1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/minmax.h> 9 #include <linux/tty.h> 10 #include <linux/tty_driver.h> 11 #include <linux/tty_flip.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/slab.h> 15 #include <linux/sched.h> 16 #include <linux/wait.h> 17 #include <linux/bitops.h> 18 #include <linux/delay.h> 19 #include <linux/module.h> 20 #include <linux/ratelimit.h> 21 #include "tty.h" 22 23 #define MIN_TTYB_SIZE 256 24 #define TTYB_ALIGN_MASK 0xff 25 26 /* 27 * Byte threshold to limit memory consumption for flip buffers. 28 * The actual memory limit is > 2x this amount. 29 */ 30 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 31 32 /* 33 * We default to dicing tty buffer allocations to this many characters 34 * in order to avoid multiple page allocations. We know the size of 35 * tty_buffer itself but it must also be taken into account that the 36 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 37 * logic this must match. 38 */ 39 40 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~TTYB_ALIGN_MASK) 41 42 /** 43 * tty_buffer_lock_exclusive - gain exclusive access to buffer 44 * @port: tty port owning the flip buffer 45 * 46 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 47 * the buffer work and any pending flush from using the flip buffer. Data can 48 * continue to be added concurrently to the flip buffer from the driver side. 49 * 50 * See also tty_buffer_unlock_exclusive(). 51 */ 52 void tty_buffer_lock_exclusive(struct tty_port *port) 53 { 54 struct tty_bufhead *buf = &port->buf; 55 56 atomic_inc(&buf->priority); 57 mutex_lock(&buf->lock); 58 } 59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 60 61 /** 62 * tty_buffer_unlock_exclusive - release exclusive access 63 * @port: tty port owning the flip buffer 64 * 65 * The buffer work is restarted if there is data in the flip buffer. 66 * 67 * See also tty_buffer_lock_exclusive(). 68 */ 69 void tty_buffer_unlock_exclusive(struct tty_port *port) 70 { 71 struct tty_bufhead *buf = &port->buf; 72 int restart; 73 74 restart = buf->head->commit != buf->head->read; 75 76 atomic_dec(&buf->priority); 77 mutex_unlock(&buf->lock); 78 if (restart) 79 queue_work(system_unbound_wq, &buf->work); 80 } 81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 82 83 /** 84 * tty_buffer_space_avail - return unused buffer space 85 * @port: tty port owning the flip buffer 86 * 87 * Returns: the # of bytes which can be written by the driver without reaching 88 * the buffer limit. 89 * 90 * Note: this does not guarantee that memory is available to write the returned 91 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 92 * guarantee is required). 93 */ 94 unsigned int tty_buffer_space_avail(struct tty_port *port) 95 { 96 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 97 98 return max(space, 0); 99 } 100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 101 102 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 103 { 104 p->used = 0; 105 p->size = size; 106 p->next = NULL; 107 p->commit = 0; 108 p->lookahead = 0; 109 p->read = 0; 110 p->flags = true; 111 } 112 113 /** 114 * tty_buffer_free_all - free buffers used by a tty 115 * @port: tty port to free from 116 * 117 * Remove all the buffers pending on a tty whether queued with data or in the 118 * free ring. Must be called when the tty is no longer in use. 119 */ 120 void tty_buffer_free_all(struct tty_port *port) 121 { 122 struct tty_bufhead *buf = &port->buf; 123 struct tty_buffer *p, *next; 124 struct llist_node *llist; 125 unsigned int freed = 0; 126 int still_used; 127 128 while ((p = buf->head) != NULL) { 129 buf->head = p->next; 130 freed += p->size; 131 if (p->size > 0) 132 kfree(p); 133 } 134 llist = llist_del_all(&buf->free); 135 llist_for_each_entry_safe(p, next, llist, free) 136 kfree(p); 137 138 tty_buffer_reset(&buf->sentinel, 0); 139 buf->head = &buf->sentinel; 140 buf->tail = &buf->sentinel; 141 142 still_used = atomic_xchg(&buf->mem_used, 0); 143 WARN(still_used != freed, "we still have not freed %d bytes!", 144 still_used - freed); 145 } 146 147 /** 148 * tty_buffer_alloc - allocate a tty buffer 149 * @port: tty port 150 * @size: desired size (characters) 151 * 152 * Allocate a new tty buffer to hold the desired number of characters. We 153 * round our buffers off in 256 character chunks to get better allocation 154 * behaviour. 155 * 156 * Returns: %NULL if out of memory or the allocation would exceed the per 157 * device queue. 158 */ 159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 160 { 161 struct llist_node *free; 162 struct tty_buffer *p; 163 164 /* Round the buffer size out */ 165 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 166 167 if (size <= MIN_TTYB_SIZE) { 168 free = llist_del_first(&port->buf.free); 169 if (free) { 170 p = llist_entry(free, struct tty_buffer, free); 171 goto found; 172 } 173 } 174 175 /* Should possibly check if this fails for the largest buffer we 176 * have queued and recycle that ? 177 */ 178 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 179 return NULL; 180 p = kmalloc(struct_size(p, data, 2 * size), GFP_ATOMIC | __GFP_NOWARN); 181 if (p == NULL) 182 return NULL; 183 184 found: 185 tty_buffer_reset(p, size); 186 atomic_add(size, &port->buf.mem_used); 187 return p; 188 } 189 190 /** 191 * tty_buffer_free - free a tty buffer 192 * @port: tty port owning the buffer 193 * @b: the buffer to free 194 * 195 * Free a tty buffer, or add it to the free list according to our internal 196 * strategy. 197 */ 198 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 199 { 200 struct tty_bufhead *buf = &port->buf; 201 202 /* Dumb strategy for now - should keep some stats */ 203 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 204 205 if (b->size > MIN_TTYB_SIZE) 206 kfree(b); 207 else if (b->size > 0) 208 llist_add(&b->free, &buf->free); 209 } 210 211 /** 212 * tty_buffer_flush - flush full tty buffers 213 * @tty: tty to flush 214 * @ld: optional ldisc ptr (must be referenced) 215 * 216 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 217 * ldisc input buffer. 218 * 219 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 220 */ 221 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 222 { 223 struct tty_port *port = tty->port; 224 struct tty_bufhead *buf = &port->buf; 225 struct tty_buffer *next; 226 227 atomic_inc(&buf->priority); 228 229 mutex_lock(&buf->lock); 230 /* paired w/ release in __tty_buffer_request_room; ensures there are 231 * no pending memory accesses to the freed buffer 232 */ 233 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 234 tty_buffer_free(port, buf->head); 235 buf->head = next; 236 } 237 buf->head->read = buf->head->commit; 238 buf->head->lookahead = buf->head->read; 239 240 if (ld && ld->ops->flush_buffer) 241 ld->ops->flush_buffer(tty); 242 243 atomic_dec(&buf->priority); 244 mutex_unlock(&buf->lock); 245 } 246 247 /** 248 * __tty_buffer_request_room - grow tty buffer if needed 249 * @port: tty port 250 * @size: size desired 251 * @flags: buffer has to store flags along character data 252 * 253 * Make at least @size bytes of linear space available for the tty buffer. 254 * 255 * Will change over to a new buffer if the current buffer is encoded as 256 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 257 * buffer. 258 * 259 * Returns: the size we managed to find. 260 */ 261 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 262 bool flags) 263 { 264 struct tty_bufhead *buf = &port->buf; 265 struct tty_buffer *b, *n; 266 int left, change; 267 268 b = buf->tail; 269 if (!b->flags) 270 left = 2 * b->size - b->used; 271 else 272 left = b->size - b->used; 273 274 change = !b->flags && flags; 275 if (change || left < size) { 276 /* This is the slow path - looking for new buffers to use */ 277 n = tty_buffer_alloc(port, size); 278 if (n != NULL) { 279 n->flags = flags; 280 buf->tail = n; 281 /* 282 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 283 * ensures they see all buffer data. 284 */ 285 smp_store_release(&b->commit, b->used); 286 /* 287 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 288 * ensures the latest commit value can be read before the head 289 * is advanced to the next buffer. 290 */ 291 smp_store_release(&b->next, n); 292 } else if (change) 293 size = 0; 294 else 295 size = left; 296 } 297 return size; 298 } 299 300 int tty_buffer_request_room(struct tty_port *port, size_t size) 301 { 302 return __tty_buffer_request_room(port, size, true); 303 } 304 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 305 306 size_t __tty_insert_flip_string_flags(struct tty_port *port, const u8 *chars, 307 const u8 *flags, bool mutable_flags, 308 size_t size) 309 { 310 bool need_flags = mutable_flags || flags[0] != TTY_NORMAL; 311 size_t copied = 0; 312 313 do { 314 size_t goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 315 size_t space = __tty_buffer_request_room(port, goal, need_flags); 316 struct tty_buffer *tb = port->buf.tail; 317 318 if (unlikely(space == 0)) 319 break; 320 321 memcpy(char_buf_ptr(tb, tb->used), chars, space); 322 323 if (mutable_flags) { 324 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 325 flags += space; 326 } else if (tb->flags) { 327 memset(flag_buf_ptr(tb, tb->used), flags[0], space); 328 } else { 329 /* tb->flags should be available once requested */ 330 WARN_ON_ONCE(need_flags); 331 } 332 333 tb->used += space; 334 copied += space; 335 chars += space; 336 337 /* There is a small chance that we need to split the data over 338 * several buffers. If this is the case we must loop. 339 */ 340 } while (unlikely(size > copied)); 341 342 return copied; 343 } 344 EXPORT_SYMBOL(__tty_insert_flip_string_flags); 345 346 /** 347 * __tty_insert_flip_char - add one character to the tty buffer 348 * @port: tty port 349 * @ch: character 350 * @flag: flag byte 351 * 352 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 353 * the slow path of tty_insert_flip_char(). 354 */ 355 int __tty_insert_flip_char(struct tty_port *port, u8 ch, u8 flag) 356 { 357 struct tty_buffer *tb; 358 bool flags = flag != TTY_NORMAL; 359 360 if (!__tty_buffer_request_room(port, 1, flags)) 361 return 0; 362 363 tb = port->buf.tail; 364 if (tb->flags) 365 *flag_buf_ptr(tb, tb->used) = flag; 366 *char_buf_ptr(tb, tb->used++) = ch; 367 368 return 1; 369 } 370 EXPORT_SYMBOL(__tty_insert_flip_char); 371 372 /** 373 * tty_prepare_flip_string - make room for characters 374 * @port: tty port 375 * @chars: return pointer for character write area 376 * @size: desired size 377 * 378 * Prepare a block of space in the buffer for data. 379 * 380 * This is used for drivers that need their own block copy routines into the 381 * buffer. There is no guarantee the buffer is a DMA target! 382 * 383 * Returns: the length available and buffer pointer (@chars) to the space which 384 * is now allocated and accounted for as ready for normal characters. 385 */ 386 size_t tty_prepare_flip_string(struct tty_port *port, u8 **chars, size_t size) 387 { 388 size_t space = __tty_buffer_request_room(port, size, false); 389 390 if (likely(space)) { 391 struct tty_buffer *tb = port->buf.tail; 392 393 *chars = char_buf_ptr(tb, tb->used); 394 if (tb->flags) 395 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 396 tb->used += space; 397 } 398 399 return space; 400 } 401 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 402 403 /** 404 * tty_ldisc_receive_buf - forward data to line discipline 405 * @ld: line discipline to process input 406 * @p: char buffer 407 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 408 * @count: number of bytes to process 409 * 410 * Callers other than flush_to_ldisc() need to exclude the kworker from 411 * concurrent use of the line discipline, see paste_selection(). 412 * 413 * Returns: the number of bytes processed. 414 */ 415 size_t tty_ldisc_receive_buf(struct tty_ldisc *ld, const u8 *p, const u8 *f, 416 size_t count) 417 { 418 if (ld->ops->receive_buf2) 419 count = ld->ops->receive_buf2(ld->tty, p, f, count); 420 else { 421 count = min_t(size_t, count, ld->tty->receive_room); 422 if (count && ld->ops->receive_buf) 423 ld->ops->receive_buf(ld->tty, p, f, count); 424 } 425 return count; 426 } 427 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 428 429 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head) 430 { 431 head->lookahead = max(head->lookahead, head->read); 432 433 while (head) { 434 struct tty_buffer *next; 435 unsigned int count; 436 437 /* 438 * Paired w/ release in __tty_buffer_request_room(); 439 * ensures commit value read is not stale if the head 440 * is advancing to the next buffer. 441 */ 442 next = smp_load_acquire(&head->next); 443 /* 444 * Paired w/ release in __tty_buffer_request_room() or in 445 * tty_buffer_flush(); ensures we see the committed buffer data. 446 */ 447 count = smp_load_acquire(&head->commit) - head->lookahead; 448 if (!count) { 449 head = next; 450 continue; 451 } 452 453 if (port->client_ops->lookahead_buf) { 454 u8 *p, *f = NULL; 455 456 p = char_buf_ptr(head, head->lookahead); 457 if (head->flags) 458 f = flag_buf_ptr(head, head->lookahead); 459 460 port->client_ops->lookahead_buf(port, p, f, count); 461 } 462 463 head->lookahead += count; 464 } 465 } 466 467 static size_t 468 receive_buf(struct tty_port *port, struct tty_buffer *head, size_t count) 469 { 470 u8 *p = char_buf_ptr(head, head->read); 471 const u8 *f = NULL; 472 size_t n; 473 474 if (head->flags) 475 f = flag_buf_ptr(head, head->read); 476 477 n = port->client_ops->receive_buf(port, p, f, count); 478 if (n > 0) 479 memset(p, 0, n); 480 return n; 481 } 482 483 /** 484 * flush_to_ldisc - flush data from buffer to ldisc 485 * @work: tty structure passed from work queue. 486 * 487 * This routine is called out of the software interrupt to flush data from the 488 * buffer chain to the line discipline. 489 * 490 * The receive_buf() method is single threaded for each tty instance. 491 * 492 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 493 */ 494 static void flush_to_ldisc(struct work_struct *work) 495 { 496 struct tty_port *port = container_of(work, struct tty_port, buf.work); 497 struct tty_bufhead *buf = &port->buf; 498 499 mutex_lock(&buf->lock); 500 501 while (1) { 502 struct tty_buffer *head = buf->head; 503 struct tty_buffer *next; 504 size_t count, rcvd; 505 506 /* Ldisc or user is trying to gain exclusive access */ 507 if (atomic_read(&buf->priority)) 508 break; 509 510 /* paired w/ release in __tty_buffer_request_room(); 511 * ensures commit value read is not stale if the head 512 * is advancing to the next buffer 513 */ 514 next = smp_load_acquire(&head->next); 515 /* paired w/ release in __tty_buffer_request_room() or in 516 * tty_buffer_flush(); ensures we see the committed buffer data 517 */ 518 count = smp_load_acquire(&head->commit) - head->read; 519 if (!count) { 520 if (next == NULL) 521 break; 522 buf->head = next; 523 tty_buffer_free(port, head); 524 continue; 525 } 526 527 rcvd = receive_buf(port, head, count); 528 head->read += rcvd; 529 if (rcvd < count) 530 lookahead_bufs(port, head); 531 if (!rcvd) 532 break; 533 534 if (need_resched()) 535 cond_resched(); 536 } 537 538 mutex_unlock(&buf->lock); 539 540 } 541 542 static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 543 { 544 /* 545 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 546 * buffer data. 547 */ 548 smp_store_release(&tail->commit, tail->used); 549 } 550 551 /** 552 * tty_flip_buffer_push - push terminal buffers 553 * @port: tty port to push 554 * 555 * Queue a push of the terminal flip buffers to the line discipline. Can be 556 * called from IRQ/atomic context. 557 * 558 * In the event of the queue being busy for flipping the work will be held off 559 * and retried later. 560 */ 561 void tty_flip_buffer_push(struct tty_port *port) 562 { 563 struct tty_bufhead *buf = &port->buf; 564 565 tty_flip_buffer_commit(buf->tail); 566 queue_work(system_unbound_wq, &buf->work); 567 } 568 EXPORT_SYMBOL(tty_flip_buffer_push); 569 570 /** 571 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 572 * push 573 * @port: tty port 574 * @chars: characters 575 * @size: size 576 * 577 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 578 * with the exception of properly holding the @port->lock. 579 * 580 * To be used only internally (by pty currently). 581 * 582 * Returns: the number added. 583 */ 584 int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 585 const u8 *chars, size_t size) 586 { 587 struct tty_bufhead *buf = &port->buf; 588 unsigned long flags; 589 590 spin_lock_irqsave(&port->lock, flags); 591 size = tty_insert_flip_string(port, chars, size); 592 if (size) 593 tty_flip_buffer_commit(buf->tail); 594 spin_unlock_irqrestore(&port->lock, flags); 595 596 queue_work(system_unbound_wq, &buf->work); 597 598 return size; 599 } 600 601 /** 602 * tty_buffer_init - prepare a tty buffer structure 603 * @port: tty port to initialise 604 * 605 * Set up the initial state of the buffer management for a tty device. Must be 606 * called before the other tty buffer functions are used. 607 */ 608 void tty_buffer_init(struct tty_port *port) 609 { 610 struct tty_bufhead *buf = &port->buf; 611 612 mutex_init(&buf->lock); 613 tty_buffer_reset(&buf->sentinel, 0); 614 buf->head = &buf->sentinel; 615 buf->tail = &buf->sentinel; 616 init_llist_head(&buf->free); 617 atomic_set(&buf->mem_used, 0); 618 atomic_set(&buf->priority, 0); 619 INIT_WORK(&buf->work, flush_to_ldisc); 620 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 621 } 622 623 /** 624 * tty_buffer_set_limit - change the tty buffer memory limit 625 * @port: tty port to change 626 * @limit: memory limit to set 627 * 628 * Change the tty buffer memory limit. 629 * 630 * Must be called before the other tty buffer functions are used. 631 */ 632 int tty_buffer_set_limit(struct tty_port *port, int limit) 633 { 634 if (limit < MIN_TTYB_SIZE) 635 return -EINVAL; 636 port->buf.mem_limit = limit; 637 return 0; 638 } 639 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 640 641 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 642 void tty_buffer_set_lock_subclass(struct tty_port *port) 643 { 644 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 645 } 646 647 bool tty_buffer_restart_work(struct tty_port *port) 648 { 649 return queue_work(system_unbound_wq, &port->buf.work); 650 } 651 652 bool tty_buffer_cancel_work(struct tty_port *port) 653 { 654 return cancel_work_sync(&port->buf.work); 655 } 656 657 void tty_buffer_flush_work(struct tty_port *port) 658 { 659 flush_work(&port->buf.work); 660 } 661