kernel: Fix two NULL dereference issues.
[dragonfly.git] / sys / netgraph / tty / ng_tty.c
blob5b18de57c8b641a2807c701f296f014361bd458e
1 /*
2 * (MPSAFE)
4 * ng_tty.c
6 * Copyright (c) 1996-1999 Whistle Communications, Inc.
7 * All rights reserved.
8 *
9 * Subject to the following obligations and disclaimer of warranty, use and
10 * redistribution of this software, in source or object code forms, with or
11 * without modifications are expressly permitted by Whistle Communications;
12 * provided, however, that:
13 * 1. Any and all reproductions of the source or object code must include the
14 * copyright notice above and the following disclaimer of warranties; and
15 * 2. No rights are granted, in any manner or form, to use Whistle
16 * Communications, Inc. trademarks, including the mark "WHISTLE
17 * COMMUNICATIONS" on advertising, endorsements, or otherwise except as
18 * such appears in the above copyright notice or in the software.
20 * THIS SOFTWARE IS BEING PROVIDED BY WHISTLE COMMUNICATIONS "AS IS", AND
21 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, WHISTLE COMMUNICATIONS MAKES NO
22 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING THIS SOFTWARE,
23 * INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED WARRANTIES OF
24 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT.
25 * WHISTLE COMMUNICATIONS DOES NOT WARRANT, GUARANTEE, OR MAKE ANY
26 * REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS OF THE USE OF THIS
27 * SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY, RELIABILITY OR OTHERWISE.
28 * IN NO EVENT SHALL WHISTLE COMMUNICATIONS BE LIABLE FOR ANY DAMAGES
29 * RESULTING FROM OR ARISING OUT OF ANY USE OF THIS SOFTWARE, INCLUDING
30 * WITHOUT LIMITATION, ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
31 * PUNITIVE, OR CONSEQUENTIAL DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR
32 * SERVICES, LOSS OF USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY
33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
35 * THIS SOFTWARE, EVEN IF WHISTLE COMMUNICATIONS IS ADVISED OF THE POSSIBILITY
36 * OF SUCH DAMAGE.
38 * Author: Archie Cobbs <archie@freebsd.org>
40 * $FreeBSD: src/sys/netgraph/ng_tty.c,v 1.7.2.3 2002/02/13 00:43:12 dillon Exp $
41 * $Whistle: ng_tty.c,v 1.21 1999/11/01 09:24:52 julian Exp $
45 * This file implements a terminal line discipline that is also a
46 * netgraph node. Installing this line discipline on a terminal device
47 * instantiates a new netgraph node of this type, which allows access
48 * to the device via the "hook" hook of the node.
50 * Once the line discipline is installed, you can find out the name
51 * of the corresponding netgraph node via a NGIOCGINFO ioctl().
53 * Incoming characters are delievered to the hook one at a time, each
54 * in its own mbuf. You may optionally define a ``hotchar,'' which causes
55 * incoming characters to be buffered up until either the hotchar is
56 * seen or the mbuf is full (MHLEN bytes). Then all buffered characters
57 * are immediately delivered.
59 * NOTE: This node operates at spltty().
62 #include <sys/param.h>
63 #include <sys/systm.h>
64 #include <sys/kernel.h>
65 #include <sys/conf.h>
66 #include <sys/proc.h>
67 #include <sys/priv.h>
68 #include <sys/mbuf.h>
69 #include <sys/malloc.h>
70 #include <sys/fcntl.h>
71 #include <sys/tty.h>
72 #include <sys/ttycom.h>
73 #include <sys/syslog.h>
74 #include <sys/errno.h>
75 #include <sys/thread2.h>
77 #include <netgraph/ng_message.h>
78 #include <netgraph/netgraph.h>
79 #include "ng_tty.h"
81 /* Misc defs */
82 #define MAX_MBUFQ 3 /* Max number of queued mbufs */
83 #define NGT_HIWATER 400 /* High water mark on output */
85 /* Per-node private info */
86 struct ngt_sc {
87 struct tty *tp; /* Terminal device */
88 node_p node; /* Netgraph node */
89 hook_p hook; /* Netgraph hook */
90 struct mbuf *m; /* Incoming data buffer */
91 struct mbuf *qhead, **qtail; /* Queue of outgoing mbuf's */
92 short qlen; /* Length of queue */
93 short hotchar; /* Hotchar, or -1 if none */
94 u_int flags; /* Flags */
95 struct callout ctimeout; /* See man timeout(9) */
97 typedef struct ngt_sc *sc_p;
99 /* Flags */
100 #define FLG_TIMEOUT 0x0001 /* A timeout is pending */
101 #define FLG_DEBUG 0x0002
103 /* Debugging */
104 #ifdef INVARIANTS
105 #define QUEUECHECK(sc) \
106 do { \
107 struct mbuf **mp; \
108 int k; \
110 for (k = 0, mp = &sc->qhead; \
111 k <= MAX_MBUFQ && *mp; \
112 k++, mp = &(*mp)->m_nextpkt); \
113 if (k != sc->qlen || k > MAX_MBUFQ || *mp || mp != sc->qtail) \
114 panic("%s: queue", __func__); \
115 } while (0)
116 #else
117 #define QUEUECHECK(sc) do {} while (0)
118 #endif
120 /* Line discipline methods */
121 static int ngt_open(cdev_t dev, struct tty *tp);
122 static int ngt_close(struct tty *tp, int flag);
123 static int ngt_read(struct tty *tp, struct uio *uio, int flag);
124 static int ngt_write(struct tty *tp, struct uio *uio, int flag);
125 static int ngt_tioctl(struct tty *tp,
126 u_long cmd, caddr_t data, int flag, struct ucred *cred);
127 static int ngt_input(int c, struct tty *tp);
128 static int ngt_start(struct tty *tp);
130 /* Netgraph methods */
131 static ng_constructor_t ngt_constructor;
132 static ng_rcvmsg_t ngt_rcvmsg;
133 static ng_shutdown_t ngt_shutdown;
134 static ng_newhook_t ngt_newhook;
135 static ng_rcvdata_t ngt_rcvdata;
136 static ng_disconnect_t ngt_disconnect;
137 static int ngt_mod_event(module_t mod, int event, void *data);
139 /* Other stuff */
140 static void ngt_timeout(void *arg);
142 #define ERROUT(x) do { error = (x); goto done; } while (0)
144 /* Line discipline descriptor */
145 static struct linesw ngt_disc = {
146 ngt_open,
147 ngt_close,
148 ngt_read,
149 ngt_write,
150 ngt_tioctl,
151 ngt_input,
152 ngt_start,
153 ttymodem,
154 NG_TTY_DFL_HOTCHAR /* XXX can't change this in serial driver */
157 /* Netgraph node type descriptor */
158 static struct ng_type typestruct = {
159 NG_VERSION,
160 NG_TTY_NODE_TYPE,
161 ngt_mod_event,
162 ngt_constructor,
163 ngt_rcvmsg,
164 ngt_shutdown,
165 ngt_newhook,
166 NULL,
167 NULL,
168 ngt_rcvdata,
169 ngt_rcvdata,
170 ngt_disconnect,
171 NULL
173 NETGRAPH_INIT(tty, &typestruct);
175 static int ngt_unit;
176 static int ngt_nodeop_ok; /* OK to create/remove node */
177 static int ngt_ldisc;
179 /******************************************************************
180 LINE DISCIPLINE METHODS
181 ******************************************************************/
184 * Set our line discipline on the tty.
185 * Called from device open routine or ttioctl() at >= splsofttty()
187 static int
188 ngt_open(cdev_t dev, struct tty *tp)
190 struct thread *td = curthread; /* XXX */
191 char name[sizeof(NG_TTY_NODE_TYPE) + 8];
192 sc_p sc;
193 int error;
195 /* Super-user only */
196 if ((error = priv_check(td, PRIV_ROOT)))
197 return (error);
198 crit_enter();
199 lwkt_gettoken(&tty_token);
201 /* Already installed? */
202 if (tp->t_line == NETGRAPHDISC) {
203 sc = (sc_p) tp->t_sc;
204 if (sc != NULL && sc->tp == tp)
205 goto done;
208 /* Initialize private struct */
209 sc = kmalloc(sizeof(*sc), M_NETGRAPH, M_WAITOK | M_ZERO);
210 sc->tp = tp;
211 sc->hotchar = NG_TTY_DFL_HOTCHAR;
212 sc->qtail = &sc->qhead;
213 QUEUECHECK(sc);
214 callout_init_mp(&sc->ctimeout);
216 /* Setup netgraph node */
217 ngt_nodeop_ok = 1;
218 error = ng_make_node_common(&typestruct, &sc->node);
219 ngt_nodeop_ok = 0;
220 if (error) {
221 kfree(sc, M_NETGRAPH);
222 goto done;
224 ksnprintf(name, sizeof(name), "%s%d", typestruct.name, ngt_unit++);
226 /* Set back pointers */
227 sc->node->private = sc;
228 tp->t_sc = (caddr_t) sc;
230 /* Assign node its name */
231 if ((error = ng_name_node(sc->node, name))) {
232 log(LOG_ERR, "%s: node name exists?\n", name);
233 ngt_nodeop_ok = 1;
234 ng_rmnode(sc->node);
235 ngt_nodeop_ok = 0;
236 goto done;
240 * Pre-allocate cblocks to the an appropriate amount.
241 * I'm not sure what is appropriate.
243 ttyflush(tp, FREAD | FWRITE);
244 clist_alloc_cblocks(&tp->t_canq, 0, 0);
245 clist_alloc_cblocks(&tp->t_rawq, 0, 0);
246 clist_alloc_cblocks(&tp->t_outq,
247 MLEN + NGT_HIWATER, MLEN + NGT_HIWATER);
249 done:
250 /* Done */
251 lwkt_reltoken(&tty_token);
252 crit_exit();
253 return (error);
257 * Line specific close routine, called from device close routine
258 * and from ttioctl at >= splsofttty(). This causes the node to
259 * be destroyed as well.
261 static int
262 ngt_close(struct tty *tp, int flag)
264 const sc_p sc = (sc_p) tp->t_sc;
266 crit_enter();
267 lwkt_gettoken(&tty_token);
268 ttyflush(tp, FREAD | FWRITE);
269 clist_free_cblocks(&tp->t_outq);
270 tp->t_line = 0;
271 if (sc != NULL) {
272 if (sc->flags & FLG_TIMEOUT) {
273 callout_stop(&sc->ctimeout);
274 sc->flags &= ~FLG_TIMEOUT;
276 ngt_nodeop_ok = 1;
277 ng_rmnode(sc->node);
278 ngt_nodeop_ok = 0;
279 tp->t_sc = NULL;
281 lwkt_reltoken(&tty_token);
282 crit_exit();
283 return (0);
287 * Once the device has been turned into a node, we don't allow reading.
289 static int
290 ngt_read(struct tty *tp, struct uio *uio, int flag)
292 return (EIO);
296 * Once the device has been turned into a node, we don't allow writing.
298 static int
299 ngt_write(struct tty *tp, struct uio *uio, int flag)
301 return (EIO);
305 * We implement the NGIOCGINFO ioctl() defined in ng_message.h.
307 static int
308 ngt_tioctl(struct tty *tp, u_long cmd, caddr_t data, int flag, struct ucred *cred)
310 const sc_p sc = (sc_p) tp->t_sc;
311 int error = 0;
313 crit_enter();
314 lwkt_gettoken(&tty_token);
315 switch (cmd) {
316 case NGIOCGINFO:
318 struct nodeinfo *const ni = (struct nodeinfo *) data;
319 const node_p node = sc->node;
321 bzero(ni, sizeof(*ni));
322 if (node->name)
323 strncpy(ni->name, node->name, sizeof(ni->name) - 1);
324 strncpy(ni->type, node->type->name, sizeof(ni->type) - 1);
325 ni->id = (u_int32_t)(uintptr_t)node;
326 ni->hooks = node->numhooks;
327 break;
329 default:
330 ERROUT(ENOIOCTL);
332 done:
333 lwkt_reltoken(&tty_token);
334 crit_exit();
335 return (error);
339 * Receive data coming from the device. We get one character at
340 * a time, which is kindof silly.
341 * Only guaranteed to be at splsofttty() or spltty().
343 static int
344 ngt_input(int c, struct tty *tp)
346 const sc_p sc = (sc_p) tp->t_sc;
347 const node_p node = sc ? sc->node : NULL;
348 struct mbuf *m;
349 int error = 0;
351 lwkt_gettoken(&tty_token);
352 if (!sc || tp != sc->tp) {
353 lwkt_reltoken(&tty_token);
354 return (0);
356 crit_enter();
357 if (!sc->hook)
358 ERROUT(0);
360 /* Check for error conditions */
361 if ((tp->t_state & TS_CONNECTED) == 0) {
362 if (sc->flags & FLG_DEBUG)
363 log(LOG_DEBUG, "%s: no carrier\n", node->name);
364 ERROUT(0);
366 if (c & TTY_ERRORMASK) {
367 /* framing error or overrun on this char */
368 if (sc->flags & FLG_DEBUG)
369 log(LOG_DEBUG, "%s: line error %x\n",
370 node->name, c & TTY_ERRORMASK);
371 ERROUT(0);
373 c &= TTY_CHARMASK;
375 /* Get a new header mbuf if we need one */
376 if (!(m = sc->m)) {
377 MGETHDR(m, MB_DONTWAIT, MT_DATA);
378 if (!m) {
379 if (sc->flags & FLG_DEBUG)
380 log(LOG_ERR,
381 "%s: can't get mbuf\n", node->name);
382 ERROUT(ENOBUFS);
384 m->m_len = m->m_pkthdr.len = 0;
385 m->m_pkthdr.rcvif = NULL;
386 sc->m = m;
389 /* Add char to mbuf */
390 *mtod(m, u_char *) = c;
391 m->m_data++;
392 m->m_len++;
393 m->m_pkthdr.len++;
395 /* Ship off mbuf if it's time */
396 if (sc->hotchar == -1 || c == sc->hotchar || m->m_len >= MHLEN) {
397 m->m_data = m->m_pktdat;
398 error = ng_queue_data(sc->hook, m, NULL);
399 sc->m = NULL;
401 done:
402 crit_exit();
403 lwkt_reltoken(&tty_token);
404 return (error);
408 * This is called when the device driver is ready for more output.
409 * Called from tty system at splsofttty() or spltty().
410 * Also call from ngt_rcv_data() when a new mbuf is available for output.
412 static int
413 ngt_start(struct tty *tp)
415 const sc_p sc = (sc_p) tp->t_sc;
417 crit_enter();
418 lwkt_gettoken(&tty_token);
419 while (tp->t_outq.c_cc < NGT_HIWATER) { /* XXX 2.2 specific ? */
420 struct mbuf *m = sc->qhead;
422 /* Remove first mbuf from queue */
423 if (!m)
424 break;
425 if ((sc->qhead = m->m_nextpkt) == NULL)
426 sc->qtail = &sc->qhead;
427 sc->qlen--;
428 QUEUECHECK(sc);
430 /* Send as much of it as possible */
431 while (m) {
432 int sent;
434 sent = m->m_len
435 - b_to_q(mtod(m, u_char *), m->m_len, &tp->t_outq);
436 m->m_data += sent;
437 m->m_len -= sent;
438 if (m->m_len > 0)
439 break; /* device can't take no more */
440 m = m_free(m);
443 /* Put remainder of mbuf chain (if any) back on queue */
444 if (m) {
445 m->m_nextpkt = sc->qhead;
446 sc->qhead = m;
447 if (sc->qtail == &sc->qhead)
448 sc->qtail = &m->m_nextpkt;
449 sc->qlen++;
450 QUEUECHECK(sc);
451 break;
455 /* Call output process whether or not there is any output. We are
456 * being called in lieu of ttstart and must do what it would. */
457 if (tp->t_oproc != NULL)
458 (*tp->t_oproc) (tp);
460 /* This timeout is needed for operation on a pseudo-tty, because the
461 * pty code doesn't call pppstart after it has drained the t_outq. */
462 if (sc->qhead && (sc->flags & FLG_TIMEOUT) == 0) {
463 callout_reset(&sc->ctimeout, 1, ngt_timeout, sc);
464 sc->flags |= FLG_TIMEOUT;
466 lwkt_reltoken(&tty_token);
467 crit_exit();
468 return (0);
472 * We still have data to output to the device, so try sending more.
474 static void
475 ngt_timeout(void *arg)
477 const sc_p sc = (sc_p) arg;
479 crit_enter();
480 lwkt_gettoken(&tty_token);
481 sc->flags &= ~FLG_TIMEOUT;
482 ngt_start(sc->tp);
483 lwkt_reltoken(&tty_token);
484 crit_exit();
487 /******************************************************************
488 NETGRAPH NODE METHODS
489 ******************************************************************/
492 * Initialize a new node of this type.
494 * We only allow nodes to be created as a result of setting
495 * the line discipline on a tty, so always return an error if not.
497 static int
498 ngt_constructor(node_p *nodep)
500 if (!ngt_nodeop_ok)
501 return (EOPNOTSUPP);
502 return (ng_make_node_common(&typestruct, nodep));
506 * Add a new hook. There can only be one.
508 static int
509 ngt_newhook(node_p node, hook_p hook, const char *name)
511 const sc_p sc = node->private;
512 int error = 0;
514 if (strcmp(name, NG_TTY_HOOK))
515 return (EINVAL);
516 crit_enter();
517 lwkt_gettoken(&tty_token);
518 if (sc->hook)
519 ERROUT(EISCONN);
520 sc->hook = hook;
521 done:
522 lwkt_reltoken(&tty_token);
523 crit_exit();
524 return (error);
528 * Disconnect the hook
530 static int
531 ngt_disconnect(hook_p hook)
533 const sc_p sc = hook->node->private;
535 crit_enter();
536 lwkt_gettoken(&tty_token);
537 if (hook != sc->hook)
538 panic(__func__);
539 sc->hook = NULL;
540 m_freem(sc->m);
541 sc->m = NULL;
542 lwkt_reltoken(&tty_token);
543 crit_exit();
544 return (0);
548 * Remove this node. The does the netgraph portion of the shutdown.
549 * This should only be called indirectly from ngt_close().
551 static int
552 ngt_shutdown(node_p node)
554 const sc_p sc = node->private;
556 if (!ngt_nodeop_ok)
557 return (EOPNOTSUPP);
558 lwkt_gettoken(&tty_token);
559 ng_unname(node);
560 ng_cutlinks(node);
561 node->private = NULL;
562 ng_unref(sc->node);
563 m_freem(sc->qhead);
564 m_freem(sc->m);
565 bzero(sc, sizeof(*sc));
566 kfree(sc, M_NETGRAPH);
567 lwkt_reltoken(&tty_token);
568 return (0);
572 * Receive incoming data from netgraph system. Put it on our
573 * output queue and start output if necessary.
575 static int
576 ngt_rcvdata(hook_p hook, struct mbuf *m, meta_p meta)
578 const sc_p sc = hook->node->private;
579 int error = 0;
581 if (hook != sc->hook)
582 panic(__func__);
583 NG_FREE_META(meta);
584 crit_enter();
585 lwkt_gettoken(&tty_token);
586 if (sc->qlen >= MAX_MBUFQ)
587 ERROUT(ENOBUFS);
588 m->m_nextpkt = NULL;
589 *sc->qtail = m;
590 sc->qtail = &m->m_nextpkt;
591 sc->qlen++;
592 QUEUECHECK(sc);
593 m = NULL;
594 if (sc->qlen == 1)
595 ngt_start(sc->tp);
596 done:
597 lwkt_reltoken(&tty_token);
598 crit_exit();
599 if (m)
600 m_freem(m);
601 return (error);
605 * Receive control message
607 static int
608 ngt_rcvmsg(node_p node, struct ng_mesg *msg, const char *retaddr,
609 struct ng_mesg **rptr)
611 const sc_p sc = (sc_p) node->private;
612 struct ng_mesg *resp = NULL;
613 int error = 0;
615 lwkt_gettoken(&tty_token);
616 switch (msg->header.typecookie) {
617 case NGM_TTY_COOKIE:
618 switch (msg->header.cmd) {
619 case NGM_TTY_SET_HOTCHAR:
621 int hotchar;
623 if (msg->header.arglen != sizeof(int))
624 ERROUT(EINVAL);
625 hotchar = *((int *) msg->data);
626 if (hotchar != (u_char) hotchar && hotchar != -1)
627 ERROUT(EINVAL);
628 sc->hotchar = hotchar; /* race condition is OK */
629 break;
631 case NGM_TTY_GET_HOTCHAR:
632 NG_MKRESPONSE(resp, msg, sizeof(int), M_NOWAIT);
633 if (!resp)
634 ERROUT(ENOMEM);
635 /* Race condition here is OK */
636 *((int *) resp->data) = sc->hotchar;
637 break;
638 default:
639 ERROUT(EINVAL);
641 break;
642 default:
643 ERROUT(EINVAL);
645 if (rptr)
646 *rptr = resp;
647 else if (resp)
648 kfree(resp, M_NETGRAPH);
650 done:
651 kfree(msg, M_NETGRAPH);
652 lwkt_reltoken(&tty_token);
653 return (error);
656 /******************************************************************
657 INITIALIZATION
658 ******************************************************************/
661 * Handle loading and unloading for this node type
663 static int
664 ngt_mod_event(module_t mod, int event, void *data)
666 /* struct ng_type *const type = data;*/
667 int error = 0;
669 lwkt_gettoken(&tty_token);
670 switch (event) {
671 case MOD_LOAD:
672 /* Register line discipline */
673 crit_enter();
674 if ((ngt_ldisc = ldisc_register(NETGRAPHDISC, &ngt_disc)) < 0) {
675 crit_exit();
676 log(LOG_ERR, "%s: can't register line discipline",
677 __func__);
678 return (EIO);
680 crit_exit();
681 break;
683 case MOD_UNLOAD:
685 /* Unregister line discipline */
686 crit_enter();
687 ldisc_deregister(ngt_ldisc);
688 crit_exit();
689 break;
691 default:
692 error = EOPNOTSUPP;
693 break;
695 lwkt_reltoken(&tty_token);
696 return (error);