1 /* 2 * Tty buffer allocation management 3 */ 4 5 #include <linux/types.h> 6 #include <linux/errno.h> 7 #include <linux/tty.h> 8 #include <linux/tty_driver.h> 9 #include <linux/tty_flip.h> 10 #include <linux/timer.h> 11 #include <linux/string.h> 12 #include <linux/slab.h> 13 #include <linux/sched.h> 14 #include <linux/wait.h> 15 #include <linux/bitops.h> 16 #include <linux/delay.h> 17 #include <linux/module.h> 18 #include <linux/ratelimit.h> 19 20 21 #define MIN_TTYB_SIZE 256 22 #define TTYB_ALIGN_MASK 255 23 24 /* 25 * Byte threshold to limit memory consumption for flip buffers. 26 * The actual memory limit is > 2x this amount. 27 */ 28 #define TTYB_DEFAULT_MEM_LIMIT 65536 29 30 /* 31 * We default to dicing tty buffer allocations to this many characters 32 * in order to avoid multiple page allocations. We know the size of 33 * tty_buffer itself but it must also be taken into account that the 34 * the buffer is 256 byte aligned. See tty_buffer_find for the allocation 35 * logic this must match 36 */ 37 38 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) 39 40 /* 41 * If all tty flip buffers have been processed by flush_to_ldisc() or 42 * dropped by tty_buffer_flush(), check if the linked pty has been closed. 43 * If so, wake the reader/poll to process 44 */ 45 static inline void check_other_closed(struct tty_struct *tty) 46 { 47 unsigned long flags, old; 48 49 /* transition from TTY_OTHER_CLOSED => TTY_OTHER_DONE must be atomic */ 50 for (flags = ACCESS_ONCE(tty->flags); 51 test_bit(TTY_OTHER_CLOSED, &flags); 52 ) { 53 old = flags; 54 __set_bit(TTY_OTHER_DONE, &flags); 55 flags = cmpxchg(&tty->flags, old, flags); 56 if (old == flags) { 57 wake_up_interruptible(&tty->read_wait); 58 break; 59 } 60 } 61 } 62 63 /** 64 * tty_buffer_lock_exclusive - gain exclusive access to buffer 65 * tty_buffer_unlock_exclusive - release exclusive access 66 * 67 * @port - tty_port owning the flip buffer 68 * 69 * Guarantees safe use of the line discipline's receive_buf() method by 70 * excluding the buffer work and any pending flush from using the flip 71 * buffer. Data can continue to be added concurrently to the flip buffer 72 * from the driver side. 73 * 74 * On release, the buffer work is restarted if there is data in the 75 * flip buffer 76 */ 77 78 void tty_buffer_lock_exclusive(struct tty_port *port) 79 { 80 struct tty_bufhead *buf = &port->buf; 81 82 atomic_inc(&buf->priority); 83 mutex_lock(&buf->lock); 84 } 85 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 86 87 void tty_buffer_unlock_exclusive(struct tty_port *port) 88 { 89 struct tty_bufhead *buf = &port->buf; 90 int restart; 91 92 restart = buf->head->commit != buf->head->read; 93 94 atomic_dec(&buf->priority); 95 mutex_unlock(&buf->lock); 96 if (restart) 97 queue_work(system_unbound_wq, &buf->work); 98 } 99 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 100 101 /** 102 * tty_buffer_space_avail - return unused buffer space 103 * @port - tty_port owning the flip buffer 104 * 105 * Returns the # of bytes which can be written by the driver without 106 * reaching the buffer limit. 107 * 108 * Note: this does not guarantee that memory is available to write 109 * the returned # of bytes (use tty_prepare_flip_string_xxx() to 110 * pre-allocate if memory guarantee is required). 111 */ 112 113 int tty_buffer_space_avail(struct tty_port *port) 114 { 115 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 116 return max(space, 0); 117 } 118 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 119 120 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 121 { 122 p->used = 0; 123 p->size = size; 124 p->next = NULL; 125 p->commit = 0; 126 p->read = 0; 127 p->flags = 0; 128 } 129 130 /** 131 * tty_buffer_free_all - free buffers used by a tty 132 * @tty: tty to free from 133 * 134 * Remove all the buffers pending on a tty whether queued with data 135 * or in the free ring. Must be called when the tty is no longer in use 136 */ 137 138 void tty_buffer_free_all(struct tty_port *port) 139 { 140 struct tty_bufhead *buf = &port->buf; 141 struct tty_buffer *p, *next; 142 struct llist_node *llist; 143 144 while ((p = buf->head) != NULL) { 145 buf->head = p->next; 146 if (p->size > 0) 147 kfree(p); 148 } 149 llist = llist_del_all(&buf->free); 150 llist_for_each_entry_safe(p, next, llist, free) 151 kfree(p); 152 153 tty_buffer_reset(&buf->sentinel, 0); 154 buf->head = &buf->sentinel; 155 buf->tail = &buf->sentinel; 156 157 atomic_set(&buf->mem_used, 0); 158 } 159 160 /** 161 * tty_buffer_alloc - allocate a tty buffer 162 * @tty: tty device 163 * @size: desired size (characters) 164 * 165 * Allocate a new tty buffer to hold the desired number of characters. 166 * We round our buffers off in 256 character chunks to get better 167 * allocation behaviour. 168 * Return NULL if out of memory or the allocation would exceed the 169 * per device queue 170 */ 171 172 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 173 { 174 struct llist_node *free; 175 struct tty_buffer *p; 176 177 /* Round the buffer size out */ 178 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 179 180 if (size <= MIN_TTYB_SIZE) { 181 free = llist_del_first(&port->buf.free); 182 if (free) { 183 p = llist_entry(free, struct tty_buffer, free); 184 goto found; 185 } 186 } 187 188 /* Should possibly check if this fails for the largest buffer we 189 have queued and recycle that ? */ 190 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 191 return NULL; 192 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC); 193 if (p == NULL) 194 return NULL; 195 196 found: 197 tty_buffer_reset(p, size); 198 atomic_add(size, &port->buf.mem_used); 199 return p; 200 } 201 202 /** 203 * tty_buffer_free - free a tty buffer 204 * @tty: tty owning the buffer 205 * @b: the buffer to free 206 * 207 * Free a tty buffer, or add it to the free list according to our 208 * internal strategy 209 */ 210 211 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 212 { 213 struct tty_bufhead *buf = &port->buf; 214 215 /* Dumb strategy for now - should keep some stats */ 216 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 217 218 if (b->size > MIN_TTYB_SIZE) 219 kfree(b); 220 else if (b->size > 0) 221 llist_add(&b->free, &buf->free); 222 } 223 224 /** 225 * tty_buffer_flush - flush full tty buffers 226 * @tty: tty to flush 227 * @ld: optional ldisc ptr (must be referenced) 228 * 229 * flush all the buffers containing receive data. If ld != NULL, 230 * flush the ldisc input buffer. 231 * 232 * Locking: takes buffer lock to ensure single-threaded flip buffer 233 * 'consumer' 234 */ 235 236 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 237 { 238 struct tty_port *port = tty->port; 239 struct tty_bufhead *buf = &port->buf; 240 struct tty_buffer *next; 241 242 atomic_inc(&buf->priority); 243 244 mutex_lock(&buf->lock); 245 /* paired w/ release in __tty_buffer_request_room; ensures there are 246 * no pending memory accesses to the freed buffer 247 */ 248 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 249 tty_buffer_free(port, buf->head); 250 buf->head = next; 251 } 252 buf->head->read = buf->head->commit; 253 254 if (ld && ld->ops->flush_buffer) 255 ld->ops->flush_buffer(tty); 256 257 check_other_closed(tty); 258 259 atomic_dec(&buf->priority); 260 mutex_unlock(&buf->lock); 261 } 262 263 /** 264 * tty_buffer_request_room - grow tty buffer if needed 265 * @tty: tty structure 266 * @size: size desired 267 * @flags: buffer flags if new buffer allocated (default = 0) 268 * 269 * Make at least size bytes of linear space available for the tty 270 * buffer. If we fail return the size we managed to find. 271 * 272 * Will change over to a new buffer if the current buffer is encoded as 273 * TTY_NORMAL (so has no flags buffer) and the new buffer requires 274 * a flags buffer. 275 */ 276 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 277 int flags) 278 { 279 struct tty_bufhead *buf = &port->buf; 280 struct tty_buffer *b, *n; 281 int left, change; 282 283 b = buf->tail; 284 if (b->flags & TTYB_NORMAL) 285 left = 2 * b->size - b->used; 286 else 287 left = b->size - b->used; 288 289 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL); 290 if (change || left < size) { 291 /* This is the slow path - looking for new buffers to use */ 292 n = tty_buffer_alloc(port, size); 293 if (n != NULL) { 294 n->flags = flags; 295 buf->tail = n; 296 /* paired w/ acquire in flush_to_ldisc(); ensures 297 * flush_to_ldisc() sees buffer data. 298 */ 299 smp_store_release(&b->commit, b->used); 300 /* paired w/ acquire in flush_to_ldisc(); ensures the 301 * latest commit value can be read before the head is 302 * advanced to the next buffer 303 */ 304 smp_store_release(&b->next, n); 305 } else if (change) 306 size = 0; 307 else 308 size = left; 309 } 310 return size; 311 } 312 313 int tty_buffer_request_room(struct tty_port *port, size_t size) 314 { 315 return __tty_buffer_request_room(port, size, 0); 316 } 317 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 318 319 /** 320 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer 321 * @port: tty port 322 * @chars: characters 323 * @flag: flag value for each character 324 * @size: size 325 * 326 * Queue a series of bytes to the tty buffering. All the characters 327 * passed are marked with the supplied flag. Returns the number added. 328 */ 329 330 int tty_insert_flip_string_fixed_flag(struct tty_port *port, 331 const unsigned char *chars, char flag, size_t size) 332 { 333 int copied = 0; 334 do { 335 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 336 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 337 int space = __tty_buffer_request_room(port, goal, flags); 338 struct tty_buffer *tb = port->buf.tail; 339 if (unlikely(space == 0)) 340 break; 341 memcpy(char_buf_ptr(tb, tb->used), chars, space); 342 if (~tb->flags & TTYB_NORMAL) 343 memset(flag_buf_ptr(tb, tb->used), flag, space); 344 tb->used += space; 345 copied += space; 346 chars += space; 347 /* There is a small chance that we need to split the data over 348 several buffers. If this is the case we must loop */ 349 } while (unlikely(size > copied)); 350 return copied; 351 } 352 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 353 354 /** 355 * tty_insert_flip_string_flags - Add characters to the tty buffer 356 * @port: tty port 357 * @chars: characters 358 * @flags: flag bytes 359 * @size: size 360 * 361 * Queue a series of bytes to the tty buffering. For each character 362 * the flags array indicates the status of the character. Returns the 363 * number added. 364 */ 365 366 int tty_insert_flip_string_flags(struct tty_port *port, 367 const unsigned char *chars, const char *flags, size_t size) 368 { 369 int copied = 0; 370 do { 371 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 372 int space = tty_buffer_request_room(port, goal); 373 struct tty_buffer *tb = port->buf.tail; 374 if (unlikely(space == 0)) 375 break; 376 memcpy(char_buf_ptr(tb, tb->used), chars, space); 377 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 378 tb->used += space; 379 copied += space; 380 chars += space; 381 flags += space; 382 /* There is a small chance that we need to split the data over 383 several buffers. If this is the case we must loop */ 384 } while (unlikely(size > copied)); 385 return copied; 386 } 387 EXPORT_SYMBOL(tty_insert_flip_string_flags); 388 389 /** 390 * tty_schedule_flip - push characters to ldisc 391 * @port: tty port to push from 392 * 393 * Takes any pending buffers and transfers their ownership to the 394 * ldisc side of the queue. It then schedules those characters for 395 * processing by the line discipline. 396 */ 397 398 void tty_schedule_flip(struct tty_port *port) 399 { 400 struct tty_bufhead *buf = &port->buf; 401 402 /* paired w/ acquire in flush_to_ldisc(); ensures 403 * flush_to_ldisc() sees buffer data. 404 */ 405 smp_store_release(&buf->tail->commit, buf->tail->used); 406 queue_work(system_unbound_wq, &buf->work); 407 } 408 EXPORT_SYMBOL(tty_schedule_flip); 409 410 /** 411 * tty_prepare_flip_string - make room for characters 412 * @port: tty port 413 * @chars: return pointer for character write area 414 * @size: desired size 415 * 416 * Prepare a block of space in the buffer for data. Returns the length 417 * available and buffer pointer to the space which is now allocated and 418 * accounted for as ready for normal characters. This is used for drivers 419 * that need their own block copy routines into the buffer. There is no 420 * guarantee the buffer is a DMA target! 421 */ 422 423 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars, 424 size_t size) 425 { 426 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL); 427 if (likely(space)) { 428 struct tty_buffer *tb = port->buf.tail; 429 *chars = char_buf_ptr(tb, tb->used); 430 if (~tb->flags & TTYB_NORMAL) 431 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 432 tb->used += space; 433 } 434 return space; 435 } 436 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 437 438 439 static int 440 receive_buf(struct tty_struct *tty, struct tty_buffer *head, int count) 441 { 442 struct tty_ldisc *disc = tty->ldisc; 443 unsigned char *p = char_buf_ptr(head, head->read); 444 char *f = NULL; 445 446 if (~head->flags & TTYB_NORMAL) 447 f = flag_buf_ptr(head, head->read); 448 449 if (disc->ops->receive_buf2) 450 count = disc->ops->receive_buf2(tty, p, f, count); 451 else { 452 count = min_t(int, count, tty->receive_room); 453 if (count) 454 disc->ops->receive_buf(tty, p, f, count); 455 } 456 return count; 457 } 458 459 /** 460 * flush_to_ldisc 461 * @work: tty structure passed from work queue. 462 * 463 * This routine is called out of the software interrupt to flush data 464 * from the buffer chain to the line discipline. 465 * 466 * The receive_buf method is single threaded for each tty instance. 467 * 468 * Locking: takes buffer lock to ensure single-threaded flip buffer 469 * 'consumer' 470 */ 471 472 static void flush_to_ldisc(struct work_struct *work) 473 { 474 struct tty_port *port = container_of(work, struct tty_port, buf.work); 475 struct tty_bufhead *buf = &port->buf; 476 struct tty_struct *tty; 477 struct tty_ldisc *disc; 478 479 tty = READ_ONCE(port->itty); 480 if (tty == NULL) 481 return; 482 483 disc = tty_ldisc_ref(tty); 484 if (disc == NULL) 485 return; 486 487 mutex_lock(&buf->lock); 488 489 while (1) { 490 struct tty_buffer *head = buf->head; 491 struct tty_buffer *next; 492 int count; 493 494 /* Ldisc or user is trying to gain exclusive access */ 495 if (atomic_read(&buf->priority)) 496 break; 497 498 /* paired w/ release in __tty_buffer_request_room(); 499 * ensures commit value read is not stale if the head 500 * is advancing to the next buffer 501 */ 502 next = smp_load_acquire(&head->next); 503 /* paired w/ release in __tty_buffer_request_room() or in 504 * tty_buffer_flush(); ensures we see the committed buffer data 505 */ 506 count = smp_load_acquire(&head->commit) - head->read; 507 if (!count) { 508 if (next == NULL) { 509 check_other_closed(tty); 510 break; 511 } 512 buf->head = next; 513 tty_buffer_free(port, head); 514 continue; 515 } 516 517 count = receive_buf(tty, head, count); 518 if (!count) 519 break; 520 head->read += count; 521 } 522 523 mutex_unlock(&buf->lock); 524 525 tty_ldisc_deref(disc); 526 } 527 528 /** 529 * tty_flip_buffer_push - terminal 530 * @port: tty port to push 531 * 532 * Queue a push of the terminal flip buffers to the line discipline. 533 * Can be called from IRQ/atomic context. 534 * 535 * In the event of the queue being busy for flipping the work will be 536 * held off and retried later. 537 */ 538 539 void tty_flip_buffer_push(struct tty_port *port) 540 { 541 tty_schedule_flip(port); 542 } 543 EXPORT_SYMBOL(tty_flip_buffer_push); 544 545 /** 546 * tty_buffer_init - prepare a tty buffer structure 547 * @tty: tty to initialise 548 * 549 * Set up the initial state of the buffer management for a tty device. 550 * Must be called before the other tty buffer functions are used. 551 */ 552 553 void tty_buffer_init(struct tty_port *port) 554 { 555 struct tty_bufhead *buf = &port->buf; 556 557 mutex_init(&buf->lock); 558 tty_buffer_reset(&buf->sentinel, 0); 559 buf->head = &buf->sentinel; 560 buf->tail = &buf->sentinel; 561 init_llist_head(&buf->free); 562 atomic_set(&buf->mem_used, 0); 563 atomic_set(&buf->priority, 0); 564 INIT_WORK(&buf->work, flush_to_ldisc); 565 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 566 } 567 568 /** 569 * tty_buffer_set_limit - change the tty buffer memory limit 570 * @port: tty port to change 571 * 572 * Change the tty buffer memory limit. 573 * Must be called before the other tty buffer functions are used. 574 */ 575 576 int tty_buffer_set_limit(struct tty_port *port, int limit) 577 { 578 if (limit < MIN_TTYB_SIZE) 579 return -EINVAL; 580 port->buf.mem_limit = limit; 581 return 0; 582 } 583 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 584 585 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 586 void tty_buffer_set_lock_subclass(struct tty_port *port) 587 { 588 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 589 } 590 591 bool tty_buffer_restart_work(struct tty_port *port) 592 { 593 return queue_work(system_unbound_wq, &port->buf.work); 594 } 595 596 bool tty_buffer_cancel_work(struct tty_port *port) 597 { 598 return cancel_work_sync(&port->buf.work); 599 } 600