1// SPDX-License-Identifier: GPL-2.0 2/* 3 * Tty buffer allocation management 4 */ 5 6#include <linux/types.h> 7#include <linux/errno.h> 8#include <linux/tty.h> 9#include <linux/tty_driver.h> 10#include <linux/tty_flip.h> 11#include <linux/timer.h> 12#include <linux/string.h> 13#include <linux/slab.h> 14#include <linux/sched.h> 15#include <linux/wait.h> 16#include <linux/bitops.h> 17#include <linux/delay.h> 18#include <linux/module.h> 19#include <linux/ratelimit.h> 20#include "tty.h" 21 22#define MIN_TTYB_SIZE 256 23#define TTYB_ALIGN_MASK 255 24 25/* 26 * Byte threshold to limit memory consumption for flip buffers. 27 * The actual memory limit is > 2x this amount. 28 */ 29#define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL) 30 31/* 32 * We default to dicing tty buffer allocations to this many characters 33 * in order to avoid multiple page allocations. We know the size of 34 * tty_buffer itself but it must also be taken into account that the 35 * the buffer is 256 byte aligned. See tty_buffer_find for the allocation 36 * logic this must match 37 */ 38 39#define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF) 40 41/** 42 * tty_buffer_lock_exclusive - gain exclusive access to buffer 43 * tty_buffer_unlock_exclusive - release exclusive access 44 * 45 * @port: tty port owning the flip buffer 46 * 47 * Guarantees safe use of the line discipline's receive_buf() method by 48 * excluding the buffer work and any pending flush from using the flip 49 * buffer. Data can continue to be added concurrently to the flip buffer 50 * from the driver side. 51 * 52 * On release, the buffer work is restarted if there is data in the 53 * flip buffer 54 */ 55 56void tty_buffer_lock_exclusive(struct tty_port *port) 57{ 58 struct tty_bufhead *buf = &port->buf; 59 60 atomic_inc(&buf->priority); 61 mutex_lock(&buf->lock); 62} 63EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive); 64 65void tty_buffer_unlock_exclusive(struct tty_port *port) 66{ 67 struct tty_bufhead *buf = &port->buf; 68 int restart; 69 70 restart = buf->head->commit != buf->head->read; 71 72 atomic_dec(&buf->priority); 73 mutex_unlock(&buf->lock); 74 if (restart) 75 queue_work(system_unbound_wq, &buf->work); 76} 77EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive); 78 79/** 80 * tty_buffer_space_avail - return unused buffer space 81 * @port: tty port owning the flip buffer 82 * 83 * Returns the # of bytes which can be written by the driver without 84 * reaching the buffer limit. 85 * 86 * Note: this does not guarantee that memory is available to write 87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to 88 * pre-allocate if memory guarantee is required). 89 */ 90 91int tty_buffer_space_avail(struct tty_port *port) 92{ 93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used); 94 return max(space, 0); 95} 96EXPORT_SYMBOL_GPL(tty_buffer_space_avail); 97 98static void tty_buffer_reset(struct tty_buffer *p, size_t size) 99{ 100 p->used = 0; 101 p->size = size; 102 p->next = NULL; 103 p->commit = 0; 104 p->read = 0; 105 p->flags = 0; 106} 107 108/** 109 * tty_buffer_free_all - free buffers used by a tty 110 * @port: tty port to free from 111 * 112 * Remove all the buffers pending on a tty whether queued with data 113 * or in the free ring. Must be called when the tty is no longer in use 114 */ 115 116void tty_buffer_free_all(struct tty_port *port) 117{ 118 struct tty_bufhead *buf = &port->buf; 119 struct tty_buffer *p, *next; 120 struct llist_node *llist; 121 unsigned int freed = 0; 122 int still_used; 123 124 while ((p = buf->head) != NULL) { 125 buf->head = p->next; 126 freed += p->size; 127 if (p->size > 0) 128 kfree(p); 129 } 130 llist = llist_del_all(&buf->free); 131 llist_for_each_entry_safe(p, next, llist, free) 132 kfree(p); 133 134 tty_buffer_reset(&buf->sentinel, 0); 135 buf->head = &buf->sentinel; 136 buf->tail = &buf->sentinel; 137 138 still_used = atomic_xchg(&buf->mem_used, 0); 139 WARN(still_used != freed, "we still have not freed %d bytes!", 140 still_used - freed); 141} 142 143/** 144 * tty_buffer_alloc - allocate a tty buffer 145 * @port: tty port 146 * @size: desired size (characters) 147 * 148 * Allocate a new tty buffer to hold the desired number of characters. 149 * We round our buffers off in 256 character chunks to get better 150 * allocation behaviour. 151 * Return NULL if out of memory or the allocation would exceed the 152 * per device queue 153 */ 154 155static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size) 156{ 157 struct llist_node *free; 158 struct tty_buffer *p; 159 160 /* Round the buffer size out */ 161 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK); 162 163 if (size <= MIN_TTYB_SIZE) { 164 free = llist_del_first(&port->buf.free); 165 if (free) { 166 p = llist_entry(free, struct tty_buffer, free); 167 goto found; 168 } 169 } 170 171 /* Should possibly check if this fails for the largest buffer we 172 have queued and recycle that ? */ 173 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit) 174 return NULL; 175 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, 176 GFP_ATOMIC | __GFP_NOWARN); 177 if (p == NULL) 178 return NULL; 179 180found: 181 tty_buffer_reset(p, size); 182 atomic_add(size, &port->buf.mem_used); 183 return p; 184} 185 186/** 187 * tty_buffer_free - free a tty buffer 188 * @port: tty port owning the buffer 189 * @b: the buffer to free 190 * 191 * Free a tty buffer, or add it to the free list according to our 192 * internal strategy 193 */ 194 195static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b) 196{ 197 struct tty_bufhead *buf = &port->buf; 198 199 /* Dumb strategy for now - should keep some stats */ 200 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0); 201 202 if (b->size > MIN_TTYB_SIZE) 203 kfree(b); 204 else if (b->size > 0) 205 llist_add(&b->free, &buf->free); 206} 207 208/** 209 * tty_buffer_flush - flush full tty buffers 210 * @tty: tty to flush 211 * @ld: optional ldisc ptr (must be referenced) 212 * 213 * flush all the buffers containing receive data. If ld != NULL, 214 * flush the ldisc input buffer. 215 * 216 * Locking: takes buffer lock to ensure single-threaded flip buffer 217 * 'consumer' 218 */ 219 220void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld) 221{ 222 struct tty_port *port = tty->port; 223 struct tty_bufhead *buf = &port->buf; 224 struct tty_buffer *next; 225 226 atomic_inc(&buf->priority); 227 228 mutex_lock(&buf->lock); 229 /* paired w/ release in __tty_buffer_request_room; ensures there are 230 * no pending memory accesses to the freed buffer 231 */ 232 while ((next = smp_load_acquire(&buf->head->next)) != NULL) { 233 tty_buffer_free(port, buf->head); 234 buf->head = next; 235 } 236 buf->head->read = buf->head->commit; 237 238 if (ld && ld->ops->flush_buffer) 239 ld->ops->flush_buffer(tty); 240 241 atomic_dec(&buf->priority); 242 mutex_unlock(&buf->lock); 243} 244 245/** 246 * tty_buffer_request_room - grow tty buffer if needed 247 * @port: tty port 248 * @size: size desired 249 * @flags: buffer flags if new buffer allocated (default = 0) 250 * 251 * Make at least size bytes of linear space available for the tty 252 * buffer. If we fail return the size we managed to find. 253 * 254 * Will change over to a new buffer if the current buffer is encoded as 255 * TTY_NORMAL (so has no flags buffer) and the new buffer requires 256 * a flags buffer. 257 */ 258static int __tty_buffer_request_room(struct tty_port *port, size_t size, 259 int flags) 260{ 261 struct tty_bufhead *buf = &port->buf; 262 struct tty_buffer *b, *n; 263 int left, change; 264 265 b = buf->tail; 266 if (b->flags & TTYB_NORMAL) 267 left = 2 * b->size - b->used; 268 else 269 left = b->size - b->used; 270 271 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL); 272 if (change || left < size) { 273 /* This is the slow path - looking for new buffers to use */ 274 n = tty_buffer_alloc(port, size); 275 if (n != NULL) { 276 n->flags = flags; 277 buf->tail = n; 278 /* paired w/ acquire in flush_to_ldisc(); ensures 279 * flush_to_ldisc() sees buffer data. 280 */ 281 smp_store_release(&b->commit, b->used); 282 /* paired w/ acquire in flush_to_ldisc(); ensures the 283 * latest commit value can be read before the head is 284 * advanced to the next buffer 285 */ 286 smp_store_release(&b->next, n); 287 } else if (change) 288 size = 0; 289 else 290 size = left; 291 } 292 return size; 293} 294 295int tty_buffer_request_room(struct tty_port *port, size_t size) 296{ 297 return __tty_buffer_request_room(port, size, 0); 298} 299EXPORT_SYMBOL_GPL(tty_buffer_request_room); 300 301/** 302 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer 303 * @port: tty port 304 * @chars: characters 305 * @flag: flag value for each character 306 * @size: size 307 * 308 * Queue a series of bytes to the tty buffering. All the characters 309 * passed are marked with the supplied flag. Returns the number added. 310 */ 311 312int tty_insert_flip_string_fixed_flag(struct tty_port *port, 313 const unsigned char *chars, char flag, size_t size) 314{ 315 int copied = 0; 316 do { 317 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 318 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 319 int space = __tty_buffer_request_room(port, goal, flags); 320 struct tty_buffer *tb = port->buf.tail; 321 if (unlikely(space == 0)) 322 break; 323 memcpy(char_buf_ptr(tb, tb->used), chars, space); 324 if (~tb->flags & TTYB_NORMAL) 325 memset(flag_buf_ptr(tb, tb->used), flag, space); 326 tb->used += space; 327 copied += space; 328 chars += space; 329 /* There is a small chance that we need to split the data over 330 several buffers. If this is the case we must loop */ 331 } while (unlikely(size > copied)); 332 return copied; 333} 334EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag); 335 336/** 337 * tty_insert_flip_string_flags - Add characters to the tty buffer 338 * @port: tty port 339 * @chars: characters 340 * @flags: flag bytes 341 * @size: size 342 * 343 * Queue a series of bytes to the tty buffering. For each character 344 * the flags array indicates the status of the character. Returns the 345 * number added. 346 */ 347 348int tty_insert_flip_string_flags(struct tty_port *port, 349 const unsigned char *chars, const char *flags, size_t size) 350{ 351 int copied = 0; 352 do { 353 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE); 354 int space = tty_buffer_request_room(port, goal); 355 struct tty_buffer *tb = port->buf.tail; 356 if (unlikely(space == 0)) 357 break; 358 memcpy(char_buf_ptr(tb, tb->used), chars, space); 359 memcpy(flag_buf_ptr(tb, tb->used), flags, space); 360 tb->used += space; 361 copied += space; 362 chars += space; 363 flags += space; 364 /* There is a small chance that we need to split the data over 365 several buffers. If this is the case we must loop */ 366 } while (unlikely(size > copied)); 367 return copied; 368} 369EXPORT_SYMBOL(tty_insert_flip_string_flags); 370 371/** 372 * __tty_insert_flip_char - Add one character to the tty buffer 373 * @port: tty port 374 * @ch: character 375 * @flag: flag byte 376 * 377 * Queue a single byte to the tty buffering, with an optional flag. 378 * This is the slow path of tty_insert_flip_char. 379 */ 380int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag) 381{ 382 struct tty_buffer *tb; 383 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0; 384 385 if (!__tty_buffer_request_room(port, 1, flags)) 386 return 0; 387 388 tb = port->buf.tail; 389 if (~tb->flags & TTYB_NORMAL) 390 *flag_buf_ptr(tb, tb->used) = flag; 391 *char_buf_ptr(tb, tb->used++) = ch; 392 393 return 1; 394} 395EXPORT_SYMBOL(__tty_insert_flip_char); 396 397/** 398 * tty_prepare_flip_string - make room for characters 399 * @port: tty port 400 * @chars: return pointer for character write area 401 * @size: desired size 402 * 403 * Prepare a block of space in the buffer for data. Returns the length 404 * available and buffer pointer to the space which is now allocated and 405 * accounted for as ready for normal characters. This is used for drivers 406 * that need their own block copy routines into the buffer. There is no 407 * guarantee the buffer is a DMA target! 408 */ 409 410int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars, 411 size_t size) 412{ 413 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL); 414 if (likely(space)) { 415 struct tty_buffer *tb = port->buf.tail; 416 *chars = char_buf_ptr(tb, tb->used); 417 if (~tb->flags & TTYB_NORMAL) 418 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space); 419 tb->used += space; 420 } 421 return space; 422} 423EXPORT_SYMBOL_GPL(tty_prepare_flip_string); 424 425/** 426 * tty_ldisc_receive_buf - forward data to line discipline 427 * @ld: line discipline to process input 428 * @p: char buffer 429 * @f: TTY_* flags buffer 430 * @count: number of bytes to process 431 * 432 * Callers other than flush_to_ldisc() need to exclude the kworker 433 * from concurrent use of the line discipline, see paste_selection(). 434 * 435 * Returns the number of bytes processed 436 */ 437int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p, 438 char *f, int count) 439{ 440 if (ld->ops->receive_buf2) 441 count = ld->ops->receive_buf2(ld->tty, p, f, count); 442 else { 443 count = min_t(int, count, ld->tty->receive_room); 444 if (count && ld->ops->receive_buf) 445 ld->ops->receive_buf(ld->tty, p, f, count); 446 } 447 return count; 448} 449EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf); 450 451static int 452receive_buf(struct tty_port *port, struct tty_buffer *head, int count) 453{ 454 unsigned char *p = char_buf_ptr(head, head->read); 455 char *f = NULL; 456 int n; 457 458 if (~head->flags & TTYB_NORMAL) 459 f = flag_buf_ptr(head, head->read); 460 461 n = port->client_ops->receive_buf(port, p, f, count); 462 if (n > 0) 463 memset(p, 0, n); 464 return n; 465} 466 467/** 468 * flush_to_ldisc 469 * @work: tty structure passed from work queue. 470 * 471 * This routine is called out of the software interrupt to flush data 472 * from the buffer chain to the line discipline. 473 * 474 * The receive_buf method is single threaded for each tty instance. 475 * 476 * Locking: takes buffer lock to ensure single-threaded flip buffer 477 * 'consumer' 478 */ 479 480static void flush_to_ldisc(struct work_struct *work) 481{ 482 struct tty_port *port = container_of(work, struct tty_port, buf.work); 483 struct tty_bufhead *buf = &port->buf; 484 485 mutex_lock(&buf->lock); 486 487 while (1) { 488 struct tty_buffer *head = buf->head; 489 struct tty_buffer *next; 490 int count; 491 492 /* Ldisc or user is trying to gain exclusive access */ 493 if (atomic_read(&buf->priority)) 494 break; 495 496 /* paired w/ release in __tty_buffer_request_room(); 497 * ensures commit value read is not stale if the head 498 * is advancing to the next buffer 499 */ 500 next = smp_load_acquire(&head->next); 501 /* paired w/ release in __tty_buffer_request_room() or in 502 * tty_buffer_flush(); ensures we see the committed buffer data 503 */ 504 count = smp_load_acquire(&head->commit) - head->read; 505 if (!count) { 506 if (next == NULL) 507 break; 508 buf->head = next; 509 tty_buffer_free(port, head); 510 continue; 511 } 512 513 count = receive_buf(port, head, count); 514 if (!count) 515 break; 516 head->read += count; 517 518 if (need_resched()) 519 cond_resched(); 520 } 521 522 mutex_unlock(&buf->lock); 523 524} 525 526static inline void tty_flip_buffer_commit(struct tty_buffer *tail) 527{ 528 /* 529 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees 530 * buffer data. 531 */ 532 smp_store_release(&tail->commit, tail->used); 533} 534 535/** 536 * tty_flip_buffer_push - terminal 537 * @port: tty port to push 538 * 539 * Queue a push of the terminal flip buffers to the line discipline. 540 * Can be called from IRQ/atomic context. 541 * 542 * In the event of the queue being busy for flipping the work will be 543 * held off and retried later. 544 */ 545 546void tty_flip_buffer_push(struct tty_port *port) 547{ 548 struct tty_bufhead *buf = &port->buf; 549 550 tty_flip_buffer_commit(buf->tail); 551 queue_work(system_unbound_wq, &buf->work); 552} 553EXPORT_SYMBOL(tty_flip_buffer_push); 554 555/** 556 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and 557 * push 558 * @port: tty port 559 * @chars: characters 560 * @size: size 561 * 562 * The function combines tty_insert_flip_string() and tty_flip_buffer_push() 563 * with the exception of properly holding the @port->lock. 564 * 565 * To be used only internally (by pty currently). 566 * 567 * Returns: the number added. 568 */ 569int tty_insert_flip_string_and_push_buffer(struct tty_port *port, 570 const unsigned char *chars, size_t size) 571{ 572 struct tty_bufhead *buf = &port->buf; 573 unsigned long flags; 574 575 spin_lock_irqsave(&port->lock, flags); 576 size = tty_insert_flip_string(port, chars, size); 577 if (size) 578 tty_flip_buffer_commit(buf->tail); 579 spin_unlock_irqrestore(&port->lock, flags); 580 581 queue_work(system_unbound_wq, &buf->work); 582 583 return size; 584} 585 586/** 587 * tty_buffer_init - prepare a tty buffer structure 588 * @port: tty port to initialise 589 * 590 * Set up the initial state of the buffer management for a tty device. 591 * Must be called before the other tty buffer functions are used. 592 */ 593 594void tty_buffer_init(struct tty_port *port) 595{ 596 struct tty_bufhead *buf = &port->buf; 597 598 mutex_init(&buf->lock); 599 tty_buffer_reset(&buf->sentinel, 0); 600 buf->head = &buf->sentinel; 601 buf->tail = &buf->sentinel; 602 init_llist_head(&buf->free); 603 atomic_set(&buf->mem_used, 0); 604 atomic_set(&buf->priority, 0); 605 INIT_WORK(&buf->work, flush_to_ldisc); 606 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT; 607} 608 609/** 610 * tty_buffer_set_limit - change the tty buffer memory limit 611 * @port: tty port to change 612 * 613 * Change the tty buffer memory limit. 614 * Must be called before the other tty buffer functions are used. 615 */ 616 617int tty_buffer_set_limit(struct tty_port *port, int limit) 618{ 619 if (limit < MIN_TTYB_SIZE) 620 return -EINVAL; 621 port->buf.mem_limit = limit; 622 return 0; 623} 624EXPORT_SYMBOL_GPL(tty_buffer_set_limit); 625 626/* slave ptys can claim nested buffer lock when handling BRK and INTR */ 627void tty_buffer_set_lock_subclass(struct tty_port *port) 628{ 629 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE); 630} 631 632bool tty_buffer_restart_work(struct tty_port *port) 633{ 634 return queue_work(system_unbound_wq, &port->buf.work); 635} 636 637bool tty_buffer_cancel_work(struct tty_port *port) 638{ 639 return cancel_work_sync(&port->buf.work); 640} 641 642void tty_buffer_flush_work(struct tty_port *port) 643{ 644 flush_work(&port->buf.work); 645} 646