1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/tty.h> 9 #include <linux/tty_driver.h> 10 #include <linux/tty_flip.h> 11 #include <linux/timer.h> 12 #include <linux/string.h> 13 #include <linux/slab.h> 14 #include <linux/sched.h> 15 #include <linux/wait.h> 16 #include <linux/bitops.h> 17 #include <linux/delay.h> 18 #include <linux/module.h> 19 #include <linux/ratelimit.h> 20 #include "tty.h" 21 22 #define MIN_TTYB_SIZE 256 23 #define TTYB_ALIGN_MASK 255 24 25 /* 26 * Byte threshold to limit memory consumption for flip buffers. 27 * The actual memory limit is > 2x this amount. 28 */ 29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 30 31 /* 32 * We default to dicing tty buffer allocations to this many characters 33 * in order to avoid multiple page allocations. We know the size of 34 * tty_buffer itself but it must also be taken into account that the 35 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 36 * logic this must match. 37 */ 38 39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) 40 41 /** 42 * tty_buffer_lock_exclusive - gain exclusive access to buffer 43 * tty_buffer_unlock_exclusive - release exclusive access 44 * 45 * @port: tty port owning the flip buffer 46 * 47 * Guarantees safe use of the line discipline's receive_buf() method by 48 * excluding the buffer work and any pending flush from using the flip 49 * buffer. Data can continue to be added concurrently to the flip buffer 50 * from the driver side. 51 * 52 * On release, the buffer work is restarted if there is data in the 53 * flip buffer 54 */ 55 56 void tty_buffer_lock_exclusive(struct tty_port *port) 57 { 58 struct tty_bufhead *buf = &port->buf; 59 60 atomic_inc(&buf->priority); 61 mutex_lock(&buf->lock); 62 } 63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 64 65 void tty_buffer_unlock_exclusive(struct tty_port *port) 66 { 67 struct tty_bufhead *buf = &port->buf; 68 int restart; 69 70 restart = buf->head->commit != buf->head->read; 71 72 atomic_dec(&buf->priority); 73 mutex_unlock(&buf->lock); 74 if (restart) 75 queue_work(system_unbound_wq, &buf->work); 76 } 77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 78 79 /** 80 * tty_buffer_space_avail - return unused buffer space 81 * @port: tty port owning the flip buffer 82 * 83 * Returns the # of bytes which can be written by the driver without 84 * reaching the buffer limit. 85 * 86 * Note: this does not guarantee that memory is available to write 87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to 88 * pre-allocate if memory guarantee is required). 89 */ 90 91 unsigned int tty_buffer_space_avail(struct tty_port *port) 92 { 93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 94 95 return max(space, 0); 96 } 97 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 98 99 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 100 { 101 p->used = 0; 102 p->size = size; 103 p->next = NULL; 104 p->commit = 0; 105 p->read = 0; 106 p->flags = 0; 107 } 108 109 /** 110 * tty_buffer_free_all - free buffers used by a tty 111 * @port: tty port to free from 112 * 113 * Remove all the buffers pending on a tty whether queued with data 114 * or in the free ring. Must be called when the tty is no longer in use 115 */ 116 117 void tty_buffer_free_all(struct tty_port *port) 118 { 119 struct tty_bufhead *buf = &port->buf; 120 struct tty_buffer *p, *next; 121 struct llist_node *llist; 122 unsigned int freed = 0; 123 int still_used; 124 125 while ((p = buf->head) != NULL) { 126 buf->head = p->next; 127 freed += p->size; 128 if (p->size > 0) 129 kfree(p); 130 } 131 llist = llist_del_all(&buf->free); 132 llist_for_each_entry_safe(p, next, llist, free) 133 kfree(p); 134 135 tty_buffer_reset(&buf->sentinel, 0); 136 buf->head = &buf->sentinel; 137 buf->tail = &buf->sentinel; 138 139 still_used = atomic_xchg(&buf->mem_used, 0); 140 WARN(still_used != freed, "we still have not freed %d bytes!", 141 still_used - freed); 142 } 143 144 /** 145 * tty_buffer_alloc - allocate a tty buffer 146 * @port: tty port 147 * @size: desired size (characters) 148 * 149 * Allocate a new tty buffer to hold the desired number of characters. 150 * We round our buffers off in 256 character chunks to get better 151 * allocation behaviour. 152 * Return NULL if out of memory or the allocation would exceed the 153 * per device queue 154 */ 155 156 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 157 { 158 struct llist_node *free; 159 struct tty_buffer *p; 160 161 /* Round the buffer size out */ 162 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 163 164 if (size <= MIN_TTYB_SIZE) { 165 free = llist_del_first(&port->buf.free); 166 if (free) { 167 p = llist_entry(free, struct tty_buffer, free); 168 goto found; 169 } 170 } 171 172 /* Should possibly check if this fails for the largest buffer we 173 * have queued and recycle that ? 174 */ 175 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 176 return NULL; 177 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC); 178 if (p == NULL) 179 return NULL; 180 181 found: 182 tty_buffer_reset(p, size); 183 atomic_add(size, &port->buf.mem_used); 184 return p; 185 } 186 187 /** 188 * tty_buffer_free - free a tty buffer 189 * @port: tty port owning the buffer 190 * @b: the buffer to free 191 * 192 * Free a tty buffer, or add it to the free list according to our 193 * internal strategy 194 */ 195 196 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 197 { 198 struct tty_bufhead *buf = &port->buf; 199 200 /* Dumb strategy for now - should keep some stats */ 201 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 202 203 if (b->size > MIN_TTYB_SIZE) 204 kfree(b); 205 else if (b->size > 0) 206 llist_add(&b->free, &buf->free); 207 } 208 209 /** 210 * tty_buffer_flush - flush full tty buffers 211 * @tty: tty to flush 212 * @ld: optional ldisc ptr (must be referenced) 213 * 214 * flush all the buffers containing receive data. If ld != NULL, 215 * flush the ldisc input buffer. 216 * 217 * Locking: takes buffer lock to ensure single-threaded flip buffer 218 * 'consumer' 219 */ 220 221 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 222 { 223 struct tty_port *port = tty->port; 224 struct tty_bufhead *buf = &port->buf; 225 struct tty_buffer *next; 226 227 atomic_inc(&buf->priority); 228 229 mutex_lock(&buf->lock); 230 /* paired w/ release in __tty_buffer_request_room; ensures there are 231 * no pending memory accesses to the freed buffer 232 */ 233 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 234 tty_buffer_free(port, buf->head); 235 buf->head = next; 236 } 237 buf->head->read = buf->head->commit; 238 239 if (ld && ld->ops->flush_buffer) 240 ld->ops->flush_buffer(tty); 241 242 atomic_dec(&buf->priority); 243 mutex_unlock(&buf->lock); 244 } 245 246 /** 247 * __tty_buffer_request_room - grow tty buffer if needed 248 * @port: tty port 249 * @size: size desired 250 * @flags: buffer flags if new buffer allocated (default = 0) 251 * 252 * Make at least size bytes of linear space available for the tty 253 * buffer. If we fail return the size we managed to find. 254 * 255 * Will change over to a new buffer if the current buffer is encoded as 256 * TTY_NORMAL (so has no flags buffer) and the new buffer requires 257 * a flags buffer. 258 */ 259 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 260 int flags) 261 { 262 struct tty_bufhead *buf = &port->buf; 263 struct tty_buffer *b, *n; 264 int left, change; 265 266 b = buf->tail; 267 if (b->flags & TTYB_NORMAL) 268 left = 2 * b->size - b->used; 269 else 270 left = b->size - b->used; 271 272 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL); 273 if (change || left < size) { 274 /* This is the slow path - looking for new buffers to use */ 275 n = tty_buffer_alloc(port, size); 276 if (n != NULL) { 277 n->flags = flags; 278 buf->tail = n; 279 /* paired w/ acquire in flush_to_ldisc(); ensures 280 * flush_to_ldisc() sees buffer data. 281 */ 282 smp_store_release(&b->commit, b->used); 283 /* paired w/ acquire in flush_to_ldisc(); ensures the 284 * latest commit value can be read before the head is 285 * advanced to the next buffer 286 */ 287 smp_store_release(&b->next, n); 288 } else if (change) 289 size = 0; 290 else 291 size = left; 292 } 293 return size; 294 } 295 296 int tty_buffer_request_room(struct tty_port *port, size_t size) 297 { 298 return __tty_buffer_request_room(port, size, 0); 299 } 300 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 301 302 /** 303 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer 304 * @port: tty port 305 * @chars: characters 306 * @flag: flag value for each character 307 * @size: size 308 * 309 * Queue a series of bytes to the tty buffering. All the characters 310 * passed are marked with the supplied flag. Returns the number added. 311 */ 312 313 int tty_insert_flip_string_fixed_flag(struct tty_port *port, 314 const unsigned char *chars, char flag, size_t size) 315 { 316 int copied = 0; 317 318 do { 319 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 320 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 321 int space = __tty_buffer_request_room(port, goal, flags); 322 struct tty_buffer *tb = port->buf.tail; 323 324 if (unlikely(space == 0)) 325 break; 326 memcpy(char_buf_ptr(tb, tb->used), chars, space); 327 if (~tb->flags & TTYB_NORMAL) 328 memset(flag_buf_ptr(tb, tb->used), flag, space); 329 tb->used += space; 330 copied += space; 331 chars += space; 332 /* There is a small chance that we need to split the data over 333 * several buffers. If this is the case we must loop. 334 */ 335 } while (unlikely(size > copied)); 336 return copied; 337 } 338 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 339 340 /** 341 * tty_insert_flip_string_flags - Add characters to the tty buffer 342 * @port: tty port 343 * @chars: characters 344 * @flags: flag bytes 345 * @size: size 346 * 347 * Queue a series of bytes to the tty buffering. For each character 348 * the flags array indicates the status of the character. Returns the 349 * number added. 350 */ 351 352 int tty_insert_flip_string_flags(struct tty_port *port, 353 const unsigned char *chars, const char *flags, size_t size) 354 { 355 int copied = 0; 356 357 do { 358 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 359 int space = tty_buffer_request_room(port, goal); 360 struct tty_buffer *tb = port->buf.tail; 361 362 if (unlikely(space == 0)) 363 break; 364 memcpy(char_buf_ptr(tb, tb->used), chars, space); 365 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 366 tb->used += space; 367 copied += space; 368 chars += space; 369 flags += space; 370 /* There is a small chance that we need to split the data over 371 * several buffers. If this is the case we must loop. 372 */ 373 } while (unlikely(size > copied)); 374 return copied; 375 } 376 EXPORT_SYMBOL(tty_insert_flip_string_flags); 377 378 /** 379 * __tty_insert_flip_char - Add one character to the tty buffer 380 * @port: tty port 381 * @ch: character 382 * @flag: flag byte 383 * 384 * Queue a single byte to the tty buffering, with an optional flag. 385 * This is the slow path of tty_insert_flip_char. 386 */ 387 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag) 388 { 389 struct tty_buffer *tb; 390 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 391 392 if (!__tty_buffer_request_room(port, 1, flags)) 393 return 0; 394 395 tb = port->buf.tail; 396 if (~tb->flags & TTYB_NORMAL) 397 *flag_buf_ptr(tb, tb->used) = flag; 398 *char_buf_ptr(tb, tb->used++) = ch; 399 400 return 1; 401 } 402 EXPORT_SYMBOL(__tty_insert_flip_char); 403 404 /** 405 * tty_schedule_flip - push characters to ldisc 406 * @port: tty port to push from 407 * 408 * Takes any pending buffers and transfers their ownership to the 409 * ldisc side of the queue. It then schedules those characters for 410 * processing by the line discipline. 411 */ 412 413 void tty_schedule_flip(struct tty_port *port) 414 { 415 struct tty_bufhead *buf = &port->buf; 416 417 /* paired w/ acquire in flush_to_ldisc(); ensures 418 * flush_to_ldisc() sees buffer data. 419 */ 420 smp_store_release(&buf->tail->commit, buf->tail->used); 421 queue_work(system_unbound_wq, &buf->work); 422 } 423 EXPORT_SYMBOL(tty_schedule_flip); 424 425 /** 426 * tty_prepare_flip_string - make room for characters 427 * @port: tty port 428 * @chars: return pointer for character write area 429 * @size: desired size 430 * 431 * Prepare a block of space in the buffer for data. Returns the length 432 * available and buffer pointer to the space which is now allocated and 433 * accounted for as ready for normal characters. This is used for drivers 434 * that need their own block copy routines into the buffer. There is no 435 * guarantee the buffer is a DMA target! 436 */ 437 438 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars, 439 size_t size) 440 { 441 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL); 442 443 if (likely(space)) { 444 struct tty_buffer *tb = port->buf.tail; 445 446 *chars = char_buf_ptr(tb, tb->used); 447 if (~tb->flags & TTYB_NORMAL) 448 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 449 tb->used += space; 450 } 451 return space; 452 } 453 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 454 455 /** 456 * tty_ldisc_receive_buf - forward data to line discipline 457 * @ld: line discipline to process input 458 * @p: char buffer 459 * @f: TTY_* flags buffer 460 * @count: number of bytes to process 461 * 462 * Callers other than flush_to_ldisc() need to exclude the kworker 463 * from concurrent use of the line discipline, see paste_selection(). 464 * 465 * Returns the number of bytes processed 466 */ 467 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, 468 const char *f, int count) 469 { 470 if (ld->ops->receive_buf2) 471 count = ld->ops->receive_buf2(ld->tty, p, f, count); 472 else { 473 count = min_t(int, count, ld->tty->receive_room); 474 if (count && ld->ops->receive_buf) 475 ld->ops->receive_buf(ld->tty, p, f, count); 476 } 477 return count; 478 } 479 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 480 481 static int 482 receive_buf(struct tty_port *port, struct tty_buffer *head, int count) 483 { 484 unsigned char *p = char_buf_ptr(head, head->read); 485 const char *f = NULL; 486 int n; 487 488 if (~head->flags & TTYB_NORMAL) 489 f = flag_buf_ptr(head, head->read); 490 491 n = port->client_ops->receive_buf(port, p, f, count); 492 if (n > 0) 493 memset(p, 0, n); 494 return n; 495 } 496 497 /** 498 * flush_to_ldisc 499 * @work: tty structure passed from work queue. 500 * 501 * This routine is called out of the software interrupt to flush data 502 * from the buffer chain to the line discipline. 503 * 504 * The receive_buf method is single threaded for each tty instance. 505 * 506 * Locking: takes buffer lock to ensure single-threaded flip buffer 507 * 'consumer' 508 */ 509 510 static void flush_to_ldisc(struct work_struct *work) 511 { 512 struct tty_port *port = container_of(work, struct tty_port, buf.work); 513 struct tty_bufhead *buf = &port->buf; 514 515 mutex_lock(&buf->lock); 516 517 while (1) { 518 struct tty_buffer *head = buf->head; 519 struct tty_buffer *next; 520 int count; 521 522 /* Ldisc or user is trying to gain exclusive access */ 523 if (atomic_read(&buf->priority)) 524 break; 525 526 /* paired w/ release in __tty_buffer_request_room(); 527 * ensures commit value read is not stale if the head 528 * is advancing to the next buffer 529 */ 530 next = smp_load_acquire(&head->next); 531 /* paired w/ release in __tty_buffer_request_room() or in 532 * tty_buffer_flush(); ensures we see the committed buffer data 533 */ 534 count = smp_load_acquire(&head->commit) - head->read; 535 if (!count) { 536 if (next == NULL) 537 break; 538 buf->head = next; 539 tty_buffer_free(port, head); 540 continue; 541 } 542 543 count = receive_buf(port, head, count); 544 if (!count) 545 break; 546 head->read += count; 547 548 if (need_resched()) 549 cond_resched(); 550 } 551 552 mutex_unlock(&buf->lock); 553 554 } 555 556 /** 557 * tty_flip_buffer_push - terminal 558 * @port: tty port to push 559 * 560 * Queue a push of the terminal flip buffers to the line discipline. 561 * Can be called from IRQ/atomic context. 562 * 563 * In the event of the queue being busy for flipping the work will be 564 * held off and retried later. 565 */ 566 567 void tty_flip_buffer_push(struct tty_port *port) 568 { 569 tty_schedule_flip(port); 570 } 571 EXPORT_SYMBOL(tty_flip_buffer_push); 572 573 /** 574 * tty_buffer_init - prepare a tty buffer structure 575 * @port: tty port to initialise 576 * 577 * Set up the initial state of the buffer management for a tty device. 578 * Must be called before the other tty buffer functions are used. 579 */ 580 581 void tty_buffer_init(struct tty_port *port) 582 { 583 struct tty_bufhead *buf = &port->buf; 584 585 mutex_init(&buf->lock); 586 tty_buffer_reset(&buf->sentinel, 0); 587 buf->head = &buf->sentinel; 588 buf->tail = &buf->sentinel; 589 init_llist_head(&buf->free); 590 atomic_set(&buf->mem_used, 0); 591 atomic_set(&buf->priority, 0); 592 INIT_WORK(&buf->work, flush_to_ldisc); 593 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 594 } 595 596 /** 597 * tty_buffer_set_limit - change the tty buffer memory limit 598 * @port: tty port to change 599 * @limit: memory limit to set 600 * 601 * Change the tty buffer memory limit. 602 * Must be called before the other tty buffer functions are used. 603 */ 604 605 int tty_buffer_set_limit(struct tty_port *port, int limit) 606 { 607 if (limit < MIN_TTYB_SIZE) 608 return -EINVAL; 609 port->buf.mem_limit = limit; 610 return 0; 611 } 612 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 613 614 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 615 void tty_buffer_set_lock_subclass(struct tty_port *port) 616 { 617 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 618 } 619 620 bool tty_buffer_restart_work(struct tty_port *port) 621 { 622 return queue_work(system_unbound_wq, &port->buf.work); 623 } 624 625 bool tty_buffer_cancel_work(struct tty_port *port) 626 { 627 return cancel_work_sync(&port->buf.work); 628 } 629 630 void tty_buffer_flush_work(struct tty_port *port) 631 { 632 flush_work(&port->buf.work); 633 } 634