1 /*
2 * Copyright (c) 1997-2019 Apple Inc. All rights reserved.
3 *
4 * @APPLE_OSREFERENCE_LICENSE_HEADER_START@
5 *
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. The rights granted to you under the License
10 * may not be used to create, or enable the creation or redistribution of,
11 * unlawful or unlicensed copies of an Apple operating system, or to
12 * circumvent, violate, or enable the circumvention or violation of, any
13 * terms of an Apple operating system software license agreement.
14 *
15 * Please obtain a copy of the License at
16 * http://www.opensource.apple.com/apsl/ and read it before using this file.
17 *
18 * The Original Code and all software distributed under the License are
19 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
20 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
21 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
22 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
23 * Please see the License for the specific language governing rights and
24 * limitations under the License.
25 *
26 * @APPLE_OSREFERENCE_LICENSE_HEADER_END@
27 */
28 /*-
29 * Copyright (c) 1982, 1986, 1990, 1991, 1993
30 * The Regents of the University of California. All rights reserved.
31 * (c) UNIX System Laboratories, Inc.
32 * All or some portions of this file are derived from material licensed
33 * to the University of California by American Telephone and Telegraph
34 * Co. or Unix System Laboratories, Inc. and are reproduced herein with
35 * the permission of UNIX System Laboratories, Inc.
36 *
37 * Redistribution and use in source and binary forms, with or without
38 * modification, are permitted provided that the following conditions
39 * are met:
40 * 1. Redistributions of source code must retain the above copyright
41 * notice, this list of conditions and the following disclaimer.
42 * 2. Redistributions in binary form must reproduce the above copyright
43 * notice, this list of conditions and the following disclaimer in the
44 * documentation and/or other materials provided with the distribution.
45 * 3. All advertising materials mentioning features or use of this software
46 * must display the following acknowledgement:
47 * This product includes software developed by the University of
48 * California, Berkeley and its contributors.
49 * 4. Neither the name of the University nor the names of its contributors
50 * may be used to endorse or promote products derived from this software
51 * without specific prior written permission.
52 *
53 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
54 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
55 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
56 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
57 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
58 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
59 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
60 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
61 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
62 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
63 * SUCH DAMAGE.
64 *
65 * @(#)tty.c 8.8 (Berkeley) 1/21/94
66 */
67 /*-
68 * TODO:
69 * o Fix races for sending the start char in ttyflush().
70 * o Handle inter-byte timeout for "MIN > 0, TIME > 0" in ttyselect().
71 * With luck, there will be MIN chars before select() returns().
72 * o Handle CLOCAL consistently for ptys. Perhaps disallow setting it.
73 * o Don't allow input in TS_ZOMBIE case. It would be visible through
74 * FIONREAD.
75 * o Do the new sio locking stuff here and use it to avoid special
76 * case for EXTPROC?
77 * o Lock PENDIN too?
78 * o Move EXTPROC and/or PENDIN to t_state?
79 * o Wrap most of ttioctl in spltty/splx.
80 * o Implement TIOCNOTTY or remove it from <sys/ioctl.h>.
81 * o Send STOP if IXOFF is toggled off while TS_TBLOCK is set.
82 * o Don't allow certain termios flags to affect disciplines other
83 * than TTYDISC. Cancel their effects before switch disciplines
84 * and ignore them if they are set while we are in another
85 * discipline.
86 * o Handle c_ispeed = 0 to c_ispeed = c_ospeed conversion here instead
87 * of in drivers and fix drivers that write to tp->t_termios.
88 * o Check for TS_CARR_ON being set while everything is closed and not
89 * waiting for carrier. TS_CARR_ON isn't cleared if nothing is open,
90 * so it would live until the next open even if carrier drops.
91 * o Restore TS_WOPEN since it is useful in pstat. It must be cleared
92 * only when _all_ openers leave open().
93 */
94 #include <sys/param.h>
95 #define TTYDEFCHARS 1
96 #include <sys/systm.h>
97 #undef TTYDEFCHARS
98 #include <sys/ioctl.h>
99 #include <sys/proc_internal.h>
100 #include <sys/kauth.h>
101 #include <sys/file_internal.h>
102 #include <sys/conf.h>
103 #include <sys/dkstat.h>
104 #include <sys/uio_internal.h>
105 #include <sys/kernel.h>
106 #include <sys/vnode.h>
107 #include <sys/syslog.h>
108 #include <sys/user.h>
109 #include <sys/signalvar.h>
110 #include <sys/signalvar.h>
111 #include <sys/malloc.h>
112
113 #include <dev/kmreg_com.h>
114 #include <machine/cons.h>
115 #include <sys/resource.h> /* averunnable */
116 #include <kern/waitq.h>
117 #include <libkern/section_keywords.h>
118
119 static LCK_GRP_DECLARE(tty_lck_grp, "tty");
120 os_refgrp_decl(static, t_refgrp, "tty", NULL);
121
122 __private_extern__ int ttnread(struct tty *tp);
123 static void ttyecho(int c, struct tty *tp);
124 static int ttyoutput(int c, struct tty *tp);
125 static void ttypend(struct tty *tp);
126 static void ttyretype(struct tty *tp);
127 static void ttyrub(int c, struct tty *tp);
128 static void ttyrubo(struct tty *tp, int count);
129 static void ttystop(struct tty *tp, int rw);
130 static void ttyunblock(struct tty *tp);
131 static int ttywflush(struct tty *tp);
132 static int proc_compare(proc_t p1, proc_t p2);
133
134 void ttyhold(struct tty *tp);
135 static void ttydeallocate(struct tty *tp);
136
137 static bool isbackground(proc_t p, struct tty *tp);
138 static bool isctty(proc_t p, struct tty *tp);
139 static bool isctty_sp(proc_t p, struct tty *tp, struct session *sessp);
140
141 __private_extern__ void termios32to64(struct termios32 *in, struct user_termios *out);
142 __private_extern__ void termios64to32(struct user_termios *in, struct termios32 *out);
143
144 /*
145 * Table with character classes and parity. The 8th bit indicates parity,
146 * the 7th bit indicates the character is an alphameric or underscore (for
147 * ALTWERASE), and the low 6 bits indicate delay type. If the low 6 bits
148 * are 0 then the character needs no special processing on output; classes
149 * other than 0 might be translated or (not currently) require delays.
150 */
151 #define E 0x00 /* Even parity. */
152 #define O 0x80 /* Odd parity. */
153 #define PARITY(c) (char_type[c] & O)
154
155 #define ALPHA 0x40 /* Alpha or underscore. */
156 #define ISALPHA(c) (char_type[(c) & TTY_CHARMASK] & ALPHA)
157
158 #define CCLASSMASK 0x3f
159 #define CCLASS(c) (char_type[c] & CCLASSMASK)
160 /* 0b10xxxxxx is the mask for UTF-8 continuations */
161 #define CCONT(c) ((c & 0xc0) == 0x80)
162
163 #define BS BACKSPACE
164 #define CC CONTROL
165 #define CR RETURN
166 #define NA ORDINARY | ALPHA
167 #define NL NEWLINE
168 #define NO ORDINARY
169 #define TB TAB
170 #define VT VTAB
171
172 static u_char const char_type[] = {
173 E | CC, O | CC, O | CC, E | CC, O | CC, E | CC, E | CC, O | CC, /* nul - bel */
174 O | BS, E | TB, E | NL, O | CC, E | VT, O | CR, O | CC, E | CC, /* bs - si */
175 O | CC, E | CC, E | CC, O | CC, E | CC, O | CC, O | CC, E | CC, /* dle - etb */
176 E | CC, O | CC, O | CC, E | CC, O | CC, E | CC, E | CC, O | CC, /* can - us */
177 O | NO, E | NO, E | NO, O | NO, E | NO, O | NO, O | NO, E | NO, /* sp - ' */
178 E | NO, O | NO, O | NO, E | NO, O | NO, E | NO, E | NO, O | NO, /* ( - / */
179 E | NA, O | NA, O | NA, E | NA, O | NA, E | NA, E | NA, O | NA, /* 0 - 7 */
180 O | NA, E | NA, E | NO, O | NO, E | NO, O | NO, O | NO, E | NO, /* 8 - ? */
181 O | NO, E | NA, E | NA, O | NA, E | NA, O | NA, O | NA, E | NA, /* @ - G */
182 E | NA, O | NA, O | NA, E | NA, O | NA, E | NA, E | NA, O | NA, /* H - O */
183 E | NA, O | NA, O | NA, E | NA, O | NA, E | NA, E | NA, O | NA, /* P - W */
184 O | NA, E | NA, E | NA, O | NO, E | NO, O | NO, O | NO, O | NA, /* X - _ */
185 E | NO, O | NA, O | NA, E | NA, O | NA, E | NA, E | NA, O | NA, /* ` - g */
186 O | NA, E | NA, E | NA, O | NA, E | NA, O | NA, O | NA, E | NA, /* h - o */
187 O | NA, E | NA, E | NA, O | NA, E | NA, O | NA, O | NA, E | NA, /* p - w */
188 E | NA, O | NA, O | NA, E | NO, O | NO, E | NO, E | NO, O | CC, /* x - del */
189 /*
190 * Meta chars; should be settable per character set;
191 * for now, treat them all as normal characters.
192 */
193 NA, NA, NA, NA, NA, NA, NA, NA,
194 NA, NA, NA, NA, NA, NA, NA, NA,
195 NA, NA, NA, NA, NA, NA, NA, NA,
196 NA, NA, NA, NA, NA, NA, NA, NA,
197 NA, NA, NA, NA, NA, NA, NA, NA,
198 NA, NA, NA, NA, NA, NA, NA, NA,
199 NA, NA, NA, NA, NA, NA, NA, NA,
200 NA, NA, NA, NA, NA, NA, NA, NA,
201 NA, NA, NA, NA, NA, NA, NA, NA,
202 NA, NA, NA, NA, NA, NA, NA, NA,
203 NA, NA, NA, NA, NA, NA, NA, NA,
204 NA, NA, NA, NA, NA, NA, NA, NA,
205 NA, NA, NA, NA, NA, NA, NA, NA,
206 NA, NA, NA, NA, NA, NA, NA, NA,
207 NA, NA, NA, NA, NA, NA, NA, NA,
208 NA, NA, NA, NA, NA, NA, NA, NA,
209 };
210 #undef BS
211 #undef CC
212 #undef CR
213 #undef NA
214 #undef NL
215 #undef NO
216 #undef TB
217 #undef VT
218
219 /* Macros to clear/set/test flags. */
220 #define SET(t, f) (t) |= (f)
221 #define CLR(t, f) (t) &= ~(f)
222 #define ISSET(t, f) ((t) & (f))
223
224 /*
225 * Input control starts when we would not be able to fit the maximum
226 * contents of the ping-pong buffers and finishes when we would be able
227 * to fit that much plus 1/8 more.
228 */
229 #define I_HIGH_WATER (TTYHOG - 2 * 256) /* XXX */
230 #define I_LOW_WATER ((TTYHOG - 2 * 256) * 7 / 8) /* XXX */
231
232 __private_extern__ void
termios32to64(struct termios32 * in,struct user_termios * out)233 termios32to64(struct termios32 *in, struct user_termios *out)
234 {
235 out->c_iflag = (user_tcflag_t)in->c_iflag;
236 out->c_oflag = (user_tcflag_t)in->c_oflag;
237 out->c_cflag = (user_tcflag_t)in->c_cflag;
238 out->c_lflag = (user_tcflag_t)in->c_lflag;
239
240 /* bcopy is OK, since this type is ILP32/LP64 size invariant */
241 bcopy(in->c_cc, out->c_cc, sizeof(in->c_cc));
242
243 out->c_ispeed = (user_speed_t)in->c_ispeed;
244 out->c_ospeed = (user_speed_t)in->c_ospeed;
245 }
246
247 __private_extern__ void
termios64to32(struct user_termios * in,struct termios32 * out)248 termios64to32(struct user_termios *in, struct termios32 *out)
249 {
250 out->c_iflag = (uint32_t)in->c_iflag;
251 out->c_oflag = (uint32_t)in->c_oflag;
252 out->c_cflag = (uint32_t)in->c_cflag;
253 out->c_lflag = (uint32_t)in->c_lflag;
254
255 /* bcopy is OK, since this type is ILP32/LP64 size invariant */
256 bcopy(in->c_cc, out->c_cc, sizeof(in->c_cc));
257
258 out->c_ispeed = (uint32_t)MIN(in->c_ispeed, UINT32_MAX);
259 out->c_ospeed = (uint32_t)MIN(in->c_ospeed, UINT32_MAX);
260 }
261
262
263 /*
264 * tty_lock
265 *
266 * Lock the requested tty structure.
267 *
268 * Parameters: tp The tty we want to lock
269 *
270 * Returns: void
271 *
272 * Locks: On return, tp is locked
273 */
274 void
tty_lock(struct tty * tp)275 tty_lock(struct tty *tp)
276 {
277 TTY_LOCK_NOTOWNED(tp); /* debug assert */
278 ttyhold(tp);
279 lck_mtx_lock(&tp->t_lock);
280 os_atomic_store(&tp->t_locked_thread, current_thread(), relaxed);
281 }
282
283 /*
284 * tty_lock
285 *
286 * Try locking the requested tty structure.
287 *
288 * Parameters: tp The tty we want to lock
289 *
290 * Returns: true if locked, false otherwise
291 *
292 */
293 bool
tty_trylock(struct tty * tp)294 tty_trylock(struct tty *tp)
295 {
296 TTY_LOCK_NOTOWNED(tp); /* debug assert */
297 ttyhold(tp);
298 if (lck_mtx_try_lock(&tp->t_lock)) {
299 /* locked */
300 os_atomic_store(&tp->t_locked_thread, current_thread(), relaxed);
301 return true;
302 } else {
303 /* not locked */
304 ttyfree(tp);
305 return false;
306 }
307 }
308
309
310 bool
tty_islocked(struct tty * tp)311 tty_islocked(struct tty *tp)
312 {
313 thread_t owner = os_atomic_load(&tp->t_locked_thread, relaxed);
314 return owner == current_thread();
315 }
316
317
318 /*
319 * tty_unlock
320 *
321 * Unlock the requested tty structure.
322 *
323 * Parameters: tp The tty we want to unlock
324 *
325 * Returns: void
326 *
327 * Locks: On return, tp is unlocked
328 */
329 void
tty_unlock(struct tty * tp)330 tty_unlock(struct tty *tp)
331 {
332 TTY_LOCK_OWNED(tp); /* debug assert */
333 os_atomic_store(&tp->t_locked_thread, NULL, relaxed);
334 lck_mtx_unlock(&tp->t_lock);
335 ttyfree(tp);
336 }
337
338 /*
339 * ttyopen (LDISC)
340 *
341 * Initial open of tty, or (re)entry to standard tty line discipline.
342 *
343 * Locks: Assumes tty_lock() is held prior to calling.
344 */
345 int
ttyopen(dev_t device,struct tty * tp)346 ttyopen(dev_t device, struct tty *tp)
347 {
348 TTY_LOCK_OWNED(tp); /* debug assert */
349
350 tp->t_dev = device;
351
352 if (!ISSET(tp->t_state, TS_ISOPEN)) {
353 SET(tp->t_state, TS_ISOPEN);
354 if (ISSET(tp->t_cflag, CLOCAL)) {
355 SET(tp->t_state, TS_CONNECTED);
356 }
357 bzero(&tp->t_winsize, sizeof(tp->t_winsize));
358 }
359
360 return 0;
361 }
362
363 /*
364 * ttyclose
365 *
366 * Handle close() on a tty line: flush and set to initial state,
367 * bumping generation number so that pending read/write calls
368 * can detect recycling of the tty.
369 * XXX our caller should have done `spltty(); l_close(); ttyclose();'
370 * and l_close() should have flushed, but we repeat the spltty() and
371 * the flush in case there are buggy callers.
372 *
373 * Locks: Assumes tty_lock() is held prior to calling.
374 */
375 int
ttyclose(struct tty * tp)376 ttyclose(struct tty *tp)
377 {
378 struct pgrp * oldpg;
379 struct session *oldsessp;
380 struct tty *freetp = TTY_NULL;
381 struct tty *constty = TTY_NULL;
382
383 TTY_LOCK_OWNED(tp); /* debug assert */
384
385 constty = copy_constty();
386
387 if (constty == tp) {
388 ttyfree_locked(constty);
389 constty = NULL;
390 freetp = set_constty(NULL);
391 if (freetp) {
392 if (freetp == tp) {
393 ttyfree_locked(freetp);
394 } else {
395 ttyfree(freetp);
396 }
397 freetp = NULL;
398 }
399
400
401 /*
402 * Closing current console tty; disable printing of console
403 * messages at bottom-level driver.
404 */
405 (*cdevsw[major(tp->t_dev)].d_ioctl)
406 (tp->t_dev, KMIOCDISABLCONS, NULL, 0, current_proc());
407 }
408
409 if (constty != NULL) {
410 if (constty == tp) {
411 ttyfree_locked(constty);
412 } else {
413 ttyfree(constty);
414 }
415 constty = NULL;
416 }
417
418 ttyflush(tp, FREAD | FWRITE);
419
420 tp->t_gen++;
421 tp->t_line = TTYDISC;
422
423 proc_list_lock();
424 oldpg = tp->t_pgrp;
425 oldsessp = tp->t_session;
426 if (oldsessp != SESSION_NULL) {
427 session_lock(oldsessp);
428 freetp = session_clear_tty_locked(oldsessp);
429 session_unlock(oldsessp);
430 }
431 tp->t_pgrp = NULL;
432 tp->t_session = NULL;
433 proc_list_unlock();
434 tty_unlock(tp);
435
436 /* drop the reference on prev session and pgrp */
437 if (oldsessp) {
438 session_rele(oldsessp);
439 if (freetp) {
440 ttyfree(freetp);
441 }
442 }
443 pgrp_rele(oldpg);
444
445 /* SAFE: All callers drop the lock on return */
446 tty_lock(tp);
447
448 tp->t_state = 0;
449
450 /*
451 * The tty is closed - mark knote as being revoked and autodetach it from the
452 * tty
453 */
454 knote(&tp->t_wsel.si_note, NOTE_REVOKE, true);
455 selthreadclear(&tp->t_wsel);
456 knote(&tp->t_rsel.si_note, NOTE_REVOKE, true);
457 selthreadclear(&tp->t_rsel);
458
459 return 0;
460 }
461
462 #define FLUSHQ(q) { \
463 if ((q)->c_cc) \
464 ndflush(q, (q)->c_cc); \
465 }
466
467 /* Is 'c' a line delimiter ("break" character)? */
468 #define TTBREAKC(c, lflag) \
469 ((c) == '\n' || (((c) == cc[VEOF] || \
470 (c) == cc[VEOL] || ((c) == cc[VEOL2] && lflag & IEXTEN)) && \
471 (c) != _POSIX_VDISABLE))
472
473 /*
474 * ttyinput (LDISC)
475 *
476 * Process input of a single character received on a tty.
477 *
478 * Parameters: c The character received
479 * tp The tty on which it was received
480 *
481 * Returns: .
482 *
483 * Locks: Assumes tty_lock() is held prior to calling.
484 */
485 int
ttyinput(int c,struct tty * tp)486 ttyinput(int c, struct tty *tp)
487 {
488 tcflag_t iflag, lflag;
489 cc_t *cc;
490 int i, err;
491 int retval = 0; /* default return value */
492
493 TTY_LOCK_OWNED(tp); /* debug assert */
494
495 /*
496 * If input is pending take it first.
497 */
498 lflag = tp->t_lflag;
499 if (ISSET(lflag, PENDIN)) {
500 ttypend(tp);
501 }
502 /*
503 * Gather stats.
504 */
505 if (ISSET(lflag, ICANON)) {
506 ++tk_cancc;
507 ++tp->t_cancc;
508 } else {
509 ++tk_rawcc;
510 ++tp->t_rawcc;
511 }
512 ++tk_nin;
513
514 /*
515 * Block further input iff:
516 * current input > threshold AND input is available to user program
517 * AND input flow control is enabled and not yet invoked.
518 * The 3 is slop for PARMRK.
519 */
520 iflag = tp->t_iflag;
521 if (tp->t_rawq.c_cc + tp->t_canq.c_cc > I_HIGH_WATER - 3 &&
522 (!ISSET(lflag, ICANON) || tp->t_canq.c_cc != 0) &&
523 (ISSET(tp->t_cflag, CRTS_IFLOW) || ISSET(iflag, IXOFF)) &&
524 !ISSET(tp->t_state, TS_TBLOCK)) {
525 ttyblock(tp);
526 }
527
528 /* Handle exceptional conditions (break, parity, framing). */
529 cc = tp->t_cc;
530 err = (ISSET(c, TTY_ERRORMASK));
531 if (err) {
532 CLR(c, TTY_ERRORMASK);
533 if (ISSET(err, TTY_BI)) {
534 if (ISSET(iflag, IGNBRK)) {
535 goto out;
536 }
537 if (ISSET(iflag, BRKINT)) {
538 ttyflush(tp, FREAD | FWRITE);
539 /* SAFE: All callers drop the lock on return */
540 tty_pgsignal_locked(tp, SIGINT, 1);
541 goto endcase;
542 }
543 if (ISSET(iflag, PARMRK)) {
544 goto parmrk;
545 }
546 } else if ((ISSET(err, TTY_PE) && ISSET(iflag, INPCK))
547 || ISSET(err, TTY_FE)) {
548 if (ISSET(iflag, IGNPAR)) {
549 goto out;
550 } else if (ISSET(iflag, PARMRK)) {
551 parmrk:
552 if (tp->t_rawq.c_cc + tp->t_canq.c_cc >
553 MAX_INPUT - 3) {
554 goto input_overflow;
555 }
556 (void)putc(0377 | TTY_QUOTE, &tp->t_rawq);
557 (void)putc(0 | TTY_QUOTE, &tp->t_rawq);
558 (void)putc(c | TTY_QUOTE, &tp->t_rawq);
559 goto endcase;
560 } else {
561 c = 0;
562 }
563 }
564 }
565
566 if (!ISSET(tp->t_state, TS_TYPEN) && ISSET(iflag, ISTRIP)) {
567 CLR(c, 0x80);
568 }
569 if (!ISSET(lflag, EXTPROC)) {
570 /*
571 * Check for literal nexting very first
572 */
573 if (ISSET(tp->t_state, TS_LNCH)) {
574 SET(c, TTY_QUOTE);
575 CLR(tp->t_state, TS_LNCH);
576 }
577 /*
578 * Scan for special characters. This code
579 * is really just a big case statement with
580 * non-constant cases. The bottom of the
581 * case statement is labeled ``endcase'', so goto
582 * it after a case match, or similar.
583 */
584
585 /*
586 * Control chars which aren't controlled
587 * by ICANON, ISIG, or IXON.
588 */
589 if (ISSET(lflag, IEXTEN)) {
590 if (CCEQ(cc[VLNEXT], c)) {
591 if (ISSET(lflag, ECHO)) {
592 if (ISSET(lflag, ECHOE)) {
593 (void)ttyoutput('^', tp);
594 (void)ttyoutput('\b', tp);
595 } else {
596 ttyecho(c, tp);
597 }
598 }
599 SET(tp->t_state, TS_LNCH);
600 goto endcase;
601 }
602 if (CCEQ(cc[VDISCARD], c)) {
603 if (ISSET(lflag, FLUSHO)) {
604 CLR(tp->t_lflag, FLUSHO);
605 } else {
606 ttyflush(tp, FWRITE);
607 ttyecho(c, tp);
608 if (tp->t_rawq.c_cc + tp->t_canq.c_cc) {
609 ttyretype(tp);
610 }
611 SET(tp->t_lflag, FLUSHO);
612 }
613 goto startoutput;
614 }
615 }
616 /*
617 * Signals.
618 */
619 if (ISSET(lflag, ISIG)) {
620 if (CCEQ(cc[VINTR], c) || CCEQ(cc[VQUIT], c)) {
621 if (!ISSET(lflag, NOFLSH)) {
622 ttyflush(tp, FREAD | FWRITE);
623 }
624 ttyecho(c, tp);
625 /*
626 * SAFE: All callers drop the lock on return;
627 * SAFE: if we lose a threaded race on change
628 * SAFE: of the interrupt character, we could
629 * SAFE: have lost that race anyway due to the
630 * SAFE: scheduler executing threads in
631 * SAFE: priority order rather than "last
632 * SAFE: active thread" order (FEATURE).
633 */
634 tty_pgsignal_locked(tp,
635 CCEQ(cc[VINTR], c) ? SIGINT : SIGQUIT, 1);
636 goto endcase;
637 }
638 if (CCEQ(cc[VSUSP], c)) {
639 if (!ISSET(lflag, NOFLSH)) {
640 ttyflush(tp, FREAD);
641 }
642 ttyecho(c, tp);
643 /* SAFE: All callers drop the lock on return */
644 tty_pgsignal_locked(tp, SIGTSTP, 1);
645 goto endcase;
646 }
647 }
648 /*
649 * Handle start/stop characters.
650 */
651 if (ISSET(iflag, IXON)) {
652 if (CCEQ(cc[VSTOP], c)) {
653 if (!ISSET(tp->t_state, TS_TTSTOP)) {
654 SET(tp->t_state, TS_TTSTOP);
655 ttystop(tp, 0);
656 goto out;
657 }
658 if (!CCEQ(cc[VSTART], c)) {
659 goto out;
660 }
661 /*
662 * if VSTART == VSTOP then toggle
663 */
664 goto endcase;
665 }
666 if (CCEQ(cc[VSTART], c)) {
667 goto restartoutput;
668 }
669 }
670 /*
671 * IGNCR, ICRNL, & INLCR
672 */
673 if (c == '\r') {
674 if (ISSET(iflag, IGNCR)) {
675 goto out;
676 } else if (ISSET(iflag, ICRNL)) {
677 c = '\n';
678 }
679 } else if (c == '\n' && ISSET(iflag, INLCR)) {
680 c = '\r';
681 }
682 }
683 if (!ISSET(tp->t_lflag, EXTPROC) && ISSET(lflag, ICANON)) {
684 /*
685 * From here on down canonical mode character
686 * processing takes place.
687 */
688 /*
689 * erase (^H / ^?)
690 */
691 if (CCEQ(cc[VERASE], c)) {
692 if (tp->t_rawq.c_cc) {
693 if (ISSET(iflag, IUTF8)) {
694 do {
695 ttyrub((c = unputc(&tp->t_rawq)), tp);
696 } while (tp->t_rawq.c_cc && CCONT(c));
697 } else {
698 ttyrub(unputc(&tp->t_rawq), tp);
699 }
700 }
701 goto endcase;
702 }
703 /*
704 * kill (^U)
705 */
706 if (CCEQ(cc[VKILL], c)) {
707 if (ISSET(lflag, ECHOKE) &&
708 tp->t_rawq.c_cc == tp->t_rocount &&
709 !ISSET(lflag, ECHOPRT)) {
710 while (tp->t_rawq.c_cc) {
711 ttyrub(unputc(&tp->t_rawq), tp);
712 }
713 } else {
714 ttyecho(c, tp);
715 if (ISSET(lflag, ECHOK) ||
716 ISSET(lflag, ECHOKE)) {
717 ttyecho('\n', tp);
718 }
719 FLUSHQ(&tp->t_rawq);
720 tp->t_rocount = 0;
721 }
722 CLR(tp->t_state, TS_LOCAL);
723 goto endcase;
724 }
725 /*
726 * word erase (^W)
727 */
728 if (CCEQ(cc[VWERASE], c) && ISSET(lflag, IEXTEN)) {
729 int ctype;
730
731 /*
732 * erase whitespace
733 */
734 while ((c = unputc(&tp->t_rawq)) == ' ' || c == '\t') {
735 ttyrub(c, tp);
736 }
737 if (c == -1) {
738 goto endcase;
739 }
740 /*
741 * erase last char of word and remember the
742 * next chars type (for ALTWERASE)
743 */
744 ttyrub(c, tp);
745 c = unputc(&tp->t_rawq);
746 if (c == -1) {
747 goto endcase;
748 }
749 if (c == ' ' || c == '\t') {
750 (void)putc(c, &tp->t_rawq);
751 goto endcase;
752 }
753 ctype = ISALPHA(c);
754 /*
755 * erase rest of word
756 */
757 do {
758 ttyrub(c, tp);
759 c = unputc(&tp->t_rawq);
760 if (c == -1) {
761 goto endcase;
762 }
763 } while (c != ' ' && c != '\t' &&
764 (!ISSET(lflag, ALTWERASE) || ISALPHA(c) == ctype));
765 (void)putc(c, &tp->t_rawq);
766 goto endcase;
767 }
768 /*
769 * reprint line (^R)
770 */
771 if (CCEQ(cc[VREPRINT], c) && ISSET(lflag, IEXTEN)) {
772 ttyretype(tp);
773 goto endcase;
774 }
775 /*
776 * ^T - kernel info and generate SIGINFO
777 */
778 if (CCEQ(cc[VSTATUS], c) && ISSET(lflag, IEXTEN)) {
779 if (ISSET(lflag, ISIG)) {
780 /* SAFE: All callers drop the lock on return */
781 tty_pgsignal_locked(tp, SIGINFO, 1);
782 }
783 if (!ISSET(lflag, NOKERNINFO)) {
784 ttyinfo_locked(tp);
785 }
786 goto endcase;
787 }
788 }
789 /*
790 * Check for input buffer overflow
791 */
792 if (tp->t_rawq.c_cc + tp->t_canq.c_cc >= MAX_INPUT) {
793 input_overflow:
794 if (ISSET(iflag, IMAXBEL)) {
795 if (tp->t_outq.c_cc < tp->t_hiwat) {
796 (void)ttyoutput(CTRL('g'), tp);
797 }
798 }
799 goto endcase;
800 }
801
802 if (c == 0377 && ISSET(iflag, PARMRK) && !ISSET(iflag, ISTRIP)
803 && ISSET(iflag, IGNBRK | IGNPAR) != (IGNBRK | IGNPAR)) {
804 (void)putc(0377 | TTY_QUOTE, &tp->t_rawq);
805 }
806
807 /*
808 * Put data char in q for user and
809 * wakeup on seeing a line delimiter.
810 */
811 if (putc(c, &tp->t_rawq) >= 0) {
812 if (!ISSET(lflag, ICANON)) {
813 ttwakeup(tp);
814 ttyecho(c, tp);
815 goto endcase;
816 }
817 if (TTBREAKC(c, lflag)) {
818 tp->t_rocount = 0;
819 catq(&tp->t_rawq, &tp->t_canq);
820 ttwakeup(tp);
821 } else if (tp->t_rocount++ == 0) {
822 tp->t_rocol = tp->t_column;
823 }
824 if (ISSET(tp->t_state, TS_ERASE)) {
825 /*
826 * end of prterase \.../
827 */
828 CLR(tp->t_state, TS_ERASE);
829 (void)ttyoutput('/', tp);
830 }
831 i = tp->t_column;
832 ttyecho(c, tp);
833 if (CCEQ(cc[VEOF], c) && ISSET(lflag, ECHO)) {
834 /*
835 * Place the cursor over the '^' of the ^D.
836 */
837 i = min(2, tp->t_column - i);
838 while (i > 0) {
839 (void)ttyoutput('\b', tp);
840 i--;
841 }
842 }
843 }
844
845 endcase:
846 /*
847 * IXANY means allow any character to restart output.
848 */
849 if (ISSET(tp->t_state, TS_TTSTOP) &&
850 !ISSET(iflag, IXANY) && cc[VSTART] != cc[VSTOP]) {
851 goto out;
852 }
853
854 restartoutput:
855 CLR(tp->t_lflag, FLUSHO);
856 CLR(tp->t_state, TS_TTSTOP);
857
858 startoutput:
859 /* Start the output */
860 retval = ttstart(tp);
861
862 out:
863 return retval;
864 }
865
866
867 /*
868 * ttyoutput
869 *
870 * Output a single character on a tty, doing output processing
871 * as needed (expanding tabs, newline processing, etc.).
872 *
873 * Parameters: c The character to output
874 * tp The tty on which to output on the tty
875 *
876 * Returns: < 0 Success
877 * >= 0 Character to resend (failure)
878 *
879 * Locks: Assumes tp is locked on entry, remains locked on exit
880 *
881 * Notes: Must be recursive.
882 */
883 static int
ttyoutput(int c,struct tty * tp)884 ttyoutput(int c, struct tty *tp)
885 {
886 tcflag_t oflag;
887 int col;
888
889 TTY_LOCK_OWNED(tp); /* debug assert */
890
891 oflag = tp->t_oflag;
892 if (!ISSET(oflag, OPOST)) {
893 if (ISSET(tp->t_lflag, FLUSHO)) {
894 return -1;
895 }
896 if (putc(c, &tp->t_outq)) {
897 return c;
898 }
899 tk_nout++;
900 tp->t_outcc++;
901 return -1;
902 }
903 /*
904 * Do tab expansion if OXTABS is set. Special case if we external
905 * processing, we don't do the tab expansion because we'll probably
906 * get it wrong. If tab expansion needs to be done, let it happen
907 * externally.
908 */
909 CLR(c, ~TTY_CHARMASK);
910 if (c == '\t' &&
911 ISSET(oflag, OXTABS) && !ISSET(tp->t_lflag, EXTPROC)) {
912 col = c = 8 - (tp->t_column & 7);
913 if (!ISSET(tp->t_lflag, FLUSHO)) {
914 c -= b_to_q((const u_char *)" ", c, &tp->t_outq);
915 tk_nout += c;
916 tp->t_outcc += c;
917 }
918 tp->t_column += c;
919 return c == col ? -1 : '\t';
920 }
921 if (c == CEOT && ISSET(oflag, ONOEOT)) {
922 return -1;
923 }
924
925 /*
926 * Newline translation: if ONLCR is set,
927 * translate newline into "\r\n".
928 */
929 if (c == '\n' && ISSET(tp->t_oflag, ONLCR)) {
930 tk_nout++;
931 tp->t_outcc++;
932 if (putc('\r', &tp->t_outq)) {
933 return c;
934 }
935 }
936 /* If OCRNL is set, translate "\r" into "\n". */
937 else if (c == '\r' && ISSET(tp->t_oflag, OCRNL)) {
938 c = '\n';
939 }
940 /* If ONOCR is set, don't transmit CRs when on column 0. */
941 else if (c == '\r' && ISSET(tp->t_oflag, ONOCR) && tp->t_column == 0) {
942 return -1;
943 }
944 tk_nout++;
945 tp->t_outcc++;
946 if (!ISSET(tp->t_lflag, FLUSHO) && putc(c, &tp->t_outq)) {
947 return c;
948 }
949
950 col = tp->t_column;
951 switch (CCLASS(c)) {
952 case BACKSPACE:
953 if (col > 0) {
954 --col;
955 }
956 break;
957 case CONTROL:
958 break;
959 case NEWLINE:
960 case RETURN:
961 col = 0;
962 break;
963 case ORDINARY:
964 ++col;
965 break;
966 case TAB:
967 col = (col + 8) & ~7;
968 break;
969 }
970 tp->t_column = col;
971 return -1;
972 }
973
974 /*
975 * ttioctl
976 *
977 * Identical to ttioctl_locked, only the lock is not held
978 *
979 * Parameters: <See ttioctl_locked()>
980 *
981 * Returns: <See ttioctl_locked()>
982 *
983 * Locks: This function assumes the tty_lock() is not held on entry;
984 * it takes the lock, and releases it before returning.
985 *
986 * Notes: This is supported to ensure the line discipline interfaces
987 * all have the same locking semantics.
988 *
989 * This function is called from
990 */
991 int
ttioctl(struct tty * tp,u_long cmd,caddr_t data,int flag,proc_t p)992 ttioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, proc_t p)
993 {
994 int retval;
995
996 tty_lock(tp);
997 retval = ttioctl_locked(tp, cmd, data, flag, p);
998 tty_unlock(tp);
999
1000 return retval;
1001 }
1002
1003
1004 /*
1005 * ttioctl_locked
1006 *
1007 * Ioctls for all tty devices.
1008 *
1009 * Parameters: tp Tty on which ioctl() is being called
1010 * cmd ioctl() command parameter
1011 * data ioctl() data argument (if any)
1012 * flag fileglob open modes from fcntl.h;
1013 * if called internally, this is usually
1014 * set to 0, rather than something useful
1015 * p Process context for the call; if the
1016 * call is proxied to a worker thread,
1017 * this will not be the current process!!!
1018 *
1019 * Returns: 0 Success
1020 * EIO I/O error (no process group, job
1021 * control, etc.)
1022 * EINTR Interrupted by signal
1023 * EBUSY Attempt to become the console while
1024 * the console is busy
1025 * ENOTTY TIOCGPGRP on a non-controlling tty
1026 * EINVAL Invalid baud rate
1027 * ENXIO TIOCSETD of invalid line discipline
1028 * EPERM TIOCSTI, not root, not open for read
1029 * EACCES TIOCSTI, not root, not your controlling
1030 * tty
1031 * EPERM TIOCSCTTY failed
1032 * ENOTTY/EINVAL/EPERM TIOCSPGRP failed
1033 * EPERM TIOCSDRAINWAIT as non-root user
1034 * suser:EPERM Console control denied
1035 * ttywait:EIO t_timeout too small/expired
1036 * ttywait:ERESTART Upper layer must redrive the call;
1037 * this is usually done by the Libc
1038 * stub in user space
1039 * ttywait:EINTR Interrupted (usually a signal)
1040 * ttcompat:EINVAL
1041 * ttcompat:ENOTTY
1042 * ttcompat:EIOCTL
1043 * ttcompat:ENOTTY TIOCGSID, if no session or session
1044 * leader
1045 * ttcompat:ENOTTY All unrecognized ioctls
1046 * *tp->t_param:? TIOCSETA* underlying function
1047 * *linesw[t].l_open:? TIOCSETD line discipline open failure
1048 *
1049 *
1050 * Locks: This function assumes that the tty_lock() is held for the
1051 * tp at the time of the call. The lock remains held on return.
1052 *
1053 * Notes: This function is called after line-discipline specific ioctl
1054 * has been called to do discipline-specific functions and/or
1055 * reject any of these ioctl() commands.
1056 *
1057 * This function calls ttcompat(), which can re-call ttioctl()
1058 * to a depth of one (FORTRAN style mutual recursion); at some
1059 * point, we should just in-line ttcompat() here.
1060 */
1061 int
ttioctl_locked(struct tty * tp,u_long cmd,caddr_t data,int flag,proc_t p)1062 ttioctl_locked(struct tty *tp, u_long cmd, caddr_t data, int flag, proc_t p)
1063 {
1064 int error = 0;
1065 int bogusData = 1;
1066 struct uthread *ut;
1067 struct pgrp *pg, *oldpg;
1068 struct session *sessp, *oldsessp;
1069 struct tty *oldtp, *freetp;
1070
1071 TTY_LOCK_OWNED(tp); /* debug assert */
1072
1073 ut = current_uthread();
1074 /* If the ioctl involves modification, signal if in the background. */
1075 switch (cmd) {
1076 case TIOCIXON:
1077 case TIOCIXOFF:
1078 case TIOCDRAIN:
1079 case TIOCFLUSH:
1080 case TIOCSTOP:
1081 case TIOCSTART:
1082 case TIOCSETA_32:
1083 case TIOCSETA_64:
1084 case TIOCSETD:
1085 case TIOCSETAF_32:
1086 case TIOCSETAF_64:
1087 case TIOCSETAW_32:
1088 case TIOCSETAW_64:
1089 case TIOCSPGRP:
1090 case TIOCSTAT:
1091 case TIOCSTI:
1092 case TIOCSWINSZ:
1093 case TIOCLBIC:
1094 case TIOCLBIS:
1095 case TIOCLSET:
1096 case TIOCSETC:
1097 case OTIOCSETD:
1098 case TIOCSETN:
1099 case TIOCSETP:
1100 case TIOCSLTC:
1101 while (isbackground(p, tp) &&
1102 (p->p_lflag & P_LPPWAIT) == 0 &&
1103 (p->p_sigignore & sigmask(SIGTTOU)) == 0 &&
1104 (ut->uu_sigmask & sigmask(SIGTTOU)) == 0) {
1105 pg = proc_pgrp(p, NULL);
1106 if (pg == PGRP_NULL) {
1107 error = EIO;
1108 goto out;
1109 }
1110 /* SAFE: All callers drop the lock on return */
1111 tty_unlock(tp);
1112 if (pg->pg_jobc == 0) {
1113 pgrp_rele(pg);
1114 tty_lock(tp);
1115 error = EIO;
1116 goto out;
1117 }
1118 pgsignal(pg, SIGTTOU, 1);
1119 pgrp_rele(pg);
1120 tty_lock(tp);
1121
1122
1123 /*
1124 * We signalled ourself, so we need to act as if we
1125 * have been "interrupted" from a "sleep" to act on
1126 * the signal. If it's a signal that stops the
1127 * process, that's handled in the signal sending code.
1128 */
1129 error = EINTR;
1130 goto out;
1131 }
1132 break;
1133 }
1134
1135 switch (cmd) { /* Process the ioctl. */
1136 case FIOASYNC: /* set/clear async i/o */
1137 if (*(int *)data) {
1138 SET(tp->t_state, TS_ASYNC);
1139 } else {
1140 CLR(tp->t_state, TS_ASYNC);
1141 }
1142 break;
1143 case FIONBIO: /* set/clear non-blocking i/o */
1144 break; /* XXX: delete. */
1145 case FIONREAD: /* get # bytes to read */
1146 *(int *)data = ttnread(tp);
1147 break;
1148 case TIOCEXCL: /* set exclusive use of tty */
1149 SET(tp->t_state, TS_XCLUDE);
1150 break;
1151 case TIOCFLUSH: { /* flush buffers */
1152 int flags = *(int *)data;
1153
1154 if (flags == 0) {
1155 flags = FREAD | FWRITE;
1156 } else {
1157 flags &= FREAD | FWRITE;
1158 }
1159 ttyflush(tp, flags);
1160 break;
1161 }
1162 case TIOCSCONS: {
1163 /* Set current console device to this line */
1164 data = (caddr_t) &bogusData;
1165 }
1166 OS_FALLTHROUGH;
1167 case TIOCCONS: { /* become virtual console */
1168 struct tty *constty = NULL;
1169 constty = copy_constty();
1170 if (*(int *)data) {
1171 if (constty && constty != tp &&
1172 ISSET(constty->t_state, TS_CONNECTED)) {
1173 error = EBUSY;
1174 // constty != tp, so constty is not locked
1175 ttyfree(constty);
1176 constty = NULL;
1177 goto out;
1178 }
1179 if ((error = suser(kauth_cred_get(), &p->p_acflag))) {
1180 if (constty == tp) {
1181 ttyfree_locked(constty);
1182 } else {
1183 ttyfree(constty);
1184 }
1185 constty = NULL;
1186 goto out;
1187 }
1188 if (tp != constty) {
1189 freetp = set_constty(tp);
1190 if (freetp != NULL) {
1191 if (freetp == tp) {
1192 ttyfree_locked(freetp);
1193 } else {
1194 ttyfree(freetp);
1195 }
1196 freetp = NULL;
1197 }
1198 if (constty != NULL) {
1199 // constty != tp, so constty is not locked
1200 ttyfree(constty);
1201 }
1202 constty = copy_constty();
1203 }
1204 } else if (tp == constty) {
1205 freetp = set_constty(NULL);
1206 if (freetp != NULL) {
1207 if (freetp == tp) {
1208 ttyfree_locked(freetp);
1209 } else {
1210 ttyfree(freetp);
1211 }
1212 freetp = NULL;
1213 }
1214 // constty == tp, so constty is locked
1215 ttyfree_locked(constty);
1216 constty = NULL;
1217 }
1218 if (constty) {
1219 (*cdevsw[major(constty->t_dev)].d_ioctl)
1220 (constty->t_dev, KMIOCDISABLCONS, NULL, 0, p);
1221 } else {
1222 (*cdevsw[major(tp->t_dev)].d_ioctl)
1223 (tp->t_dev, KMIOCDISABLCONS, NULL, 0, p);
1224 }
1225 if (constty != NULL) {
1226 if (constty == tp) {
1227 ttyfree_locked(constty);
1228 } else {
1229 ttyfree(constty);
1230 }
1231 }
1232 break;
1233 }
1234 case TIOCDRAIN: /* wait till output drained */
1235 error = ttywait(tp);
1236 if (error) {
1237 goto out;
1238 }
1239 break;
1240 case TIOCGETA_32: /* get termios struct */
1241 #ifdef __LP64__
1242 termios64to32((struct user_termios *)&tp->t_termios, (struct termios32 *)data);
1243 #else
1244 bcopy(&tp->t_termios, data, sizeof(struct termios));
1245 #endif
1246 break;
1247 case TIOCGETA_64: /* get termios struct */
1248 #ifdef __LP64__
1249 bcopy(&tp->t_termios, data, sizeof(struct termios));
1250 #else
1251 termios32to64((struct termios32 *)&tp->t_termios, (struct user_termios *)data);
1252 #endif
1253 break;
1254 case TIOCGETD: /* get line discipline */
1255 *(int *)data = tp->t_line;
1256 break;
1257 case TIOCGWINSZ: /* get window size */
1258 *(struct winsize *)data = tp->t_winsize;
1259 break;
1260 case TIOCGPGRP: /* get pgrp of tty */
1261 if (!isctty(p, tp)) {
1262 error = ENOTTY;
1263 goto out;
1264 }
1265 *(int *)data = tp->t_pgrp ? tp->t_pgrp->pg_id : NO_PID;
1266 break;
1267 #ifdef TIOCHPCL
1268 case TIOCHPCL: /* hang up on last close */
1269 SET(tp->t_cflag, HUPCL);
1270 break;
1271 #endif
1272 case TIOCNXCL: /* reset exclusive use of tty */
1273 CLR(tp->t_state, TS_XCLUDE);
1274 break;
1275 case TIOCOUTQ: /* output queue size */
1276 *(int *)data = tp->t_outq.c_cc;
1277 break;
1278 case TIOCSETA_32: /* set termios struct */
1279 case TIOCSETA_64:
1280 case TIOCSETAW_32: /* drain output, set */
1281 case TIOCSETAW_64:
1282 case TIOCSETAF_32: /* drn out, fls in, set */
1283 case TIOCSETAF_64:
1284 { /* drn out, fls in, set */
1285 struct termios *t = (struct termios *)data;
1286 struct termios lcl_termios;
1287
1288 #ifdef __LP64__
1289 if (cmd == TIOCSETA_32 || cmd == TIOCSETAW_32 || cmd == TIOCSETAF_32) {
1290 termios32to64((struct termios32 *)data, (struct user_termios *)&lcl_termios);
1291 t = &lcl_termios;
1292 }
1293 #else
1294 if (cmd == TIOCSETA_64 || cmd == TIOCSETAW_64 || cmd == TIOCSETAF_64) {
1295 termios64to32((struct user_termios *)data, (struct termios32 *)&lcl_termios);
1296 t = &lcl_termios;
1297 }
1298 #endif
1299 #if 0
1300 /* XXX bogus test; always false */
1301 if (t->c_ispeed < 0 || t->c_ospeed < 0) {
1302 error = EINVAL;
1303 goto out;
1304 }
1305 #endif /* 0 - leave in; may end up being a conformance issue */
1306 if (t->c_ispeed == 0) {
1307 t->c_ispeed = t->c_ospeed;
1308 }
1309 if (cmd == TIOCSETAW_32 || cmd == TIOCSETAF_32 ||
1310 cmd == TIOCSETAW_64 || cmd == TIOCSETAF_64) {
1311 error = ttywait(tp);
1312 if (error) {
1313 goto out;
1314 }
1315 if (cmd == TIOCSETAF_32 || cmd == TIOCSETAF_64) {
1316 ttyflush(tp, FREAD);
1317 }
1318 }
1319 if (!ISSET(t->c_cflag, CIGNORE)) {
1320 /*
1321 * Set device hardware.
1322 */
1323 if (tp->t_param && (error = (*tp->t_param)(tp, t))) {
1324 goto out;
1325 }
1326 if (ISSET(t->c_cflag, CLOCAL) &&
1327 !ISSET(tp->t_cflag, CLOCAL)) {
1328 /*
1329 * XXX disconnections would be too hard to
1330 * get rid of without this kludge. The only
1331 * way to get rid of controlling terminals
1332 * is to exit from the session leader.
1333 */
1334 CLR(tp->t_state, TS_ZOMBIE);
1335
1336 wakeup(TSA_CARR_ON(tp));
1337 ttwakeup(tp);
1338 ttwwakeup(tp);
1339 }
1340 if ((ISSET(tp->t_state, TS_CARR_ON) ||
1341 ISSET(t->c_cflag, CLOCAL)) &&
1342 !ISSET(tp->t_state, TS_ZOMBIE)) {
1343 SET(tp->t_state, TS_CONNECTED);
1344 } else {
1345 CLR(tp->t_state, TS_CONNECTED);
1346 }
1347 tp->t_cflag = t->c_cflag;
1348 tp->t_ispeed = t->c_ispeed;
1349 tp->t_ospeed = t->c_ospeed;
1350 ttsetwater(tp);
1351 }
1352 if (ISSET(t->c_lflag, ICANON) != ISSET(tp->t_lflag, ICANON) &&
1353 cmd != TIOCSETAF_32 && cmd != TIOCSETAF_64) {
1354 if (ISSET(t->c_lflag, ICANON)) {
1355 SET(tp->t_lflag, PENDIN);
1356 } else {
1357 /*
1358 * XXX we really shouldn't allow toggling
1359 * ICANON while we're in a non-termios line
1360 * discipline. Now we have to worry about
1361 * panicing for a null queue.
1362 */
1363 if (tp->t_rawq.c_cs && tp->t_canq.c_cs) {
1364 struct clist tq;
1365
1366 catq(&tp->t_rawq, &tp->t_canq);
1367 tq = tp->t_rawq;
1368 tp->t_rawq = tp->t_canq;
1369 tp->t_canq = tq;
1370 }
1371 CLR(tp->t_lflag, PENDIN);
1372 }
1373 ttwakeup(tp);
1374 }
1375 tp->t_iflag = t->c_iflag;
1376 tp->t_oflag = t->c_oflag;
1377 /*
1378 * Make the EXTPROC bit read only.
1379 */
1380 if (ISSET(tp->t_lflag, EXTPROC)) {
1381 SET(t->c_lflag, EXTPROC);
1382 } else {
1383 CLR(t->c_lflag, EXTPROC);
1384 }
1385 tp->t_lflag = t->c_lflag | ISSET(tp->t_lflag, PENDIN);
1386 if (t->c_cc[VMIN] != tp->t_cc[VMIN] ||
1387 t->c_cc[VTIME] != tp->t_cc[VTIME]) {
1388 ttwakeup(tp);
1389 }
1390 bcopy(t->c_cc, tp->t_cc, sizeof(t->c_cc));
1391 break;
1392 }
1393 case TIOCSETD: { /* set line discipline */
1394 int t = *(int *)data;
1395 dev_t device = tp->t_dev;
1396
1397 if (t >= nlinesw || t < 0) {
1398 error = ENXIO;
1399 goto out;
1400 }
1401 /*
1402 * If the new line discipline is not equal to the old one,
1403 * close the old one and open the new one.
1404 */
1405 if (t != tp->t_line) {
1406 (*linesw[tp->t_line].l_close)(tp, flag);
1407 error = (*linesw[t].l_open)(device, tp);
1408 if (error) {
1409 /* This is racy; it's possible to lose both */
1410 (void)(*linesw[tp->t_line].l_open)(device, tp);
1411 goto out;
1412 }
1413 tp->t_line = t;
1414 }
1415 break;
1416 }
1417 case TIOCSTART: /* start output, like ^Q */
1418 if (ISSET(tp->t_state, TS_TTSTOP) ||
1419 ISSET(tp->t_lflag, FLUSHO)) {
1420 CLR(tp->t_lflag, FLUSHO);
1421 CLR(tp->t_state, TS_TTSTOP);
1422 ttstart(tp);
1423 }
1424 break;
1425 case TIOCSTI: /* simulate terminal input */
1426 if (suser(kauth_cred_get(), NULL) && (flag & FREAD) == 0) {
1427 error = EPERM;
1428 goto out;
1429 }
1430 if (suser(kauth_cred_get(), NULL) && !isctty(p, tp)) {
1431 error = EACCES;
1432 goto out;
1433 }
1434 (*linesw[tp->t_line].l_rint)(*(u_char *)data, tp);
1435 break;
1436 case TIOCSTOP: /* stop output, like ^S */
1437 if (!ISSET(tp->t_state, TS_TTSTOP)) {
1438 SET(tp->t_state, TS_TTSTOP);
1439 ttystop(tp, 0);
1440 }
1441 break;
1442 case TIOCIXON:
1443 ttyunblock(tp);
1444 break;
1445 case TIOCIXOFF:
1446 ttyblock(tp);
1447 break;
1448 case TIOCSCTTY: /* become controlling tty */
1449 /* Session ctty vnode pointer set in vnode layer. */
1450 pg = proc_pgrp(p, &sessp);
1451 if (pg == PGRP_NULL) {
1452 error = EPERM;
1453 goto out;
1454 }
1455
1456 /*
1457 * This can only be done by a session leader.
1458 */
1459 if (!SESS_LEADER(p, sessp)) {
1460 /* SAFE: All callers drop the lock on return */
1461 tty_unlock(tp);
1462 pgrp_rele(pg);
1463 tty_lock(tp);
1464 error = EPERM;
1465 goto out;
1466 }
1467 /*
1468 * If this terminal is already the controlling terminal for the
1469 * session, nothing to do here.
1470 */
1471 if (tp->t_session == sessp) {
1472 /* SAFE: All callers drop the lock on return */
1473 tty_unlock(tp);
1474 pgrp_rele(pg);
1475 tty_lock(tp);
1476 error = 0;
1477 goto out;
1478 }
1479
1480 /*
1481 * Deny if the terminal is already attached to another session or
1482 * the session already has a terminal vnode.
1483 */
1484 proc_list_lock();
1485 session_lock(sessp);
1486 if (sessp->s_ttyvp || tp->t_session) {
1487 session_unlock(sessp);
1488 proc_list_unlock();
1489 /* SAFE: All callers drop the lock on return */
1490 tty_unlock(tp);
1491 pgrp_rele(pg);
1492 tty_lock(tp);
1493 error = EPERM;
1494 goto out;
1495 }
1496
1497 sessp->s_ttypgrpid = pg->pg_id;
1498 oldtp = session_set_tty_locked(sessp, tp);
1499
1500 oldpg = tp->t_pgrp;
1501 oldsessp = tp->t_session;
1502 tp->t_pgrp = pg; /* donate pg ref */
1503 tp->t_session = session_ref(sessp);
1504 session_unlock(sessp);
1505
1506 if (oldsessp) {
1507 session_lock(oldsessp);
1508 freetp = session_clear_tty_locked(oldsessp);
1509 session_unlock(oldsessp);
1510 }
1511
1512 os_atomic_or(&p->p_flag, P_CONTROLT, relaxed);
1513 proc_list_unlock();
1514 tty_unlock(tp);
1515
1516 if (oldsessp) {
1517 session_rele(oldsessp);
1518 if (freetp) {
1519 ttyfree(freetp);
1520 }
1521 }
1522 pgrp_rele(oldpg);
1523 if (NULL != oldtp) {
1524 ttyfree(oldtp);
1525 }
1526
1527 /* SAFE: All callers drop the lock on return */
1528 tty_lock(tp);
1529 break;
1530
1531 case TIOCSPGRP: { /* set pgrp of tty */
1532 struct pgrp *pgrp = PGRP_NULL;
1533
1534 pg = proc_pgrp(p, &sessp);
1535 if (!isctty_sp(p, tp, sessp)) {
1536 pgrp_rele(pg);
1537 error = ENOTTY;
1538 goto out;
1539 } else if ((pgrp = pgrp_find(*(int *)data)) == PGRP_NULL) {
1540 pgrp_rele(pg);
1541 error = EINVAL;
1542 goto out;
1543 } else if (pgrp->pg_session != sessp) {
1544 /* SAFE: All callers drop the lock on return */
1545 tty_unlock(tp);
1546 pgrp_rele(pg);
1547 pgrp_rele(pgrp);
1548 tty_lock(tp);
1549 error = EPERM;
1550 goto out;
1551 }
1552
1553 proc_list_lock();
1554 oldpg = tp->t_pgrp;
1555 tp->t_pgrp = pgrp;
1556 proc_list_unlock();
1557
1558 session_lock(sessp);
1559 sessp->s_ttypgrpid = pgrp->pg_id;
1560 session_unlock(sessp);
1561
1562 /*
1563 * Wakeup readers to recheck if they are still the foreground
1564 * process group.
1565 *
1566 * ttwakeup() isn't called because the readers aren't getting
1567 * woken up because there is something to read but to force
1568 * the re-evaluation of their foreground process group status.
1569 *
1570 * Ordinarily leaving these readers waiting wouldn't be an issue
1571 * as launchd would send them a termination signal eventually
1572 * (if nobody else does). But if this terminal happens to be
1573 * /dev/console, launchd itself could get blocked forever behind
1574 * a revoke of /dev/console and leave the system deadlocked.
1575 */
1576 wakeup(TSA_HUP_OR_INPUT(tp));
1577
1578 /* SAFE: All callers drop the lock on return */
1579 tty_unlock(tp);
1580 pgrp_rele(oldpg);
1581 pgrp_rele(pg);
1582 tty_lock(tp);
1583 break;
1584 }
1585 case TIOCSTAT: /* simulate control-T */
1586 ttyinfo_locked(tp);
1587 break;
1588 case TIOCSWINSZ: /* set window size */
1589 if (bcmp((caddr_t)&tp->t_winsize, data,
1590 sizeof(struct winsize))) {
1591 tp->t_winsize = *(struct winsize *)data;
1592 /* SAFE: All callers drop the lock on return */
1593 tty_pgsignal_locked(tp, SIGWINCH, 1);
1594 }
1595 break;
1596 case TIOCSDRAINWAIT:
1597 error = suser(kauth_cred_get(), &p->p_acflag);
1598 if (error) {
1599 goto out;
1600 }
1601 tp->t_timeout = *(int *)data * hz;
1602 wakeup(TSA_OCOMPLETE(tp));
1603 wakeup(TSA_OLOWAT(tp));
1604 break;
1605 case TIOCGDRAINWAIT:
1606 *(int *)data = tp->t_timeout / hz;
1607 break;
1608 case TIOCREVOKE:
1609 SET(tp->t_state, TS_REVOKE);
1610 tp->t_gen++;
1611 /*
1612 * At this time, only this wait channel is woken up as only
1613 * ttread has been problematic. It is possible we may need
1614 * to add wake up other tty wait addresses as well.
1615 */
1616 wakeup(TSA_HUP_OR_INPUT(tp));
1617 break;
1618 case TIOCREVOKECLEAR:
1619 CLR(tp->t_state, TS_REVOKE);
1620 break;
1621 default:
1622 error = ttcompat(tp, cmd, data, flag, p);
1623 goto out;
1624 }
1625
1626 error = 0;
1627 out:
1628 return error;
1629 }
1630
1631
1632 /*
1633 * Locks: Assumes tp is locked on entry, remains locked on exit
1634 */
1635 int
ttyselect(struct tty * tp,int rw,void * wql,proc_t p)1636 ttyselect(struct tty *tp, int rw, void *wql, proc_t p)
1637 {
1638 int retval = 0;
1639 /*
1640 * Attaching knotes to TTYs needs to call selrecord in order to hook
1641 * up the waitq to the selinfo, regardless of data being ready. See
1642 * filt_ttyattach.
1643 */
1644 bool needs_selrecord = rw & FMARK;
1645 rw &= ~FMARK;
1646
1647 if (tp == NULL) {
1648 return ENXIO;
1649 }
1650
1651 TTY_LOCK_OWNED(tp);
1652
1653 if (tp->t_state & TS_ZOMBIE) {
1654 retval = 1;
1655 goto out;
1656 }
1657
1658 switch (rw) {
1659 case FREAD:
1660 retval = ttnread(tp);
1661 if (retval > 0) {
1662 break;
1663 }
1664
1665 selrecord(p, &tp->t_rsel, wql);
1666 break;
1667 case FWRITE:
1668 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
1669 (tp->t_state & TS_CONNECTED)) {
1670 retval = tp->t_hiwat - tp->t_outq.c_cc;
1671 break;
1672 }
1673
1674 selrecord(p, &tp->t_wsel, wql);
1675 break;
1676 }
1677
1678 out:
1679 if (retval > 0 && needs_selrecord) {
1680 switch (rw) {
1681 case FREAD:
1682 selrecord(p, &tp->t_rsel, wql);
1683 break;
1684 case FWRITE:
1685 selrecord(p, &tp->t_wsel, wql);
1686 break;
1687 }
1688 }
1689
1690 return retval;
1691 }
1692
1693
1694 /*
1695 * This is a wrapper for compatibility with the select vector used by
1696 * cdevsw. It relies on a proper xxxdevtotty routine.
1697 *
1698 * Locks: Assumes tty_lock() is not held prior to calling.
1699 */
1700 int
ttselect(dev_t dev,int rw,void * wql,proc_t p)1701 ttselect(dev_t dev, int rw, void *wql, proc_t p)
1702 {
1703 int rv;
1704 struct tty *tp = cdevsw[major(dev)].d_ttys[minor(dev)];
1705
1706 tty_lock(tp);
1707 rv = ttyselect(tp, rw, wql, p);
1708 tty_unlock(tp);
1709
1710 return rv;
1711 }
1712
1713
1714 /*
1715 * Locks: Assumes tp is locked on entry, remains locked on exit
1716 */
1717 __private_extern__ int
ttnread(struct tty * tp)1718 ttnread(struct tty *tp)
1719 {
1720 int nread;
1721
1722 TTY_LOCK_OWNED(tp); /* debug assert */
1723
1724 if (ISSET(tp->t_lflag, PENDIN)) {
1725 ttypend(tp);
1726 }
1727 nread = tp->t_canq.c_cc;
1728 if (!ISSET(tp->t_lflag, ICANON)) {
1729 nread += tp->t_rawq.c_cc;
1730 if (nread < tp->t_cc[VMIN] && tp->t_cc[VTIME] == 0) {
1731 nread = 0;
1732 }
1733 }
1734 return nread;
1735 }
1736
1737
1738 /*
1739 * ttywait
1740 *
1741 * Wait for output to drain.
1742 *
1743 * Parameters: tp Tty on which to wait for output to drain
1744 *
1745 * Returns: 0 Success
1746 * EIO t_timeout too small/expired
1747 * ttysleep:ERESTART Upper layer must redrive the call;
1748 * this is usually done by the Libc
1749 * stub in user space
1750 * ttysleep:EINTR Interrupted (usually a signal)
1751 *
1752 * Notes: Called from proc_exit() and vproc_exit().
1753 *
1754 * Locks: Assumes tp is locked on entry, remains locked on exit
1755 */
1756 int
ttywait(struct tty * tp)1757 ttywait(struct tty *tp)
1758 {
1759 int error;
1760
1761 TTY_LOCK_OWNED(tp); /* debug assert */
1762
1763 error = 0;
1764 while ((tp->t_outq.c_cc || ISSET(tp->t_state, TS_BUSY)) &&
1765 ISSET(tp->t_state, TS_CONNECTED) && tp->t_oproc) {
1766 (*tp->t_oproc)(tp);
1767 if ((tp->t_outq.c_cc || ISSET(tp->t_state, TS_BUSY)) &&
1768 ISSET(tp->t_state, TS_CONNECTED)) {
1769 SET(tp->t_state, TS_SO_OCOMPLETE);
1770 error = ttysleep(tp, TSA_OCOMPLETE(tp),
1771 TTOPRI | PCATCH, "ttywai",
1772 tp->t_timeout);
1773 if (error) {
1774 if (error == EWOULDBLOCK) {
1775 error = EIO;
1776 }
1777 break;
1778 }
1779 } else {
1780 break;
1781 }
1782 }
1783 if (!error && (tp->t_outq.c_cc || ISSET(tp->t_state, TS_BUSY))) {
1784 error = EIO;
1785 }
1786 return error;
1787 }
1788
1789 /*
1790 * Stop the underlying device driver.
1791 *
1792 * Locks: Assumes tty_lock() is held prior to calling.
1793 */
1794 static void
ttystop(struct tty * tp,int rw)1795 ttystop(struct tty *tp, int rw)
1796 {
1797 TTY_LOCK_OWNED(tp); /* debug assert */
1798
1799 (*cdevsw[major(tp->t_dev)].d_stop)(tp, rw);
1800 }
1801
1802 /*
1803 * Flush if successfully wait.
1804 *
1805 * Locks: Assumes tty_lock() is held prior to calling.
1806 */
1807 static int
ttywflush(struct tty * tp)1808 ttywflush(struct tty *tp)
1809 {
1810 int error;
1811
1812 TTY_LOCK_OWNED(tp); /* debug assert */
1813
1814 if ((error = ttywait(tp)) == 0) {
1815 ttyflush(tp, FREAD);
1816 }
1817 return error;
1818 }
1819
1820 /*
1821 * Flush tty read and/or write queues, notifying anyone waiting.
1822 *
1823 * Locks: Assumes tty_lock() is held prior to calling.
1824 */
1825 void
ttyflush(struct tty * tp,int rw)1826 ttyflush(struct tty *tp, int rw)
1827 {
1828 TTY_LOCK_OWNED(tp); /* debug assert */
1829
1830 #if 0
1831 again:
1832 #endif
1833 if (rw & FWRITE) {
1834 FLUSHQ(&tp->t_outq);
1835 CLR(tp->t_state, TS_TTSTOP);
1836 }
1837 ttystop(tp, rw);
1838 if (rw & FREAD) {
1839 FLUSHQ(&tp->t_canq);
1840 FLUSHQ(&tp->t_rawq);
1841 CLR(tp->t_lflag, PENDIN);
1842 tp->t_rocount = 0;
1843 tp->t_rocol = 0;
1844 CLR(tp->t_state, TS_LOCAL);
1845 ttwakeup(tp);
1846 if (ISSET(tp->t_state, TS_TBLOCK)) {
1847 if (rw & FWRITE) {
1848 FLUSHQ(&tp->t_outq);
1849 }
1850 ttyunblock(tp);
1851
1852 /*
1853 * Don't let leave any state that might clobber the
1854 * next line discipline (although we should do more
1855 * to send the START char). Not clearing the state
1856 * may have caused the "putc to a clist with no
1857 * reserved cblocks" panic/printf.
1858 */
1859 CLR(tp->t_state, TS_TBLOCK);
1860
1861 #if 0 /* forget it, sleeping isn't always safe and we don't know when it is */
1862 if (ISSET(tp->t_iflag, IXOFF)) {
1863 /*
1864 * XXX wait a bit in the hope that the stop
1865 * character (if any) will go out. Waiting
1866 * isn't good since it allows races. This
1867 * will be fixed when the stop character is
1868 * put in a special queue. Don't bother with
1869 * the checks in ttywait() since the timeout
1870 * will save us.
1871 */
1872 SET(tp->t_state, TS_SO_OCOMPLETE);
1873 ttysleep(tp, TSA_OCOMPLETE(tp), TTOPRI,
1874 "ttyfls", hz / 10);
1875 /*
1876 * Don't try sending the stop character again.
1877 */
1878 CLR(tp->t_state, TS_TBLOCK);
1879 goto again;
1880 }
1881 #endif
1882 }
1883 }
1884 if (rw & FWRITE) {
1885 FLUSHQ(&tp->t_outq);
1886 ttwwakeup(tp);
1887 }
1888 }
1889
1890 /*
1891 * Copy in the default termios characters.
1892 *
1893 * Locks: Assumes tty_lock() is held prior to calling.
1894 *
1895 * Notes: No assertion; tp is not in scope.
1896 */
1897 void
termioschars(struct termios * t)1898 termioschars(struct termios *t)
1899 {
1900 bcopy(ttydefchars, t->c_cc, sizeof t->c_cc);
1901 }
1902
1903
1904 /*
1905 * Handle input high water. Send stop character for the IXOFF case. Turn
1906 * on our input flow control bit and propagate the changes to the driver.
1907 * XXX the stop character should be put in a special high priority queue.
1908 *
1909 * Locks: Assumes tty_lock() is held for the call.
1910 */
1911 void
ttyblock(struct tty * tp)1912 ttyblock(struct tty *tp)
1913 {
1914 TTY_LOCK_OWNED(tp); /* debug assert */
1915
1916 SET(tp->t_state, TS_TBLOCK);
1917 if (ISSET(tp->t_iflag, IXOFF) && tp->t_cc[VSTOP] != _POSIX_VDISABLE &&
1918 putc(tp->t_cc[VSTOP], &tp->t_outq) != 0) {
1919 CLR(tp->t_state, TS_TBLOCK); /* try again later */
1920 }
1921 ttstart(tp);
1922 }
1923
1924
1925 /*
1926 * Handle input low water. Send start character for the IXOFF case. Turn
1927 * off our input flow control bit and propagate the changes to the driver.
1928 * XXX the start character should be put in a special high priority queue.
1929 *
1930 * Locks: Assumes tty_lock() is held for the call.
1931 */
1932 static void
ttyunblock(struct tty * tp)1933 ttyunblock(struct tty *tp)
1934 {
1935 TTY_LOCK_OWNED(tp); /* debug assert */
1936
1937 CLR(tp->t_state, TS_TBLOCK);
1938 if (ISSET(tp->t_iflag, IXOFF) && tp->t_cc[VSTART] != _POSIX_VDISABLE &&
1939 putc(tp->t_cc[VSTART], &tp->t_outq) != 0) {
1940 SET(tp->t_state, TS_TBLOCK); /* try again later */
1941 }
1942 ttstart(tp);
1943 }
1944
1945
1946 /*
1947 * ttstart
1948 *
1949 * Start tty output
1950 *
1951 * Parameters: tp tty on which to start output
1952 *
1953 * Returns: 0 Success
1954 *
1955 * Locks: Assumes tty_lock() is held for the call.
1956 *
1957 * Notes: This function might as well be void; it always returns success
1958 *
1959 * Called from ttioctl_locked(), LDISC routines, and
1960 * ttycheckoutq(), ttyblock(), ttyunblock(), and tputchar()
1961 */
1962 int
ttstart(struct tty * tp)1963 ttstart(struct tty *tp)
1964 {
1965 TTY_LOCK_OWNED(tp); /* debug assert */
1966
1967 if (tp->t_oproc != NULL) { /* XXX: Kludge for pty. */
1968 (*tp->t_oproc)(tp);
1969 }
1970
1971 return 0;
1972 }
1973
1974
1975 /*
1976 * ttylclose (LDISC)
1977 *
1978 * "close" a line discipline
1979 *
1980 * Locks: Assumes tty_lock() is held prior to calling.
1981 */
1982 int
ttylclose(struct tty * tp,int flag)1983 ttylclose(struct tty *tp, int flag)
1984 {
1985 TTY_LOCK_OWNED(tp); /* debug assert */
1986
1987 if ((flag & FNONBLOCK) || ttywflush(tp)) {
1988 ttyflush(tp, FREAD | FWRITE);
1989 }
1990
1991 return 0;
1992 }
1993
1994
1995 /*
1996 * ttymodem (LDISC)
1997 *
1998 * Handle modem control transition on a tty.
1999 * Flag indicates new state of carrier.
2000 * Returns 0 if the line should be turned off, otherwise 1.
2001 *
2002 * Locks: Assumes tty_lock() is held prior to calling.
2003 */
2004 int
ttymodem(struct tty * tp,int flag)2005 ttymodem(struct tty *tp, int flag)
2006 {
2007 int rval = 1; /* default return value */
2008
2009 TTY_LOCK_OWNED(tp); /* debug assert */
2010
2011 if (ISSET(tp->t_state, TS_CARR_ON) && ISSET(tp->t_cflag, MDMBUF)) {
2012 /*
2013 * MDMBUF: do flow control according to carrier flag
2014 * XXX TS_CAR_OFLOW doesn't do anything yet. TS_TTSTOP
2015 * works if IXON and IXANY are clear.
2016 */
2017 if (flag) {
2018 CLR(tp->t_state, TS_CAR_OFLOW);
2019 CLR(tp->t_state, TS_TTSTOP);
2020 ttstart(tp);
2021 } else if (!ISSET(tp->t_state, TS_CAR_OFLOW)) {
2022 SET(tp->t_state, TS_CAR_OFLOW);
2023 SET(tp->t_state, TS_TTSTOP);
2024 ttystop(tp, 0);
2025 }
2026 } else if (flag == 0) {
2027 /*
2028 * Lost carrier.
2029 */
2030 CLR(tp->t_state, TS_CARR_ON);
2031 if (ISSET(tp->t_state, TS_ISOPEN) &&
2032 !ISSET(tp->t_cflag, CLOCAL)) {
2033 SET(tp->t_state, TS_ZOMBIE);
2034 CLR(tp->t_state, TS_CONNECTED);
2035 if (tp->t_session && tp->t_session->s_leader) {
2036 psignal(tp->t_session->s_leader, SIGHUP);
2037 }
2038 ttyflush(tp, FREAD | FWRITE);
2039 rval = 0;
2040 goto out;
2041 }
2042 } else {
2043 /*
2044 * Carrier now on.
2045 */
2046 SET(tp->t_state, TS_CARR_ON);
2047 if (!ISSET(tp->t_state, TS_ZOMBIE)) {
2048 SET(tp->t_state, TS_CONNECTED);
2049 }
2050 wakeup(TSA_CARR_ON(tp));
2051 ttwakeup(tp);
2052 ttwwakeup(tp);
2053 }
2054
2055 out:
2056 return rval;
2057 }
2058
2059
2060 /*
2061 * Reinput pending characters after state switch
2062 * call at spltty().
2063 *
2064 * Locks: Assumes tty_lock() is held for the call.
2065 */
2066 static void
ttypend(struct tty * tp)2067 ttypend(struct tty *tp)
2068 {
2069 struct clist tq;
2070 int c;
2071
2072 TTY_LOCK_OWNED(tp); /* debug assert */
2073
2074 CLR(tp->t_lflag, PENDIN);
2075 SET(tp->t_state, TS_TYPEN);
2076 tq = tp->t_rawq;
2077 tp->t_rawq.c_cc = 0;
2078 tp->t_rawq.c_cf = tp->t_rawq.c_cl = NULL;
2079 while ((c = getc(&tq)) >= 0) {
2080 ttyinput(c, tp);
2081 }
2082 CLR(tp->t_state, TS_TYPEN);
2083 }
2084
2085
2086 /*
2087 * ttread (LDISC)
2088 *
2089 * Process a read call on a tty device.
2090 *
2091 * Locks: Assumes tty_lock() is held prior to calling.
2092 */
2093 int
ttread(struct tty * tp,struct uio * uio,int flag)2094 ttread(struct tty *tp, struct uio *uio, int flag)
2095 {
2096 struct clist *qp;
2097 int c;
2098 tcflag_t lflag;
2099 cc_t *cc = tp->t_cc;
2100 proc_t p = current_proc();
2101 int first, error = 0;
2102 int has_etime = 0, last_cc = 0;
2103 long slp = 0; /* XXX this should be renamed `timo'. */
2104 struct uthread *ut;
2105 struct pgrp * pg;
2106
2107 TTY_LOCK_OWNED(tp); /* debug assert */
2108
2109 ut = current_uthread();
2110
2111 loop:
2112 lflag = tp->t_lflag;
2113 /*
2114 * take pending input first
2115 */
2116 if (ISSET(lflag, PENDIN)) {
2117 ttypend(tp);
2118 lflag = tp->t_lflag; /* XXX ttypend() clobbers it */
2119 }
2120
2121 /*
2122 * Signal the process if it's in the background. If the terminal is
2123 * getting revoked, everybody is in the background.
2124 */
2125 if (isbackground(p, tp) || ISSET(tp->t_state, TS_REVOKE)) {
2126 if ((p->p_sigignore & sigmask(SIGTTIN)) ||
2127 (ut->uu_sigmask & sigmask(SIGTTIN)) ||
2128 p->p_lflag & P_LPPWAIT) {
2129 error = EIO;
2130 goto err;
2131 }
2132 pg = proc_pgrp(p, NULL);
2133 if (pg == PGRP_NULL) {
2134 error = EIO;
2135 goto err;
2136 }
2137 if (pg->pg_jobc == 0) {
2138 /* SAFE: All callers drop the lock on return */
2139 tty_unlock(tp);
2140 pgrp_rele(pg);
2141 tty_lock(tp);
2142 error = EIO;
2143 goto err;
2144 }
2145 /* SAFE: All callers drop the lock on return */
2146 tty_unlock(tp);
2147 pgsignal(pg, SIGTTIN, 1);
2148 pgrp_rele(pg);
2149 tty_lock(tp);
2150
2151 /*
2152 * We signalled ourself, so we need to act as if we
2153 * have been "interrupted" from a "sleep" to act on
2154 * the signal. If it's a signal that stops the
2155 * process, that's handled in the signal sending code.
2156 */
2157 error = EINTR;
2158 goto err;
2159 }
2160
2161 if (ISSET(tp->t_state, TS_ZOMBIE)) {
2162 /* EOF - returning 0 */
2163 goto err;
2164 }
2165
2166 /*
2167 * If canonical, use the canonical queue,
2168 * else use the raw queue.
2169 *
2170 * (should get rid of clists...)
2171 */
2172 qp = ISSET(lflag, ICANON) ? &tp->t_canq : &tp->t_rawq;
2173
2174 if (flag & IO_NDELAY) {
2175 if (qp->c_cc > 0) {
2176 goto read;
2177 }
2178 if (ISSET(lflag, ICANON) || cc[VMIN] != 0) {
2179 error = EWOULDBLOCK;
2180 }
2181 /* else polling - returning 0 */
2182 goto err;
2183 }
2184 if (!ISSET(lflag, ICANON)) {
2185 int m = cc[VMIN];
2186 long t = cc[VTIME];
2187 struct timeval timecopy;
2188 struct timeval etime = {.tv_sec = 0, .tv_usec = 0}; /* protected by !has_etime */
2189
2190 /*
2191 * Check each of the four combinations.
2192 * (m > 0 && t == 0) is the normal read case.
2193 * It should be fairly efficient, so we check that and its
2194 * companion case (m == 0 && t == 0) first.
2195 * For the other two cases, we compute the target sleep time
2196 * into slp.
2197 */
2198 if (t == 0) {
2199 if (qp->c_cc < m) {
2200 goto sleep;
2201 }
2202 if (qp->c_cc > 0) {
2203 goto read;
2204 }
2205
2206 /* m, t and qp->c_cc are all 0. 0 is enough input. */
2207 goto err;
2208 }
2209 t *= 100000; /* time in us */
2210 #define diff(t1, t2) (((t1).tv_sec - (t2).tv_sec) * 1000000 + \
2211 ((t1).tv_usec - (t2).tv_usec))
2212 if (m > 0) {
2213 if (qp->c_cc <= 0) {
2214 goto sleep;
2215 }
2216 if (qp->c_cc >= m) {
2217 goto read;
2218 }
2219 microuptime(&timecopy);
2220 if (!has_etime || qp->c_cc > last_cc) {
2221 /* first character or got a character, start timer */
2222 has_etime = 1;
2223
2224 etime.tv_sec = t / 1000000;
2225 etime.tv_usec =
2226 (__darwin_suseconds_t)(t - (etime.tv_sec * 1000000));
2227 timeradd(&etime, &timecopy, &etime);
2228
2229 slp = t;
2230 } else {
2231 /* nothing, check expiration */
2232 if (timercmp(&etime, &timecopy, <=)) {
2233 goto read;
2234 }
2235
2236 slp = diff(etime, timecopy);
2237 }
2238 last_cc = qp->c_cc;
2239 } else { /* m == 0 */
2240 if (qp->c_cc > 0) {
2241 goto read;
2242 }
2243 microuptime(&timecopy);
2244 if (!has_etime) {
2245 has_etime = 1;
2246
2247 etime.tv_sec = t / 1000000;
2248 etime.tv_usec =
2249 (__darwin_suseconds_t)(t - (etime.tv_sec * 1000000));
2250 timeradd(&etime, &timecopy, &etime);
2251
2252 slp = t;
2253 } else {
2254 if (timercmp(&etime, &timecopy, <=)) {
2255 /* Timed out, but 0 is enough input. */
2256 goto err;
2257 }
2258 slp = diff(etime, timecopy);
2259 }
2260 }
2261 #undef diff
2262 /*
2263 * Rounding down may make us wake up just short
2264 * of the target, so we round up.
2265 * The formula is ceiling(slp * hz/1000000).
2266 * 32-bit arithmetic is enough for hz < 169.
2267 * XXX see hzto() for how to avoid overflow if hz
2268 * is large (divide by `tick' and/or arrange to
2269 * use hzto() if hz is large).
2270 */
2271 slp = (long) (((u_int32_t)slp * hz) + 999999) / 1000000;
2272 goto sleep;
2273 }
2274 if (qp->c_cc <= 0) {
2275 sleep:
2276 /*
2277 * There is no input, or not enough input and we can block.
2278 */
2279 error = ttysleep(tp, TSA_HUP_OR_INPUT(tp), TTIPRI | PCATCH,
2280 ISSET(tp->t_state, TS_CONNECTED) ?
2281 "ttyin" : "ttyhup", (int)slp);
2282 if (error == EWOULDBLOCK) {
2283 error = 0;
2284 } else if (error) {
2285 goto err;
2286 }
2287 /*
2288 * XXX what happens if another process eats some input
2289 * while we are asleep (not just here)? It would be
2290 * safest to detect changes and reset our state variables
2291 * (has_stime and last_cc).
2292 */
2293 slp = 0;
2294 goto loop;
2295 }
2296 read:
2297 /*
2298 * Input present, check for input mapping and processing.
2299 */
2300 first = 1;
2301 if (ISSET(lflag, ICANON)
2302 || (ISSET(lflag, IEXTEN | ISIG) == (IEXTEN | ISIG))) {
2303 goto slowcase;
2304 }
2305 for (;;) {
2306 char ibuf[IBUFSIZ];
2307 int icc;
2308 ssize_t size = uio_resid(uio);
2309 if (size < 0) {
2310 error = ERANGE;
2311 break;
2312 }
2313
2314 icc = (int)MIN(size, IBUFSIZ);
2315 icc = q_to_b(qp, (u_char *)ibuf, icc);
2316 if (icc <= 0) {
2317 if (first) {
2318 goto loop;
2319 }
2320 break;
2321 }
2322 error = uiomove(ibuf, icc, uio);
2323 /*
2324 * XXX if there was an error then we should ungetc() the
2325 * unmoved chars and reduce icc here.
2326 */
2327 if (error) {
2328 break;
2329 }
2330 if (uio_resid(uio) == 0) {
2331 break;
2332 }
2333 first = 0;
2334 }
2335 goto out;
2336 slowcase:
2337 for (;;) {
2338 c = getc(qp);
2339 if (c < 0) {
2340 if (first) {
2341 goto loop;
2342 }
2343 break;
2344 }
2345 /*
2346 * delayed suspend (^Y)
2347 */
2348 if (CCEQ(cc[VDSUSP], c) &&
2349 ISSET(lflag, IEXTEN | ISIG) == (IEXTEN | ISIG)) {
2350 /*
2351 * SAFE: All callers drop the lock on return and
2352 * SAFE: current thread will not change out from
2353 * SAFE: under us in the "goto loop" case.
2354 */
2355 tty_pgsignal_locked(tp, SIGTSTP, 1);
2356 if (first) {
2357 error = ttysleep(tp, &ttread, TTIPRI | PCATCH,
2358 "ttybg3", hz);
2359 if (error) {
2360 break;
2361 }
2362 goto loop;
2363 }
2364 break;
2365 }
2366 /*
2367 * Interpret EOF only in canonical mode.
2368 */
2369 if (CCEQ(cc[VEOF], c) && ISSET(lflag, ICANON)) {
2370 break;
2371 }
2372 /*
2373 * Give user character.
2374 */
2375 error = ureadc(c, uio);
2376 if (error) {
2377 /* XXX should ungetc(c, qp). */
2378 break;
2379 }
2380 if (uio_resid(uio) == 0) {
2381 break;
2382 }
2383 /*
2384 * In canonical mode check for a "break character"
2385 * marking the end of a "line of input".
2386 */
2387 if (ISSET(lflag, ICANON) && TTBREAKC(c, lflag)) {
2388 break;
2389 }
2390 first = 0;
2391 }
2392
2393 out:
2394 /*
2395 * Look to unblock input now that (presumably)
2396 * the input queue has gone down.
2397 */
2398 if (ISSET(tp->t_state, TS_TBLOCK) &&
2399 tp->t_rawq.c_cc + tp->t_canq.c_cc <= I_LOW_WATER) {
2400 ttyunblock(tp);
2401 }
2402
2403 err:
2404 return error;
2405 }
2406
2407
2408 /*
2409 * Check the output queue on tp for space for a kernel message (from uprintf
2410 * or tprintf). Allow some space over the normal hiwater mark so we don't
2411 * lose messages due to normal flow control, but don't let the tty run amok.
2412 * Sleeps here are not interruptible, but we return prematurely if new signals
2413 * arrive.
2414 *
2415 * Locks: Assumes tty_lock() is held before calling
2416 *
2417 * Notes: This function is called from tprintf() in subr_prf.c
2418 */
2419 int
ttycheckoutq(struct tty * tp,int wait)2420 ttycheckoutq(struct tty *tp, int wait)
2421 {
2422 int hiwat;
2423 sigset_t oldsig;
2424 struct uthread *ut;
2425
2426 TTY_LOCK_OWNED(tp); /* debug assert */
2427
2428 ut = current_uthread();
2429
2430 hiwat = tp->t_hiwat;
2431 oldsig = wait ? ut->uu_siglist : 0;
2432 if (tp->t_outq.c_cc > hiwat + OBUFSIZ + 100) {
2433 while (tp->t_outq.c_cc > hiwat) {
2434 ttstart(tp);
2435 if (tp->t_outq.c_cc <= hiwat) {
2436 break;
2437 }
2438 if (wait == 0 || ut->uu_siglist != oldsig) {
2439 return 0;
2440 }
2441 SET(tp->t_state, TS_SO_OLOWAT);
2442 ttysleep(tp, TSA_OLOWAT(tp), PZERO - 1, "ttoutq", hz);
2443 }
2444 }
2445 return 1;
2446 }
2447
2448
2449 /*
2450 * ttwrite (LDISC)
2451 *
2452 * Process a write call on a tty device.
2453 *
2454 * Locks: Assumes tty_lock() is held prior to calling.
2455 */
2456 int
ttwrite(struct tty * tp,struct uio * uio,int flag)2457 ttwrite(struct tty *tp, struct uio *uio, int flag)
2458 {
2459 char *cp = NULL;
2460 int cc, ce;
2461 proc_t p;
2462 int i, hiwat, error;
2463 user_ssize_t count;
2464 char obuf[OBUFSIZ];
2465 struct uthread *ut;
2466 struct pgrp * pg;
2467
2468 TTY_LOCK_OWNED(tp); /* debug assert */
2469
2470 ut = current_uthread();
2471 hiwat = tp->t_hiwat;
2472 count = uio_resid(uio);
2473 error = 0;
2474 cc = 0;
2475 loop:
2476 if (ISSET(tp->t_state, TS_ZOMBIE)) {
2477 if (uio_resid(uio) == count) {
2478 error = EIO;
2479 }
2480 goto out;
2481 }
2482 if (!ISSET(tp->t_state, TS_CONNECTED)) {
2483 if (flag & IO_NDELAY) {
2484 error = EWOULDBLOCK;
2485 goto out;
2486 }
2487 error = ttysleep(tp, TSA_CARR_ON(tp), TTIPRI | PCATCH,
2488 "ttydcd", 0);
2489 if (error) {
2490 goto out;
2491 }
2492 goto loop;
2493 }
2494 /*
2495 * Signal the process if it's in the background.
2496 */
2497 p = current_proc();
2498 if (isbackground(p, tp) &&
2499 ISSET(tp->t_lflag, TOSTOP) && (p->p_lflag & P_LPPWAIT) == 0 &&
2500 (p->p_sigignore & sigmask(SIGTTOU)) == 0 &&
2501 (ut->uu_sigmask & sigmask(SIGTTOU)) == 0) {
2502 pg = proc_pgrp(p, NULL);
2503 if (pg == PGRP_NULL) {
2504 error = EIO;
2505 goto out;
2506 }
2507 if (pg->pg_jobc == 0) {
2508 /* SAFE: All callers drop the lock on return */
2509 tty_unlock(tp);
2510 pgrp_rele(pg);
2511 tty_lock(tp);
2512 error = EIO;
2513 goto out;
2514 }
2515 /* SAFE: All callers drop the lock on return */
2516 tty_unlock(tp);
2517 pgsignal(pg, SIGTTOU, 1);
2518 pgrp_rele(pg);
2519 tty_lock(tp);
2520 /*
2521 * We signalled ourself, so we need to act as if we
2522 * have been "interrupted" from a "sleep" to act on
2523 * the signal. If it's a signal that stops the
2524 * process, that's handled in the signal sending code.
2525 */
2526 error = EINTR;
2527 goto out;
2528 }
2529 /*
2530 * Process the user's data in at most OBUFSIZ chunks. Perform any
2531 * output translation. Keep track of high water mark, sleep on
2532 * overflow awaiting device aid in acquiring new space.
2533 */
2534 while (uio_resid(uio) > 0 || cc > 0) {
2535 if (ISSET(tp->t_lflag, FLUSHO)) {
2536 uio_setresid(uio, 0);
2537 return 0;
2538 }
2539 if (tp->t_outq.c_cc > hiwat) {
2540 goto ovhiwat;
2541 }
2542 /*
2543 * Grab a hunk of data from the user, unless we have some
2544 * leftover from last time.
2545 */
2546 if (cc == 0) {
2547 ssize_t size = uio_resid(uio);
2548 if (size < 0) {
2549 error = ERANGE;
2550 break;
2551 }
2552 cc = (int)MIN((size_t)size, OBUFSIZ);
2553 cp = obuf;
2554 error = uiomove(cp, cc, uio);
2555 if (error) {
2556 cc = 0;
2557 break;
2558 }
2559 }
2560 /*
2561 * If nothing fancy need be done, grab those characters we
2562 * can handle without any of ttyoutput's processing and
2563 * just transfer them to the output q. For those chars
2564 * which require special processing (as indicated by the
2565 * bits in char_type), call ttyoutput. After processing
2566 * a hunk of data, look for FLUSHO so ^O's will take effect
2567 * immediately.
2568 */
2569 while (cc > 0) {
2570 if (!ISSET(tp->t_oflag, OPOST)) {
2571 ce = cc;
2572 } else {
2573 ce = (int)((size_t)cc - scanc((size_t)cc,
2574 (u_char *)cp, char_type, CCLASSMASK));
2575 /*
2576 * If ce is zero, then we're processing
2577 * a special character through ttyoutput.
2578 */
2579 if (ce == 0) {
2580 tp->t_rocount = 0;
2581 if (ttyoutput(*cp, tp) >= 0) {
2582 /* out of space */
2583 goto overfull;
2584 }
2585 cp++;
2586 cc--;
2587 if (ISSET(tp->t_lflag, FLUSHO) ||
2588 tp->t_outq.c_cc > hiwat) {
2589 goto ovhiwat;
2590 }
2591 continue;
2592 }
2593 }
2594 /*
2595 * A bunch of normal characters have been found.
2596 * Transfer them en masse to the output queue and
2597 * continue processing at the top of the loop.
2598 * If there are any further characters in this
2599 * <= OBUFSIZ chunk, the first should be a character
2600 * requiring special handling by ttyoutput.
2601 */
2602 tp->t_rocount = 0;
2603 i = b_to_q((u_char *)cp, ce, &tp->t_outq);
2604 ce -= i;
2605 tp->t_column += ce;
2606 cp += ce;
2607 cc -= ce;
2608 tk_nout += ce;
2609 tp->t_outcc += ce;
2610 if (i > 0) {
2611 /* out of space */
2612 goto overfull;
2613 }
2614 if (ISSET(tp->t_lflag, FLUSHO) ||
2615 tp->t_outq.c_cc > hiwat) {
2616 break;
2617 }
2618 }
2619 ttstart(tp);
2620 }
2621 out:
2622 /*
2623 * If cc is nonzero, we leave the uio structure inconsistent, as the
2624 * offset and iov pointers have moved forward, but it doesn't matter
2625 * (the call will either return short or restart with a new uio).
2626 */
2627 uio_setresid(uio, (uio_resid(uio) + cc));
2628 return error;
2629
2630 overfull:
2631
2632 /*
2633 * Since we are using ring buffers, if we can't insert any more into
2634 * the output queue, we can assume the ring is full and that someone
2635 * forgot to set the high water mark correctly. We set it and then
2636 * proceed as normal.
2637 */
2638 hiwat = tp->t_outq.c_cc - 1;
2639
2640 ovhiwat:
2641 ttstart(tp);
2642 /*
2643 * This can only occur if FLUSHO is set in t_lflag,
2644 * or if ttstart/oproc is synchronous (or very fast).
2645 */
2646 if (tp->t_outq.c_cc <= hiwat) {
2647 goto loop;
2648 }
2649 if (flag & IO_NDELAY) {
2650 uio_setresid(uio, (uio_resid(uio) + cc));
2651 return uio_resid(uio) == count ? EWOULDBLOCK : 0;
2652 }
2653 SET(tp->t_state, TS_SO_OLOWAT);
2654 error = ttysleep(tp, TSA_OLOWAT(tp), TTOPRI | PCATCH, "ttywri",
2655 tp->t_timeout);
2656 if (error == EWOULDBLOCK) {
2657 error = EIO;
2658 }
2659 if (error) {
2660 goto out;
2661 }
2662 goto loop;
2663 }
2664
2665
2666 /*
2667 * Rubout one character from the rawq of tp
2668 * as cleanly as possible.
2669 *
2670 * Locks: Assumes tty_lock() is held prior to calling.
2671 */
2672 static void
ttyrub(int c,struct tty * tp)2673 ttyrub(int c, struct tty *tp)
2674 {
2675 u_char *cp;
2676 int savecol;
2677 int tabc;
2678
2679 TTY_LOCK_OWNED(tp); /* debug assert */
2680
2681 if (!ISSET(tp->t_lflag, ECHO) || ISSET(tp->t_lflag, EXTPROC)) {
2682 return;
2683 }
2684 CLR(tp->t_lflag, FLUSHO);
2685 if (ISSET(tp->t_lflag, ECHOE)) {
2686 if (tp->t_rocount == 0) {
2687 /*
2688 * Messed up by ttwrite; retype
2689 */
2690 ttyretype(tp);
2691 return;
2692 }
2693 if (c == ('\t' | TTY_QUOTE) || c == ('\n' | TTY_QUOTE)) {
2694 ttyrubo(tp, 2);
2695 } else {
2696 CLR(c, ~TTY_CHARMASK);
2697 switch (CCLASS(c)) {
2698 case ORDINARY:
2699 if (!(ISSET(tp->t_iflag, IUTF8) && CCONT(c))) {
2700 ttyrubo(tp, 1);
2701 }
2702 break;
2703 case BACKSPACE:
2704 case CONTROL:
2705 case NEWLINE:
2706 case RETURN:
2707 case VTAB:
2708 if (ISSET(tp->t_lflag, ECHOCTL)) {
2709 ttyrubo(tp, 2);
2710 }
2711 break;
2712 case TAB:
2713 if (tp->t_rocount < tp->t_rawq.c_cc) {
2714 ttyretype(tp);
2715 return;
2716 }
2717 savecol = tp->t_column;
2718 SET(tp->t_state, TS_CNTTB);
2719 SET(tp->t_lflag, FLUSHO);
2720 tp->t_column = tp->t_rocol;
2721 for (cp = firstc(&tp->t_rawq, &tabc); cp;
2722 cp = nextc(&tp->t_rawq, cp, &tabc)) {
2723 ttyecho(tabc, tp);
2724 }
2725 CLR(tp->t_lflag, FLUSHO);
2726 CLR(tp->t_state, TS_CNTTB);
2727
2728 /* savecol will now be length of the tab. */
2729 savecol -= tp->t_column;
2730 tp->t_column += savecol;
2731 if (savecol > 8) {
2732 savecol = 8; /* overflow fixup */
2733 }
2734 while (--savecol >= 0) {
2735 (void)ttyoutput('\b', tp);
2736 }
2737 break;
2738 default: /* XXX */
2739 #define PANICSTR "ttyrub: would panic c = %d, val = %d\n"
2740 printf(PANICSTR, c, CCLASS(c));
2741 #ifdef notdef
2742 panic(PANICSTR, c, CCLASS(c));
2743 #endif
2744 }
2745 }
2746 } else if (ISSET(tp->t_lflag, ECHOPRT)) {
2747 if (!ISSET(tp->t_state, TS_ERASE)) {
2748 SET(tp->t_state, TS_ERASE);
2749 (void)ttyoutput('\\', tp);
2750 }
2751 ttyecho(c, tp);
2752 } else {
2753 ttyecho(tp->t_cc[VERASE], tp);
2754 }
2755 --tp->t_rocount;
2756 }
2757
2758
2759 /*
2760 * Back over count characters, erasing them.
2761 *
2762 * Locks: Assumes tty_lock() is held prior to calling.
2763 */
2764 static void
ttyrubo(struct tty * tp,int count)2765 ttyrubo(struct tty *tp, int count)
2766 {
2767 TTY_LOCK_OWNED(tp); /* debug assert */
2768
2769 while (count-- > 0) {
2770 (void)ttyoutput('\b', tp);
2771 (void)ttyoutput(' ', tp);
2772 (void)ttyoutput('\b', tp);
2773 }
2774 }
2775
2776
2777 /*
2778 * ttyretype --
2779 * Reprint the rawq line. Note, it is assumed that c_cc has already
2780 * been checked.
2781 *
2782 * Locks: Assumes tty_lock() is held prior to calling.
2783 */
2784 static void
ttyretype(struct tty * tp)2785 ttyretype(struct tty *tp)
2786 {
2787 u_char *cp;
2788 int c;
2789
2790 TTY_LOCK_OWNED(tp); /* debug assert */
2791
2792 /* Echo the reprint character. */
2793 if (tp->t_cc[VREPRINT] != _POSIX_VDISABLE) {
2794 ttyecho(tp->t_cc[VREPRINT], tp);
2795 }
2796
2797 (void)ttyoutput('\n', tp);
2798
2799 /*
2800 * FREEBSD XXX
2801 * FIX: NEXTC IS BROKEN - DOESN'T CHECK QUOTE
2802 * BIT OF FIRST CHAR.
2803 */
2804 for (cp = firstc(&tp->t_canq, &c); cp; cp = nextc(&tp->t_canq, cp, &c)) {
2805 ttyecho(c, tp);
2806 }
2807 for (cp = firstc(&tp->t_rawq, &c); cp; cp = nextc(&tp->t_rawq, cp, &c)) {
2808 ttyecho(c, tp);
2809 }
2810 CLR(tp->t_state, TS_ERASE);
2811
2812 tp->t_rocount = tp->t_rawq.c_cc;
2813 tp->t_rocol = 0;
2814 }
2815
2816
2817 /*
2818 * Echo a typed character to the terminal.
2819 *
2820 * Locks: Assumes tty_lock() is held prior to calling.
2821 */
2822 static void
ttyecho(int c,struct tty * tp)2823 ttyecho(int c, struct tty *tp)
2824 {
2825 TTY_LOCK_OWNED(tp); /* debug assert */
2826
2827 if (!ISSET(tp->t_state, TS_CNTTB)) {
2828 CLR(tp->t_lflag, FLUSHO);
2829 }
2830 if ((!ISSET(tp->t_lflag, ECHO) &&
2831 (c != '\n' || !ISSET(tp->t_lflag, ECHONL))) ||
2832 ISSET(tp->t_lflag, EXTPROC)) {
2833 return;
2834 }
2835 if (ISSET(tp->t_lflag, ECHOCTL) &&
2836 ((ISSET(c, TTY_CHARMASK) <= 037 && c != '\t' && c != '\n') ||
2837 ISSET(c, TTY_CHARMASK) == 0177)) {
2838 (void)ttyoutput('^', tp);
2839 CLR(c, ~TTY_CHARMASK);
2840 if (c == 0177) {
2841 c = '?';
2842 } else {
2843 c += 'A' - 1;
2844 }
2845 }
2846 (void)ttyoutput(c, tp);
2847 }
2848
2849 static void
ttwakeup_knote(struct selinfo * sip,long hint)2850 ttwakeup_knote(struct selinfo *sip, long hint)
2851 {
2852 if ((sip->si_flags & SI_KNPOSTING) == 0) {
2853 sip->si_flags |= SI_KNPOSTING;
2854 KNOTE(&sip->si_note, hint);
2855 sip->si_flags &= ~SI_KNPOSTING;
2856 }
2857 }
2858
2859
2860 /*
2861 * Wake up any readers on a tty.
2862 *
2863 * Locks: Assumes tty_lock() is held for the call.
2864 */
2865 void
ttwakeup(struct tty * tp)2866 ttwakeup(struct tty *tp)
2867 {
2868 TTY_LOCK_OWNED(tp); /* debug assert */
2869
2870 selwakeup(&tp->t_rsel);
2871 ttwakeup_knote(&tp->t_rsel, 0);
2872 if (ISSET(tp->t_state, TS_ASYNC)) {
2873 /*
2874 * XXX: Callers may not revalidate it the tty is closed
2875 * XXX: out from under them by another thread, but we do
2876 * XXX: not support queued signals. This should be safe,
2877 * XXX: since the process we intend to wakeup is in the
2878 * XXX: process group, and will wake up because of the
2879 * XXX: signal anyway.
2880 */
2881 tty_pgsignal_locked(tp, SIGIO, 1);
2882 }
2883 wakeup(TSA_HUP_OR_INPUT(tp));
2884 }
2885
2886
2887 /*
2888 * ttwwakeup (LDISC)
2889 *
2890 * Wake up any writers on a tty.
2891 *
2892 * Locks: Assumes tty_lock() is held prior to calling.
2893 */
2894 void
ttwwakeup(struct tty * tp)2895 ttwwakeup(struct tty *tp)
2896 {
2897 TTY_LOCK_OWNED(tp); /* debug assert */
2898
2899 if (tp->t_outq.c_cc <= tp->t_lowat) {
2900 selwakeup(&tp->t_wsel);
2901 ttwakeup_knote(&tp->t_wsel, 0);
2902 }
2903 if (ISSET(tp->t_state, TS_BUSY | TS_SO_OCOMPLETE) ==
2904 TS_SO_OCOMPLETE && tp->t_outq.c_cc == 0) {
2905 CLR(tp->t_state, TS_SO_OCOMPLETE);
2906 wakeup(TSA_OCOMPLETE(tp));
2907 }
2908 if (ISSET(tp->t_state, TS_SO_OLOWAT) &&
2909 tp->t_outq.c_cc <= tp->t_lowat) {
2910 CLR(tp->t_state, TS_SO_OLOWAT);
2911 wakeup(TSA_OLOWAT(tp));
2912 }
2913 }
2914
2915
2916 /*
2917 * Look up a code for a specified speed in a conversion table;
2918 * used by drivers to map software speed values to hardware parameters.
2919 *
2920 * Notes: No locks are assumed for this function; it does not
2921 * directly access struct tty.
2922 */
2923 int
ttspeedtab(int speed,struct speedtab * table)2924 ttspeedtab(int speed, struct speedtab *table)
2925 {
2926 for (; table->sp_speed != -1; table++) {
2927 if (table->sp_speed == speed) {
2928 return table->sp_code;
2929 }
2930 }
2931 return -1;
2932 }
2933
2934
2935 /*
2936 * Set tty hi and low water marks.
2937 *
2938 * Try to arrange the dynamics so there's about one second
2939 * from hi to low water.
2940 *
2941 * Locks: Assumes tty_lock() is held prior to calling.
2942 */
2943 void
ttsetwater(struct tty * tp)2944 ttsetwater(struct tty *tp)
2945 {
2946 speed_t cps;
2947 unsigned int x;
2948
2949 TTY_LOCK_OWNED(tp); /* debug assert */
2950
2951 #define CLAMP(x, h, l) ((x) > h ? h : ((x) < l) ? l : (x))
2952
2953 cps = tp->t_ospeed / 10;
2954 static_assert(TTMAXLOWAT <= UINT_MAX, "max low water fits in unsigned int");
2955 static_assert(TTMINLOWAT <= UINT_MAX, "min low water fits in unsigned int");
2956 tp->t_lowat = x = (unsigned int)CLAMP(cps / 2, TTMAXLOWAT, TTMINLOWAT);
2957 x += cps;
2958 x = CLAMP(x, TTMAXHIWAT, TTMINHIWAT);
2959 tp->t_hiwat = roundup(x, CBSIZE);
2960 #undef CLAMP
2961 }
2962
2963 /* ttyinfo has been converted to the MACH kernel */
2964 #include <mach/thread_info.h>
2965
2966 /* XXX Should be in Mach header <kern/thread.h>, but doesn't work */
2967 extern kern_return_t thread_info_internal(thread_t thread,
2968 thread_flavor_t flavor,
2969 thread_info_t thread_info_out,
2970 mach_msg_type_number_t *thread_info_count);
2971
2972
2973 /*
2974 * Report on state of foreground process group.
2975 *
2976 * Locks: Assumes tty_lock() is held prior to calling.
2977 */
2978 void
ttyinfo_locked(struct tty * tp)2979 ttyinfo_locked(struct tty *tp)
2980 {
2981 int load;
2982 uthread_t uthread;
2983 proc_t p;
2984 proc_t pick;
2985 pid_t pickpid;
2986 const char *state;
2987 struct timeval utime;
2988 struct timeval stime;
2989 thread_basic_info_data_t basic_info;
2990 mach_msg_type_number_t mmtn = THREAD_BASIC_INFO_COUNT;
2991 struct pgrp * pg;
2992
2993 TTY_LOCK_OWNED(tp); /* debug assert */
2994
2995 if (ttycheckoutq(tp, 0) == 0) {
2996 return;
2997 }
2998
2999 /* Print load average. */
3000 load = (averunnable.ldavg[0] * 100 + FSCALE / 2) >> FSHIFT;
3001 ttyprintf(tp, "load: %d.%02d ", load / 100, load % 100);
3002
3003 /*
3004 * On return following a ttyprintf(), we set tp->t_rocount to 0 so
3005 * that pending input will be retyped on BS.
3006 */
3007 if (tp->t_session == NULL) {
3008 ttyprintf(tp, "not a controlling terminal\n");
3009 tp->t_rocount = 0;
3010 return;
3011 }
3012 if (tp->t_pgrp == NULL) {
3013 ttyprintf(tp, "no foreground process group\n");
3014 tp->t_rocount = 0;
3015 return;
3016 }
3017
3018 /* get a reference on the process group before locking it */
3019 pg = tty_pgrp_locked(tp);
3020
3021 pgrp_lock(pg);
3022 /* the proc_compare is non blocking fn, no need to use iterator */
3023 pick = NULL;
3024 LIST_FOREACH(p, &pg->pg_members, p_pglist) {
3025 if (proc_compare(pick, p)) {
3026 pick = p;
3027 pickpid = proc_getpid(p);
3028 } else {
3029 pickpid = proc_getpid(pick);
3030 }
3031 }
3032 pgrp_unlock(pg);
3033 /* SAFE: All callers drop the lock on return */
3034 tty_unlock(tp);
3035 pgrp_rele(pg);
3036
3037 pick = proc_find(pickpid);
3038 if (pick == PROC_NULL) {
3039 tty_lock(tp);
3040 return;
3041 }
3042
3043 tty_lock(tp);
3044 proc_lock(pick);
3045 if (TAILQ_EMPTY(&pick->p_uthlist) ||
3046 (uthread = TAILQ_FIRST(&pick->p_uthlist)) == NULL ||
3047 (thread_info_internal(get_machthread(uthread), THREAD_BASIC_INFO, (thread_info_t)&basic_info, &mmtn) != KERN_SUCCESS)) {
3048 proc_unlock(pick);
3049 ttyprintf(tp, "foreground process without thread\n");
3050 tp->t_rocount = 0;
3051 proc_rele(pick);
3052 return;
3053 }
3054 proc_unlock(pick);
3055
3056 switch (basic_info.run_state) {
3057 case TH_STATE_RUNNING:
3058 state = "running";
3059 break;
3060 case TH_STATE_STOPPED:
3061 state = "stopped";
3062 break;
3063 case TH_STATE_WAITING:
3064 state = "waiting";
3065 break;
3066 case TH_STATE_UNINTERRUPTIBLE:
3067 state = "uninterruptible";
3068 break;
3069 case TH_STATE_HALTED:
3070 state = "halted";
3071 break;
3072 default:
3073 state = "unknown";
3074 break;
3075 }
3076 calcru(pick, &utime, &stime, NULL);
3077
3078 /* Print command, pid, state, utime, and stime */
3079 ttyprintf(tp, " cmd: %s %d %s %ld.%02du %ld.%02ds\n",
3080 pick->p_comm,
3081 proc_getpid(pick),
3082 state,
3083 (long)utime.tv_sec, utime.tv_usec / 10000,
3084 (long)stime.tv_sec, stime.tv_usec / 10000);
3085
3086 proc_rele(pick);
3087 tp->t_rocount = 0;
3088 }
3089
3090
3091 /*
3092 * Returns 1 if p2 is "better" than p1
3093 *
3094 * The algorithm for picking the "interesting" process is thus:
3095 *
3096 * 1) Only foreground processes are eligible - implied.
3097 * 2) Runnable processes are favored over anything else. The runner
3098 * with the highest cpu utilization is picked (p_estcpu). Ties are
3099 * broken by picking the highest pid.
3100 * 3) The sleeper with the shortest sleep time is next.
3101 * 4) Further ties are broken by picking the highest pid.
3102 */
3103 #define ISRUN(p) (((p)->p_stat == SRUN) || ((p)->p_stat == SIDL))
3104 #define TESTAB(a, b) ((a)<<1 | (b))
3105 #define ONLYA 2
3106 #define ONLYB 1
3107 #define BOTH 3
3108
3109 /*
3110 * Locks: pgrp_lock(p2) held on call to this function
3111 * tty_lock(tp) for p2's tty, for which p2 is the foreground
3112 * process, held on call to this function
3113 */
3114 static int
proc_compare(proc_t p1,proc_t p2)3115 proc_compare(proc_t p1, proc_t p2)
3116 {
3117 /* NOTE THIS FN needs to be NON BLOCKING */
3118
3119 if (p1 == NULL) {
3120 return 1;
3121 }
3122 /*
3123 * see if at least one of them is runnable
3124 */
3125 switch (TESTAB(ISRUN(p1), ISRUN(p2))) {
3126 case ONLYA:
3127 return 0;
3128 case ONLYB:
3129 return 1;
3130 case BOTH:
3131 /*
3132 * tie - favor one with highest recent cpu utilization
3133 */
3134 #ifdef _PROC_HAS_SCHEDINFO_
3135 /* Without the support the fields are always zero */
3136 if (p2->p_estcpu > p1->p_estcpu) {
3137 return 1;
3138 }
3139 if (p1->p_estcpu > p2->p_estcpu) {
3140 return 0;
3141 }
3142 #endif /* _PROC_HAS_SCHEDINFO_ */
3143 return proc_getpid(p2) > proc_getpid(p1); /* tie - return highest pid */
3144 }
3145 /*
3146 * weed out zombies
3147 */
3148 switch (TESTAB(p1->p_stat == SZOMB, p2->p_stat == SZOMB)) {
3149 case ONLYA:
3150 return 1;
3151 case ONLYB:
3152 return 0;
3153 case BOTH:
3154 return proc_getpid(p2) > proc_getpid(p1); /* tie - return highest pid */
3155 }
3156 /*
3157 * pick the one with the smallest sleep time
3158 */
3159 #ifdef _PROC_HAS_SCHEDINFO_
3160 /* Without the support the fields are always zero */
3161 if (p2->p_slptime > p1->p_slptime) {
3162 return 0;
3163 }
3164 if (p1->p_slptime > p2->p_slptime) {
3165 return 1;
3166 }
3167 #endif /* _PROC_HAS_SCHEDINFO_ */
3168 return proc_getpid(p2) > proc_getpid(p1); /* tie - return highest pid */
3169 }
3170
3171
3172 /*
3173 * Output char to tty; console putchar style.
3174 *
3175 * Locks: Assumes tty_lock() is held prior to calling.
3176 *
3177 * Notes: Only ever called from putchar() in subr_prf.c
3178 */
3179 int
tputchar(int c,struct tty * tp)3180 tputchar(int c, struct tty *tp)
3181 {
3182 TTY_LOCK_OWNED(tp); /* debug assert */
3183
3184 if (!ISSET(tp->t_state, TS_CONNECTED)) {
3185 return -1;
3186 }
3187 if (c == '\n') {
3188 (void)ttyoutput('\r', tp);
3189 }
3190 (void)ttyoutput(c, tp);
3191 ttstart(tp);
3192 return 0;
3193 }
3194
3195
3196 /*
3197 * ttysleep
3198 *
3199 * Sleep on a wait channel waiting for an interrupt or a condition to come
3200 * true so that we are woken up.
3201 *
3202 * Parameters: tp Tty going to sleep
3203 * chan The sleep channel (usually an address
3204 * of a structure member)
3205 * pri priority and flags
3206 * wmesg Wait message; shows up in debugger,
3207 * should show up in "ps", but doesn't
3208 * timo Timeout for the sleep
3209 *
3210 * Returns: 0 Condition came true
3211 * ERESTART Upper layer must redrive the call;
3212 * this is usually done by the Libc
3213 * stub in user space
3214 * msleep0:EINTR Interrupted (usually a signal)
3215 * msleep0:ERESTART Interrupted (usually a masked signal)
3216 * msleep0:EWOULDBLOCK Timeout (timo) already expired
3217 *
3218 * Locks: Assumes tty_lock() is held prior to calling.
3219 *
3220 * Sleep on chan, returning ERESTART if tty changed while we napped and
3221 * returning any errors (e.g. EINTR/EWOULDBLOCK) reported by msleep0. If
3222 * the tty is revoked, restarting a pending call will redo validation done
3223 * at the start of the call.
3224 */
3225 int
ttysleep(struct tty * tp,void * chan,int pri,const char * wmesg,int timo)3226 ttysleep(struct tty *tp, void *chan, int pri, const char *wmesg, int timo)
3227 {
3228 int error;
3229 int gen;
3230
3231 TTY_LOCK_OWNED(tp);
3232
3233 if (tp->t_state & TS_REVOKE) {
3234 return ERESTART;
3235 }
3236
3237 gen = tp->t_gen;
3238 /* Use of msleep0() avoids conversion timo/timespec/timo */
3239 error = msleep0(chan, &tp->t_lock, pri, wmesg, timo, (int (*)(int))0);
3240 if (error) {
3241 return error;
3242 }
3243 return tp->t_gen == gen ? 0 : ERESTART;
3244 }
3245
3246
3247 /*
3248 * Allocate a tty structure and its associated buffers.
3249 *
3250 * Parameters: void
3251 *
3252 * Returns: !NULL Address of new struct tty
3253 * NULL Error ("ENOMEM")
3254 *
3255 * Locks: The tty_lock() of the returned tty is not held when it
3256 * is returned.
3257 */
3258 struct tty *
ttymalloc(void)3259 ttymalloc(void)
3260 {
3261 struct tty *tp;
3262
3263 tp = kalloc_type(struct tty, Z_WAITOK | Z_ZERO | Z_NOFAIL);
3264 /* XXX: default to TTYCLSIZE(1024) chars for now */
3265 clalloc(&tp->t_rawq, TTYCLSIZE, 1);
3266 clalloc(&tp->t_canq, TTYCLSIZE, 1);
3267 /* output queue doesn't need quoting */
3268 clalloc(&tp->t_outq, TTYCLSIZE, 0);
3269 lck_mtx_init(&tp->t_lock, &tty_lck_grp, LCK_ATTR_NULL);
3270 klist_init(&tp->t_rsel.si_note);
3271 klist_init(&tp->t_wsel.si_note);
3272 os_ref_init_raw(&tp->t_refcnt, &t_refgrp);
3273 return tp;
3274 }
3275
3276 /*
3277 * Increment the reference count on a tty.
3278 */
3279 void
ttyhold(struct tty * tp)3280 ttyhold(struct tty *tp)
3281 {
3282 assert(tp != NULL);
3283 os_ref_retain_raw(&tp->t_refcnt, &t_refgrp);
3284 }
3285
3286 /*
3287 * Drops a reference count on a tty structure; if the reference count reaches
3288 * zero, then also frees the structure and associated buffers.
3289 */
3290 void
ttyfree(struct tty * tp)3291 ttyfree(struct tty *tp)
3292 {
3293 assert(tp != NULL);
3294 TTY_LOCK_NOTOWNED(tp);
3295
3296 if (os_ref_release_raw(&tp->t_refcnt, &t_refgrp) == 0) {
3297 ttydeallocate(tp);
3298 }
3299 }
3300
3301 /*
3302 * Drops a reference count on a tty structure while holding the tty lock.
3303 * Panics if the last reference is dropped.
3304 */
3305 void
ttyfree_locked(struct tty * tp)3306 ttyfree_locked(struct tty *tp)
3307 {
3308 assert(tp != NULL);
3309 TTY_LOCK_OWNED(tp);
3310 os_ref_release_live_raw(&tp->t_refcnt, &t_refgrp);
3311 }
3312
3313 /*
3314 * Deallocate a tty structure and its buffers.
3315 *
3316 * Locks: The tty_lock() is assumed to not be held at the time of
3317 * the free; this function destroys the mutex.
3318 */
3319 static void
ttydeallocate(struct tty * tp)3320 ttydeallocate(struct tty *tp)
3321 {
3322 TTY_LOCK_NOTOWNED(tp); /* debug assert */
3323
3324 #if DEBUG
3325 if (!(SLIST_EMPTY(&tp->t_rsel.si_note) && SLIST_EMPTY(&tp->t_wsel.si_note))) {
3326 panic("knotes hooked into a tty when the tty is freed.");
3327 }
3328 #endif /* DEBUG */
3329
3330 clfree(&tp->t_rawq);
3331 clfree(&tp->t_canq);
3332 clfree(&tp->t_outq);
3333 lck_mtx_destroy(&tp->t_lock, &tty_lck_grp);
3334 kfree_type(struct tty, tp);
3335 }
3336
3337
3338 /*
3339 * Locks: Assumes tty_lock() is held prior to calling.
3340 */
3341 static bool
isbackground(proc_t p,struct tty * tp)3342 isbackground(proc_t p, struct tty *tp)
3343 {
3344 TTY_LOCK_OWNED(tp);
3345
3346 if (tp->t_pgrp == NULL ||
3347 (uintptr_t)tp->t_pgrp == smr_unsafe_load(&p->p_pgrp)) {
3348 return false;
3349 }
3350
3351 if (tp->t_session == SESSION_NULL) {
3352 return false;
3353 }
3354
3355 /*
3356 * same as isctty_sp(p, tp, p->p_pgrp->pg_session)
3357 * without dereferencing p->p_pgrp
3358 */
3359 return tp->t_session->s_sid == proc_sessionid(p) && (p->p_flag & P_CONTROLT);
3360 }
3361
3362 static bool
isctty(proc_t p,struct tty * tp)3363 isctty(proc_t p, struct tty *tp)
3364 {
3365 struct session *sessp;
3366 struct pgrp *pg;
3367 bool retval = false;
3368
3369 pg = proc_pgrp(p, &sessp);
3370 retval = isctty_sp(p, tp, sessp);
3371 pgrp_rele(pg);
3372
3373 return retval;
3374 }
3375
3376 static bool
isctty_sp(proc_t p,struct tty * tp,struct session * sessp)3377 isctty_sp(proc_t p, struct tty *tp, struct session *sessp)
3378 {
3379 return sessp == tp->t_session && (p->p_flag & P_CONTROLT);
3380 }
3381
3382
3383 static int filt_ttyattach(struct knote *kn, struct kevent_qos_s *kev);
3384 static void filt_ttydetach(struct knote *kn);
3385 static int filt_ttyevent(struct knote *kn, long hint);
3386 static int filt_ttytouch(struct knote *kn, struct kevent_qos_s *kev);
3387 static int filt_ttyprocess(struct knote *kn, struct kevent_qos_s *kev);
3388
3389 SECURITY_READ_ONLY_EARLY(struct filterops) tty_filtops = {
3390 .f_isfd = 1,
3391 .f_attach = filt_ttyattach,
3392 .f_detach = filt_ttydetach,
3393 .f_event = filt_ttyevent,
3394 .f_touch = filt_ttytouch,
3395 .f_process = filt_ttyprocess
3396 };
3397
3398 /*
3399 * Called with struct tty locked. Returns non-zero if there is data to be read
3400 * or written.
3401 */
3402 static int
filt_tty_common(struct knote * kn,struct kevent_qos_s * kev,struct tty * tp)3403 filt_tty_common(struct knote *kn, struct kevent_qos_s *kev, struct tty *tp)
3404 {
3405 int retval = 0;
3406 int64_t data = 0;
3407
3408 TTY_LOCK_OWNED(tp); /* debug assert */
3409
3410 switch (kn->kn_filter) {
3411 case EVFILT_READ:
3412 /*
3413 * ttnread can change the tty state,
3414 * hence must be done upfront, before any other check.
3415 */
3416 data = ttnread(tp);
3417 retval = (data != 0);
3418 break;
3419 case EVFILT_WRITE:
3420 if ((tp->t_outq.c_cc <= tp->t_lowat) &&
3421 (tp->t_state & TS_CONNECTED)) {
3422 data = tp->t_hiwat - tp->t_outq.c_cc;
3423 retval = (data != 0);
3424 }
3425 break;
3426 default:
3427 panic("tty kevent: unexpected filter: %d, kn = %p, tty = %p",
3428 kn->kn_filter, kn, tp);
3429 break;
3430 }
3431
3432 /*
3433 * TODO(mwidmann, jandrus): For native knote low watermark support,
3434 * check the kn_sfflags for NOTE_LOWAT and check against kn_sdata.
3435 *
3436 * res = ((kn->kn_sfflags & NOTE_LOWAT) != 0) ?
3437 * (kn->kn_data >= kn->kn_sdata) : kn->kn_data;
3438 */
3439
3440 if (tp->t_state & TS_ZOMBIE) {
3441 kn->kn_flags |= EV_EOF;
3442 }
3443 if (kn->kn_flags & EV_EOF) {
3444 retval = 1;
3445 }
3446 if (retval && kev) {
3447 knote_fill_kevent(kn, kev, data);
3448 }
3449
3450 return retval;
3451 }
3452
3453 /*
3454 * Find the struct tty from a waitq, which is a member of one of the two struct
3455 * selinfos inside the struct tty. Use the seltype to determine which selinfo.
3456 */
3457 static struct tty *
tty_from_waitq(struct waitq * wq,int seltype)3458 tty_from_waitq(struct waitq *wq, int seltype)
3459 {
3460 /*
3461 * The waitq is part of the selinfo structure managed by the driver.
3462 * For certain drivers, we want to hook the knote into the selinfo
3463 * structure's si_note field so selwakeup can call KNOTE.
3464 *
3465 * For TTY drivers, the selinfo structure is somewhere in the struct
3466 * tty. There are two different selinfo structures, and the one used
3467 * corresponds to the type of filter requested.
3468 */
3469 switch (seltype) {
3470 case FREAD:
3471 return __container_of(wq, struct tty, t_rsel.si_waitq);
3472 case FWRITE:
3473 return __container_of(wq, struct tty, t_wsel.si_waitq);
3474 default:
3475 return NULL;
3476 }
3477 }
3478
3479 static struct tty *
tty_from_knote(struct knote * kn)3480 tty_from_knote(struct knote *kn)
3481 {
3482 return (struct tty *)knote_kn_hook_get_raw(kn);
3483 }
3484
3485 static int
filt_ttyattach(struct knote * kn,__unused struct kevent_qos_s * kev)3486 filt_ttyattach(struct knote *kn, __unused struct kevent_qos_s *kev)
3487 {
3488 uthread_t uth = current_uthread();
3489 vfs_context_t ctx = vfs_context_current();
3490 vnode_t vp = (vnode_t)fp_get_data(kn->kn_fp);
3491 struct select_set *old_wqs;
3492 int selres;
3493
3494 /*
3495 * This function should be called from spec_kqfilter (spec_vnops.c),
3496 * so most of the knote data structure should already be initialized.
3497 */
3498
3499 /* don't support offsets in ttys or drivers that don't use struct tty */
3500 if (kn->kn_vnode_use_ofst || !kn->kn_vnode_kqok) {
3501 knote_set_error(kn, ENOTSUP);
3502 return 0;
3503 }
3504
3505 /*
3506 * Connect the struct tty to the knote through the selinfo structure
3507 * referenced by the waitq within the selinfo.
3508 *
3509 * FMARK forces selects to always call selrecord, even if data is
3510 * available. See ttselect, ptsselect, ptcselect.
3511 *
3512 * selres also contains the data currently available in the tty.
3513 */
3514 selspec_record_hook_t block = ^(struct selinfo *si){
3515 struct tty *tp;
3516
3517 tp = tty_from_waitq(&si->si_waitq, knote_get_seltype(kn));
3518 TTY_LOCK_OWNED(tp);
3519
3520 /* Attach the knote to selinfo's klist and take a ref */
3521 ttyhold(tp);
3522 knote_kn_hook_set_raw(kn, tp);
3523 KNOTE_ATTACH(&si->si_note, kn);
3524 };
3525
3526 old_wqs = uth->uu_selset;
3527 uth->uu_selset = SELSPEC_RECORD_MARKER;
3528 selres = VNOP_SELECT(vp, knote_get_seltype(kn) | FMARK, 0, block, ctx);
3529 uth->uu_selset = old_wqs;
3530
3531 if (knote_kn_hook_get_raw(kn) == NULL) {
3532 /*
3533 * The driver didn't call selrecord --
3534 * there's no tty hooked up so we can't attach.
3535 */
3536 knote_set_error(kn, ENOTTY);
3537 return 0;
3538 }
3539
3540 return selres;
3541 }
3542
3543 static void
filt_ttydetach(struct knote * kn)3544 filt_ttydetach(struct knote *kn)
3545 {
3546 struct tty *tp = tty_from_knote(kn);
3547
3548 tty_lock(tp);
3549
3550 if (!KNOTE_IS_AUTODETACHED(kn)) {
3551 switch (kn->kn_filter) {
3552 case EVFILT_READ:
3553 KNOTE_DETACH(&tp->t_rsel.si_note, kn);
3554 break;
3555 case EVFILT_WRITE:
3556 KNOTE_DETACH(&tp->t_wsel.si_note, kn);
3557 break;
3558 default:
3559 panic("invalid knote %p detach, filter: %d", kn, kn->kn_filter);
3560 break;
3561 }
3562 }
3563
3564 // Remove dangling reference
3565 knote_kn_hook_set_raw(kn, NULL);
3566
3567 tty_unlock(tp);
3568 ttyfree(tp);
3569 }
3570
3571 static int
filt_ttyevent(struct knote * kn,long hint)3572 filt_ttyevent(struct knote *kn, long hint)
3573 {
3574 struct tty *tp = tty_from_knote(kn);
3575 int ret;
3576
3577 TTY_LOCK_OWNED(tp);
3578
3579 if (hint & NOTE_REVOKE) {
3580 kn->kn_flags |= EV_EOF | EV_ONESHOT;
3581 ret = 1;
3582 } else {
3583 ret = filt_tty_common(kn, NULL, tp);
3584 }
3585
3586 return ret;
3587 }
3588
3589 static int
filt_ttytouch(struct knote * kn,struct kevent_qos_s * kev)3590 filt_ttytouch(struct knote *kn, struct kevent_qos_s *kev)
3591 {
3592 struct tty *tp = tty_from_knote(kn);
3593 int res = 0;
3594
3595 tty_lock(tp);
3596
3597 kn->kn_sdata = kev->data;
3598 kn->kn_sfflags = kev->fflags;
3599
3600 if (kn->kn_vnode_kqok) {
3601 res = filt_tty_common(kn, NULL, tp);
3602 }
3603
3604 tty_unlock(tp);
3605
3606 return res;
3607 }
3608
3609 static int
filt_ttyprocess(struct knote * kn,struct kevent_qos_s * kev)3610 filt_ttyprocess(struct knote *kn, struct kevent_qos_s *kev)
3611 {
3612 struct tty *tp = tty_from_knote(kn);
3613 int res;
3614
3615 tty_lock(tp);
3616
3617 res = filt_tty_common(kn, kev, tp);
3618
3619 tty_unlock(tp);
3620
3621 return res;
3622 }
3623