1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/minmax.h> 9 #include <linux/tty.h> 10 #include <linux/tty_driver.h> 11 #include <linux/tty_flip.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/slab.h> 15 #include <linux/sched.h> 16 #include <linux/wait.h> 17 #include <linux/bitops.h> 18 #include <linux/delay.h> 19 #include <linux/module.h> 20 #include <linux/ratelimit.h> 21 #include "tty.h" 22 23 #define MIN_TTYB_SIZE 256 24 #define TTYB_ALIGN_MASK 0xff 25 26 /* 27 * Byte threshold to limit memory consumption for flip buffers. 28 * The actual memory limit is > 2x this amount. 29 */ 30 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 31 32 /* 33 * We default to dicing tty buffer allocations to this many characters 34 * in order to avoid multiple page allocations. We know the size of 35 * tty_buffer itself but it must also be taken into account that the 36 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 37 * logic this must match. 38 */ 39 40 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~TTYB_ALIGN_MASK) 41 42 /** 43 * tty_buffer_lock_exclusive - gain exclusive access to buffer 44 * @port: tty port owning the flip buffer 45 * 46 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 47 * the buffer work and any pending flush from using the flip buffer. Data can 48 * continue to be added concurrently to the flip buffer from the driver side. 49 * 50 * See also tty_buffer_unlock_exclusive(). 51 */ 52 void tty_buffer_lock_exclusive(struct tty_port *port) 53 { 54 struct tty_bufhead *buf = &port->buf; 55 56 atomic_inc(&buf->priority); 57 mutex_lock(&buf->lock); 58 } 59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 60 61 /** 62 * tty_buffer_unlock_exclusive - release exclusive access 63 * @port: tty port owning the flip buffer 64 * 65 * The buffer work is restarted if there is data in the flip buffer. 66 * 67 * See also tty_buffer_lock_exclusive(). 68 */ 69 void tty_buffer_unlock_exclusive(struct tty_port *port) 70 { 71 struct tty_bufhead *buf = &port->buf; 72 int restart; 73 74 restart = buf->head->commit != buf->head->read; 75 76 atomic_dec(&buf->priority); 77 mutex_unlock(&buf->lock); 78 if (restart) 79 queue_work(system_unbound_wq, &buf->work); 80 } 81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 82 83 /** 84 * tty_buffer_space_avail - return unused buffer space 85 * @port: tty port owning the flip buffer 86 * 87 * Returns: the # of bytes which can be written by the driver without reaching 88 * the buffer limit. 89 * 90 * Note: this does not guarantee that memory is available to write the returned 91 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 92 * guarantee is required). 93 */ 94 unsigned int tty_buffer_space_avail(struct tty_port *port) 95 { 96 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 97 98 return max(space, 0); 99 } 100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 101 102 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 103 { 104 p->used = 0; 105 p->size = size; 106 p->next = NULL; 107 p->commit = 0; 108 p->lookahead = 0; 109 p->read = 0; 110 p->flags = true; 111 } 112 113 /** 114 * tty_buffer_free_all - free buffers used by a tty 115 * @port: tty port to free from 116 * 117 * Remove all the buffers pending on a tty whether queued with data or in the 118 * free ring. Must be called when the tty is no longer in use. 119 */ 120 void tty_buffer_free_all(struct tty_port *port) 121 { 122 struct tty_bufhead *buf = &port->buf; 123 struct tty_buffer *p, *next; 124 struct llist_node *llist; 125 unsigned int freed = 0; 126 int still_used; 127 128 while ((p = buf->head) != NULL) { 129 buf->head = p->next; 130 freed += p->size; 131 if (p->size > 0) 132 kfree(p); 133 } 134 llist = llist_del_all(&buf->free); 135 llist_for_each_entry_safe(p, next, llist, free) 136 kfree(p); 137 138 tty_buffer_reset(&buf->sentinel, 0); 139 buf->head = &buf->sentinel; 140 buf->tail = &buf->sentinel; 141 142 still_used = atomic_xchg(&buf->mem_used, 0); 143 WARN(still_used != freed, "we still have not freed %d bytes!", 144 still_used - freed); 145 } 146 147 /** 148 * tty_buffer_alloc - allocate a tty buffer 149 * @port: tty port 150 * @size: desired size (characters) 151 * 152 * Allocate a new tty buffer to hold the desired number of characters. We 153 * round our buffers off in 256 character chunks to get better allocation 154 * behaviour. 155 * 156 * Returns: %NULL if out of memory or the allocation would exceed the per 157 * device queue. 158 */ 159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 160 { 161 struct llist_node *free; 162 struct tty_buffer *p; 163 164 /* Round the buffer size out */ 165 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 166 167 if (size <= MIN_TTYB_SIZE) { 168 free = llist_del_first(&port->buf.free); 169 if (free) { 170 p = llist_entry(free, struct tty_buffer, free); 171 goto found; 172 } 173 } 174 175 /* Should possibly check if this fails for the largest buffer we 176 * have queued and recycle that ? 177 */ 178 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 179 return NULL; 180 p = kmalloc(struct_size(p, data, 2 * size), GFP_ATOMIC | __GFP_NOWARN); 181 if (p == NULL) 182 return NULL; 183 184 found: 185 tty_buffer_reset(p, size); 186 atomic_add(size, &port->buf.mem_used); 187 return p; 188 } 189 190 /** 191 * tty_buffer_free - free a tty buffer 192 * @port: tty port owning the buffer 193 * @b: the buffer to free 194 * 195 * Free a tty buffer, or add it to the free list according to our internal 196 * strategy. 197 */ 198 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 199 { 200 struct tty_bufhead *buf = &port->buf; 201 202 /* Dumb strategy for now - should keep some stats */ 203 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 204 205 if (b->size > MIN_TTYB_SIZE) 206 kfree(b); 207 else if (b->size > 0) 208 llist_add(&b->free, &buf->free); 209 } 210 211 /** 212 * tty_buffer_flush - flush full tty buffers 213 * @tty: tty to flush 214 * @ld: optional ldisc ptr (must be referenced) 215 * 216 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 217 * ldisc input buffer. 218 * 219 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 220 */ 221 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 222 { 223 struct tty_port *port = tty->port; 224 struct tty_bufhead *buf = &port->buf; 225 struct tty_buffer *next; 226 227 atomic_inc(&buf->priority); 228 229 mutex_lock(&buf->lock); 230 /* paired w/ release in __tty_buffer_request_room; ensures there are 231 * no pending memory accesses to the freed buffer 232 */ 233 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 234 tty_buffer_free(port, buf->head); 235 buf->head = next; 236 } 237 buf->head->read = buf->head->commit; 238 buf->head->lookahead = buf->head->read; 239 240 if (ld && ld->ops->flush_buffer) 241 ld->ops->flush_buffer(tty); 242 243 atomic_dec(&buf->priority); 244 mutex_unlock(&buf->lock); 245 } 246 247 /** 248 * __tty_buffer_request_room - grow tty buffer if needed 249 * @port: tty port 250 * @size: size desired 251 * @flags: buffer has to store flags along character data 252 * 253 * Make at least @size bytes of linear space available for the tty buffer. 254 * 255 * Will change over to a new buffer if the current buffer is encoded as 256 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 257 * buffer. 258 * 259 * Returns: the size we managed to find. 260 */ 261 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 262 bool flags) 263 { 264 struct tty_bufhead *buf = &port->buf; 265 struct tty_buffer *b, *n; 266 int left, change; 267 268 b = buf->tail; 269 if (!b->flags) 270 left = 2 * b->size - b->used; 271 else 272 left = b->size - b->used; 273 274 change = !b->flags && flags; 275 if (change || left < size) { 276 /* This is the slow path - looking for new buffers to use */ 277 n = tty_buffer_alloc(port, size); 278 if (n != NULL) { 279 n->flags = flags; 280 buf->tail = n; 281 /* 282 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 283 * ensures they see all buffer data. 284 */ 285 smp_store_release(&b->commit, b->used); 286 /* 287 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 288 * ensures the latest commit value can be read before the head 289 * is advanced to the next buffer. 290 */ 291 smp_store_release(&b->next, n); 292 } else if (change) 293 size = 0; 294 else 295 size = left; 296 } 297 return size; 298 } 299 300 int tty_buffer_request_room(struct tty_port *port, size_t size) 301 { 302 return __tty_buffer_request_room(port, size, true); 303 } 304 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 305 306 int __tty_insert_flip_string_flags(struct tty_port *port, const u8 *chars, 307 const u8 *flags, bool mutable_flags, 308 size_t size) 309 { 310 bool need_flags = mutable_flags || flags[0] != TTY_NORMAL; 311 int copied = 0; 312 313 do { 314 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 315 int space = __tty_buffer_request_room(port, goal, need_flags); 316 struct tty_buffer *tb = port->buf.tail; 317 318 if (unlikely(space == 0)) 319 break; 320 321 memcpy(char_buf_ptr(tb, tb->used), chars, space); 322 323 if (mutable_flags) { 324 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 325 flags += space; 326 } else if (tb->flags) { 327 memset(flag_buf_ptr(tb, tb->used), flags[0], space); 328 } 329 330 tb->used += space; 331 copied += space; 332 chars += space; 333 334 /* There is a small chance that we need to split the data over 335 * several buffers. If this is the case we must loop. 336 */ 337 } while (unlikely(size > copied)); 338 339 return copied; 340 } 341 EXPORT_SYMBOL(__tty_insert_flip_string_flags); 342 343 /** 344 * __tty_insert_flip_char - add one character to the tty buffer 345 * @port: tty port 346 * @ch: character 347 * @flag: flag byte 348 * 349 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 350 * the slow path of tty_insert_flip_char(). 351 */ 352 int __tty_insert_flip_char(struct tty_port *port, u8 ch, u8 flag) 353 { 354 struct tty_buffer *tb; 355 bool flags = flag != TTY_NORMAL; 356 357 if (!__tty_buffer_request_room(port, 1, flags)) 358 return 0; 359 360 tb = port->buf.tail; 361 if (tb->flags) 362 *flag_buf_ptr(tb, tb->used) = flag; 363 *char_buf_ptr(tb, tb->used++) = ch; 364 365 return 1; 366 } 367 EXPORT_SYMBOL(__tty_insert_flip_char); 368 369 /** 370 * tty_prepare_flip_string - make room for characters 371 * @port: tty port 372 * @chars: return pointer for character write area 373 * @size: desired size 374 * 375 * Prepare a block of space in the buffer for data. 376 * 377 * This is used for drivers that need their own block copy routines into the 378 * buffer. There is no guarantee the buffer is a DMA target! 379 * 380 * Returns: the length available and buffer pointer (@chars) to the space which 381 * is now allocated and accounted for as ready for normal characters. 382 */ 383 int tty_prepare_flip_string(struct tty_port *port, u8 **chars, size_t size) 384 { 385 int space = __tty_buffer_request_room(port, size, false); 386 387 if (likely(space)) { 388 struct tty_buffer *tb = port->buf.tail; 389 390 *chars = char_buf_ptr(tb, tb->used); 391 if (tb->flags) 392 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 393 tb->used += space; 394 } 395 return space; 396 } 397 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 398 399 /** 400 * tty_ldisc_receive_buf - forward data to line discipline 401 * @ld: line discipline to process input 402 * @p: char buffer 403 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 404 * @count: number of bytes to process 405 * 406 * Callers other than flush_to_ldisc() need to exclude the kworker from 407 * concurrent use of the line discipline, see paste_selection(). 408 * 409 * Returns: the number of bytes processed. 410 */ 411 size_t tty_ldisc_receive_buf(struct tty_ldisc *ld, const u8 *p, const u8 *f, 412 size_t count) 413 { 414 if (ld->ops->receive_buf2) 415 count = ld->ops->receive_buf2(ld->tty, p, f, count); 416 else { 417 count = min_t(size_t, count, ld->tty->receive_room); 418 if (count && ld->ops->receive_buf) 419 ld->ops->receive_buf(ld->tty, p, f, count); 420 } 421 return count; 422 } 423 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 424 425 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head) 426 { 427 head->lookahead = max(head->lookahead, head->read); 428 429 while (head) { 430 struct tty_buffer *next; 431 unsigned int count; 432 433 /* 434 * Paired w/ release in __tty_buffer_request_room(); 435 * ensures commit value read is not stale if the head 436 * is advancing to the next buffer. 437 */ 438 next = smp_load_acquire(&head->next); 439 /* 440 * Paired w/ release in __tty_buffer_request_room() or in 441 * tty_buffer_flush(); ensures we see the committed buffer data. 442 */ 443 count = smp_load_acquire(&head->commit) - head->lookahead; 444 if (!count) { 445 head = next; 446 continue; 447 } 448 449 if (port->client_ops->lookahead_buf) { 450 u8 *p, *f = NULL; 451 452 p = char_buf_ptr(head, head->lookahead); 453 if (head->flags) 454 f = flag_buf_ptr(head, head->lookahead); 455 456 port->client_ops->lookahead_buf(port, p, f, count); 457 } 458 459 head->lookahead += count; 460 } 461 } 462 463 static size_t 464 receive_buf(struct tty_port *port, struct tty_buffer *head, size_t count) 465 { 466 u8 *p = char_buf_ptr(head, head->read); 467 const u8 *f = NULL; 468 size_t n; 469 470 if (head->flags) 471 f = flag_buf_ptr(head, head->read); 472 473 n = port->client_ops->receive_buf(port, p, f, count); 474 if (n > 0) 475 memset(p, 0, n); 476 return n; 477 } 478 479 /** 480 * flush_to_ldisc - flush data from buffer to ldisc 481 * @work: tty structure passed from work queue. 482 * 483 * This routine is called out of the software interrupt to flush data from the 484 * buffer chain to the line discipline. 485 * 486 * The receive_buf() method is single threaded for each tty instance. 487 * 488 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 489 */ 490 static void flush_to_ldisc(struct work_struct *work) 491 { 492 struct tty_port *port = container_of(work, struct tty_port, buf.work); 493 struct tty_bufhead *buf = &port->buf; 494 495 mutex_lock(&buf->lock); 496 497 while (1) { 498 struct tty_buffer *head = buf->head; 499 struct tty_buffer *next; 500 size_t count, rcvd; 501 502 /* Ldisc or user is trying to gain exclusive access */ 503 if (atomic_read(&buf->priority)) 504 break; 505 506 /* paired w/ release in __tty_buffer_request_room(); 507 * ensures commit value read is not stale if the head 508 * is advancing to the next buffer 509 */ 510 next = smp_load_acquire(&head->next); 511 /* paired w/ release in __tty_buffer_request_room() or in 512 * tty_buffer_flush(); ensures we see the committed buffer data 513 */ 514 count = smp_load_acquire(&head->commit) - head->read; 515 if (!count) { 516 if (next == NULL) 517 break; 518 buf->head = next; 519 tty_buffer_free(port, head); 520 continue; 521 } 522 523 rcvd = receive_buf(port, head, count); 524 head->read += rcvd; 525 if (rcvd < count) 526 lookahead_bufs(port, head); 527 if (!rcvd) 528 break; 529 530 if (need_resched()) 531 cond_resched(); 532 } 533 534 mutex_unlock(&buf->lock); 535 536 } 537 538 static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 539 { 540 /* 541 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 542 * buffer data. 543 */ 544 smp_store_release(&tail->commit, tail->used); 545 } 546 547 /** 548 * tty_flip_buffer_push - push terminal buffers 549 * @port: tty port to push 550 * 551 * Queue a push of the terminal flip buffers to the line discipline. Can be 552 * called from IRQ/atomic context. 553 * 554 * In the event of the queue being busy for flipping the work will be held off 555 * and retried later. 556 */ 557 void tty_flip_buffer_push(struct tty_port *port) 558 { 559 struct tty_bufhead *buf = &port->buf; 560 561 tty_flip_buffer_commit(buf->tail); 562 queue_work(system_unbound_wq, &buf->work); 563 } 564 EXPORT_SYMBOL(tty_flip_buffer_push); 565 566 /** 567 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 568 * push 569 * @port: tty port 570 * @chars: characters 571 * @size: size 572 * 573 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 574 * with the exception of properly holding the @port->lock. 575 * 576 * To be used only internally (by pty currently). 577 * 578 * Returns: the number added. 579 */ 580 int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 581 const u8 *chars, size_t size) 582 { 583 struct tty_bufhead *buf = &port->buf; 584 unsigned long flags; 585 586 spin_lock_irqsave(&port->lock, flags); 587 size = tty_insert_flip_string(port, chars, size); 588 if (size) 589 tty_flip_buffer_commit(buf->tail); 590 spin_unlock_irqrestore(&port->lock, flags); 591 592 queue_work(system_unbound_wq, &buf->work); 593 594 return size; 595 } 596 597 /** 598 * tty_buffer_init - prepare a tty buffer structure 599 * @port: tty port to initialise 600 * 601 * Set up the initial state of the buffer management for a tty device. Must be 602 * called before the other tty buffer functions are used. 603 */ 604 void tty_buffer_init(struct tty_port *port) 605 { 606 struct tty_bufhead *buf = &port->buf; 607 608 mutex_init(&buf->lock); 609 tty_buffer_reset(&buf->sentinel, 0); 610 buf->head = &buf->sentinel; 611 buf->tail = &buf->sentinel; 612 init_llist_head(&buf->free); 613 atomic_set(&buf->mem_used, 0); 614 atomic_set(&buf->priority, 0); 615 INIT_WORK(&buf->work, flush_to_ldisc); 616 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 617 } 618 619 /** 620 * tty_buffer_set_limit - change the tty buffer memory limit 621 * @port: tty port to change 622 * @limit: memory limit to set 623 * 624 * Change the tty buffer memory limit. 625 * 626 * Must be called before the other tty buffer functions are used. 627 */ 628 int tty_buffer_set_limit(struct tty_port *port, int limit) 629 { 630 if (limit < MIN_TTYB_SIZE) 631 return -EINVAL; 632 port->buf.mem_limit = limit; 633 return 0; 634 } 635 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 636 637 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 638 void tty_buffer_set_lock_subclass(struct tty_port *port) 639 { 640 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 641 } 642 643 bool tty_buffer_restart_work(struct tty_port *port) 644 { 645 return queue_work(system_unbound_wq, &port->buf.work); 646 } 647 648 bool tty_buffer_cancel_work(struct tty_port *port) 649 { 650 return cancel_work_sync(&port->buf.work); 651 } 652 653 void tty_buffer_flush_work(struct tty_port *port) 654 { 655 flush_work(&port->buf.work); 656 } 657