1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Tty buffer allocation management
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20 #include "tty.h"
21
22 #define MIN_TTYB_SIZE 256
23 #define TTYB_ALIGN_MASK 255
24
25 /*
26 * Byte threshold to limit memory consumption for flip buffers.
27 * The actual memory limit is > 2x this amount.
28 */
29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL)
30
31 /*
32 * We default to dicing tty buffer allocations to this many characters
33 * in order to avoid multiple page allocations. We know the size of
34 * tty_buffer itself but it must also be taken into account that the
35 * buffer is 256 byte aligned. See tty_buffer_find for the allocation
36 * logic this must match.
37 */
38
39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40
41 /**
42 * tty_buffer_lock_exclusive - gain exclusive access to buffer
43 * tty_buffer_unlock_exclusive - release exclusive access
44 *
45 * @port: tty port owning the flip buffer
46 *
47 * Guarantees safe use of the line discipline's receive_buf() method by
48 * excluding the buffer work and any pending flush from using the flip
49 * buffer. Data can continue to be added concurrently to the flip buffer
50 * from the driver side.
51 *
52 * On release, the buffer work is restarted if there is data in the
53 * flip buffer
54 */
55
tty_buffer_lock_exclusive(struct tty_port * port)56 void tty_buffer_lock_exclusive(struct tty_port *port)
57 {
58 struct tty_bufhead *buf = &port->buf;
59
60 atomic_inc(&buf->priority);
61 mutex_lock(&buf->lock);
62 }
63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
64
tty_buffer_unlock_exclusive(struct tty_port * port)65 void tty_buffer_unlock_exclusive(struct tty_port *port)
66 {
67 struct tty_bufhead *buf = &port->buf;
68 int restart;
69
70 restart = buf->head->commit != buf->head->read;
71
72 atomic_dec(&buf->priority);
73 mutex_unlock(&buf->lock);
74 if (restart)
75 queue_work(system_unbound_wq, &buf->work);
76 }
77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
78
79 /**
80 * tty_buffer_space_avail - return unused buffer space
81 * @port: tty port owning the flip buffer
82 *
83 * Returns the # of bytes which can be written by the driver without
84 * reaching the buffer limit.
85 *
86 * Note: this does not guarantee that memory is available to write
87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to
88 * pre-allocate if memory guarantee is required).
89 */
90
tty_buffer_space_avail(struct tty_port * port)91 unsigned int tty_buffer_space_avail(struct tty_port *port)
92 {
93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
94
95 return max(space, 0);
96 }
97 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
98
tty_buffer_reset(struct tty_buffer * p,size_t size)99 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
100 {
101 p->used = 0;
102 p->size = size;
103 p->next = NULL;
104 p->commit = 0;
105 p->read = 0;
106 p->flags = 0;
107 }
108
109 /**
110 * tty_buffer_free_all - free buffers used by a tty
111 * @port: tty port to free from
112 *
113 * Remove all the buffers pending on a tty whether queued with data
114 * or in the free ring. Must be called when the tty is no longer in use
115 */
116
tty_buffer_free_all(struct tty_port * port)117 void tty_buffer_free_all(struct tty_port *port)
118 {
119 struct tty_bufhead *buf = &port->buf;
120 struct tty_buffer *p, *next;
121 struct llist_node *llist;
122 unsigned int freed = 0;
123 int still_used;
124
125 while ((p = buf->head) != NULL) {
126 buf->head = p->next;
127 freed += p->size;
128 if (p->size > 0)
129 kfree(p);
130 }
131 llist = llist_del_all(&buf->free);
132 llist_for_each_entry_safe(p, next, llist, free)
133 kfree(p);
134
135 tty_buffer_reset(&buf->sentinel, 0);
136 buf->head = &buf->sentinel;
137 buf->tail = &buf->sentinel;
138
139 still_used = atomic_xchg(&buf->mem_used, 0);
140 WARN(still_used != freed, "we still have not freed %d bytes!",
141 still_used - freed);
142 }
143
144 /**
145 * tty_buffer_alloc - allocate a tty buffer
146 * @port: tty port
147 * @size: desired size (characters)
148 *
149 * Allocate a new tty buffer to hold the desired number of characters.
150 * We round our buffers off in 256 character chunks to get better
151 * allocation behaviour.
152 * Return NULL if out of memory or the allocation would exceed the
153 * per device queue
154 */
155
tty_buffer_alloc(struct tty_port * port,size_t size)156 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
157 {
158 struct llist_node *free;
159 struct tty_buffer *p;
160
161 /* Round the buffer size out */
162 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
163
164 if (size <= MIN_TTYB_SIZE) {
165 free = llist_del_first(&port->buf.free);
166 if (free) {
167 p = llist_entry(free, struct tty_buffer, free);
168 goto found;
169 }
170 }
171
172 /* Should possibly check if this fails for the largest buffer we
173 * have queued and recycle that ?
174 */
175 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
176 return NULL;
177 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
178 if (p == NULL)
179 return NULL;
180
181 found:
182 tty_buffer_reset(p, size);
183 atomic_add(size, &port->buf.mem_used);
184 return p;
185 }
186
187 /**
188 * tty_buffer_free - free a tty buffer
189 * @port: tty port owning the buffer
190 * @b: the buffer to free
191 *
192 * Free a tty buffer, or add it to the free list according to our
193 * internal strategy
194 */
195
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)196 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
197 {
198 struct tty_bufhead *buf = &port->buf;
199
200 /* Dumb strategy for now - should keep some stats */
201 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
202
203 if (b->size > MIN_TTYB_SIZE)
204 kfree(b);
205 else if (b->size > 0)
206 llist_add(&b->free, &buf->free);
207 }
208
209 /**
210 * tty_buffer_flush - flush full tty buffers
211 * @tty: tty to flush
212 * @ld: optional ldisc ptr (must be referenced)
213 *
214 * flush all the buffers containing receive data. If ld != NULL,
215 * flush the ldisc input buffer.
216 *
217 * Locking: takes buffer lock to ensure single-threaded flip buffer
218 * 'consumer'
219 */
220
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)221 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
222 {
223 struct tty_port *port = tty->port;
224 struct tty_bufhead *buf = &port->buf;
225 struct tty_buffer *next;
226
227 atomic_inc(&buf->priority);
228
229 mutex_lock(&buf->lock);
230 /* paired w/ release in __tty_buffer_request_room; ensures there are
231 * no pending memory accesses to the freed buffer
232 */
233 while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
234 tty_buffer_free(port, buf->head);
235 buf->head = next;
236 }
237 buf->head->read = buf->head->commit;
238
239 if (ld && ld->ops->flush_buffer)
240 ld->ops->flush_buffer(tty);
241
242 atomic_dec(&buf->priority);
243 mutex_unlock(&buf->lock);
244 }
245
246 /**
247 * __tty_buffer_request_room - grow tty buffer if needed
248 * @port: tty port
249 * @size: size desired
250 * @flags: buffer flags if new buffer allocated (default = 0)
251 *
252 * Make at least size bytes of linear space available for the tty
253 * buffer. If we fail return the size we managed to find.
254 *
255 * Will change over to a new buffer if the current buffer is encoded as
256 * TTY_NORMAL (so has no flags buffer) and the new buffer requires
257 * a flags buffer.
258 */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)259 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
260 int flags)
261 {
262 struct tty_bufhead *buf = &port->buf;
263 struct tty_buffer *b, *n;
264 int left, change;
265
266 b = buf->tail;
267 if (b->flags & TTYB_NORMAL)
268 left = 2 * b->size - b->used;
269 else
270 left = b->size - b->used;
271
272 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
273 if (change || left < size) {
274 /* This is the slow path - looking for new buffers to use */
275 n = tty_buffer_alloc(port, size);
276 if (n != NULL) {
277 n->flags = flags;
278 buf->tail = n;
279 /* paired w/ acquire in flush_to_ldisc(); ensures
280 * flush_to_ldisc() sees buffer data.
281 */
282 smp_store_release(&b->commit, b->used);
283 /* paired w/ acquire in flush_to_ldisc(); ensures the
284 * latest commit value can be read before the head is
285 * advanced to the next buffer
286 */
287 smp_store_release(&b->next, n);
288 } else if (change)
289 size = 0;
290 else
291 size = left;
292 }
293 return size;
294 }
295
tty_buffer_request_room(struct tty_port * port,size_t size)296 int tty_buffer_request_room(struct tty_port *port, size_t size)
297 {
298 return __tty_buffer_request_room(port, size, 0);
299 }
300 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
301
302 /**
303 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
304 * @port: tty port
305 * @chars: characters
306 * @flag: flag value for each character
307 * @size: size
308 *
309 * Queue a series of bytes to the tty buffering. All the characters
310 * passed are marked with the supplied flag. Returns the number added.
311 */
312
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)313 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
314 const unsigned char *chars, char flag, size_t size)
315 {
316 int copied = 0;
317
318 do {
319 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
320 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
321 int space = __tty_buffer_request_room(port, goal, flags);
322 struct tty_buffer *tb = port->buf.tail;
323
324 if (unlikely(space == 0))
325 break;
326 memcpy(char_buf_ptr(tb, tb->used), chars, space);
327 if (~tb->flags & TTYB_NORMAL)
328 memset(flag_buf_ptr(tb, tb->used), flag, space);
329 tb->used += space;
330 copied += space;
331 chars += space;
332 /* There is a small chance that we need to split the data over
333 * several buffers. If this is the case we must loop.
334 */
335 } while (unlikely(size > copied));
336 return copied;
337 }
338 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
339
340 /**
341 * tty_insert_flip_string_flags - Add characters to the tty buffer
342 * @port: tty port
343 * @chars: characters
344 * @flags: flag bytes
345 * @size: size
346 *
347 * Queue a series of bytes to the tty buffering. For each character
348 * the flags array indicates the status of the character. Returns the
349 * number added.
350 */
351
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)352 int tty_insert_flip_string_flags(struct tty_port *port,
353 const unsigned char *chars, const char *flags, size_t size)
354 {
355 int copied = 0;
356
357 do {
358 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
359 int space = tty_buffer_request_room(port, goal);
360 struct tty_buffer *tb = port->buf.tail;
361
362 if (unlikely(space == 0))
363 break;
364 memcpy(char_buf_ptr(tb, tb->used), chars, space);
365 memcpy(flag_buf_ptr(tb, tb->used), flags, space);
366 tb->used += space;
367 copied += space;
368 chars += space;
369 flags += space;
370 /* There is a small chance that we need to split the data over
371 * several buffers. If this is the case we must loop.
372 */
373 } while (unlikely(size > copied));
374 return copied;
375 }
376 EXPORT_SYMBOL(tty_insert_flip_string_flags);
377
378 /**
379 * __tty_insert_flip_char - Add one character to the tty buffer
380 * @port: tty port
381 * @ch: character
382 * @flag: flag byte
383 *
384 * Queue a single byte to the tty buffering, with an optional flag.
385 * This is the slow path of tty_insert_flip_char.
386 */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)387 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
388 {
389 struct tty_buffer *tb;
390 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
391
392 if (!__tty_buffer_request_room(port, 1, flags))
393 return 0;
394
395 tb = port->buf.tail;
396 if (~tb->flags & TTYB_NORMAL)
397 *flag_buf_ptr(tb, tb->used) = flag;
398 *char_buf_ptr(tb, tb->used++) = ch;
399
400 return 1;
401 }
402 EXPORT_SYMBOL(__tty_insert_flip_char);
403
404 /**
405 * tty_schedule_flip - push characters to ldisc
406 * @port: tty port to push from
407 *
408 * Takes any pending buffers and transfers their ownership to the
409 * ldisc side of the queue. It then schedules those characters for
410 * processing by the line discipline.
411 */
412
tty_schedule_flip(struct tty_port * port)413 void tty_schedule_flip(struct tty_port *port)
414 {
415 struct tty_bufhead *buf = &port->buf;
416
417 /* paired w/ acquire in flush_to_ldisc(); ensures
418 * flush_to_ldisc() sees buffer data.
419 */
420 smp_store_release(&buf->tail->commit, buf->tail->used);
421 queue_work(system_unbound_wq, &buf->work);
422 }
423 EXPORT_SYMBOL(tty_schedule_flip);
424
425 /**
426 * tty_prepare_flip_string - make room for characters
427 * @port: tty port
428 * @chars: return pointer for character write area
429 * @size: desired size
430 *
431 * Prepare a block of space in the buffer for data. Returns the length
432 * available and buffer pointer to the space which is now allocated and
433 * accounted for as ready for normal characters. This is used for drivers
434 * that need their own block copy routines into the buffer. There is no
435 * guarantee the buffer is a DMA target!
436 */
437
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)438 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
439 size_t size)
440 {
441 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
442
443 if (likely(space)) {
444 struct tty_buffer *tb = port->buf.tail;
445
446 *chars = char_buf_ptr(tb, tb->used);
447 if (~tb->flags & TTYB_NORMAL)
448 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
449 tb->used += space;
450 }
451 return space;
452 }
453 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
454
455 /**
456 * tty_ldisc_receive_buf - forward data to line discipline
457 * @ld: line discipline to process input
458 * @p: char buffer
459 * @f: TTY_* flags buffer
460 * @count: number of bytes to process
461 *
462 * Callers other than flush_to_ldisc() need to exclude the kworker
463 * from concurrent use of the line discipline, see paste_selection().
464 *
465 * Returns the number of bytes processed
466 */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,const char * f,int count)467 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
468 const char *f, int count)
469 {
470 if (ld->ops->receive_buf2)
471 count = ld->ops->receive_buf2(ld->tty, p, f, count);
472 else {
473 count = min_t(int, count, ld->tty->receive_room);
474 if (count && ld->ops->receive_buf)
475 ld->ops->receive_buf(ld->tty, p, f, count);
476 }
477 return count;
478 }
479 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
480
481 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)482 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
483 {
484 unsigned char *p = char_buf_ptr(head, head->read);
485 const char *f = NULL;
486 int n;
487
488 if (~head->flags & TTYB_NORMAL)
489 f = flag_buf_ptr(head, head->read);
490
491 n = port->client_ops->receive_buf(port, p, f, count);
492 if (n > 0)
493 memset(p, 0, n);
494 return n;
495 }
496
497 /**
498 * flush_to_ldisc
499 * @work: tty structure passed from work queue.
500 *
501 * This routine is called out of the software interrupt to flush data
502 * from the buffer chain to the line discipline.
503 *
504 * The receive_buf method is single threaded for each tty instance.
505 *
506 * Locking: takes buffer lock to ensure single-threaded flip buffer
507 * 'consumer'
508 */
509
flush_to_ldisc(struct work_struct * work)510 static void flush_to_ldisc(struct work_struct *work)
511 {
512 struct tty_port *port = container_of(work, struct tty_port, buf.work);
513 struct tty_bufhead *buf = &port->buf;
514
515 mutex_lock(&buf->lock);
516
517 while (1) {
518 struct tty_buffer *head = buf->head;
519 struct tty_buffer *next;
520 int count;
521
522 /* Ldisc or user is trying to gain exclusive access */
523 if (atomic_read(&buf->priority))
524 break;
525
526 /* paired w/ release in __tty_buffer_request_room();
527 * ensures commit value read is not stale if the head
528 * is advancing to the next buffer
529 */
530 next = smp_load_acquire(&head->next);
531 /* paired w/ release in __tty_buffer_request_room() or in
532 * tty_buffer_flush(); ensures we see the committed buffer data
533 */
534 count = smp_load_acquire(&head->commit) - head->read;
535 if (!count) {
536 if (next == NULL)
537 break;
538 buf->head = next;
539 tty_buffer_free(port, head);
540 continue;
541 }
542
543 count = receive_buf(port, head, count);
544 if (!count)
545 break;
546 head->read += count;
547
548 if (need_resched())
549 cond_resched();
550 }
551
552 mutex_unlock(&buf->lock);
553
554 }
555
556 /**
557 * tty_flip_buffer_push - terminal
558 * @port: tty port to push
559 *
560 * Queue a push of the terminal flip buffers to the line discipline.
561 * Can be called from IRQ/atomic context.
562 *
563 * In the event of the queue being busy for flipping the work will be
564 * held off and retried later.
565 */
566
tty_flip_buffer_push(struct tty_port * port)567 void tty_flip_buffer_push(struct tty_port *port)
568 {
569 tty_schedule_flip(port);
570 }
571 EXPORT_SYMBOL(tty_flip_buffer_push);
572
573 /**
574 * tty_buffer_init - prepare a tty buffer structure
575 * @port: tty port to initialise
576 *
577 * Set up the initial state of the buffer management for a tty device.
578 * Must be called before the other tty buffer functions are used.
579 */
580
tty_buffer_init(struct tty_port * port)581 void tty_buffer_init(struct tty_port *port)
582 {
583 struct tty_bufhead *buf = &port->buf;
584
585 mutex_init(&buf->lock);
586 tty_buffer_reset(&buf->sentinel, 0);
587 buf->head = &buf->sentinel;
588 buf->tail = &buf->sentinel;
589 init_llist_head(&buf->free);
590 atomic_set(&buf->mem_used, 0);
591 atomic_set(&buf->priority, 0);
592 INIT_WORK(&buf->work, flush_to_ldisc);
593 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
594 }
595
596 /**
597 * tty_buffer_set_limit - change the tty buffer memory limit
598 * @port: tty port to change
599 * @limit: memory limit to set
600 *
601 * Change the tty buffer memory limit.
602 * Must be called before the other tty buffer functions are used.
603 */
604
tty_buffer_set_limit(struct tty_port * port,int limit)605 int tty_buffer_set_limit(struct tty_port *port, int limit)
606 {
607 if (limit < MIN_TTYB_SIZE)
608 return -EINVAL;
609 port->buf.mem_limit = limit;
610 return 0;
611 }
612 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
613
614 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)615 void tty_buffer_set_lock_subclass(struct tty_port *port)
616 {
617 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
618 }
619
tty_buffer_restart_work(struct tty_port * port)620 bool tty_buffer_restart_work(struct tty_port *port)
621 {
622 return queue_work(system_unbound_wq, &port->buf.work);
623 }
624
tty_buffer_cancel_work(struct tty_port * port)625 bool tty_buffer_cancel_work(struct tty_port *port)
626 {
627 return cancel_work_sync(&port->buf.work);
628 }
629
tty_buffer_flush_work(struct tty_port * port)630 void tty_buffer_flush_work(struct tty_port *port)
631 {
632 flush_work(&port->buf.work);
633 }
634