1 // SPDX-License-Identifier: GPL-2.0 2 /* 3 * Tty buffer allocation management 4 */ 5 6 #include <linux/types.h> 7 #include <linux/errno.h> 8 #include <linux/minmax.h> 9 #include <linux/tty.h> 10 #include <linux/tty_driver.h> 11 #include <linux/tty_flip.h> 12 #include <linux/timer.h> 13 #include <linux/string.h> 14 #include <linux/slab.h> 15 #include <linux/sched.h> 16 #include <linux/wait.h> 17 #include <linux/bitops.h> 18 #include <linux/delay.h> 19 #include <linux/module.h> 20 #include <linux/ratelimit.h> 21 #include "tty.h" 22 23 #define MIN_TTYB_SIZE 256 24 #define TTYB_ALIGN_MASK 0xff 25 26 /* 27 * Byte threshold to limit memory consumption for flip buffers. 28 * The actual memory limit is > 2x this amount. 29 */ 30 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 31 32 /* 33 * We default to dicing tty buffer allocations to this many characters 34 * in order to avoid multiple page allocations. We know the size of 35 * tty_buffer itself but it must also be taken into account that the 36 * buffer is 256 byte aligned. See tty_buffer_find for the allocation 37 * logic this must match. 38 */ 39 40 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~TTYB_ALIGN_MASK) 41 42 /** 43 * tty_buffer_lock_exclusive - gain exclusive access to buffer 44 * @port: tty port owning the flip buffer 45 * 46 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding 47 * the buffer work and any pending flush from using the flip buffer. Data can 48 * continue to be added concurrently to the flip buffer from the driver side. 49 * 50 * See also tty_buffer_unlock_exclusive(). 51 */ 52 void tty_buffer_lock_exclusive(struct tty_port *port) 53 { 54 struct tty_bufhead *buf = &port->buf; 55 56 atomic_inc(&buf->priority); 57 mutex_lock(&buf->lock); 58 } 59 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 60 61 /** 62 * tty_buffer_unlock_exclusive - release exclusive access 63 * @port: tty port owning the flip buffer 64 * 65 * The buffer work is restarted if there is data in the flip buffer. 66 * 67 * See also tty_buffer_lock_exclusive(). 68 */ 69 void tty_buffer_unlock_exclusive(struct tty_port *port) 70 { 71 struct tty_bufhead *buf = &port->buf; 72 int restart; 73 74 restart = buf->head->commit != buf->head->read; 75 76 atomic_dec(&buf->priority); 77 mutex_unlock(&buf->lock); 78 if (restart) 79 queue_work(system_unbound_wq, &buf->work); 80 } 81 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 82 83 /** 84 * tty_buffer_space_avail - return unused buffer space 85 * @port: tty port owning the flip buffer 86 * 87 * Returns: the # of bytes which can be written by the driver without reaching 88 * the buffer limit. 89 * 90 * Note: this does not guarantee that memory is available to write the returned 91 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory 92 * guarantee is required). 93 */ 94 unsigned int tty_buffer_space_avail(struct tty_port *port) 95 { 96 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 97 98 return max(space, 0); 99 } 100 EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 101 102 static void tty_buffer_reset(struct tty_buffer *p, size_t size) 103 { 104 p->used = 0; 105 p->size = size; 106 p->next = NULL; 107 p->commit = 0; 108 p->lookahead = 0; 109 p->read = 0; 110 p->flags = true; 111 } 112 113 /** 114 * tty_buffer_free_all - free buffers used by a tty 115 * @port: tty port to free from 116 * 117 * Remove all the buffers pending on a tty whether queued with data or in the 118 * free ring. Must be called when the tty is no longer in use. 119 */ 120 void tty_buffer_free_all(struct tty_port *port) 121 { 122 struct tty_bufhead *buf = &port->buf; 123 struct tty_buffer *p, *next; 124 struct llist_node *llist; 125 unsigned int freed = 0; 126 int still_used; 127 128 while ((p = buf->head) != NULL) { 129 buf->head = p->next; 130 freed += p->size; 131 if (p->size > 0) 132 kfree(p); 133 } 134 llist = llist_del_all(&buf->free); 135 llist_for_each_entry_safe(p, next, llist, free) 136 kfree(p); 137 138 tty_buffer_reset(&buf->sentinel, 0); 139 buf->head = &buf->sentinel; 140 buf->tail = &buf->sentinel; 141 142 still_used = atomic_xchg(&buf->mem_used, 0); 143 WARN(still_used != freed, "we still have not freed %d bytes!", 144 still_used - freed); 145 } 146 147 /** 148 * tty_buffer_alloc - allocate a tty buffer 149 * @port: tty port 150 * @size: desired size (characters) 151 * 152 * Allocate a new tty buffer to hold the desired number of characters. We 153 * round our buffers off in 256 character chunks to get better allocation 154 * behaviour. 155 * 156 * Returns: %NULL if out of memory or the allocation would exceed the per 157 * device queue. 158 */ 159 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 160 { 161 struct llist_node *free; 162 struct tty_buffer *p; 163 164 /* Round the buffer size out */ 165 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 166 167 if (size <= MIN_TTYB_SIZE) { 168 free = llist_del_first(&port->buf.free); 169 if (free) { 170 p = llist_entry(free, struct tty_buffer, free); 171 goto found; 172 } 173 } 174 175 /* Should possibly check if this fails for the largest buffer we 176 * have queued and recycle that ? 177 */ 178 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 179 return NULL; 180 p = kmalloc(struct_size(p, data, 2 * size), GFP_ATOMIC | __GFP_NOWARN); 181 if (p == NULL) 182 return NULL; 183 184 found: 185 tty_buffer_reset(p, size); 186 atomic_add(size, &port->buf.mem_used); 187 return p; 188 } 189 190 /** 191 * tty_buffer_free - free a tty buffer 192 * @port: tty port owning the buffer 193 * @b: the buffer to free 194 * 195 * Free a tty buffer, or add it to the free list according to our internal 196 * strategy. 197 */ 198 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 199 { 200 struct tty_bufhead *buf = &port->buf; 201 202 /* Dumb strategy for now - should keep some stats */ 203 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 204 205 if (b->size > MIN_TTYB_SIZE) 206 kfree(b); 207 else if (b->size > 0) 208 llist_add(&b->free, &buf->free); 209 } 210 211 /** 212 * tty_buffer_flush - flush full tty buffers 213 * @tty: tty to flush 214 * @ld: optional ldisc ptr (must be referenced) 215 * 216 * Flush all the buffers containing receive data. If @ld != %NULL, flush the 217 * ldisc input buffer. 218 * 219 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 220 */ 221 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 222 { 223 struct tty_port *port = tty->port; 224 struct tty_bufhead *buf = &port->buf; 225 struct tty_buffer *next; 226 227 atomic_inc(&buf->priority); 228 229 mutex_lock(&buf->lock); 230 /* paired w/ release in __tty_buffer_request_room; ensures there are 231 * no pending memory accesses to the freed buffer 232 */ 233 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 234 tty_buffer_free(port, buf->head); 235 buf->head = next; 236 } 237 buf->head->read = buf->head->commit; 238 buf->head->lookahead = buf->head->read; 239 240 if (ld && ld->ops->flush_buffer) 241 ld->ops->flush_buffer(tty); 242 243 atomic_dec(&buf->priority); 244 mutex_unlock(&buf->lock); 245 } 246 247 /** 248 * __tty_buffer_request_room - grow tty buffer if needed 249 * @port: tty port 250 * @size: size desired 251 * @flags: buffer has to store flags along character data 252 * 253 * Make at least @size bytes of linear space available for the tty buffer. 254 * 255 * Will change over to a new buffer if the current buffer is encoded as 256 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags 257 * buffer. 258 * 259 * Returns: the size we managed to find. 260 */ 261 static int __tty_buffer_request_room(struct tty_port *port, size_t size, 262 bool flags) 263 { 264 struct tty_bufhead *buf = &port->buf; 265 struct tty_buffer *b, *n; 266 int left, change; 267 268 b = buf->tail; 269 if (!b->flags) 270 left = 2 * b->size - b->used; 271 else 272 left = b->size - b->used; 273 274 change = !b->flags && flags; 275 if (change || left < size) { 276 /* This is the slow path - looking for new buffers to use */ 277 n = tty_buffer_alloc(port, size); 278 if (n != NULL) { 279 n->flags = flags; 280 buf->tail = n; 281 /* 282 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 283 * ensures they see all buffer data. 284 */ 285 smp_store_release(&b->commit, b->used); 286 /* 287 * Paired w/ acquire in flush_to_ldisc() and lookahead_bufs() 288 * ensures the latest commit value can be read before the head 289 * is advanced to the next buffer. 290 */ 291 smp_store_release(&b->next, n); 292 } else if (change) 293 size = 0; 294 else 295 size = left; 296 } 297 return size; 298 } 299 300 int tty_buffer_request_room(struct tty_port *port, size_t size) 301 { 302 return __tty_buffer_request_room(port, size, true); 303 } 304 EXPORT_SYMBOL_GPL(tty_buffer_request_room); 305 306 /** 307 * tty_insert_flip_string_fixed_flag - add characters to the tty buffer 308 * @port: tty port 309 * @chars: characters 310 * @flag: flag value for each character 311 * @size: size 312 * 313 * Queue a series of bytes to the tty buffering. All the characters passed are 314 * marked with the supplied flag. 315 * 316 * Returns: the number added. 317 */ 318 int tty_insert_flip_string_fixed_flag(struct tty_port *port, const u8 *chars, 319 u8 flag, size_t size) 320 { 321 int copied = 0; 322 bool flags = flag != TTY_NORMAL; 323 324 do { 325 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 326 int space = __tty_buffer_request_room(port, goal, flags); 327 struct tty_buffer *tb = port->buf.tail; 328 329 if (unlikely(space == 0)) 330 break; 331 memcpy(char_buf_ptr(tb, tb->used), chars, space); 332 if (tb->flags) 333 memset(flag_buf_ptr(tb, tb->used), flag, space); 334 tb->used += space; 335 copied += space; 336 chars += space; 337 /* There is a small chance that we need to split the data over 338 * several buffers. If this is the case we must loop. 339 */ 340 } while (unlikely(size > copied)); 341 return copied; 342 } 343 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 344 345 /** 346 * tty_insert_flip_string_flags - add characters to the tty buffer 347 * @port: tty port 348 * @chars: characters 349 * @flags: flag bytes 350 * @size: size 351 * 352 * Queue a series of bytes to the tty buffering. For each character the flags 353 * array indicates the status of the character. 354 * 355 * Returns: the number added. 356 */ 357 int tty_insert_flip_string_flags(struct tty_port *port, const u8 *chars, 358 const u8 *flags, size_t size) 359 { 360 int copied = 0; 361 362 do { 363 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 364 int space = tty_buffer_request_room(port, goal); 365 struct tty_buffer *tb = port->buf.tail; 366 367 if (unlikely(space == 0)) 368 break; 369 memcpy(char_buf_ptr(tb, tb->used), chars, space); 370 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 371 tb->used += space; 372 copied += space; 373 chars += space; 374 flags += space; 375 /* There is a small chance that we need to split the data over 376 * several buffers. If this is the case we must loop. 377 */ 378 } while (unlikely(size > copied)); 379 return copied; 380 } 381 EXPORT_SYMBOL(tty_insert_flip_string_flags); 382 383 /** 384 * __tty_insert_flip_char - add one character to the tty buffer 385 * @port: tty port 386 * @ch: character 387 * @flag: flag byte 388 * 389 * Queue a single byte @ch to the tty buffering, with an optional flag. This is 390 * the slow path of tty_insert_flip_char(). 391 */ 392 int __tty_insert_flip_char(struct tty_port *port, u8 ch, u8 flag) 393 { 394 struct tty_buffer *tb; 395 bool flags = flag != TTY_NORMAL; 396 397 if (!__tty_buffer_request_room(port, 1, flags)) 398 return 0; 399 400 tb = port->buf.tail; 401 if (tb->flags) 402 *flag_buf_ptr(tb, tb->used) = flag; 403 *char_buf_ptr(tb, tb->used++) = ch; 404 405 return 1; 406 } 407 EXPORT_SYMBOL(__tty_insert_flip_char); 408 409 /** 410 * tty_prepare_flip_string - make room for characters 411 * @port: tty port 412 * @chars: return pointer for character write area 413 * @size: desired size 414 * 415 * Prepare a block of space in the buffer for data. 416 * 417 * This is used for drivers that need their own block copy routines into the 418 * buffer. There is no guarantee the buffer is a DMA target! 419 * 420 * Returns: the length available and buffer pointer (@chars) to the space which 421 * is now allocated and accounted for as ready for normal characters. 422 */ 423 int tty_prepare_flip_string(struct tty_port *port, u8 **chars, size_t size) 424 { 425 int space = __tty_buffer_request_room(port, size, false); 426 427 if (likely(space)) { 428 struct tty_buffer *tb = port->buf.tail; 429 430 *chars = char_buf_ptr(tb, tb->used); 431 if (tb->flags) 432 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 433 tb->used += space; 434 } 435 return space; 436 } 437 EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 438 439 /** 440 * tty_ldisc_receive_buf - forward data to line discipline 441 * @ld: line discipline to process input 442 * @p: char buffer 443 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer 444 * @count: number of bytes to process 445 * 446 * Callers other than flush_to_ldisc() need to exclude the kworker from 447 * concurrent use of the line discipline, see paste_selection(). 448 * 449 * Returns: the number of bytes processed. 450 */ 451 size_t tty_ldisc_receive_buf(struct tty_ldisc *ld, const u8 *p, const u8 *f, 452 size_t count) 453 { 454 if (ld->ops->receive_buf2) 455 count = ld->ops->receive_buf2(ld->tty, p, f, count); 456 else { 457 count = min_t(size_t, count, ld->tty->receive_room); 458 if (count && ld->ops->receive_buf) 459 ld->ops->receive_buf(ld->tty, p, f, count); 460 } 461 return count; 462 } 463 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 464 465 static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head) 466 { 467 head->lookahead = max(head->lookahead, head->read); 468 469 while (head) { 470 struct tty_buffer *next; 471 unsigned int count; 472 473 /* 474 * Paired w/ release in __tty_buffer_request_room(); 475 * ensures commit value read is not stale if the head 476 * is advancing to the next buffer. 477 */ 478 next = smp_load_acquire(&head->next); 479 /* 480 * Paired w/ release in __tty_buffer_request_room() or in 481 * tty_buffer_flush(); ensures we see the committed buffer data. 482 */ 483 count = smp_load_acquire(&head->commit) - head->lookahead; 484 if (!count) { 485 head = next; 486 continue; 487 } 488 489 if (port->client_ops->lookahead_buf) { 490 u8 *p, *f = NULL; 491 492 p = char_buf_ptr(head, head->lookahead); 493 if (head->flags) 494 f = flag_buf_ptr(head, head->lookahead); 495 496 port->client_ops->lookahead_buf(port, p, f, count); 497 } 498 499 head->lookahead += count; 500 } 501 } 502 503 static size_t 504 receive_buf(struct tty_port *port, struct tty_buffer *head, size_t count) 505 { 506 u8 *p = char_buf_ptr(head, head->read); 507 const u8 *f = NULL; 508 size_t n; 509 510 if (head->flags) 511 f = flag_buf_ptr(head, head->read); 512 513 n = port->client_ops->receive_buf(port, p, f, count); 514 if (n > 0) 515 memset(p, 0, n); 516 return n; 517 } 518 519 /** 520 * flush_to_ldisc - flush data from buffer to ldisc 521 * @work: tty structure passed from work queue. 522 * 523 * This routine is called out of the software interrupt to flush data from the 524 * buffer chain to the line discipline. 525 * 526 * The receive_buf() method is single threaded for each tty instance. 527 * 528 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'. 529 */ 530 static void flush_to_ldisc(struct work_struct *work) 531 { 532 struct tty_port *port = container_of(work, struct tty_port, buf.work); 533 struct tty_bufhead *buf = &port->buf; 534 535 mutex_lock(&buf->lock); 536 537 while (1) { 538 struct tty_buffer *head = buf->head; 539 struct tty_buffer *next; 540 size_t count, rcvd; 541 542 /* Ldisc or user is trying to gain exclusive access */ 543 if (atomic_read(&buf->priority)) 544 break; 545 546 /* paired w/ release in __tty_buffer_request_room(); 547 * ensures commit value read is not stale if the head 548 * is advancing to the next buffer 549 */ 550 next = smp_load_acquire(&head->next); 551 /* paired w/ release in __tty_buffer_request_room() or in 552 * tty_buffer_flush(); ensures we see the committed buffer data 553 */ 554 count = smp_load_acquire(&head->commit) - head->read; 555 if (!count) { 556 if (next == NULL) 557 break; 558 buf->head = next; 559 tty_buffer_free(port, head); 560 continue; 561 } 562 563 rcvd = receive_buf(port, head, count); 564 head->read += rcvd; 565 if (rcvd < count) 566 lookahead_bufs(port, head); 567 if (!rcvd) 568 break; 569 570 if (need_resched()) 571 cond_resched(); 572 } 573 574 mutex_unlock(&buf->lock); 575 576 } 577 578 static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 579 { 580 /* 581 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 582 * buffer data. 583 */ 584 smp_store_release(&tail->commit, tail->used); 585 } 586 587 /** 588 * tty_flip_buffer_push - push terminal buffers 589 * @port: tty port to push 590 * 591 * Queue a push of the terminal flip buffers to the line discipline. Can be 592 * called from IRQ/atomic context. 593 * 594 * In the event of the queue being busy for flipping the work will be held off 595 * and retried later. 596 */ 597 void tty_flip_buffer_push(struct tty_port *port) 598 { 599 struct tty_bufhead *buf = &port->buf; 600 601 tty_flip_buffer_commit(buf->tail); 602 queue_work(system_unbound_wq, &buf->work); 603 } 604 EXPORT_SYMBOL(tty_flip_buffer_push); 605 606 /** 607 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 608 * push 609 * @port: tty port 610 * @chars: characters 611 * @size: size 612 * 613 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 614 * with the exception of properly holding the @port->lock. 615 * 616 * To be used only internally (by pty currently). 617 * 618 * Returns: the number added. 619 */ 620 int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 621 const u8 *chars, size_t size) 622 { 623 struct tty_bufhead *buf = &port->buf; 624 unsigned long flags; 625 626 spin_lock_irqsave(&port->lock, flags); 627 size = tty_insert_flip_string(port, chars, size); 628 if (size) 629 tty_flip_buffer_commit(buf->tail); 630 spin_unlock_irqrestore(&port->lock, flags); 631 632 queue_work(system_unbound_wq, &buf->work); 633 634 return size; 635 } 636 637 /** 638 * tty_buffer_init - prepare a tty buffer structure 639 * @port: tty port to initialise 640 * 641 * Set up the initial state of the buffer management for a tty device. Must be 642 * called before the other tty buffer functions are used. 643 */ 644 void tty_buffer_init(struct tty_port *port) 645 { 646 struct tty_bufhead *buf = &port->buf; 647 648 mutex_init(&buf->lock); 649 tty_buffer_reset(&buf->sentinel, 0); 650 buf->head = &buf->sentinel; 651 buf->tail = &buf->sentinel; 652 init_llist_head(&buf->free); 653 atomic_set(&buf->mem_used, 0); 654 atomic_set(&buf->priority, 0); 655 INIT_WORK(&buf->work, flush_to_ldisc); 656 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 657 } 658 659 /** 660 * tty_buffer_set_limit - change the tty buffer memory limit 661 * @port: tty port to change 662 * @limit: memory limit to set 663 * 664 * Change the tty buffer memory limit. 665 * 666 * Must be called before the other tty buffer functions are used. 667 */ 668 int tty_buffer_set_limit(struct tty_port *port, int limit) 669 { 670 if (limit < MIN_TTYB_SIZE) 671 return -EINVAL; 672 port->buf.mem_limit = limit; 673 return 0; 674 } 675 EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 676 677 /* slave ptys can claim nested buffer lock when handling BRK and INTR */ 678 void tty_buffer_set_lock_subclass(struct tty_port *port) 679 { 680 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 681 } 682 683 bool tty_buffer_restart_work(struct tty_port *port) 684 { 685 return queue_work(system_unbound_wq, &port->buf.work); 686 } 687 688 bool tty_buffer_cancel_work(struct tty_port *port) 689 { 690 return cancel_work_sync(&port->buf.work); 691 } 692 693 void tty_buffer_flush_work(struct tty_port *port) 694 { 695 flush_work(&port->buf.work); 696 } 697