1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/tty.h> 9 #include <linux/tty_driver.h> 10 #include <linux/tty_flip.h> 11 #include <linux/timer.h> 12 #include <linux/string.h> 13 #include <linux/slab.h> 14 #include <linux/sched.h> 15 #include <linux/wait.h> 16 #include <linux/bitops.h> 17 #include <linux/delay.h> 18 #include <linux/module.h> 19 #include <linux/ratelimit.h> 20 #include "tty.h" 21 22 #define MIN_TTYB_SIZE 256 23 #define TTYB_ALIGN_MASK 255 24 25 /* 26 * Byte threshold to limit memory consumption for flip buffers. 27 * The actual memory limit is > 2x this amount. 28 */ 29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 30 31 /* 32 * We default to dicing tty buffer allocations to this many characters 33 * in order to avoid multiple page allocations. We know the size of 34 * tty_buffer itself but it must also be taken into account that the 35 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 36 * logic this must match. 37 */ 38 39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) 40 41 /** 42 * tty_buffer_lock_exclusive - gain exclusive access to buffer 43 * @port: tty port owning the flip buffer 44 * 45 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 46 * the buffer work and any pending flush from using the flip buffer. Data can 47 * continue to be added concurrently to the flip buffer from the driver side. 48 * 49 * See also tty_buffer_unlock_exclusive(). 50 */ 51 void tty_buffer_lock_exclusive(struct tty_port *port) 52 { 53 struct tty_bufhead *buf = &port->buf; 54 55 atomic_inc(&buf->priority); 56 mutex_lock(&buf->lock); 57 } 58 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 59 60 /** 61 * tty_buffer_unlock_exclusive - release exclusive access 62 * @port: tty port owning the flip buffer 63 * 64 * The buffer work is restarted if there is data in the flip buffer. 65 * 66 * See also tty_buffer_lock_exclusive(). 67 */ 68 void tty_buffer_unlock_exclusive(struct tty_port *port) 69 { 70 struct tty_bufhead *buf = &port->buf; 71 int restart; 72 73 restart = buf->head->commit != buf->head->read; 74 75 atomic_dec(&buf->priority); 76 mutex_unlock(&buf->lock); 77 if (restart) 78 queue_work(system_unbound_wq, &buf->work); 79 } 80 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 81 82 /** 83 * tty_buffer_space_avail - return unused buffer space 84 * @port: tty port owning the flip buffer 85 * 86 * Returns: the # of bytes which can be written by the driver without reaching 87 * the buffer limit. 88 * 89 * Note: this does not guarantee that memory is available to write the returned 90 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 91 * guarantee is required). 92 */ 93 unsigned int tty_buffer_space_avail(struct tty_port *port) 94 { 95 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 96 97 return max(space, 0); 98 } 99 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 100 101 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 102 { 103 p->used = 0; 104 p->size = size; 105 p->next = NULL; 106 p->commit = 0; 107 p->read = 0; 108 p->flags = 0; 109 } 110 111 /** 112 * tty_buffer_free_all - free buffers used by a tty 113 * @port: tty port to free from 114 * 115 * Remove all the buffers pending on a tty whether queued with data or in the 116 * free ring. Must be called when the tty is no longer in use. 117 */ 118 void tty_buffer_free_all(struct tty_port *port) 119 { 120 struct tty_bufhead *buf = &port->buf; 121 struct tty_buffer *p, *next; 122 struct llist_node *llist; 123 unsigned int freed = 0; 124 int still_used; 125 126 while ((p = buf->head) != NULL) { 127 buf->head = p->next; 128 freed += p->size; 129 if (p->size > 0) 130 kfree(p); 131 } 132 llist = llist_del_all(&buf->free); 133 llist_for_each_entry_safe(p, next, llist, free) 134 kfree(p); 135 136 tty_buffer_reset(&buf->sentinel, 0); 137 buf->head = &buf->sentinel; 138 buf->tail = &buf->sentinel; 139 140 still_used = atomic_xchg(&buf->mem_used, 0); 141 WARN(still_used != freed, "we still have not freed %d bytes!", 142 still_used - freed); 143 } 144 145 /** 146 * tty_buffer_alloc - allocate a tty buffer 147 * @port: tty port 148 * @size: desired size (characters) 149 * 150 * Allocate a new tty buffer to hold the desired number of characters. We 151 * round our buffers off in 256 character chunks to get better allocation 152 * behaviour. 153 * 154 * Returns: %NULL if out of memory or the allocation would exceed the per 155 * device queue. 156 */ 157 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 158 { 159 struct llist_node *free; 160 struct tty_buffer *p; 161 162 /* Round the buffer size out */ 163 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 164 165 if (size <= MIN_TTYB_SIZE) { 166 free = llist_del_first(&port->buf.free); 167 if (free) { 168 p = llist_entry(free, struct tty_buffer, free); 169 goto found; 170 } 171 } 172 173 /* Should possibly check if this fails for the largest buffer we 174 * have queued and recycle that ? 175 */ 176 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 177 return NULL; 178 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, 179 GFP_ATOMIC | __GFP_NOWARN); 180 if (p == NULL) 181 return NULL; 182 183 found: 184 tty_buffer_reset(p, size); 185 atomic_add(size, &port->buf.mem_used); 186 return p; 187 } 188 189 /** 190 * tty_buffer_free - free a tty buffer 191 * @port: tty port owning the buffer 192 * @b: the buffer to free 193 * 194 * Free a tty buffer, or add it to the free list according to our internal 195 * strategy. 196 */ 197 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 198 { 199 struct tty_bufhead *buf = &port->buf; 200 201 /* Dumb strategy for now - should keep some stats */ 202 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 203 204 if (b->size > MIN_TTYB_SIZE) 205 kfree(b); 206 else if (b->size > 0) 207 llist_add(&b->free, &buf->free); 208 } 209 210 /** 211 * tty_buffer_flush - flush full tty buffers 212 * @tty: tty to flush 213 * @ld: optional ldisc ptr (must be referenced) 214 * 215 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 216 * ldisc input buffer. 217 * 218 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 219 */ 220 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 221 { 222 struct tty_port *port = tty->port; 223 struct tty_bufhead *buf = &port->buf; 224 struct tty_buffer *next; 225 226 atomic_inc(&buf->priority); 227 228 mutex_lock(&buf->lock); 229 /* paired w/ release in __tty_buffer_request_room; ensures there are 230 * no pending memory accesses to the freed buffer 231 */ 232 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 233 tty_buffer_free(port, buf->head); 234 buf->head = next; 235 } 236 buf->head->read = buf->head->commit; 237 238 if (ld && ld->ops->flush_buffer) 239 ld->ops->flush_buffer(tty); 240 241 atomic_dec(&buf->priority); 242 mutex_unlock(&buf->lock); 243 } 244 245 /** 246 * __tty_buffer_request_room - grow tty buffer if needed 247 * @port: tty port 248 * @size: size desired 249 * @flags: buffer flags if new buffer allocated (default = 0) 250 * 251 * Make at least @size bytes of linear space available for the tty buffer. 252 * 253 * Will change over to a new buffer if the current buffer is encoded as 254 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 255 * buffer. 256 * 257 * Returns: the size we managed to find. 258 */ 259 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 260 int flags) 261 { 262 struct tty_bufhead *buf = &port->buf; 263 struct tty_buffer *b, *n; 264 int left, change; 265 266 b = buf->tail; 267 if (b->flags & TTYB_NORMAL) 268 left = 2 * b->size - b->used; 269 else 270 left = b->size - b->used; 271 272 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL); 273 if (change || left < size) { 274 /* This is the slow path - looking for new buffers to use */ 275 n = tty_buffer_alloc(port, size); 276 if (n != NULL) { 277 n->flags = flags; 278 buf->tail = n; 279 /* paired w/ acquire in flush_to_ldisc(); ensures 280 * flush_to_ldisc() sees buffer data. 281 */ 282 smp_store_release(&b->commit, b->used); 283 /* paired w/ acquire in flush_to_ldisc(); ensures the 284 * latest commit value can be read before the head is 285 * advanced to the next buffer 286 */ 287 smp_store_release(&b->next, n); 288 } else if (change) 289 size = 0; 290 else 291 size = left; 292 } 293 return size; 294 } 295 296 int tty_buffer_request_room(struct tty_port *port, size_t size) 297 { 298 return __tty_buffer_request_room(port, size, 0); 299 } 300 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 301 302 /** 303 * tty_insert_flip_string_fixed_flag - add characters to the tty buffer 304 * @port: tty port 305 * @chars: characters 306 * @flag: flag value for each character 307 * @size: size 308 * 309 * Queue a series of bytes to the tty buffering. All the characters passed are 310 * marked with the supplied flag. 311 * 312 * Returns: the number added. 313 */ 314 int tty_insert_flip_string_fixed_flag(struct tty_port *port, 315 const unsigned char *chars, char flag, size_t size) 316 { 317 int copied = 0; 318 319 do { 320 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 321 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 322 int space = __tty_buffer_request_room(port, goal, flags); 323 struct tty_buffer *tb = port->buf.tail; 324 325 if (unlikely(space == 0)) 326 break; 327 memcpy(char_buf_ptr(tb, tb->used), chars, space); 328 if (~tb->flags & TTYB_NORMAL) 329 memset(flag_buf_ptr(tb, tb->used), flag, space); 330 tb->used += space; 331 copied += space; 332 chars += space; 333 /* There is a small chance that we need to split the data over 334 * several buffers. If this is the case we must loop. 335 */ 336 } while (unlikely(size > copied)); 337 return copied; 338 } 339 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 340 341 /** 342 * tty_insert_flip_string_flags - add characters to the tty buffer 343 * @port: tty port 344 * @chars: characters 345 * @flags: flag bytes 346 * @size: size 347 * 348 * Queue a series of bytes to the tty buffering. For each character the flags 349 * array indicates the status of the character. 350 * 351 * Returns: the number added. 352 */ 353 int tty_insert_flip_string_flags(struct tty_port *port, 354 const unsigned char *chars, const char *flags, size_t size) 355 { 356 int copied = 0; 357 358 do { 359 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 360 int space = tty_buffer_request_room(port, goal); 361 struct tty_buffer *tb = port->buf.tail; 362 363 if (unlikely(space == 0)) 364 break; 365 memcpy(char_buf_ptr(tb, tb->used), chars, space); 366 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 367 tb->used += space; 368 copied += space; 369 chars += space; 370 flags += space; 371 /* There is a small chance that we need to split the data over 372 * several buffers. If this is the case we must loop. 373 */ 374 } while (unlikely(size > copied)); 375 return copied; 376 } 377 EXPORT_SYMBOL(tty_insert_flip_string_flags); 378 379 /** 380 * __tty_insert_flip_char - add one character to the tty buffer 381 * @port: tty port 382 * @ch: character 383 * @flag: flag byte 384 * 385 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 386 * the slow path of tty_insert_flip_char(). 387 */ 388 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag) 389 { 390 struct tty_buffer *tb; 391 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 392 393 if (!__tty_buffer_request_room(port, 1, flags)) 394 return 0; 395 396 tb = port->buf.tail; 397 if (~tb->flags & TTYB_NORMAL) 398 *flag_buf_ptr(tb, tb->used) = flag; 399 *char_buf_ptr(tb, tb->used++) = ch; 400 401 return 1; 402 } 403 EXPORT_SYMBOL(__tty_insert_flip_char); 404 405 /** 406 * tty_prepare_flip_string - make room for characters 407 * @port: tty port 408 * @chars: return pointer for character write area 409 * @size: desired size 410 * 411 * Prepare a block of space in the buffer for data. 412 * 413 * This is used for drivers that need their own block copy routines into the 414 * buffer. There is no guarantee the buffer is a DMA target! 415 * 416 * Returns: the length available and buffer pointer (@chars) to the space which 417 * is now allocated and accounted for as ready for normal characters. 418 */ 419 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars, 420 size_t size) 421 { 422 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL); 423 424 if (likely(space)) { 425 struct tty_buffer *tb = port->buf.tail; 426 427 *chars = char_buf_ptr(tb, tb->used); 428 if (~tb->flags & TTYB_NORMAL) 429 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 430 tb->used += space; 431 } 432 return space; 433 } 434 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 435 436 /** 437 * tty_ldisc_receive_buf - forward data to line discipline 438 * @ld: line discipline to process input 439 * @p: char buffer 440 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 441 * @count: number of bytes to process 442 * 443 * Callers other than flush_to_ldisc() need to exclude the kworker from 444 * concurrent use of the line discipline, see paste_selection(). 445 * 446 * Returns: the number of bytes processed. 447 */ 448 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, 449 const char *f, int count) 450 { 451 if (ld->ops->receive_buf2) 452 count = ld->ops->receive_buf2(ld->tty, p, f, count); 453 else { 454 count = min_t(int, count, ld->tty->receive_room); 455 if (count && ld->ops->receive_buf) 456 ld->ops->receive_buf(ld->tty, p, f, count); 457 } 458 return count; 459 } 460 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 461 462 static int 463 receive_buf(struct tty_port *port, struct tty_buffer *head, int count) 464 { 465 unsigned char *p = char_buf_ptr(head, head->read); 466 const char *f = NULL; 467 int n; 468 469 if (~head->flags & TTYB_NORMAL) 470 f = flag_buf_ptr(head, head->read); 471 472 n = port->client_ops->receive_buf(port, p, f, count); 473 if (n > 0) 474 memset(p, 0, n); 475 return n; 476 } 477 478 /** 479 * flush_to_ldisc - flush data from buffer to ldisc 480 * @work: tty structure passed from work queue. 481 * 482 * This routine is called out of the software interrupt to flush data from the 483 * buffer chain to the line discipline. 484 * 485 * The receive_buf() method is single threaded for each tty instance. 486 * 487 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 488 */ 489 static void flush_to_ldisc(struct work_struct *work) 490 { 491 struct tty_port *port = container_of(work, struct tty_port, buf.work); 492 struct tty_bufhead *buf = &port->buf; 493 494 mutex_lock(&buf->lock); 495 496 while (1) { 497 struct tty_buffer *head = buf->head; 498 struct tty_buffer *next; 499 int count; 500 501 /* Ldisc or user is trying to gain exclusive access */ 502 if (atomic_read(&buf->priority)) 503 break; 504 505 /* paired w/ release in __tty_buffer_request_room(); 506 * ensures commit value read is not stale if the head 507 * is advancing to the next buffer 508 */ 509 next = smp_load_acquire(&head->next); 510 /* paired w/ release in __tty_buffer_request_room() or in 511 * tty_buffer_flush(); ensures we see the committed buffer data 512 */ 513 count = smp_load_acquire(&head->commit) - head->read; 514 if (!count) { 515 if (next == NULL) 516 break; 517 buf->head = next; 518 tty_buffer_free(port, head); 519 continue; 520 } 521 522 count = receive_buf(port, head, count); 523 if (!count) 524 break; 525 head->read += count; 526 527 if (need_resched()) 528 cond_resched(); 529 } 530 531 mutex_unlock(&buf->lock); 532 533 } 534 535 /** 536 * tty_flip_buffer_push - push terminal buffers 537 * @port: tty port to push 538 * 539 * Queue a push of the terminal flip buffers to the line discipline. Can be 540 * called from IRQ/atomic context. 541 * 542 * In the event of the queue being busy for flipping the work will be held off 543 * and retried later. 544 */ 545 void tty_flip_buffer_push(struct tty_port *port) 546 { 547 struct tty_bufhead *buf = &port->buf; 548 549 /* 550 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 551 * buffer data. 552 */ 553 smp_store_release(&buf->tail->commit, buf->tail->used); 554 queue_work(system_unbound_wq, &buf->work); 555 } 556 EXPORT_SYMBOL(tty_flip_buffer_push); 557 558 /** 559 * tty_buffer_init - prepare a tty buffer structure 560 * @port: tty port to initialise 561 * 562 * Set up the initial state of the buffer management for a tty device. Must be 563 * called before the other tty buffer functions are used. 564 */ 565 void tty_buffer_init(struct tty_port *port) 566 { 567 struct tty_bufhead *buf = &port->buf; 568 569 mutex_init(&buf->lock); 570 tty_buffer_reset(&buf->sentinel, 0); 571 buf->head = &buf->sentinel; 572 buf->tail = &buf->sentinel; 573 init_llist_head(&buf->free); 574 atomic_set(&buf->mem_used, 0); 575 atomic_set(&buf->priority, 0); 576 INIT_WORK(&buf->work, flush_to_ldisc); 577 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 578 } 579 580 /** 581 * tty_buffer_set_limit - change the tty buffer memory limit 582 * @port: tty port to change 583 * @limit: memory limit to set 584 * 585 * Change the tty buffer memory limit. 586 * 587 * Must be called before the other tty buffer functions are used. 588 */ 589 int tty_buffer_set_limit(struct tty_port *port, int limit) 590 { 591 if (limit < MIN_TTYB_SIZE) 592 return -EINVAL; 593 port->buf.mem_limit = limit; 594 return 0; 595 } 596 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 597 598 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 599 void tty_buffer_set_lock_subclass(struct tty_port *port) 600 { 601 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 602 } 603 604 bool tty_buffer_restart_work(struct tty_port *port) 605 { 606 return queue_work(system_unbound_wq, &port->buf.work); 607 } 608 609 bool tty_buffer_cancel_work(struct tty_port *port) 610 { 611 return cancel_work_sync(&port->buf.work); 612 } 613 614 void tty_buffer_flush_work(struct tty_port *port) 615 { 616 flush_work(&port->buf.work); 617 } 618