
728 	mutex_lock(&tty->echo_lock);
729 
730 	add_echo_byte(ECHO_OP_START, tty);
731 	add_echo_byte(ECHO_OP_SET_CANON_COL, tty);
732 
733 	mutex_unlock(&tty->echo_lock);
734 }
735 
736 /**
737  *	echo_erase_tab	-	add operation to erase a tab
738  *	@num_chars: number of character columns already used
739  *	@after_tab: true if num_chars starts after a previous tab
740  *	@tty: terminal device
741  *
742  *	Add an operation to the echo buffer to erase a tab.
743  *
744  *	Called by the eraser function, which knows how many character
745  *	columns have been used since either a previous tab or the start
746  *	of input.  This information will be used later, along with
747  *	canon column (if applicable), to go back the correct number
748  *	of columns.
749  *
750  *	Locking: echo_lock to protect the echo buffer
751  */
752 
753 static void echo_erase_tab(unsigned int num_chars, int after_tab,
754 			   struct tty_struct *tty)
755 {
756 	mutex_lock(&tty->echo_lock);
757 
758 	add_echo_byte(ECHO_OP_START, tty);
759 	add_echo_byte(ECHO_OP_ERASE_TAB, tty);
760 
761 	/* We only need to know this modulo 8 (tab spacing) */
762 	num_chars &= 7;
763 
764 	/* Set the high bit as a flag if num_chars is after a previous tab */
765 	if (after_tab)
766 		num_chars |= 0x80;
767 
768 	add_echo_byte(num_chars, tty);
769 
770 	mutex_unlock(&tty->echo_lock);
771 }
772 
773 /**
774  *	echo_char_raw	-	echo a character raw
775  *	@c: unicode byte to echo
776  *	@tty: terminal device
777  *
778  *	Echo user input back onto the screen. This must be called only when
779  *	L_ECHO(tty) is true. Called from the driver receive_buf path.
780  *
781  *	This variant does not treat control characters specially.
782  *
783  *	Locking: echo_lock to protect the echo buffer
784  */
785 
786 static void echo_char_raw(unsigned char c, struct tty_struct *tty)
787 {
788 	mutex_lock(&tty->echo_lock);
789 
790 	if (c == ECHO_OP_START) {
791 		add_echo_byte(ECHO_OP_START, tty);
792 		add_echo_byte(ECHO_OP_START, tty);
793 	} else {
794 		add_echo_byte(c, tty);
795 	}
796 
797 	mutex_unlock(&tty->echo_lock);
798 }
799 
800 /**
801  *	echo_char	-	echo a character
802  *	@c: unicode byte to echo
803  *	@tty: terminal device
804  *
805  *	Echo user input back onto the screen. This must be called only when
806  *	L_ECHO(tty) is true. Called from the driver receive_buf path.
807  *
808  *	This variant tags control characters to be echoed as "^X"
809  *	(where X is the letter representing the control char).
810  *
811  *	Locking: echo_lock to protect the echo buffer
812  */
813 
814 static void echo_char(unsigned char c, struct tty_struct *tty)
815 {
816 	mutex_lock(&tty->echo_lock);
817 
818 	if (c == ECHO_OP_START) {
819 		add_echo_byte(ECHO_OP_START, tty);
820 		add_echo_byte(ECHO_OP_START, tty);
821 	} else {
822 		if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
823 			add_echo_byte(ECHO_OP_START, tty);
824 		add_echo_byte(c, tty);
825 	}
826 
827 	mutex_unlock(&tty->echo_lock);
828 }
829 
830 /**
831  *	finish_erasing		-	complete erase
832  *	@tty: tty doing the erase
833  */
834 
835 static inline void finish_erasing(struct tty_struct *tty)
836 {
837 	if (tty->erasing) {
838 		echo_char_raw('/', tty);
839 		tty->erasing = 0;
840 	}
841 }
842 
843 /**
844  *	eraser		-	handle erase function
845  *	@c: character input
846  *	@tty: terminal device
847  *
848  *	Perform erase and necessary output when an erase character is
849  *	present in the stream from the driver layer. Handles the complexities
850  *	of UTF-8 multibyte symbols.
851  *
852  *	Locking: read_lock for tty buffers
853  */
854 
855 static void eraser(unsigned char c, struct tty_struct *tty)
856 {
857 	enum { ERASE, WERASE, KILL } kill_type;
858 	int head, seen_alnums, cnt;
859 	unsigned long flags;
860 
861 	/* FIXME: locking needed ? */
862 	if (tty->read_head == tty->canon_head) {
863 		/* process_output('\a', tty); */ /* what do you think? */
864 		return;
865 	}
866 	if (c == ERASE_CHAR(tty))
867 		kill_type = ERASE;
868 	else if (c == WERASE_CHAR(tty))
869 		kill_type = WERASE;
870 	else {
871 		if (!L_ECHO(tty)) {
872 			spin_lock_irqsave(&tty->read_lock, flags);
873 			tty->read_cnt -= ((tty->read_head - tty->canon_head) &
874 					  (N_TTY_BUF_SIZE - 1));
875 			tty->read_head = tty->canon_head;
876 			spin_unlock_irqrestore(&tty->read_lock, flags);
877 			return;
878 		}
879 		if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
880 			spin_lock_irqsave(&tty->read_lock, flags);
881 			tty->read_cnt -= ((tty->read_head - tty->canon_head) &
882 					  (N_TTY_BUF_SIZE - 1));
883 			tty->read_head = tty->canon_head;
884 			spin_unlock_irqrestore(&tty->read_lock, flags);
885 			finish_erasing(tty);
886 			echo_char(KILL_CHAR(tty), tty);
887 			/* Add a newline if ECHOK is on and ECHOKE is off. */
888 			if (L_ECHOK(tty))
889 				echo_char_raw('\n', tty);
890 			return;
891 		}
892 		kill_type = KILL;
893 	}
894 
895 	seen_alnums = 0;
896 	/* FIXME: Locking ?? */
897 	while (tty->read_head != tty->canon_head) {
898 		head = tty->read_head;
899 
900 		/* erase a single possibly multibyte character */
901 		do {
902 			head = (head - 1) & (N_TTY_BUF_SIZE-1);
903 			c = tty->read_buf[head];
904 		} while (is_continuation(c, tty) && head != tty->canon_head);
905 
906 		/* do not partially erase */
907 		if (is_continuation(c, tty))
908 			break;
909 
910 		if (kill_type == WERASE) {
911 			/* Equivalent to BSD's ALTWERASE. */
912 			if (isalnum(c) || c == '_')
913 				seen_alnums++;
914 			else if (seen_alnums)
915 				break;
916 		}
917 		cnt = (tty->read_head - head) & (N_TTY_BUF_SIZE-1);
918 		spin_lock_irqsave(&tty->read_lock, flags);
919 		tty->read_head = head;
920 		tty->read_cnt -= cnt;
921 		spin_unlock_irqrestore(&tty->read_lock, flags);
922 		if (L_ECHO(tty)) {
923 			if (L_ECHOPRT(tty)) {
924 				if (!tty->erasing) {
925 					echo_char_raw('\\', tty);
926 					tty->erasing = 1;
927 				}
928 				/* if cnt > 1, output a multi-byte character */
929 				echo_char(c, tty);
930 				while (--cnt > 0) {
931 					head = (head+1) & (N_TTY_BUF_SIZE-1);
932 					echo_char_raw(tty->read_buf[head], tty);
933 					echo_move_back_col(tty);
934 				}
935 			} else if (kill_type == ERASE && !L_ECHOE(tty)) {
936 				echo_char(ERASE_CHAR(tty), tty);
937 			} else if (c == '\t') {
938 				unsigned int num_chars = 0;
939 				int after_tab = 0;
940 				unsigned long tail = tty->read_head;
941 
942 				/*
943 				 * Count the columns used for characters
944 				 * since the start of input or after a
945 				 * previous tab.
946 				 * This info is used to go back the correct
947 				 * number of columns.
948 				 */
949 				while (tail != tty->canon_head) {
950 					tail = (tail-1) & (N_TTY_BUF_SIZE-1);
951 					c = tty->read_buf[tail];
952 					if (c == '\t') {
953 						after_tab = 1;
954 						break;
955 					} else if (iscntrl(c)) {
956 						if (L_ECHOCTL(tty))
957 							num_chars += 2;
958 					} else if (!is_continuation(c, tty)) {
959 						num_chars++;
960 					}
961 				}
962 				echo_erase_tab(num_chars, after_tab, tty);
963 			} else {
964 				if (iscntrl(c) && L_ECHOCTL(tty)) {
965 					echo_char_raw('\b', tty);
966 					echo_char_raw(' ', tty);
967 					echo_char_raw('\b', tty);
968 				}
969 				if (!iscntrl(c) || L_ECHOCTL(tty)) {
970 					echo_char_raw('\b', tty);
971 					echo_char_raw(' ', tty);
972 					echo_char_raw('\b', tty);
973 				}
974 			}
975 		}
976 		if (kill_type == ERASE)
977 			break;
978 	}
979 	if (tty->read_head == tty->canon_head && L_ECHO(tty))
980 		finish_erasing(tty);
981 }
982 
983 /**
984  *	isig		-	handle the ISIG optio
985  *	@sig: signal
986  *	@tty: terminal
987  *	@flush: force flush
988  *
989  *	Called when a signal is being sent due to terminal input. This
990  *	may caus terminal flushing to take place according to the termios
991  *	settings and character used. Called from the driver receive_buf
992  *	path so serialized.
993  *
994  *	Locking: ctrl_lock, read_lock (both via flush buffer)
995  */
996 
997 static inline void isig(int sig, struct tty_struct *tty, int flush)
998 {
999 	if (tty->pgrp)
1000 		kill_pgrp(tty->pgrp, sig, 1);
1001 	if (flush || !L_NOFLSH(tty)) {
1002 		n_tty_flush_buffer(tty);
1003 		tty_driver_flush_buffer(tty);
1004 	}
1005 }
1006 
1007 /**
1008  *	n_tty_receive_break	-	handle break
1009  *	@tty: terminal
1010  *
1011  *	An RS232 break event has been hit in the incoming bitstream. This
1012  *	can cause a variety of events depending upon the termios settings.
1013  *
1014  *	Called from the receive_buf path so single threaded.
1015  */
1016 
1017 static inline void n_tty_receive_break(struct tty_struct *tty)
1018 {
1019 	if (I_IGNBRK(tty))
1020 		return;
1021 	if (I_BRKINT(tty)) {
1022 		isig(SIGINT, tty, 1);
1023 		return;
1024 	}
1025 	if (I_PARMRK(tty)) {
1026 		put_tty_queue('\377', tty);
1027 		put_tty_queue('\0', tty);
1028 	}
1029 	put_tty_queue('\0', tty);
1030 	wake_up_interruptible(&tty->read_wait);
1031 }
1032 
1033 /**
1034  *	n_tty_receive_overrun	-	handle overrun reporting
1035  *	@tty: terminal
1036  *
1037  *	Data arrived faster than we could process it. While the tty
1038  *	driver has flagged this the bits that were missed are gone
1039  *	forever.
1040  *
1041  *	Called from the receive_buf path so single threaded. Does not
1042  *	need locking as num_overrun and overrun_time are function
1043  *	private.
1044  */
1045 
1046 static inline void n_tty_receive_overrun(struct tty_struct *tty)
1047 {
1048 	char buf[64];
1049 
1050 	tty->num_overrun++;
1051 	if (time_before(tty->overrun_time, jiffies - HZ) ||
1052 			time_after(tty->overrun_time, jiffies)) {
1053 		printk(KERN_WARNING "%s: %d input overrun(s)\n",
1054 			tty_name(tty, buf),
1055 			tty->num_overrun);
1056 		tty->overrun_time = jiffies;
1057 		tty->num_overrun = 0;
1058 	}
1059 }
1060 
1061 /**
1062  *	n_tty_receive_parity_error	-	error notifier
1063  *	@tty: terminal device
1064  *	@c: character
1065  *
1066  *	Process a parity error and queue the right data to indicate
1067  *	the error case if necessary. Locking as per n_tty_receive_buf.
1068  */
1069 static inline void n_tty_receive_parity_error(struct tty_struct *tty,
1070 					      unsigned char c)
1071 {
1072 	if (I_IGNPAR(tty))
1073 		return;
1074 	if (I_PARMRK(tty)) {
1075 		put_tty_queue('\377', tty);
1076 		put_tty_queue('\0', tty);
1077 		put_tty_queue(c, tty);
1078 	} else	if (I_INPCK(tty))
1079 		put_tty_queue('\0', tty);
1080 	else
1081 		put_tty_queue(c, tty);
1082 	wake_up_interruptible(&tty->read_wait);
1083 }
1084 
1085 /**
1086  *	n_tty_receive_char	-	perform processing
1087  *	@tty: terminal device
1088  *	@c: character
1089  *
1090  *	Process an individual character of input received from the driver.
1091  *	This is serialized with respect to itself by the rules for the
1092  *	driver above.
1093  */
1094 
1095 static inline void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1096 {
1097 	unsigned long flags;
1098 	int parmrk;
1099 
1100 	if (tty->raw) {
1101 		put_tty_queue(c, tty);
1102 		return;
1103 	}
1104 
1105 	if (I_ISTRIP(tty))
1106 		c &= 0x7f;
1107 	if (I_IUCLC(tty) && L_IEXTEN(tty))
1108 		c = tolower(c);
1109 
1110 	if (L_EXTPROC(tty)) {
1111 		put_tty_queue(c, tty);
1112 		return;
1113 	}
1114 
1115 	if (tty->stopped && !tty->flow_stopped && I_IXON(tty) &&
1116 	    I_IXANY(tty) && c != START_CHAR(tty) && c != STOP_CHAR(tty) &&
1117 	    c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) && c != SUSP_CHAR(tty)) {
1118 		start_tty(tty);
1119 		process_echoes(tty);
1120 	}
1121 
1122 	if (tty->closing) {
1123 		if (I_IXON(tty)) {
1124 			if (c == START_CHAR(tty)) {
1125 				start_tty(tty);
1126 				process_echoes(tty);
1127 			} else if (c == STOP_CHAR(tty))
1128 				stop_tty(tty);
1129 		}
1130 		return;
1131 	}
1132 
1133 	/*
1134 	 * If the previous character was LNEXT, or we know that this
1135 	 * character is not one of the characters that we'll have to
1136 	 * handle specially, do shortcut processing to speed things
1137 	 * up.
1138 	 */
1139 	if (!test_bit(c, tty->process_char_map) || tty->lnext) {
1140 		tty->lnext = 0;
1141 		parmrk = (c == (unsigned char) '\377' && I_PARMRK(tty)) ? 1 : 0;
1142 		if (tty->read_cnt >= (N_TTY_BUF_SIZE - parmrk - 1)) {
1143 			/* beep if no space */
1144 			if (L_ECHO(tty))
1145 				process_output('\a', tty);
1146 			return;
1147 		}
1148 		if (L_ECHO(tty)) {
1149 			finish_erasing(tty);
1150 			/* Record the column of first canon char. */
1151 			if (tty->canon_head == tty->read_head)
1152 				echo_set_canon_col(tty);
1153 			echo_char(c, tty);
1154 			process_echoes(tty);
1155 		}
1156 		if (parmrk)
1157 			put_tty_queue(c, tty);
1158 		put_tty_queue(c, tty);
1159 		return;
1160 	}
1161 
1162 	if (I_IXON(tty)) {
1163 		if (c == START_CHAR(tty)) {
1164 			start_tty(tty);
1165 			process_echoes(tty);
1166 			return;
1167 		}
1168 		if (c == STOP_CHAR(tty)) {
1169 			stop_tty(tty);
1170 			return;
1171 		}
1172 	}
1173 
1174 	if (L_ISIG(tty)) {
1175 		int signal;
1176 		signal = SIGINT;
1177 		if (c == INTR_CHAR(tty))
1178 			goto send_signal;
1179 		signal = SIGQUIT;
1180 		if (c == QUIT_CHAR(tty))
1181 			goto send_signal;
1182 		signal = SIGTSTP;
1183 		if (c == SUSP_CHAR(tty)) {
1184 send_signal:
1185 			/*
1186 			 * Note that we do not use isig() here because we want
1187 			 * the order to be:
1188 			 * 1) flush, 2) echo, 3) signal
1189 			 */
1190 			if (!L_NOFLSH(tty)) {
1191 				n_tty_flush_buffer(tty);
1192 				tty_driver_flush_buffer(tty);
1193 			}
1194 			if (I_IXON(tty))
1195 				start_tty(tty);
1196 			if (L_ECHO(tty)) {
1197 				echo_char(c, tty);
1198 				process_echoes(tty);
1199 			}
1200 			if (tty->pgrp)
1201 				kill_pgrp(tty->pgrp, signal, 1);
1202 			return;
1203 		}
1204 	}
1205 
1206 	if (c == '\r') {
1207 		if (I_IGNCR(tty))
1208 			return;
1209 		if (I_ICRNL(tty))
1210 			c = '\n';
1211 	} else if (c == '\n' && I_INLCR(tty))
1212 		c = '\r';
1213 
1214 	if (tty->icanon) {
1215 		if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1216 		    (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1217 			eraser(c, tty);
1218 			process_echoes(tty);
1219 			return;
1220 		}
1221 		if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1222 			tty->lnext = 1;
1223 			if (L_ECHO(tty)) {
1224 				finish_erasing(tty);
1225 				if (L_ECHOCTL(tty)) {
1226 					echo_char_raw('^', tty);
1227 					echo_char_raw('\b', tty);
1228 					process_echoes(tty);
1229 				}
1230 			}
1231 			return;
1232 		}
1233 		if (c == REPRINT_CHAR(tty) && L_ECHO(tty) &&
1234 		    L_IEXTEN(tty)) {
1235 			unsigned long tail = tty->canon_head;
1236 
1237 			finish_erasing(tty);
1238 			echo_char(c, tty);
1239 			echo_char_raw('\n', tty);
1240 			while (tail != tty->read_head) {
1241 				echo_char(tty->read_buf[tail], tty);
1242 				tail = (tail+1) & (N_TTY_BUF_SIZE-1);
1243 			}
1244 			process_echoes(tty);
1245 			return;
1246 		}
1247 		if (c == '\n') {
1248 			if (tty->read_cnt >= N_TTY_BUF_SIZE) {
1249 				if (L_ECHO(tty))
1250 					process_output('\a', tty);
1251 				return;
1252 			}
1253 			if (L_ECHO(tty) || L_ECHONL(tty)) {
1254 				echo_char_raw('\n', tty);
1255 				process_echoes(tty);
1256 			}
1257 			goto handle_newline;
1258 		}
1259 		if (c == EOF_CHAR(tty)) {
1260 			if (tty->read_cnt >= N_TTY_BUF_SIZE)
1261 				return;
1262 			if (tty->canon_head != tty->read_head)
1263 				set_bit(TTY_PUSH, &tty->flags);
1264 			c = __DISABLED_CHAR;
1265 			goto handle_newline;
1266 		}
1267 		if ((c == EOL_CHAR(tty)) ||
1268 		    (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1269 			parmrk = (c == (unsigned char) '\377' && I_PARMRK(tty))
1270 				 ? 1 : 0;
1271 			if (tty->read_cnt >= (N_TTY_BUF_SIZE - parmrk)) {
1272 				if (L_ECHO(tty))
1273 					process_output('\a', tty);
1274 				return;
1275 			}
1276 			/*
1277 			 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1278 			 */
1279 			if (L_ECHO(tty)) {
1280 				/* Record the column of first canon char. */
1281 				if (tty->canon_head == tty->read_head)
1282 					echo_set_canon_col(tty);
1283 				echo_char(c, tty);
1284 				process_echoes(tty);
1285 			}
1286 			/*
1287 			 * XXX does PARMRK doubling happen for
1288 			 * EOL_CHAR and EOL2_CHAR?
1289 			 */
1290 			if (parmrk)
1291 				put_tty_queue(c, tty);
1292 
1293 handle_newline:
1294 			spin_lock_irqsave(&tty->read_lock, flags);
1295 			set_bit(tty->read_head, tty->read_flags);
1296 			put_tty_queue_nolock(c, tty);
1297 			tty->canon_head = tty->read_head;
1298 			tty->canon_data++;
1299 			spin_unlock_irqrestore(&tty->read_lock, flags);
1300 			kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1301 			if (waitqueue_active(&tty->read_wait))
1302 				wake_up_interruptible(&tty->read_wait);
1303 			return;
1304 		}
1305 	}
1306 
1307 	parmrk = (c == (unsigned char) '\377' && I_PARMRK(tty)) ? 1 : 0;
1308 	if (tty->read_cnt >= (N_TTY_BUF_SIZE - parmrk - 1)) {
1309 		/* beep if no space */
1310 		if (L_ECHO(tty))
1311 			process_output('\a', tty);
1312 		return;
1313 	}
1314 	if (L_ECHO(tty)) {
1315 		finish_erasing(tty);
1316 		if (c == '\n')
1317 			echo_char_raw('\n', tty);
1318 		else {
1319 			/* Record the column of first canon char. */
1320 			if (tty->canon_head == tty->read_head)
1321 				echo_set_canon_col(tty);
1322 			echo_char(c, tty);
1323 		}
1324 		process_echoes(tty);
1325 	}
1326 
1327 	if (parmrk)
1328 		put_tty_queue(c, tty);
1329 
1330 	put_tty_queue(c, tty);
1331 }
1332 
1333 
1334 /**
1335  *	n_tty_write_wakeup	-	asynchronous I/O notifier
1336  *	@tty: tty device
1337  *
1338  *	Required for the ptys, serial driver etc. since processes
1339  *	that attach themselves to the master and rely on ASYNC
1340  *	IO must be woken up
1341  */
1342 
1343 static void n_tty_write_wakeup(struct tty_struct *tty)
1344 {
1345 	if (tty->fasync && test_and_clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags))
1346 		kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
1347 }
1348 
1349 /**
1350  *	n_tty_receive_buf	-	data receive
1351  *	@tty: terminal device
1352  *	@cp: buffer
1353  *	@fp: flag buffer
1354  *	@count: characters
1355  *
1356  *	Called by the terminal driver when a block of characters has
1357  *	been received. This function must be called from soft contexts
1358  *	not from interrupt context. The driver is responsible for making
1359  *	calls one at a time and in order (or using flush_to_ldisc)
1360  */
1361 
1362 static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1363 			      char *fp, int count)
1364 {
1365 	const unsigned char *p;
1366 	char *f, flags = TTY_NORMAL;
1367 	int	i;
1368 	char	buf[64];
1369 	unsigned long cpuflags;
1370 
1371 	if (!tty->read_buf)
1372 		return;
1373 
1374 	if (tty->real_raw) {
1375 		spin_lock_irqsave(&tty->read_lock, cpuflags);
1376 		i = min(N_TTY_BUF_SIZE - tty->read_cnt,
1377 			N_TTY_BUF_SIZE - tty->read_head);
1378 		i = min(count, i);
1379 		memcpy(tty->read_buf + tty->read_head, cp, i);
1380 		tty->read_head = (tty->read_head + i) & (N_TTY_BUF_SIZE-1);
1381 		tty->read_cnt += i;
1382 		cp += i;
1383 		count -= i;
1384 
1385 		i = min(N_TTY_BUF_SIZE - tty->read_cnt,
1386 			N_TTY_BUF_SIZE - tty->read_head);
1387 		i = min(count, i);
1388 		memcpy(tty->read_buf + tty->read_head, cp, i);
1389 		tty->read_head = (tty->read_head + i) & (N_TTY_BUF_SIZE-1);
1390 		tty->read_cnt += i;
1391 		spin_unlock_irqrestore(&tty->read_lock, cpuflags);
1392 	} else {
1393 		for (i = count, p = cp, f = fp; i; i--, p++) {
1394 			if (f)
1395 				flags = *f++;
1396 			switch (flags) {
1397 			case TTY_NORMAL:
1398 				n_tty_receive_char(tty, *p);
1399 				break;
1400 			case TTY_BREAK:
1401 				n_tty_receive_break(tty);
1402 				break;
1403 			case TTY_PARITY:
1404 			case TTY_FRAME:
1405 				n_tty_receive_parity_error(tty, *p);
1406 				break;
1407 			case TTY_OVERRUN:
1408 				n_tty_receive_overrun(tty);
1409 				break;
1410 			default:
1411 				printk(KERN_ERR "%s: unknown flag %d\n",
1412 				       tty_name(tty, buf), flags);
1413 				break;
1414 			}
1415 		}
1416 		if (tty->ops->flush_chars)
1417 			tty->ops->flush_chars(tty);
1418 	}
1419 
1420 	n_tty_set_room(tty);
1421 
1422 	if ((!tty->icanon && (tty->read_cnt >= tty->minimum_to_wake)) ||
1423 		L_EXTPROC(tty)) {
1424 		kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1425 		if (waitqueue_active(&tty->read_wait))
1426 			wake_up_interruptible(&tty->read_wait);
1427 	}
1428 
1429 	/*
1430 	 * Check the remaining room for the input canonicalization
1431 	 * mode.  We don't want to throttle the driver if we're in
1432 	 * canonical mode and don't have a newline yet!
1433 	 */
1434 	if (tty->receive_room < TTY_THRESHOLD_THROTTLE)
1435 		tty_throttle(tty);
1436 }
1437 
1438 int is_ignored(int sig)
1439 {
1440 	return (sigismember(&current->blocked, sig) ||
1441 		current->sighand->action[sig-1].sa.sa_handler == SIG_IGN);
1442 }
1443 
1444 /**
1445  *	n_tty_set_termios	-	termios data changed
1446  *	@tty: terminal
1447  *	@old: previous data
1448  *
1449  *	Called by the tty layer when the user changes termios flags so
1450  *	that the line discipline can plan ahead. This function cannot sleep
1451  *	and is protected from re-entry by the tty layer. The user is
1452  *	guaranteed that this function will not be re-entered or in progress
1453  *	when the ldisc is closed.
1454  *
1455  *	Locking: Caller holds tty->termios_mutex
1456  */
1457 
1458 static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1459 {
1460 	int canon_change = 1;
1461 	BUG_ON(!tty);
1462 
1463 	if (old)
1464 		canon_change = (old->c_lflag ^ tty->termios->c_lflag) & ICANON;
1465 	if (canon_change) {
1466 		memset(&tty->read_flags, 0, sizeof tty->read_flags);
1467 		tty->canon_head = tty->read_tail;
1468 		tty->canon_data = 0;
1469 		tty->erasing = 0;
1470 	}
1471 
1472 	if (canon_change && !L_ICANON(tty) && tty->read_cnt)
1473 		wake_up_interruptible(&tty->read_wait);
1474 
1475 	tty->icanon = (L_ICANON(tty) != 0);
1476 	if (test_bit(TTY_HW_COOK_IN, &tty->flags)) {
1477 		tty->raw = 1;
1478 		tty->real_raw = 1;
1479 		n_tty_set_room(tty);
1480 		return;
1481 	}
1482 	if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1483 	    I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1484 	    I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1485 	    I_PARMRK(tty)) {
1486 		memset(tty->process_char_map, 0, 256/8);
1487 
1488 		if (I_IGNCR(tty) || I_ICRNL(tty))
1489 			set_bit('\r', tty->process_char_map);
1490 		if (I_INLCR(tty))
1491 			set_bit('\n', tty->process_char_map);
1492 
1493 		if (L_ICANON(tty)) {
1494 			set_bit(ERASE_CHAR(tty), tty->process_char_map);
1495 			set_bit(KILL_CHAR(tty), tty->process_char_map);
1496 			set_bit(EOF_CHAR(tty), tty->process_char_map);
1497 			set_bit('\n', tty->process_char_map);
1498 			set_bit(EOL_CHAR(tty), tty->process_char_map);
1499 			if (L_IEXTEN(tty)) {
1500 				set_bit(WERASE_CHAR(tty),
1501 					tty->process_char_map);
1502 				set_bit(LNEXT_CHAR(tty),
1503 					tty->process_char_map);
1504 				set_bit(EOL2_CHAR(tty),
1505 					tty->process_char_map);
1506 				if (L_ECHO(tty))
1507 					set_bit(REPRINT_CHAR(tty),
1508 						tty->process_char_map);
1509 			}
1510 		}
1511 		if (I_IXON(tty)) {
1512 			set_bit(START_CHAR(tty), tty->process_char_map);
1513 			set_bit(STOP_CHAR(tty), tty->process_char_map);
1514 		}
1515 		if (L_ISIG(tty)) {
1516 			set_bit(INTR_CHAR(tty), tty->process_char_map);
1517 			set_bit(QUIT_CHAR(tty), tty->process_char_map);
1518 			set_bit(SUSP_CHAR(tty), tty->process_char_map);
1519 		}
1520 		clear_bit(__DISABLED_CHAR, tty->process_char_map);
1521 		tty->raw = 0;
1522 		tty->real_raw = 0;
1523 	} else {
1524 		tty->raw = 1;
1525 		if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1526 		    (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1527 		    (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1528 			tty->real_raw = 1;
1529 		else
1530 			tty->real_raw = 0;
1531 	}
1532 	n_tty_set_room(tty);
1533 	/* The termios change make the tty ready for I/O */
1534 	wake_up_interruptible(&tty->write_wait);
1535 	wake_up_interruptible(&tty->read_wait);
1536 }
1537 
1538 /**
1539  *	n_tty_close		-	close the ldisc for this tty
1540  *	@tty: device
1541  *
1542  *	Called from the terminal layer when this line discipline is
1543  *	being shut down, either because of a close or becsuse of a
1544  *	discipline change. The function will not be called while other
1545  *	ldisc methods are in progress.
1546  */
1547 
1548 static void n_tty_close(struct tty_struct *tty)
1549 {
1550 	n_tty_flush_buffer(tty);
1551 	if (tty->read_buf) {
1552 		kfree(tty->read_buf);
1553 		tty->read_buf = NULL;
1554 	}
1555 	if (tty->echo_buf) {
1556 		kfree(tty->echo_buf);
1557 		tty->echo_buf = NULL;
1558 	}
1559 }
1560 
1561 /**
1562  *	n_tty_open		-	open an ldisc
1563  *	@tty: terminal to open
1564  *
1565  *	Called when this line discipline is being attached to the
1566  *	terminal device. Can sleep. Called serialized so that no
1567  *	other events will occur in parallel. No further open will occur
1568  *	until a close.
1569  */
1570 
1571 static int n_tty_open(struct tty_struct *tty)
1572 {
1573 	if (!tty)
1574 		return -EINVAL;
1575 
1576 	/* These are ugly. Currently a malloc failure here can panic */
1577 	if (!tty->read_buf) {
1578 		tty->read_buf = kzalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
1579 		if (!tty->read_buf)
1580 			return -ENOMEM;
1581 	}
1582 	if (!tty->echo_buf) {
1583 		tty->echo_buf = kzalloc(N_TTY_BUF_SIZE, GFP_KERNEL);
1584 
1585 		if (!tty->echo_buf)
1586 			return -ENOMEM;
1587 	}
1588 	reset_buffer_flags(tty);
1589 	tty_unthrottle(tty);
1590 	tty->column = 0;
1591 	n_tty_set_termios(tty, NULL);
1592 	tty->minimum_to_wake = 1;
1593 	tty->closing = 0;
1594 	return 0;
1595 }
1596 
1597 static inline int input_available_p(struct tty_struct *tty, int amt)
1598 {
1599 	tty_flush_to_ldisc(tty);
1600 	if (tty->icanon && !L_EXTPROC(tty)) {
1601 		if (tty->canon_data)
1602 			return 1;
1603 	} else if (tty->read_cnt >= (amt ? amt : 1))
1604 		return 1;
1605 
1606 	return 0;
1607 }
1608 
1609 /**
1610  * 	copy_from_read_buf	-	copy read data directly
1611  *	@tty: terminal device
1612  *	@b: user data
1613  *	@nr: size of data
1614  *
1615  *	Helper function to speed up n_tty_read.  It is only called when
1616  *	ICANON is off; it copies characters straight from the tty queue to
1617  *	user space directly.  It can be profitably called twice; once to
1618  *	drain the space from the tail pointer to the (physical) end of the
1619  *	buffer, and once to drain the space from the (physical) beginning of
1620  *	the buffer to head pointer.
1621  *
1622  *	Called under the tty->atomic_read_lock sem
1623  *
1624  */
1625 
1626 static int copy_from_read_buf(struct tty_struct *tty,
1627 				      unsigned char __user **b,
1628 				      size_t *nr)
1629 
1630 {
1631 	int retval;
1632 	size_t n;
1633 	unsigned long flags;
1634 
1635 	retval = 0;
1636 	spin_lock_irqsave(&tty->read_lock, flags);
1637 	n = min(tty->read_cnt, N_TTY_BUF_SIZE - tty->read_tail);
1638 	n = min(*nr, n);
1639 	spin_unlock_irqrestore(&tty->read_lock, flags);
1640 	if (n) {
1641 		retval = copy_to_user(*b, &tty->read_buf[tty->read_tail], n);
1642 		n -= retval;
1643 		tty_audit_add_data(tty, &tty->read_buf[tty->read_tail], n);
1644 		spin_lock_irqsave(&tty->read_lock, flags);
1645 		tty->read_tail = (tty->read_tail + n) & (N_TTY_BUF_SIZE-1);
1646 		tty->read_cnt -= n;
1647 		/* Turn single EOF into zero-length read */
1648 		if (L_EXTPROC(tty) && tty->icanon && n == 1) {
1649 			if (!tty->read_cnt && (*b)[n-1] == EOF_CHAR(tty))
1650 				n--;
1651 		}
1652 		spin_unlock_irqrestore(&tty->read_lock, flags);
1653 		*b += n;
1654 		*nr -= n;
1655 	}
1656 	return retval;
1657 }
1658 
1659 extern ssize_t redirected_tty_write(struct file *, const char __user *,
1660 							size_t, loff_t *);
1661 
1662 /**
1663  *	job_control		-	check job control
1664  *	@tty: tty
1665  *	@file: file handle
1666  *
1667  *	Perform job control management checks on this file/tty descriptor
1668  *	and if appropriate send any needed signals and return a negative
1669  *	error code if action should be taken.
1670  *
1671  *	FIXME:
1672  *	Locking: None - redirected write test is safe, testing
1673  *	current->signal should possibly lock current->sighand
1674  *	pgrp locking ?
1675  */
1676 
1677 static int job_control(struct tty_struct *tty, struct file *file)
1678 {
1679 	/* Job control check -- must be done at start and after
1680 	   every sleep (POSIX.1 7.1.1.4). */
1681 	/* NOTE: not yet done after every sleep pending a thorough
1682 	   check of the logic of this change. -- jlc */
1683 	/* don't stop on /dev/console */
1684 	if (file->f_op->write != redirected_tty_write &&
1685 	    current->signal->tty == tty) {
1686 		if (!tty->pgrp)
1687 			printk(KERN_ERR "n_tty_read: no tty->pgrp!\n");
1688 		else if (task_pgrp(current) != tty->pgrp) {
1689 			if (is_ignored(SIGTTIN) ||
1690 			    is_current_pgrp_orphaned())
1691 				return -EIO;
1692 			kill_pgrp(task_pgrp(current), SIGTTIN, 1);
1693 			set_thread_flag(TIF_SIGPENDING);
1694 			return -ERESTARTSYS;
1695 		}
1696 	}
1697 	return 0;
1698 }
1699 
1700 
1701 /**
1702  *	n_tty_read		-	read function for tty
1703  *	@tty: tty device
1704  *	@file: file object
1705  *	@buf: userspace buffer pointer
1706  *	@nr: size of I/O
1707  *
1708  *	Perform reads for the line discipline. We are guaranteed that the
1709  *	line discipline will not be closed under us but we may get multiple
1710  *	parallel readers and must handle this ourselves. We may also get
1711  *	a hangup. Always called in user context, may sleep.
1712  *
1713  *	This code must be sure never to sleep through a hangup.
1714  */
1715 
1716 static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
1717 			 unsigned char __user *buf, size_t nr)
1718 {
1719 	unsigned char __user *b = buf;
1720 	DECLARE_WAITQUEUE(wait, current);
1721 	int c;
1722 	int minimum, time;
1723 	ssize_t retval = 0;
1724 	ssize_t size;
1725 	long timeout;
1726 	unsigned long flags;
1727 	int packet;
1728 
1729 do_it_again:
1730 
1731 	BUG_ON(!tty->read_buf);
1732 
1733 	c = job_control(tty, file);
1734 	if (c < 0)
1735 		return c;
1736 
1737 	minimum = time = 0;
1738 	timeout = MAX_SCHEDULE_TIMEOUT;
1739 	if (!tty->icanon) {
1740 		time = (HZ / 10) * TIME_CHAR(tty);
1741 		minimum = MIN_CHAR(tty);
1742 		if (minimum) {
1743 			if (time)
1744 				tty->minimum_to_wake = 1;
1745 			else if (!waitqueue_active(&tty->read_wait) ||
1746 				 (tty->minimum_to_wake > minimum))
1747 				tty->minimum_to_wake = minimum;
1748 		} else {
1749 			timeout = 0;
1750 			if (time) {
1751 				timeout = time;
1752 				time = 0;
1753 			}
1754 			tty->minimum_to_wake = minimum = 1;
1755 		}
1756 	}
1757 
1758 	/*
1759 	 *	Internal serialization of reads.
1760 	 */
1761 	if (file->f_flags & O_NONBLOCK) {
1762 		if (!mutex_trylock(&tty->atomic_read_lock))
1763 			return -EAGAIN;
1764 	} else {
1765 		if (mutex_lock_interruptible(&tty->atomic_read_lock))
1766 			return -ERESTARTSYS;
1767 	}
1768 	packet = tty->packet;
1769 
1770 	add_wait_queue(&tty->read_wait, &wait);
1771 	while (nr) {
1772 		/* First test for status change. */
1773 		if (packet && tty->link->ctrl_status) {
1774 			unsigned char cs;
1775 			if (b != buf)
1776 				break;
1777 			spin_lock_irqsave(&tty->link->ctrl_lock, flags);
1778 			cs = tty->link->ctrl_status;
1779 			tty->link->ctrl_status = 0;
1780 			spin_unlock_irqrestore(&tty->link->ctrl_lock, flags);
1781 			if (tty_put_user(tty, cs, b++)) {
1782 				retval = -EFAULT;
1783 				b--;
1784 				break;
1785 			}
1786 			nr--;
1787 			break;
1788 		}
1789 		/* This statement must be first before checking for input
1790 		   so that any interrupt will set the state back to
1791 		   TASK_RUNNING. */
1792 		set_current_state(TASK_INTERRUPTIBLE);
1793 
1794 		if (((minimum - (b - buf)) < tty->minimum_to_wake) &&
1795 		    ((minimum - (b - buf)) >= 1))
1796 			tty->minimum_to_wake = (minimum - (b - buf));
1797 
1798 		if (!input_available_p(tty, 0)) {
1799 			if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
1800 				retval = -EIO;
1801 				break;
1802 			}
1803 			if (tty_hung_up_p(file))
1804 				break;
1805 			if (!timeout)
1806 				break;
1807 			if (file->f_flags & O_NONBLOCK) {
1808 				retval = -EAGAIN;
1809 				break;
1810 			}
1811 			if (signal_pending(current)) {
1812 				retval = -ERESTARTSYS;
1813 				break;
1814 			}
1815 			/* FIXME: does n_tty_set_room need locking ? */
1816 			n_tty_set_room(tty);
1817 			timeout = schedule_timeout(timeout);
1818 			BUG_ON(!tty->read_buf);
1819 			continue;
1820 		}
1821 		__set_current_state(TASK_RUNNING);
1822 
1823 		/* Deal with packet mode. */
1824 		if (packet && b == buf) {
1825 			if (tty_put_user(tty, TIOCPKT_DATA, b++)) {
1826 				retval = -EFAULT;
1827 				b--;
1828 				break;
1829 			}
1830 			nr--;
1831 		}
1832 
1833 		if (tty->icanon && !L_EXTPROC(tty)) {
1834 			/* N.B. avoid overrun if nr == 0 */
1835 			while (nr && tty->read_cnt) {
1836 				int eol;
1837 
1838 				eol = test_and_clear_bit(tty->read_tail,
1839 						tty->read_flags);
1840 				c = tty->read_buf[tty->read_tail];
1841 				spin_lock_irqsave(&tty->read_lock, flags);
1842 				tty->read_tail = ((tty->read_tail+1) &
1843 						  (N_TTY_BUF_SIZE-1));
1844 				tty->read_cnt--;
1845 				if (eol) {
1846 					/* this test should be redundant:
1847 					 * we shouldn't be reading data if
1848 					 * canon_data is 0
1849 					 */
1850 					if (--tty->canon_data < 0)
1851 						tty->canon_data = 0;
1852 				}
1853 				spin_unlock_irqrestore(&tty->read_lock, flags);
1854 
1855 				if (!eol || (c != __DISABLED_CHAR)) {
1856 					if (tty_put_user(tty, c, b++)) {
1857 						retval = -EFAULT;
1858 						b--;
1859 						break;
1860 					}
1861 					nr--;
1862 				}
1863 				if (eol) {
1864 					tty_audit_push(tty);
1865 					break;
1866 				}
1867 			}
1868 			if (retval)
1869 				break;
1870 		} else {
1871 			int uncopied;
1872 			/* The copy function takes the read lock and handles
1873 			   locking internally for this case */
1874 			uncopied = copy_from_read_buf(tty, &b, &nr);
1875 			uncopied += copy_from_read_buf(tty, &b, &nr);
1876 			if (uncopied) {
1877 				retval = -EFAULT;
1878 				break;
1879 			}
1880 		}
1881 
1882 		/* If there is enough space in the read buffer now, let the
1883 		 * low-level driver know. We use n_tty_chars_in_buffer() to
1884 		 * check the buffer, as it now knows about canonical mode.
1885 		 * Otherwise, if the driver is throttled and the line is
1886 		 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
1887 		 * we won't get any more characters.
1888 		 */
1889 		if (n_tty_chars_in_buffer(tty) <= TTY_THRESHOLD_UNTHROTTLE) {
1890 			n_tty_set_room(tty);
1891 			check_unthrottle(tty);
1892 		}
1893 
1894 		if (b - buf >= minimum)
1895 			break;
1896 		if (time)
1897 			timeout = time;
1898 	}
1899 	mutex_unlock(&tty->atomic_read_lock);
1900 	remove_wait_queue(&tty->read_wait, &wait);
1901 
1902 	if (!waitqueue_active(&tty->read_wait))
1903 		tty->minimum_to_wake = minimum;
1904 
1905 	__set_current_state(TASK_RUNNING);
1906 	size = b - buf;
1907 	if (size) {
1908 		retval = size;
1909 		if (nr)
1910 			clear_bit(TTY_PUSH, &tty->flags);
1911 	} else if (test_and_clear_bit(TTY_PUSH, &tty->flags))
1912 		 goto do_it_again;
1913 
1914 	n_tty_set_room(tty);
1915 	return retval;
1916 }
1917 
1918 /**
1919  *	n_tty_write		-	write function for tty
1920  *	@tty: tty device
1921  *	@file: file object
1922  *	@buf: userspace buffer pointer
1923  *	@nr: size of I/O
1924  *
1925  *	Write function of the terminal device.  This is serialized with
1926  *	respect to other write callers but not to termios changes, reads
1927  *	and other such events.  Since the receive code will echo characters,
1928  *	thus calling driver write methods, the output_lock is used in
1929  *	the output processing functions called here as well as in the
1930  *	echo processing function to protect the column state and space
1931  *	left in the buffer.
1932  *
1933  *	This code must be sure never to sleep through a hangup.
1934  *
1935  *	Locking: output_lock to protect column state and space left
1936  *		 (note that the process_output*() functions take this
1937  *		  lock themselves)
1938  */
1939 
1940 static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
1941 			   const unsigned char *buf, size_t nr)
1942 {
1943 	const unsigned char *b = buf;
1944 	DECLARE_WAITQUEUE(wait, current);
1945 	int c;
1946 	ssize_t retval = 0;
1947 
1948 	/* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
1949 	if (L_TOSTOP(tty) && file->f_op->write != redirected_tty_write) {
1950 		retval = tty_check_change(tty);
1951 		if (retval)
1952 			return retval;
1953 	}
1954 
1955 	/* Write out any echoed characters that are still pending */
1956 	process_echoes(tty);
1957 
1958 	add_wait_queue(&tty->write_wait, &wait);
1959 	while (1) {
1960 		set_current_state(TASK_INTERRUPTIBLE);
1961 		if (signal_pending(current)) {
1962 			retval = -ERESTARTSYS;
1963 			break;
1964 		}
1965 		if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
1966 			retval = -EIO;
1967 			break;
1968 		}
1969 		if (O_OPOST(tty) && !(test_bit(TTY_HW_COOK_OUT, &tty->flags))) {
1970 			while (nr > 0) {
1971 				ssize_t num = process_output_block(tty, b, nr);
1972 				if (num < 0) {
1973 					if (num == -EAGAIN)
1974 						break;
1975 					retval = num;
1976 					goto break_out;
1977 				}
1978 				b += num;
1979 				nr -= num;
1980 				if (nr == 0)
1981 					break;
1982 				c = *b;
1983 				if (process_output(c, tty) < 0)
1984 					break;
1985 				b++; nr--;
1986 			}
1987 			if (tty->ops->flush_chars)
1988 				tty->ops->flush_chars(tty);
1989 		} else {
1990 			while (nr > 0) {
1991 				c = tty->ops->write(tty, b, nr);
1992 				if (c < 0) {
1993 					retval = c;
1994 					goto break_out;
1995 				}
1996 				if (!c)
1997 					break;
1998 				b += c;
1999 				nr -= c;
2000 			}
2001 		}
2002 		if (!nr)
2003 			break;
2004 		if (file->f_flags & O_NONBLOCK) {
2005 			retval = -EAGAIN;
2006 			break;
2007 		}
2008 		schedule();
2009 	}
2010 break_out:
2011 	__set_current_state(TASK_RUNNING);
2012 	remove_wait_queue(&tty->write_wait, &wait);
2013 	if (b - buf != nr && tty->fasync)
2014 		set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2015 	return (b - buf) ? b - buf : retval;
2016 }
2017 
2018 /**
2019  *	n_tty_poll		-	poll method for N_TTY
2020  *	@tty: terminal device
2021  *	@file: file accessing it
2022  *	@wait: poll table
2023  *
2024  *	Called when the line discipline is asked to poll() for data or
2025  *	for special events. This code is not serialized with respect to
2026  *	other events save open/close.
2027  *
2028  *	This code must be sure never to sleep through a hangup.
2029  *	Called without the kernel lock held - fine
2030  */
2031 
2032 static unsigned int n_tty_poll(struct tty_struct *tty, struct file *file,
2033 							poll_table *wait)
2034 {
2035 	unsigned int mask = 0;
2036 
2037 	poll_wait(file, &tty->read_wait, wait);
2038 	poll_wait(file, &tty->write_wait, wait);
2039 	if (input_available_p(tty, TIME_CHAR(tty) ? 0 : MIN_CHAR(tty)))
2040 		mask |= POLLIN | POLLRDNORM;
2041 	if (tty->packet && tty->link->ctrl_status)
2042 		mask |= POLLPRI | POLLIN | POLLRDNORM;
2043 	if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2044 		mask |= POLLHUP;
2045 	if (tty_hung_up_p(file))
2046 		mask |= POLLHUP;
2047 	if (!(mask & (POLLHUP | POLLIN | POLLRDNORM))) {
2048 		if (MIN_CHAR(tty) && !TIME_CHAR(tty))
2049 			tty->minimum_to_wake = MIN_CHAR(tty);
2050 		else
2051 			tty->minimum_to_wake = 1;
2052 	}
2053 	if (tty->ops->write && !tty_is_writelocked(tty) &&
2054 			tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2055 			tty_write_room(tty) > 0)
2056 		mask |= POLLOUT | POLLWRNORM;
2057 	return mask;
2058 }
2059 
2060 static unsigned long inq_canon(struct tty_struct *tty)
2061 {
2062 	int nr, head, tail;
2063 
2064 	if (!tty->canon_data)
2065 		return 0;
2066 	head = tty->canon_head;
2067 	tail = tty->read_tail;
2068 	nr = (head - tail) & (N_TTY_BUF_SIZE-1);
2069 	/* Skip EOF-chars.. */
2070 	while (head != tail) {
2071 		if (test_bit(tail, tty->read_flags) &&
2072 		    tty->read_buf[tail] == __DISABLED_CHAR)
2073 			nr--;
2074 		tail = (tail+1) & (N_TTY_BUF_SIZE-1);
2075 	}
2076 	return nr;
2077 }
2078 
2079 static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2080 		       unsigned int cmd, unsigned long arg)
2081 {
2082 	int retval;
2083 
2084 	switch (cmd) {
2085 	case TIOCOUTQ:
2086 		return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2087 	case TIOCINQ:
2088 		/* FIXME: Locking */
2089 		retval = tty->read_cnt;
2090 		if (L_ICANON(tty))
2091 			retval = inq_canon(tty);
2092 		return put_user(retval, (unsigned int __user *) arg);
2093 	default:
2094 		return n_tty_ioctl_helper(tty, file, cmd, arg);
2095 	}
2096 }
2097 
2098 struct tty_ldisc_ops tty_ldisc_N_TTY = {
2099 	.magic           = TTY_LDISC_MAGIC,
2100 	.name            = "n_tty",
2101 	.open            = n_tty_open,
2102 	.close           = n_tty_close,
2103 	.flush_buffer    = n_tty_flush_buffer,
2104 	.chars_in_buffer = n_tty_chars_in_buffer,
2105 	.read            = n_tty_read,
2106 	.write           = n_tty_write,
2107 	.ioctl           = n_tty_ioctl,
2108 	.set_termios     = n_tty_set_termios,
2109 	.poll            = n_tty_poll,
2110 	.receive_buf     = n_tty_receive_buf,
2111 	.write_wakeup    = n_tty_write_wakeup
2112 };
2113 
2114 /**
2115  *	n_tty_inherit_ops	-	inherit N_TTY methods
2116  *	@ops: struct tty_ldisc_ops where to save N_TTY methods
2117  *
2118  *	Used by a generic struct tty_ldisc_ops to easily inherit N_TTY
2119  *	methods.
2120  */
2121 
2122 void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2123 {
2124 	*ops = tty_ldisc_N_TTY;
2125 	ops->owner = NULL;
2126 	ops->refcount = ops->flags = 0;
2127 }
2128 EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2129