1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/minmax.h> 9 #include <linux/tty.h> 10 #include <linux/tty_driver.h> 11 #include <linux/tty_flip.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/slab.h> 15 #include <linux/sched.h> 16 #include <linux/wait.h> 17 #include <linux/bitops.h> 18 #include <linux/delay.h> 19 #include <linux/module.h> 20 #include <linux/ratelimit.h> 21 #include "tty.h" 22 23 #define MIN_TTYB_SIZE 256 24 #define TTYB_ALIGN_MASK 255 25 26 /* 27 * Byte threshold to limit memory consumption for flip buffers. 28 * The actual memory limit is > 2x this amount. 29 */ 30 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 31 32 /* 33 * We default to dicing tty buffer allocations to this many characters 34 * in order to avoid multiple page allocations. We know the size of 35 * tty_buffer itself but it must also be taken into account that the 36 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 37 * logic this must match. 38 */ 39 40 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) 41 42 /** 43 * tty_buffer_lock_exclusive - gain exclusive access to buffer 44 * @port: tty port owning the flip buffer 45 * 46 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 47 * the buffer work and any pending flush from using the flip buffer. Data can 48 * continue to be added concurrently to the flip buffer from the driver side. 49 * 50 * See also tty_buffer_unlock_exclusive(). 51 */ 52 void tty_buffer_lock_exclusive(struct tty_port *port) 53 { 54 struct tty_bufhead *buf = &port->buf; 55 56 atomic_inc(&buf->priority); 57 mutex_lock(&buf->lock); 58 } 59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 60 61 /** 62 * tty_buffer_unlock_exclusive - release exclusive access 63 * @port: tty port owning the flip buffer 64 * 65 * The buffer work is restarted if there is data in the flip buffer. 66 * 67 * See also tty_buffer_lock_exclusive(). 68 */ 69 void tty_buffer_unlock_exclusive(struct tty_port *port) 70 { 71 struct tty_bufhead *buf = &port->buf; 72 int restart; 73 74 restart = buf->head->commit != buf->head->read; 75 76 atomic_dec(&buf->priority); 77 mutex_unlock(&buf->lock); 78 if (restart) 79 queue_work(system_unbound_wq, &buf->work); 80 } 81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 82 83 /** 84 * tty_buffer_space_avail - return unused buffer space 85 * @port: tty port owning the flip buffer 86 * 87 * Returns: the # of bytes which can be written by the driver without reaching 88 * the buffer limit. 89 * 90 * Note: this does not guarantee that memory is available to write the returned 91 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 92 * guarantee is required). 93 */ 94 unsigned int tty_buffer_space_avail(struct tty_port *port) 95 { 96 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 97 98 return max(space, 0); 99 } 100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 101 102 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 103 { 104 p->used = 0; 105 p->size = size; 106 p->next = NULL; 107 p->commit = 0; 108 p->lookahead = 0; 109 p->read = 0; 110 p->flags = 0; 111 } 112 113 /** 114 * tty_buffer_free_all - free buffers used by a tty 115 * @port: tty port to free from 116 * 117 * Remove all the buffers pending on a tty whether queued with data or in the 118 * free ring. Must be called when the tty is no longer in use. 119 */ 120 void tty_buffer_free_all(struct tty_port *port) 121 { 122 struct tty_bufhead *buf = &port->buf; 123 struct tty_buffer *p, *next; 124 struct llist_node *llist; 125 unsigned int freed = 0; 126 int still_used; 127 128 while ((p = buf->head) != NULL) { 129 buf->head = p->next; 130 freed += p->size; 131 if (p->size > 0) 132 kfree(p); 133 } 134 llist = llist_del_all(&buf->free); 135 llist_for_each_entry_safe(p, next, llist, free) 136 kfree(p); 137 138 tty_buffer_reset(&buf->sentinel, 0); 139 buf->head = &buf->sentinel; 140 buf->tail = &buf->sentinel; 141 142 still_used = atomic_xchg(&buf->mem_used, 0); 143 WARN(still_used != freed, "we still have not freed %d bytes!", 144 still_used - freed); 145 } 146 147 /** 148 * tty_buffer_alloc - allocate a tty buffer 149 * @port: tty port 150 * @size: desired size (characters) 151 * 152 * Allocate a new tty buffer to hold the desired number of characters. We 153 * round our buffers off in 256 character chunks to get better allocation 154 * behaviour. 155 * 156 * Returns: %NULL if out of memory or the allocation would exceed the per 157 * device queue. 158 */ 159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 160 { 161 struct llist_node *free; 162 struct tty_buffer *p; 163 164 /* Round the buffer size out */ 165 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 166 167 if (size <= MIN_TTYB_SIZE) { 168 free = llist_del_first(&port->buf.free); 169 if (free) { 170 p = llist_entry(free, struct tty_buffer, free); 171 goto found; 172 } 173 } 174 175 /* Should possibly check if this fails for the largest buffer we 176 * have queued and recycle that ? 177 */ 178 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 179 return NULL; 180 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, 181 GFP_ATOMIC | __GFP_NOWARN); 182 if (p == NULL) 183 return NULL; 184 185 found: 186 tty_buffer_reset(p, size); 187 atomic_add(size, &port->buf.mem_used); 188 return p; 189 } 190 191 /** 192 * tty_buffer_free - free a tty buffer 193 * @port: tty port owning the buffer 194 * @b: the buffer to free 195 * 196 * Free a tty buffer, or add it to the free list according to our internal 197 * strategy. 198 */ 199 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 200 { 201 struct tty_bufhead *buf = &port->buf; 202 203 /* Dumb strategy for now - should keep some stats */ 204 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 205 206 if (b->size > MIN_TTYB_SIZE) 207 kfree(b); 208 else if (b->size > 0) 209 llist_add(&b->free, &buf->free); 210 } 211 212 /** 213 * tty_buffer_flush - flush full tty buffers 214 * @tty: tty to flush 215 * @ld: optional ldisc ptr (must be referenced) 216 * 217 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 218 * ldisc input buffer. 219 * 220 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 221 */ 222 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 223 { 224 struct tty_port *port = tty->port; 225 struct tty_bufhead *buf = &port->buf; 226 struct tty_buffer *next; 227 228 atomic_inc(&buf->priority); 229 230 mutex_lock(&buf->lock); 231 /* paired w/ release in __tty_buffer_request_room; ensures there are 232 * no pending memory accesses to the freed buffer 233 */ 234 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 235 tty_buffer_free(port, buf->head); 236 buf->head = next; 237 } 238 buf->head->read = buf->head->commit; 239 buf->head->lookahead = buf->head->read; 240 241 if (ld && ld->ops->flush_buffer) 242 ld->ops->flush_buffer(tty); 243 244 atomic_dec(&buf->priority); 245 mutex_unlock(&buf->lock); 246 } 247 248 /** 249 * __tty_buffer_request_room - grow tty buffer if needed 250 * @port: tty port 251 * @size: size desired 252 * @flags: buffer flags if new buffer allocated (default = 0) 253 * 254 * Make at least @size bytes of linear space available for the tty buffer. 255 * 256 * Will change over to a new buffer if the current buffer is encoded as 257 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 258 * buffer. 259 * 260 * Returns: the size we managed to find. 261 */ 262 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 263 int flags) 264 { 265 struct tty_bufhead *buf = &port->buf; 266 struct tty_buffer *b, *n; 267 int left, change; 268 269 b = buf->tail; 270 if (b->flags & TTYB_NORMAL) 271 left = 2 * b->size - b->used; 272 else 273 left = b->size - b->used; 274 275 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL); 276 if (change || left < size) { 277 /* This is the slow path - looking for new buffers to use */ 278 n = tty_buffer_alloc(port, size); 279 if (n != NULL) { 280 n->flags = flags; 281 buf->tail = n; 282 /* 283 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 284 * ensures they see all buffer data. 285 */ 286 smp_store_release(&b->commit, b->used); 287 /* 288 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 289 * ensures the latest commit value can be read before the head 290 * is advanced to the next buffer. 291 */ 292 smp_store_release(&b->next, n); 293 } else if (change) 294 size = 0; 295 else 296 size = left; 297 } 298 return size; 299 } 300 301 int tty_buffer_request_room(struct tty_port *port, size_t size) 302 { 303 return __tty_buffer_request_room(port, size, 0); 304 } 305 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 306 307 /** 308 * tty_insert_flip_string_fixed_flag - add characters to the tty buffer 309 * @port: tty port 310 * @chars: characters 311 * @flag: flag value for each character 312 * @size: size 313 * 314 * Queue a series of bytes to the tty buffering. All the characters passed are 315 * marked with the supplied flag. 316 * 317 * Returns: the number added. 318 */ 319 int tty_insert_flip_string_fixed_flag(struct tty_port *port, 320 const unsigned char *chars, char flag, size_t size) 321 { 322 int copied = 0; 323 324 do { 325 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 326 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 327 int space = __tty_buffer_request_room(port, goal, flags); 328 struct tty_buffer *tb = port->buf.tail; 329 330 if (unlikely(space == 0)) 331 break; 332 memcpy(char_buf_ptr(tb, tb->used), chars, space); 333 if (~tb->flags & TTYB_NORMAL) 334 memset(flag_buf_ptr(tb, tb->used), flag, space); 335 tb->used += space; 336 copied += space; 337 chars += space; 338 /* There is a small chance that we need to split the data over 339 * several buffers. If this is the case we must loop. 340 */ 341 } while (unlikely(size > copied)); 342 return copied; 343 } 344 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 345 346 /** 347 * tty_insert_flip_string_flags - add characters to the tty buffer 348 * @port: tty port 349 * @chars: characters 350 * @flags: flag bytes 351 * @size: size 352 * 353 * Queue a series of bytes to the tty buffering. For each character the flags 354 * array indicates the status of the character. 355 * 356 * Returns: the number added. 357 */ 358 int tty_insert_flip_string_flags(struct tty_port *port, 359 const unsigned char *chars, const char *flags, size_t size) 360 { 361 int copied = 0; 362 363 do { 364 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 365 int space = tty_buffer_request_room(port, goal); 366 struct tty_buffer *tb = port->buf.tail; 367 368 if (unlikely(space == 0)) 369 break; 370 memcpy(char_buf_ptr(tb, tb->used), chars, space); 371 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 372 tb->used += space; 373 copied += space; 374 chars += space; 375 flags += space; 376 /* There is a small chance that we need to split the data over 377 * several buffers. If this is the case we must loop. 378 */ 379 } while (unlikely(size > copied)); 380 return copied; 381 } 382 EXPORT_SYMBOL(tty_insert_flip_string_flags); 383 384 /** 385 * __tty_insert_flip_char - add one character to the tty buffer 386 * @port: tty port 387 * @ch: character 388 * @flag: flag byte 389 * 390 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 391 * the slow path of tty_insert_flip_char(). 392 */ 393 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag) 394 { 395 struct tty_buffer *tb; 396 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 397 398 if (!__tty_buffer_request_room(port, 1, flags)) 399 return 0; 400 401 tb = port->buf.tail; 402 if (~tb->flags & TTYB_NORMAL) 403 *flag_buf_ptr(tb, tb->used) = flag; 404 *char_buf_ptr(tb, tb->used++) = ch; 405 406 return 1; 407 } 408 EXPORT_SYMBOL(__tty_insert_flip_char); 409 410 /** 411 * tty_prepare_flip_string - make room for characters 412 * @port: tty port 413 * @chars: return pointer for character write area 414 * @size: desired size 415 * 416 * Prepare a block of space in the buffer for data. 417 * 418 * This is used for drivers that need their own block copy routines into the 419 * buffer. There is no guarantee the buffer is a DMA target! 420 * 421 * Returns: the length available and buffer pointer (@chars) to the space which 422 * is now allocated and accounted for as ready for normal characters. 423 */ 424 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars, 425 size_t size) 426 { 427 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL); 428 429 if (likely(space)) { 430 struct tty_buffer *tb = port->buf.tail; 431 432 *chars = char_buf_ptr(tb, tb->used); 433 if (~tb->flags & TTYB_NORMAL) 434 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 435 tb->used += space; 436 } 437 return space; 438 } 439 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 440 441 /** 442 * tty_ldisc_receive_buf - forward data to line discipline 443 * @ld: line discipline to process input 444 * @p: char buffer 445 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 446 * @count: number of bytes to process 447 * 448 * Callers other than flush_to_ldisc() need to exclude the kworker from 449 * concurrent use of the line discipline, see paste_selection(). 450 * 451 * Returns: the number of bytes processed. 452 */ 453 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, 454 const char *f, int count) 455 { 456 if (ld->ops->receive_buf2) 457 count = ld->ops->receive_buf2(ld->tty, p, f, count); 458 else { 459 count = min_t(int, count, ld->tty->receive_room); 460 if (count && ld->ops->receive_buf) 461 ld->ops->receive_buf(ld->tty, p, f, count); 462 } 463 return count; 464 } 465 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 466 467 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head) 468 { 469 head->lookahead = max(head->lookahead, head->read); 470 471 while (head) { 472 struct tty_buffer *next; 473 unsigned char *p, *f = NULL; 474 unsigned int count; 475 476 /* 477 * Paired w/ release in __tty_buffer_request_room(); 478 * ensures commit value read is not stale if the head 479 * is advancing to the next buffer. 480 */ 481 next = smp_load_acquire(&head->next); 482 /* 483 * Paired w/ release in __tty_buffer_request_room() or in 484 * tty_buffer_flush(); ensures we see the committed buffer data. 485 */ 486 count = smp_load_acquire(&head->commit) - head->lookahead; 487 if (!count) { 488 head = next; 489 continue; 490 } 491 492 p = char_buf_ptr(head, head->lookahead); 493 if (~head->flags & TTYB_NORMAL) 494 f = flag_buf_ptr(head, head->lookahead); 495 496 port->client_ops->lookahead_buf(port, p, f, count); 497 head->lookahead += count; 498 } 499 } 500 501 static int 502 receive_buf(struct tty_port *port, struct tty_buffer *head, int count) 503 { 504 unsigned char *p = char_buf_ptr(head, head->read); 505 const char *f = NULL; 506 int n; 507 508 if (~head->flags & TTYB_NORMAL) 509 f = flag_buf_ptr(head, head->read); 510 511 n = port->client_ops->receive_buf(port, p, f, count); 512 if (n > 0) 513 memset(p, 0, n); 514 return n; 515 } 516 517 /** 518 * flush_to_ldisc - flush data from buffer to ldisc 519 * @work: tty structure passed from work queue. 520 * 521 * This routine is called out of the software interrupt to flush data from the 522 * buffer chain to the line discipline. 523 * 524 * The receive_buf() method is single threaded for each tty instance. 525 * 526 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 527 */ 528 static void flush_to_ldisc(struct work_struct *work) 529 { 530 struct tty_port *port = container_of(work, struct tty_port, buf.work); 531 struct tty_bufhead *buf = &port->buf; 532 533 mutex_lock(&buf->lock); 534 535 while (1) { 536 struct tty_buffer *head = buf->head; 537 struct tty_buffer *next; 538 int count, rcvd; 539 540 /* Ldisc or user is trying to gain exclusive access */ 541 if (atomic_read(&buf->priority)) 542 break; 543 544 /* paired w/ release in __tty_buffer_request_room(); 545 * ensures commit value read is not stale if the head 546 * is advancing to the next buffer 547 */ 548 next = smp_load_acquire(&head->next); 549 /* paired w/ release in __tty_buffer_request_room() or in 550 * tty_buffer_flush(); ensures we see the committed buffer data 551 */ 552 count = smp_load_acquire(&head->commit) - head->read; 553 if (!count) { 554 if (next == NULL) 555 break; 556 buf->head = next; 557 tty_buffer_free(port, head); 558 continue; 559 } 560 561 rcvd = receive_buf(port, head, count); 562 head->read += rcvd; 563 if (rcvd < count) 564 lookahead_bufs(port, head); 565 if (!rcvd) 566 break; 567 568 if (need_resched()) 569 cond_resched(); 570 } 571 572 mutex_unlock(&buf->lock); 573 574 } 575 576 static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 577 { 578 /* 579 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 580 * buffer data. 581 */ 582 smp_store_release(&tail->commit, tail->used); 583 } 584 585 /** 586 * tty_flip_buffer_push - push terminal buffers 587 * @port: tty port to push 588 * 589 * Queue a push of the terminal flip buffers to the line discipline. Can be 590 * called from IRQ/atomic context. 591 * 592 * In the event of the queue being busy for flipping the work will be held off 593 * and retried later. 594 */ 595 void tty_flip_buffer_push(struct tty_port *port) 596 { 597 struct tty_bufhead *buf = &port->buf; 598 599 tty_flip_buffer_commit(buf->tail); 600 queue_work(system_unbound_wq, &buf->work); 601 } 602 EXPORT_SYMBOL(tty_flip_buffer_push); 603 604 /** 605 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 606 * push 607 * @port: tty port 608 * @chars: characters 609 * @size: size 610 * 611 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 612 * with the exception of properly holding the @port->lock. 613 * 614 * To be used only internally (by pty currently). 615 * 616 * Returns: the number added. 617 */ 618 int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 619 const unsigned char *chars, size_t size) 620 { 621 struct tty_bufhead *buf = &port->buf; 622 unsigned long flags; 623 624 spin_lock_irqsave(&port->lock, flags); 625 size = tty_insert_flip_string(port, chars, size); 626 if (size) 627 tty_flip_buffer_commit(buf->tail); 628 spin_unlock_irqrestore(&port->lock, flags); 629 630 queue_work(system_unbound_wq, &buf->work); 631 632 return size; 633 } 634 635 /** 636 * tty_buffer_init - prepare a tty buffer structure 637 * @port: tty port to initialise 638 * 639 * Set up the initial state of the buffer management for a tty device. Must be 640 * called before the other tty buffer functions are used. 641 */ 642 void tty_buffer_init(struct tty_port *port) 643 { 644 struct tty_bufhead *buf = &port->buf; 645 646 mutex_init(&buf->lock); 647 tty_buffer_reset(&buf->sentinel, 0); 648 buf->head = &buf->sentinel; 649 buf->tail = &buf->sentinel; 650 init_llist_head(&buf->free); 651 atomic_set(&buf->mem_used, 0); 652 atomic_set(&buf->priority, 0); 653 INIT_WORK(&buf->work, flush_to_ldisc); 654 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 655 } 656 657 /** 658 * tty_buffer_set_limit - change the tty buffer memory limit 659 * @port: tty port to change 660 * @limit: memory limit to set 661 * 662 * Change the tty buffer memory limit. 663 * 664 * Must be called before the other tty buffer functions are used. 665 */ 666 int tty_buffer_set_limit(struct tty_port *port, int limit) 667 { 668 if (limit < MIN_TTYB_SIZE) 669 return -EINVAL; 670 port->buf.mem_limit = limit; 671 return 0; 672 } 673 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 674 675 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 676 void tty_buffer_set_lock_subclass(struct tty_port *port) 677 { 678 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 679 } 680 681 bool tty_buffer_restart_work(struct tty_port *port) 682 { 683 return queue_work(system_unbound_wq, &port->buf.work); 684 } 685 686 bool tty_buffer_cancel_work(struct tty_port *port) 687 { 688 return cancel_work_sync(&port->buf.work); 689 } 690 691 void tty_buffer_flush_work(struct tty_port *port) 692 { 693 flush_work(&port->buf.work); 694 } 695