xref: /openbmc/linux/drivers/tty/tty_buffer.c (revision 462cd772)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Tty buffer allocation management
4  */
5 
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/minmax.h>
9 #include <linux/tty.h>
10 #include <linux/tty_driver.h>
11 #include <linux/tty_flip.h>
12 #include <linux/timer.h>
13 #include <linux/string.h>
14 #include <linux/slab.h>
15 #include <linux/sched.h>
16 #include <linux/wait.h>
17 #include <linux/bitops.h>
18 #include <linux/delay.h>
19 #include <linux/module.h>
20 #include <linux/ratelimit.h>
21 #include "tty.h"
22 
23 #define MIN_TTYB_SIZE	256
24 #define TTYB_ALIGN_MASK	255
25 
26 /*
27  * Byte threshold to limit memory consumption for flip buffers.
28  * The actual memory limit is > 2x this amount.
29  */
30 #define TTYB_DEFAULT_MEM_LIMIT	(640 * 1024UL)
31 
32 /*
33  * We default to dicing tty buffer allocations to this many characters
34  * in order to avoid multiple page allocations. We know the size of
35  * tty_buffer itself but it must also be taken into account that the
36  * buffer is 256 byte aligned. See tty_buffer_find for the allocation
37  * logic this must match.
38  */
39 
40 #define TTY_BUFFER_PAGE	(((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
41 
42 /**
43  * tty_buffer_lock_exclusive	-	gain exclusive access to buffer
44  * @port: tty port owning the flip buffer
45  *
46  * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding
47  * the buffer work and any pending flush from using the flip buffer. Data can
48  * continue to be added concurrently to the flip buffer from the driver side.
49  *
50  * See also tty_buffer_unlock_exclusive().
51  */
52 void tty_buffer_lock_exclusive(struct tty_port *port)
53 {
54 	struct tty_bufhead *buf = &port->buf;
55 
56 	atomic_inc(&buf->priority);
57 	mutex_lock(&buf->lock);
58 }
59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
60 
61 /**
62  * tty_buffer_unlock_exclusive	-	release exclusive access
63  * @port: tty port owning the flip buffer
64  *
65  * The buffer work is restarted if there is data in the flip buffer.
66  *
67  * See also tty_buffer_lock_exclusive().
68  */
69 void tty_buffer_unlock_exclusive(struct tty_port *port)
70 {
71 	struct tty_bufhead *buf = &port->buf;
72 	int restart;
73 
74 	restart = buf->head->commit != buf->head->read;
75 
76 	atomic_dec(&buf->priority);
77 	mutex_unlock(&buf->lock);
78 	if (restart)
79 		queue_work(system_unbound_wq, &buf->work);
80 }
81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
82 
83 /**
84  * tty_buffer_space_avail	-	return unused buffer space
85  * @port: tty port owning the flip buffer
86  *
87  * Returns: the # of bytes which can be written by the driver without reaching
88  * the buffer limit.
89  *
90  * Note: this does not guarantee that memory is available to write the returned
91  * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory
92  * guarantee is required).
93  */
94 unsigned int tty_buffer_space_avail(struct tty_port *port)
95 {
96 	int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
97 
98 	return max(space, 0);
99 }
100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
101 
102 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
103 {
104 	p->used = 0;
105 	p->size = size;
106 	p->next = NULL;
107 	p->commit = 0;
108 	p->lookahead = 0;
109 	p->read = 0;
110 	p->flags = 0;
111 }
112 
113 /**
114  * tty_buffer_free_all		-	free buffers used by a tty
115  * @port: tty port to free from
116  *
117  * Remove all the buffers pending on a tty whether queued with data or in the
118  * free ring. Must be called when the tty is no longer in use.
119  */
120 void tty_buffer_free_all(struct tty_port *port)
121 {
122 	struct tty_bufhead *buf = &port->buf;
123 	struct tty_buffer *p, *next;
124 	struct llist_node *llist;
125 	unsigned int freed = 0;
126 	int still_used;
127 
128 	while ((p = buf->head) != NULL) {
129 		buf->head = p->next;
130 		freed += p->size;
131 		if (p->size > 0)
132 			kfree(p);
133 	}
134 	llist = llist_del_all(&buf->free);
135 	llist_for_each_entry_safe(p, next, llist, free)
136 		kfree(p);
137 
138 	tty_buffer_reset(&buf->sentinel, 0);
139 	buf->head = &buf->sentinel;
140 	buf->tail = &buf->sentinel;
141 
142 	still_used = atomic_xchg(&buf->mem_used, 0);
143 	WARN(still_used != freed, "we still have not freed %d bytes!",
144 			still_used - freed);
145 }
146 
147 /**
148  * tty_buffer_alloc	-	allocate a tty buffer
149  * @port: tty port
150  * @size: desired size (characters)
151  *
152  * Allocate a new tty buffer to hold the desired number of characters. We
153  * round our buffers off in 256 character chunks to get better allocation
154  * behaviour.
155  *
156  * Returns: %NULL if out of memory or the allocation would exceed the per
157  * device queue.
158  */
159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
160 {
161 	struct llist_node *free;
162 	struct tty_buffer *p;
163 
164 	/* Round the buffer size out */
165 	size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
166 
167 	if (size <= MIN_TTYB_SIZE) {
168 		free = llist_del_first(&port->buf.free);
169 		if (free) {
170 			p = llist_entry(free, struct tty_buffer, free);
171 			goto found;
172 		}
173 	}
174 
175 	/* Should possibly check if this fails for the largest buffer we
176 	 * have queued and recycle that ?
177 	 */
178 	if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
179 		return NULL;
180 	p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
181 		    GFP_ATOMIC | __GFP_NOWARN);
182 	if (p == NULL)
183 		return NULL;
184 
185 found:
186 	tty_buffer_reset(p, size);
187 	atomic_add(size, &port->buf.mem_used);
188 	return p;
189 }
190 
191 /**
192  * tty_buffer_free		-	free a tty buffer
193  * @port: tty port owning the buffer
194  * @b: the buffer to free
195  *
196  * Free a tty buffer, or add it to the free list according to our internal
197  * strategy.
198  */
199 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
200 {
201 	struct tty_bufhead *buf = &port->buf;
202 
203 	/* Dumb strategy for now - should keep some stats */
204 	WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
205 
206 	if (b->size > MIN_TTYB_SIZE)
207 		kfree(b);
208 	else if (b->size > 0)
209 		llist_add(&b->free, &buf->free);
210 }
211 
212 /**
213  * tty_buffer_flush		-	flush full tty buffers
214  * @tty: tty to flush
215  * @ld: optional ldisc ptr (must be referenced)
216  *
217  * Flush all the buffers containing receive data. If @ld != %NULL, flush the
218  * ldisc input buffer.
219  *
220  * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'.
221  */
222 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
223 {
224 	struct tty_port *port = tty->port;
225 	struct tty_bufhead *buf = &port->buf;
226 	struct tty_buffer *next;
227 
228 	atomic_inc(&buf->priority);
229 
230 	mutex_lock(&buf->lock);
231 	/* paired w/ release in __tty_buffer_request_room; ensures there are
232 	 * no pending memory accesses to the freed buffer
233 	 */
234 	while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
235 		tty_buffer_free(port, buf->head);
236 		buf->head = next;
237 	}
238 	buf->head->read = buf->head->commit;
239 	buf->head->lookahead = buf->head->read;
240 
241 	if (ld && ld->ops->flush_buffer)
242 		ld->ops->flush_buffer(tty);
243 
244 	atomic_dec(&buf->priority);
245 	mutex_unlock(&buf->lock);
246 }
247 
248 /**
249  * __tty_buffer_request_room	-	grow tty buffer if needed
250  * @port: tty port
251  * @size: size desired
252  * @flags: buffer flags if new buffer allocated (default = 0)
253  *
254  * Make at least @size bytes of linear space available for the tty buffer.
255  *
256  * Will change over to a new buffer if the current buffer is encoded as
257  * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags
258  * buffer.
259  *
260  * Returns: the size we managed to find.
261  */
262 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
263 				     int flags)
264 {
265 	struct tty_bufhead *buf = &port->buf;
266 	struct tty_buffer *b, *n;
267 	int left, change;
268 
269 	b = buf->tail;
270 	if (b->flags & TTYB_NORMAL)
271 		left = 2 * b->size - b->used;
272 	else
273 		left = b->size - b->used;
274 
275 	change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
276 	if (change || left < size) {
277 		/* This is the slow path - looking for new buffers to use */
278 		n = tty_buffer_alloc(port, size);
279 		if (n != NULL) {
280 			n->flags = flags;
281 			buf->tail = n;
282 			/*
283 			 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs()
284 			 * ensures they see all buffer data.
285 			 */
286 			smp_store_release(&b->commit, b->used);
287 			/*
288 			 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs()
289 			 * ensures the latest commit value can be read before the head
290 			 * is advanced to the next buffer.
291 			 */
292 			smp_store_release(&b->next, n);
293 		} else if (change)
294 			size = 0;
295 		else
296 			size = left;
297 	}
298 	return size;
299 }
300 
301 int tty_buffer_request_room(struct tty_port *port, size_t size)
302 {
303 	return __tty_buffer_request_room(port, size, 0);
304 }
305 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
306 
307 /**
308  * tty_insert_flip_string_fixed_flag - add characters to the tty buffer
309  * @port: tty port
310  * @chars: characters
311  * @flag: flag value for each character
312  * @size: size
313  *
314  * Queue a series of bytes to the tty buffering. All the characters passed are
315  * marked with the supplied flag.
316  *
317  * Returns: the number added.
318  */
319 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
320 		const unsigned char *chars, char flag, size_t size)
321 {
322 	int copied = 0;
323 
324 	do {
325 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
326 		int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
327 		int space = __tty_buffer_request_room(port, goal, flags);
328 		struct tty_buffer *tb = port->buf.tail;
329 
330 		if (unlikely(space == 0))
331 			break;
332 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
333 		if (~tb->flags & TTYB_NORMAL)
334 			memset(flag_buf_ptr(tb, tb->used), flag, space);
335 		tb->used += space;
336 		copied += space;
337 		chars += space;
338 		/* There is a small chance that we need to split the data over
339 		 * several buffers. If this is the case we must loop.
340 		 */
341 	} while (unlikely(size > copied));
342 	return copied;
343 }
344 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
345 
346 /**
347  * tty_insert_flip_string_flags	-	add characters to the tty buffer
348  * @port: tty port
349  * @chars: characters
350  * @flags: flag bytes
351  * @size: size
352  *
353  * Queue a series of bytes to the tty buffering. For each character the flags
354  * array indicates the status of the character.
355  *
356  * Returns: the number added.
357  */
358 int tty_insert_flip_string_flags(struct tty_port *port,
359 		const unsigned char *chars, const char *flags, size_t size)
360 {
361 	int copied = 0;
362 
363 	do {
364 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
365 		int space = tty_buffer_request_room(port, goal);
366 		struct tty_buffer *tb = port->buf.tail;
367 
368 		if (unlikely(space == 0))
369 			break;
370 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
371 		memcpy(flag_buf_ptr(tb, tb->used), flags, space);
372 		tb->used += space;
373 		copied += space;
374 		chars += space;
375 		flags += space;
376 		/* There is a small chance that we need to split the data over
377 		 * several buffers. If this is the case we must loop.
378 		 */
379 	} while (unlikely(size > copied));
380 	return copied;
381 }
382 EXPORT_SYMBOL(tty_insert_flip_string_flags);
383 
384 /**
385  * __tty_insert_flip_char   -	add one character to the tty buffer
386  * @port: tty port
387  * @ch: character
388  * @flag: flag byte
389  *
390  * Queue a single byte @ch to the tty buffering, with an optional flag. This is
391  * the slow path of tty_insert_flip_char().
392  */
393 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
394 {
395 	struct tty_buffer *tb;
396 	int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
397 
398 	if (!__tty_buffer_request_room(port, 1, flags))
399 		return 0;
400 
401 	tb = port->buf.tail;
402 	if (~tb->flags & TTYB_NORMAL)
403 		*flag_buf_ptr(tb, tb->used) = flag;
404 	*char_buf_ptr(tb, tb->used++) = ch;
405 
406 	return 1;
407 }
408 EXPORT_SYMBOL(__tty_insert_flip_char);
409 
410 /**
411  * tty_prepare_flip_string	-	make room for characters
412  * @port: tty port
413  * @chars: return pointer for character write area
414  * @size: desired size
415  *
416  * Prepare a block of space in the buffer for data.
417  *
418  * This is used for drivers that need their own block copy routines into the
419  * buffer. There is no guarantee the buffer is a DMA target!
420  *
421  * Returns: the length available and buffer pointer (@chars) to the space which
422  * is now allocated and accounted for as ready for normal characters.
423  */
424 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
425 		size_t size)
426 {
427 	int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
428 
429 	if (likely(space)) {
430 		struct tty_buffer *tb = port->buf.tail;
431 
432 		*chars = char_buf_ptr(tb, tb->used);
433 		if (~tb->flags & TTYB_NORMAL)
434 			memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
435 		tb->used += space;
436 	}
437 	return space;
438 }
439 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
440 
441 /**
442  * tty_ldisc_receive_buf	-	forward data to line discipline
443  * @ld: line discipline to process input
444  * @p: char buffer
445  * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer
446  * @count: number of bytes to process
447  *
448  * Callers other than flush_to_ldisc() need to exclude the kworker from
449  * concurrent use of the line discipline, see paste_selection().
450  *
451  * Returns: the number of bytes processed.
452  */
453 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
454 			  const char *f, int count)
455 {
456 	if (ld->ops->receive_buf2)
457 		count = ld->ops->receive_buf2(ld->tty, p, f, count);
458 	else {
459 		count = min_t(int, count, ld->tty->receive_room);
460 		if (count && ld->ops->receive_buf)
461 			ld->ops->receive_buf(ld->tty, p, f, count);
462 	}
463 	return count;
464 }
465 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
466 
467 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head)
468 {
469 	head->lookahead = max(head->lookahead, head->read);
470 
471 	while (head) {
472 		struct tty_buffer *next;
473 		unsigned char *p, *f = NULL;
474 		unsigned int count;
475 
476 		/*
477 		 * Paired w/ release in __tty_buffer_request_room();
478 		 * ensures commit value read is not stale if the head
479 		 * is advancing to the next buffer.
480 		 */
481 		next = smp_load_acquire(&head->next);
482 		/*
483 		 * Paired w/ release in __tty_buffer_request_room() or in
484 		 * tty_buffer_flush(); ensures we see the committed buffer data.
485 		 */
486 		count = smp_load_acquire(&head->commit) - head->lookahead;
487 		if (!count) {
488 			head = next;
489 			continue;
490 		}
491 
492 		p = char_buf_ptr(head, head->lookahead);
493 		if (~head->flags & TTYB_NORMAL)
494 			f = flag_buf_ptr(head, head->lookahead);
495 
496 		port->client_ops->lookahead_buf(port, p, f, count);
497 		head->lookahead += count;
498 	}
499 }
500 
501 static int
502 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
503 {
504 	unsigned char *p = char_buf_ptr(head, head->read);
505 	const char *f = NULL;
506 	int n;
507 
508 	if (~head->flags & TTYB_NORMAL)
509 		f = flag_buf_ptr(head, head->read);
510 
511 	n = port->client_ops->receive_buf(port, p, f, count);
512 	if (n > 0)
513 		memset(p, 0, n);
514 	return n;
515 }
516 
517 /**
518  * flush_to_ldisc		-	flush data from buffer to ldisc
519  * @work: tty structure passed from work queue.
520  *
521  * This routine is called out of the software interrupt to flush data from the
522  * buffer chain to the line discipline.
523  *
524  * The receive_buf() method is single threaded for each tty instance.
525  *
526  * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'.
527  */
528 static void flush_to_ldisc(struct work_struct *work)
529 {
530 	struct tty_port *port = container_of(work, struct tty_port, buf.work);
531 	struct tty_bufhead *buf = &port->buf;
532 
533 	mutex_lock(&buf->lock);
534 
535 	while (1) {
536 		struct tty_buffer *head = buf->head;
537 		struct tty_buffer *next;
538 		int count, rcvd;
539 
540 		/* Ldisc or user is trying to gain exclusive access */
541 		if (atomic_read(&buf->priority))
542 			break;
543 
544 		/* paired w/ release in __tty_buffer_request_room();
545 		 * ensures commit value read is not stale if the head
546 		 * is advancing to the next buffer
547 		 */
548 		next = smp_load_acquire(&head->next);
549 		/* paired w/ release in __tty_buffer_request_room() or in
550 		 * tty_buffer_flush(); ensures we see the committed buffer data
551 		 */
552 		count = smp_load_acquire(&head->commit) - head->read;
553 		if (!count) {
554 			if (next == NULL)
555 				break;
556 			buf->head = next;
557 			tty_buffer_free(port, head);
558 			continue;
559 		}
560 
561 		rcvd = receive_buf(port, head, count);
562 		head->read += rcvd;
563 		if (rcvd < count)
564 			lookahead_bufs(port, head);
565 		if (!rcvd)
566 			break;
567 
568 		if (need_resched())
569 			cond_resched();
570 	}
571 
572 	mutex_unlock(&buf->lock);
573 
574 }
575 
576 static inline void tty_flip_buffer_commit(struct tty_buffer *tail)
577 {
578 	/*
579 	 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees
580 	 * buffer data.
581 	 */
582 	smp_store_release(&tail->commit, tail->used);
583 }
584 
585 /**
586  * tty_flip_buffer_push		-	push terminal buffers
587  * @port: tty port to push
588  *
589  * Queue a push of the terminal flip buffers to the line discipline. Can be
590  * called from IRQ/atomic context.
591  *
592  * In the event of the queue being busy for flipping the work will be held off
593  * and retried later.
594  */
595 void tty_flip_buffer_push(struct tty_port *port)
596 {
597 	struct tty_bufhead *buf = &port->buf;
598 
599 	tty_flip_buffer_commit(buf->tail);
600 	queue_work(system_unbound_wq, &buf->work);
601 }
602 EXPORT_SYMBOL(tty_flip_buffer_push);
603 
604 /**
605  * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and
606  *	push
607  * @port: tty port
608  * @chars: characters
609  * @size: size
610  *
611  * The function combines tty_insert_flip_string() and tty_flip_buffer_push()
612  * with the exception of properly holding the @port->lock.
613  *
614  * To be used only internally (by pty currently).
615  *
616  * Returns: the number added.
617  */
618 int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
619 		const unsigned char *chars, size_t size)
620 {
621 	struct tty_bufhead *buf = &port->buf;
622 	unsigned long flags;
623 
624 	spin_lock_irqsave(&port->lock, flags);
625 	size = tty_insert_flip_string(port, chars, size);
626 	if (size)
627 		tty_flip_buffer_commit(buf->tail);
628 	spin_unlock_irqrestore(&port->lock, flags);
629 
630 	queue_work(system_unbound_wq, &buf->work);
631 
632 	return size;
633 }
634 
635 /**
636  * tty_buffer_init		-	prepare a tty buffer structure
637  * @port: tty port to initialise
638  *
639  * Set up the initial state of the buffer management for a tty device. Must be
640  * called before the other tty buffer functions are used.
641  */
642 void tty_buffer_init(struct tty_port *port)
643 {
644 	struct tty_bufhead *buf = &port->buf;
645 
646 	mutex_init(&buf->lock);
647 	tty_buffer_reset(&buf->sentinel, 0);
648 	buf->head = &buf->sentinel;
649 	buf->tail = &buf->sentinel;
650 	init_llist_head(&buf->free);
651 	atomic_set(&buf->mem_used, 0);
652 	atomic_set(&buf->priority, 0);
653 	INIT_WORK(&buf->work, flush_to_ldisc);
654 	buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
655 }
656 
657 /**
658  * tty_buffer_set_limit		-	change the tty buffer memory limit
659  * @port: tty port to change
660  * @limit: memory limit to set
661  *
662  * Change the tty buffer memory limit.
663  *
664  * Must be called before the other tty buffer functions are used.
665  */
666 int tty_buffer_set_limit(struct tty_port *port, int limit)
667 {
668 	if (limit < MIN_TTYB_SIZE)
669 		return -EINVAL;
670 	port->buf.mem_limit = limit;
671 	return 0;
672 }
673 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
674 
675 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
676 void tty_buffer_set_lock_subclass(struct tty_port *port)
677 {
678 	lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
679 }
680 
681 bool tty_buffer_restart_work(struct tty_port *port)
682 {
683 	return queue_work(system_unbound_wq, &port->buf.work);
684 }
685 
686 bool tty_buffer_cancel_work(struct tty_port *port)
687 {
688 	return cancel_work_sync(&port->buf.work);
689 }
690 
691 void tty_buffer_flush_work(struct tty_port *port)
692 {
693 	flush_work(&port->buf.work);
694 }
695