1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/minmax.h> 9 #include <linux/tty.h> 10 #include <linux/tty_driver.h> 11 #include <linux/tty_flip.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/slab.h> 15 #include <linux/sched.h> 16 #include <linux/wait.h> 17 #include <linux/bitops.h> 18 #include <linux/delay.h> 19 #include <linux/module.h> 20 #include <linux/ratelimit.h> 21 #include "tty.h" 22 23 #define MIN_TTYB_SIZE 256 24 #define TTYB_ALIGN_MASK 0xff 25 26 /* 27 * Byte threshold to limit memory consumption for flip buffers. 28 * The actual memory limit is > 2x this amount. 29 */ 30 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 31 32 /* 33 * We default to dicing tty buffer allocations to this many characters 34 * in order to avoid multiple page allocations. We know the size of 35 * tty_buffer itself but it must also be taken into account that the 36 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 37 * logic this must match. 38 */ 39 40 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~TTYB_ALIGN_MASK) 41 42 /** 43 * tty_buffer_lock_exclusive - gain exclusive access to buffer 44 * @port: tty port owning the flip buffer 45 * 46 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 47 * the buffer work and any pending flush from using the flip buffer. Data can 48 * continue to be added concurrently to the flip buffer from the driver side. 49 * 50 * See also tty_buffer_unlock_exclusive(). 51 */ 52 void tty_buffer_lock_exclusive(struct tty_port *port) 53 { 54 struct tty_bufhead *buf = &port->buf; 55 56 atomic_inc(&buf->priority); 57 mutex_lock(&buf->lock); 58 } 59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 60 61 /** 62 * tty_buffer_unlock_exclusive - release exclusive access 63 * @port: tty port owning the flip buffer 64 * 65 * The buffer work is restarted if there is data in the flip buffer. 66 * 67 * See also tty_buffer_lock_exclusive(). 68 */ 69 void tty_buffer_unlock_exclusive(struct tty_port *port) 70 { 71 struct tty_bufhead *buf = &port->buf; 72 int restart; 73 74 restart = buf->head->commit != buf->head->read; 75 76 atomic_dec(&buf->priority); 77 mutex_unlock(&buf->lock); 78 if (restart) 79 queue_work(system_unbound_wq, &buf->work); 80 } 81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 82 83 /** 84 * tty_buffer_space_avail - return unused buffer space 85 * @port: tty port owning the flip buffer 86 * 87 * Returns: the # of bytes which can be written by the driver without reaching 88 * the buffer limit. 89 * 90 * Note: this does not guarantee that memory is available to write the returned 91 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 92 * guarantee is required). 93 */ 94 unsigned int tty_buffer_space_avail(struct tty_port *port) 95 { 96 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 97 98 return max(space, 0); 99 } 100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 101 102 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 103 { 104 p->used = 0; 105 p->size = size; 106 p->next = NULL; 107 p->commit = 0; 108 p->lookahead = 0; 109 p->read = 0; 110 p->flags = true; 111 } 112 113 /** 114 * tty_buffer_free_all - free buffers used by a tty 115 * @port: tty port to free from 116 * 117 * Remove all the buffers pending on a tty whether queued with data or in the 118 * free ring. Must be called when the tty is no longer in use. 119 */ 120 void tty_buffer_free_all(struct tty_port *port) 121 { 122 struct tty_bufhead *buf = &port->buf; 123 struct tty_buffer *p, *next; 124 struct llist_node *llist; 125 unsigned int freed = 0; 126 int still_used; 127 128 while ((p = buf->head) != NULL) { 129 buf->head = p->next; 130 freed += p->size; 131 if (p->size > 0) 132 kfree(p); 133 } 134 llist = llist_del_all(&buf->free); 135 llist_for_each_entry_safe(p, next, llist, free) 136 kfree(p); 137 138 tty_buffer_reset(&buf->sentinel, 0); 139 buf->head = &buf->sentinel; 140 buf->tail = &buf->sentinel; 141 142 still_used = atomic_xchg(&buf->mem_used, 0); 143 WARN(still_used != freed, "we still have not freed %d bytes!", 144 still_used - freed); 145 } 146 147 /** 148 * tty_buffer_alloc - allocate a tty buffer 149 * @port: tty port 150 * @size: desired size (characters) 151 * 152 * Allocate a new tty buffer to hold the desired number of characters. We 153 * round our buffers off in 256 character chunks to get better allocation 154 * behaviour. 155 * 156 * Returns: %NULL if out of memory or the allocation would exceed the per 157 * device queue. 158 */ 159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 160 { 161 struct llist_node *free; 162 struct tty_buffer *p; 163 164 /* Round the buffer size out */ 165 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 166 167 if (size <= MIN_TTYB_SIZE) { 168 free = llist_del_first(&port->buf.free); 169 if (free) { 170 p = llist_entry(free, struct tty_buffer, free); 171 goto found; 172 } 173 } 174 175 /* Should possibly check if this fails for the largest buffer we 176 * have queued and recycle that ? 177 */ 178 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 179 return NULL; 180 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, 181 GFP_ATOMIC | __GFP_NOWARN); 182 if (p == NULL) 183 return NULL; 184 185 found: 186 tty_buffer_reset(p, size); 187 atomic_add(size, &port->buf.mem_used); 188 return p; 189 } 190 191 /** 192 * tty_buffer_free - free a tty buffer 193 * @port: tty port owning the buffer 194 * @b: the buffer to free 195 * 196 * Free a tty buffer, or add it to the free list according to our internal 197 * strategy. 198 */ 199 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 200 { 201 struct tty_bufhead *buf = &port->buf; 202 203 /* Dumb strategy for now - should keep some stats */ 204 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 205 206 if (b->size > MIN_TTYB_SIZE) 207 kfree(b); 208 else if (b->size > 0) 209 llist_add(&b->free, &buf->free); 210 } 211 212 /** 213 * tty_buffer_flush - flush full tty buffers 214 * @tty: tty to flush 215 * @ld: optional ldisc ptr (must be referenced) 216 * 217 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 218 * ldisc input buffer. 219 * 220 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 221 */ 222 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 223 { 224 struct tty_port *port = tty->port; 225 struct tty_bufhead *buf = &port->buf; 226 struct tty_buffer *next; 227 228 atomic_inc(&buf->priority); 229 230 mutex_lock(&buf->lock); 231 /* paired w/ release in __tty_buffer_request_room; ensures there are 232 * no pending memory accesses to the freed buffer 233 */ 234 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 235 tty_buffer_free(port, buf->head); 236 buf->head = next; 237 } 238 buf->head->read = buf->head->commit; 239 buf->head->lookahead = buf->head->read; 240 241 if (ld && ld->ops->flush_buffer) 242 ld->ops->flush_buffer(tty); 243 244 atomic_dec(&buf->priority); 245 mutex_unlock(&buf->lock); 246 } 247 248 /** 249 * __tty_buffer_request_room - grow tty buffer if needed 250 * @port: tty port 251 * @size: size desired 252 * @flags: buffer has to store flags along character data 253 * 254 * Make at least @size bytes of linear space available for the tty buffer. 255 * 256 * Will change over to a new buffer if the current buffer is encoded as 257 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 258 * buffer. 259 * 260 * Returns: the size we managed to find. 261 */ 262 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 263 bool flags) 264 { 265 struct tty_bufhead *buf = &port->buf; 266 struct tty_buffer *b, *n; 267 int left, change; 268 269 b = buf->tail; 270 if (!b->flags) 271 left = 2 * b->size - b->used; 272 else 273 left = b->size - b->used; 274 275 change = !b->flags && flags; 276 if (change || left < size) { 277 /* This is the slow path - looking for new buffers to use */ 278 n = tty_buffer_alloc(port, size); 279 if (n != NULL) { 280 n->flags = flags; 281 buf->tail = n; 282 /* 283 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 284 * ensures they see all buffer data. 285 */ 286 smp_store_release(&b->commit, b->used); 287 /* 288 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 289 * ensures the latest commit value can be read before the head 290 * is advanced to the next buffer. 291 */ 292 smp_store_release(&b->next, n); 293 } else if (change) 294 size = 0; 295 else 296 size = left; 297 } 298 return size; 299 } 300 301 int tty_buffer_request_room(struct tty_port *port, size_t size) 302 { 303 return __tty_buffer_request_room(port, size, true); 304 } 305 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 306 307 /** 308 * tty_insert_flip_string_fixed_flag - add characters to the tty buffer 309 * @port: tty port 310 * @chars: characters 311 * @flag: flag value for each character 312 * @size: size 313 * 314 * Queue a series of bytes to the tty buffering. All the characters passed are 315 * marked with the supplied flag. 316 * 317 * Returns: the number added. 318 */ 319 int tty_insert_flip_string_fixed_flag(struct tty_port *port, const u8 *chars, 320 u8 flag, size_t size) 321 { 322 int copied = 0; 323 bool flags = flag != TTY_NORMAL; 324 325 do { 326 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 327 int space = __tty_buffer_request_room(port, goal, flags); 328 struct tty_buffer *tb = port->buf.tail; 329 330 if (unlikely(space == 0)) 331 break; 332 memcpy(char_buf_ptr(tb, tb->used), chars, space); 333 if (tb->flags) 334 memset(flag_buf_ptr(tb, tb->used), flag, space); 335 tb->used += space; 336 copied += space; 337 chars += space; 338 /* There is a small chance that we need to split the data over 339 * several buffers. If this is the case we must loop. 340 */ 341 } while (unlikely(size > copied)); 342 return copied; 343 } 344 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 345 346 /** 347 * tty_insert_flip_string_flags - add characters to the tty buffer 348 * @port: tty port 349 * @chars: characters 350 * @flags: flag bytes 351 * @size: size 352 * 353 * Queue a series of bytes to the tty buffering. For each character the flags 354 * array indicates the status of the character. 355 * 356 * Returns: the number added. 357 */ 358 int tty_insert_flip_string_flags(struct tty_port *port, const u8 *chars, 359 const u8 *flags, size_t size) 360 { 361 int copied = 0; 362 363 do { 364 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 365 int space = tty_buffer_request_room(port, goal); 366 struct tty_buffer *tb = port->buf.tail; 367 368 if (unlikely(space == 0)) 369 break; 370 memcpy(char_buf_ptr(tb, tb->used), chars, space); 371 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 372 tb->used += space; 373 copied += space; 374 chars += space; 375 flags += space; 376 /* There is a small chance that we need to split the data over 377 * several buffers. If this is the case we must loop. 378 */ 379 } while (unlikely(size > copied)); 380 return copied; 381 } 382 EXPORT_SYMBOL(tty_insert_flip_string_flags); 383 384 /** 385 * __tty_insert_flip_char - add one character to the tty buffer 386 * @port: tty port 387 * @ch: character 388 * @flag: flag byte 389 * 390 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 391 * the slow path of tty_insert_flip_char(). 392 */ 393 int __tty_insert_flip_char(struct tty_port *port, u8 ch, u8 flag) 394 { 395 struct tty_buffer *tb; 396 bool flags = flag != TTY_NORMAL; 397 398 if (!__tty_buffer_request_room(port, 1, flags)) 399 return 0; 400 401 tb = port->buf.tail; 402 if (tb->flags) 403 *flag_buf_ptr(tb, tb->used) = flag; 404 *char_buf_ptr(tb, tb->used++) = ch; 405 406 return 1; 407 } 408 EXPORT_SYMBOL(__tty_insert_flip_char); 409 410 /** 411 * tty_prepare_flip_string - make room for characters 412 * @port: tty port 413 * @chars: return pointer for character write area 414 * @size: desired size 415 * 416 * Prepare a block of space in the buffer for data. 417 * 418 * This is used for drivers that need their own block copy routines into the 419 * buffer. There is no guarantee the buffer is a DMA target! 420 * 421 * Returns: the length available and buffer pointer (@chars) to the space which 422 * is now allocated and accounted for as ready for normal characters. 423 */ 424 int tty_prepare_flip_string(struct tty_port *port, u8 **chars, size_t size) 425 { 426 int space = __tty_buffer_request_room(port, size, false); 427 428 if (likely(space)) { 429 struct tty_buffer *tb = port->buf.tail; 430 431 *chars = char_buf_ptr(tb, tb->used); 432 if (tb->flags) 433 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 434 tb->used += space; 435 } 436 return space; 437 } 438 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 439 440 /** 441 * tty_ldisc_receive_buf - forward data to line discipline 442 * @ld: line discipline to process input 443 * @p: char buffer 444 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 445 * @count: number of bytes to process 446 * 447 * Callers other than flush_to_ldisc() need to exclude the kworker from 448 * concurrent use of the line discipline, see paste_selection(). 449 * 450 * Returns: the number of bytes processed. 451 */ 452 size_t tty_ldisc_receive_buf(struct tty_ldisc *ld, const u8 *p, const u8 *f, 453 size_t count) 454 { 455 if (ld->ops->receive_buf2) 456 count = ld->ops->receive_buf2(ld->tty, p, f, count); 457 else { 458 count = min_t(size_t, count, ld->tty->receive_room); 459 if (count && ld->ops->receive_buf) 460 ld->ops->receive_buf(ld->tty, p, f, count); 461 } 462 return count; 463 } 464 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 465 466 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head) 467 { 468 head->lookahead = max(head->lookahead, head->read); 469 470 while (head) { 471 struct tty_buffer *next; 472 unsigned int count; 473 474 /* 475 * Paired w/ release in __tty_buffer_request_room(); 476 * ensures commit value read is not stale if the head 477 * is advancing to the next buffer. 478 */ 479 next = smp_load_acquire(&head->next); 480 /* 481 * Paired w/ release in __tty_buffer_request_room() or in 482 * tty_buffer_flush(); ensures we see the committed buffer data. 483 */ 484 count = smp_load_acquire(&head->commit) - head->lookahead; 485 if (!count) { 486 head = next; 487 continue; 488 } 489 490 if (port->client_ops->lookahead_buf) { 491 u8 *p, *f = NULL; 492 493 p = char_buf_ptr(head, head->lookahead); 494 if (head->flags) 495 f = flag_buf_ptr(head, head->lookahead); 496 497 port->client_ops->lookahead_buf(port, p, f, count); 498 } 499 500 head->lookahead += count; 501 } 502 } 503 504 static size_t 505 receive_buf(struct tty_port *port, struct tty_buffer *head, size_t count) 506 { 507 u8 *p = char_buf_ptr(head, head->read); 508 const u8 *f = NULL; 509 size_t n; 510 511 if (head->flags) 512 f = flag_buf_ptr(head, head->read); 513 514 n = port->client_ops->receive_buf(port, p, f, count); 515 if (n > 0) 516 memset(p, 0, n); 517 return n; 518 } 519 520 /** 521 * flush_to_ldisc - flush data from buffer to ldisc 522 * @work: tty structure passed from work queue. 523 * 524 * This routine is called out of the software interrupt to flush data from the 525 * buffer chain to the line discipline. 526 * 527 * The receive_buf() method is single threaded for each tty instance. 528 * 529 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 530 */ 531 static void flush_to_ldisc(struct work_struct *work) 532 { 533 struct tty_port *port = container_of(work, struct tty_port, buf.work); 534 struct tty_bufhead *buf = &port->buf; 535 536 mutex_lock(&buf->lock); 537 538 while (1) { 539 struct tty_buffer *head = buf->head; 540 struct tty_buffer *next; 541 size_t count, rcvd; 542 543 /* Ldisc or user is trying to gain exclusive access */ 544 if (atomic_read(&buf->priority)) 545 break; 546 547 /* paired w/ release in __tty_buffer_request_room(); 548 * ensures commit value read is not stale if the head 549 * is advancing to the next buffer 550 */ 551 next = smp_load_acquire(&head->next); 552 /* paired w/ release in __tty_buffer_request_room() or in 553 * tty_buffer_flush(); ensures we see the committed buffer data 554 */ 555 count = smp_load_acquire(&head->commit) - head->read; 556 if (!count) { 557 if (next == NULL) 558 break; 559 buf->head = next; 560 tty_buffer_free(port, head); 561 continue; 562 } 563 564 rcvd = receive_buf(port, head, count); 565 head->read += rcvd; 566 if (rcvd < count) 567 lookahead_bufs(port, head); 568 if (!rcvd) 569 break; 570 571 if (need_resched()) 572 cond_resched(); 573 } 574 575 mutex_unlock(&buf->lock); 576 577 } 578 579 static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 580 { 581 /* 582 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 583 * buffer data. 584 */ 585 smp_store_release(&tail->commit, tail->used); 586 } 587 588 /** 589 * tty_flip_buffer_push - push terminal buffers 590 * @port: tty port to push 591 * 592 * Queue a push of the terminal flip buffers to the line discipline. Can be 593 * called from IRQ/atomic context. 594 * 595 * In the event of the queue being busy for flipping the work will be held off 596 * and retried later. 597 */ 598 void tty_flip_buffer_push(struct tty_port *port) 599 { 600 struct tty_bufhead *buf = &port->buf; 601 602 tty_flip_buffer_commit(buf->tail); 603 queue_work(system_unbound_wq, &buf->work); 604 } 605 EXPORT_SYMBOL(tty_flip_buffer_push); 606 607 /** 608 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 609 * push 610 * @port: tty port 611 * @chars: characters 612 * @size: size 613 * 614 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 615 * with the exception of properly holding the @port->lock. 616 * 617 * To be used only internally (by pty currently). 618 * 619 * Returns: the number added. 620 */ 621 int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 622 const u8 *chars, size_t size) 623 { 624 struct tty_bufhead *buf = &port->buf; 625 unsigned long flags; 626 627 spin_lock_irqsave(&port->lock, flags); 628 size = tty_insert_flip_string(port, chars, size); 629 if (size) 630 tty_flip_buffer_commit(buf->tail); 631 spin_unlock_irqrestore(&port->lock, flags); 632 633 queue_work(system_unbound_wq, &buf->work); 634 635 return size; 636 } 637 638 /** 639 * tty_buffer_init - prepare a tty buffer structure 640 * @port: tty port to initialise 641 * 642 * Set up the initial state of the buffer management for a tty device. Must be 643 * called before the other tty buffer functions are used. 644 */ 645 void tty_buffer_init(struct tty_port *port) 646 { 647 struct tty_bufhead *buf = &port->buf; 648 649 mutex_init(&buf->lock); 650 tty_buffer_reset(&buf->sentinel, 0); 651 buf->head = &buf->sentinel; 652 buf->tail = &buf->sentinel; 653 init_llist_head(&buf->free); 654 atomic_set(&buf->mem_used, 0); 655 atomic_set(&buf->priority, 0); 656 INIT_WORK(&buf->work, flush_to_ldisc); 657 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 658 } 659 660 /** 661 * tty_buffer_set_limit - change the tty buffer memory limit 662 * @port: tty port to change 663 * @limit: memory limit to set 664 * 665 * Change the tty buffer memory limit. 666 * 667 * Must be called before the other tty buffer functions are used. 668 */ 669 int tty_buffer_set_limit(struct tty_port *port, int limit) 670 { 671 if (limit < MIN_TTYB_SIZE) 672 return -EINVAL; 673 port->buf.mem_limit = limit; 674 return 0; 675 } 676 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 677 678 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 679 void tty_buffer_set_lock_subclass(struct tty_port *port) 680 { 681 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 682 } 683 684 bool tty_buffer_restart_work(struct tty_port *port) 685 { 686 return queue_work(system_unbound_wq, &port->buf.work); 687 } 688 689 bool tty_buffer_cancel_work(struct tty_port *port) 690 { 691 return cancel_work_sync(&port->buf.work); 692 } 693 694 void tty_buffer_flush_work(struct tty_port *port) 695 { 696 flush_work(&port->buf.work); 697 } 698