1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Tty buffer allocation management
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20
21
22 #define MIN_TTYB_SIZE 256
23 #define TTYB_ALIGN_MASK 255
24
25 /*
26 * Byte threshold to limit memory consumption for flip buffers.
27 * The actual memory limit is > 2x this amount.
28 */
29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL)
30
31 /*
32 * We default to dicing tty buffer allocations to this many characters
33 * in order to avoid multiple page allocations. We know the size of
34 * tty_buffer itself but it must also be taken into account that the
35 * the buffer is 256 byte aligned. See tty_buffer_find for the allocation
36 * logic this must match
37 */
38
39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40
41 /**
42 * tty_buffer_lock_exclusive - gain exclusive access to buffer
43 * tty_buffer_unlock_exclusive - release exclusive access
44 *
45 * @port: tty port owning the flip buffer
46 *
47 * Guarantees safe use of the line discipline's receive_buf() method by
48 * excluding the buffer work and any pending flush from using the flip
49 * buffer. Data can continue to be added concurrently to the flip buffer
50 * from the driver side.
51 *
52 * On release, the buffer work is restarted if there is data in the
53 * flip buffer
54 */
55
tty_buffer_lock_exclusive(struct tty_port * port)56 void tty_buffer_lock_exclusive(struct tty_port *port)
57 {
58 struct tty_bufhead *buf = &port->buf;
59
60 atomic_inc(&buf->priority);
61 mutex_lock(&buf->lock);
62 }
63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
64
tty_buffer_unlock_exclusive(struct tty_port * port)65 void tty_buffer_unlock_exclusive(struct tty_port *port)
66 {
67 struct tty_bufhead *buf = &port->buf;
68 int restart;
69
70 restart = buf->head->commit != buf->head->read;
71
72 atomic_dec(&buf->priority);
73 mutex_unlock(&buf->lock);
74 if (restart)
75 queue_work(system_unbound_wq, &buf->work);
76 }
77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
78
79 /**
80 * tty_buffer_space_avail - return unused buffer space
81 * @port: tty port owning the flip buffer
82 *
83 * Returns the # of bytes which can be written by the driver without
84 * reaching the buffer limit.
85 *
86 * Note: this does not guarantee that memory is available to write
87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to
88 * pre-allocate if memory guarantee is required).
89 */
90
tty_buffer_space_avail(struct tty_port * port)91 int tty_buffer_space_avail(struct tty_port *port)
92 {
93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
94 return max(space, 0);
95 }
96 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
97
tty_buffer_reset(struct tty_buffer * p,size_t size)98 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
99 {
100 p->used = 0;
101 p->size = size;
102 p->next = NULL;
103 p->commit = 0;
104 p->read = 0;
105 p->flags = 0;
106 }
107
108 /**
109 * tty_buffer_free_all - free buffers used by a tty
110 * @port: tty port to free from
111 *
112 * Remove all the buffers pending on a tty whether queued with data
113 * or in the free ring. Must be called when the tty is no longer in use
114 */
115
tty_buffer_free_all(struct tty_port * port)116 void tty_buffer_free_all(struct tty_port *port)
117 {
118 struct tty_bufhead *buf = &port->buf;
119 struct tty_buffer *p, *next;
120 struct llist_node *llist;
121 unsigned int freed = 0;
122 int still_used;
123
124 while ((p = buf->head) != NULL) {
125 buf->head = p->next;
126 freed += p->size;
127 if (p->size > 0)
128 kfree(p);
129 }
130 llist = llist_del_all(&buf->free);
131 llist_for_each_entry_safe(p, next, llist, free)
132 kfree(p);
133
134 tty_buffer_reset(&buf->sentinel, 0);
135 buf->head = &buf->sentinel;
136 buf->tail = &buf->sentinel;
137
138 still_used = atomic_xchg(&buf->mem_used, 0);
139 WARN(still_used != freed, "we still have not freed %d bytes!",
140 still_used - freed);
141 }
142
143 /**
144 * tty_buffer_alloc - allocate a tty buffer
145 * @port: tty port
146 * @size: desired size (characters)
147 *
148 * Allocate a new tty buffer to hold the desired number of characters.
149 * We round our buffers off in 256 character chunks to get better
150 * allocation behaviour.
151 * Return NULL if out of memory or the allocation would exceed the
152 * per device queue
153 */
154
tty_buffer_alloc(struct tty_port * port,size_t size)155 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
156 {
157 struct llist_node *free;
158 struct tty_buffer *p;
159
160 /* Round the buffer size out */
161 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
162
163 if (size <= MIN_TTYB_SIZE) {
164 free = llist_del_first(&port->buf.free);
165 if (free) {
166 p = llist_entry(free, struct tty_buffer, free);
167 goto found;
168 }
169 }
170
171 /* Should possibly check if this fails for the largest buffer we
172 have queued and recycle that ? */
173 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
174 return NULL;
175 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
176 if (p == NULL)
177 return NULL;
178
179 found:
180 tty_buffer_reset(p, size);
181 atomic_add(size, &port->buf.mem_used);
182 return p;
183 }
184
185 /**
186 * tty_buffer_free - free a tty buffer
187 * @port: tty port owning the buffer
188 * @b: the buffer to free
189 *
190 * Free a tty buffer, or add it to the free list according to our
191 * internal strategy
192 */
193
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)194 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
195 {
196 struct tty_bufhead *buf = &port->buf;
197
198 /* Dumb strategy for now - should keep some stats */
199 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
200
201 if (b->size > MIN_TTYB_SIZE)
202 kfree(b);
203 else if (b->size > 0)
204 llist_add(&b->free, &buf->free);
205 }
206
207 /**
208 * tty_buffer_flush - flush full tty buffers
209 * @tty: tty to flush
210 * @ld: optional ldisc ptr (must be referenced)
211 *
212 * flush all the buffers containing receive data. If ld != NULL,
213 * flush the ldisc input buffer.
214 *
215 * Locking: takes buffer lock to ensure single-threaded flip buffer
216 * 'consumer'
217 */
218
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)219 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
220 {
221 struct tty_port *port = tty->port;
222 struct tty_bufhead *buf = &port->buf;
223 struct tty_buffer *next;
224
225 atomic_inc(&buf->priority);
226
227 mutex_lock(&buf->lock);
228 /* paired w/ release in __tty_buffer_request_room; ensures there are
229 * no pending memory accesses to the freed buffer
230 */
231 while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
232 tty_buffer_free(port, buf->head);
233 buf->head = next;
234 }
235 buf->head->read = buf->head->commit;
236
237 if (ld && ld->ops->flush_buffer)
238 ld->ops->flush_buffer(tty);
239
240 atomic_dec(&buf->priority);
241 mutex_unlock(&buf->lock);
242 }
243
244 /**
245 * tty_buffer_request_room - grow tty buffer if needed
246 * @port: tty port
247 * @size: size desired
248 * @flags: buffer flags if new buffer allocated (default = 0)
249 *
250 * Make at least size bytes of linear space available for the tty
251 * buffer. If we fail return the size we managed to find.
252 *
253 * Will change over to a new buffer if the current buffer is encoded as
254 * TTY_NORMAL (so has no flags buffer) and the new buffer requires
255 * a flags buffer.
256 */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)257 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
258 int flags)
259 {
260 struct tty_bufhead *buf = &port->buf;
261 struct tty_buffer *b, *n;
262 int left, change;
263
264 b = buf->tail;
265 if (b->flags & TTYB_NORMAL)
266 left = 2 * b->size - b->used;
267 else
268 left = b->size - b->used;
269
270 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
271 if (change || left < size) {
272 /* This is the slow path - looking for new buffers to use */
273 n = tty_buffer_alloc(port, size);
274 if (n != NULL) {
275 n->flags = flags;
276 buf->tail = n;
277 /* paired w/ acquire in flush_to_ldisc(); ensures
278 * flush_to_ldisc() sees buffer data.
279 */
280 smp_store_release(&b->commit, b->used);
281 /* paired w/ acquire in flush_to_ldisc(); ensures the
282 * latest commit value can be read before the head is
283 * advanced to the next buffer
284 */
285 smp_store_release(&b->next, n);
286 } else if (change)
287 size = 0;
288 else
289 size = left;
290 }
291 return size;
292 }
293
tty_buffer_request_room(struct tty_port * port,size_t size)294 int tty_buffer_request_room(struct tty_port *port, size_t size)
295 {
296 return __tty_buffer_request_room(port, size, 0);
297 }
298 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
299
300 /**
301 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
302 * @port: tty port
303 * @chars: characters
304 * @flag: flag value for each character
305 * @size: size
306 *
307 * Queue a series of bytes to the tty buffering. All the characters
308 * passed are marked with the supplied flag. Returns the number added.
309 */
310
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)311 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
312 const unsigned char *chars, char flag, size_t size)
313 {
314 int copied = 0;
315 do {
316 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
317 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
318 int space = __tty_buffer_request_room(port, goal, flags);
319 struct tty_buffer *tb = port->buf.tail;
320 if (unlikely(space == 0))
321 break;
322 memcpy(char_buf_ptr(tb, tb->used), chars, space);
323 if (~tb->flags & TTYB_NORMAL)
324 memset(flag_buf_ptr(tb, tb->used), flag, space);
325 tb->used += space;
326 copied += space;
327 chars += space;
328 /* There is a small chance that we need to split the data over
329 several buffers. If this is the case we must loop */
330 } while (unlikely(size > copied));
331 return copied;
332 }
333 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
334
335 /**
336 * tty_insert_flip_string_flags - Add characters to the tty buffer
337 * @port: tty port
338 * @chars: characters
339 * @flags: flag bytes
340 * @size: size
341 *
342 * Queue a series of bytes to the tty buffering. For each character
343 * the flags array indicates the status of the character. Returns the
344 * number added.
345 */
346
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)347 int tty_insert_flip_string_flags(struct tty_port *port,
348 const unsigned char *chars, const char *flags, size_t size)
349 {
350 int copied = 0;
351 do {
352 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
353 int space = tty_buffer_request_room(port, goal);
354 struct tty_buffer *tb = port->buf.tail;
355 if (unlikely(space == 0))
356 break;
357 memcpy(char_buf_ptr(tb, tb->used), chars, space);
358 memcpy(flag_buf_ptr(tb, tb->used), flags, space);
359 tb->used += space;
360 copied += space;
361 chars += space;
362 flags += space;
363 /* There is a small chance that we need to split the data over
364 several buffers. If this is the case we must loop */
365 } while (unlikely(size > copied));
366 return copied;
367 }
368 EXPORT_SYMBOL(tty_insert_flip_string_flags);
369
370 /**
371 * __tty_insert_flip_char - Add one character to the tty buffer
372 * @port: tty port
373 * @ch: character
374 * @flag: flag byte
375 *
376 * Queue a single byte to the tty buffering, with an optional flag.
377 * This is the slow path of tty_insert_flip_char.
378 */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)379 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
380 {
381 struct tty_buffer *tb;
382 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
383
384 if (!__tty_buffer_request_room(port, 1, flags))
385 return 0;
386
387 tb = port->buf.tail;
388 if (~tb->flags & TTYB_NORMAL)
389 *flag_buf_ptr(tb, tb->used) = flag;
390 *char_buf_ptr(tb, tb->used++) = ch;
391
392 return 1;
393 }
394 EXPORT_SYMBOL(__tty_insert_flip_char);
395
396 /**
397 * tty_prepare_flip_string - make room for characters
398 * @port: tty port
399 * @chars: return pointer for character write area
400 * @size: desired size
401 *
402 * Prepare a block of space in the buffer for data. Returns the length
403 * available and buffer pointer to the space which is now allocated and
404 * accounted for as ready for normal characters. This is used for drivers
405 * that need their own block copy routines into the buffer. There is no
406 * guarantee the buffer is a DMA target!
407 */
408
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)409 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
410 size_t size)
411 {
412 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
413 if (likely(space)) {
414 struct tty_buffer *tb = port->buf.tail;
415 *chars = char_buf_ptr(tb, tb->used);
416 if (~tb->flags & TTYB_NORMAL)
417 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
418 tb->used += space;
419 }
420 return space;
421 }
422 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
423
424 /**
425 * tty_ldisc_receive_buf - forward data to line discipline
426 * @ld: line discipline to process input
427 * @p: char buffer
428 * @f: TTY_* flags buffer
429 * @count: number of bytes to process
430 *
431 * Callers other than flush_to_ldisc() need to exclude the kworker
432 * from concurrent use of the line discipline, see paste_selection().
433 *
434 * Returns the number of bytes processed
435 */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,char * f,int count)436 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
437 char *f, int count)
438 {
439 if (ld->ops->receive_buf2)
440 count = ld->ops->receive_buf2(ld->tty, p, f, count);
441 else {
442 count = min_t(int, count, ld->tty->receive_room);
443 if (count && ld->ops->receive_buf)
444 ld->ops->receive_buf(ld->tty, p, f, count);
445 }
446 return count;
447 }
448 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
449
450 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)451 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
452 {
453 unsigned char *p = char_buf_ptr(head, head->read);
454 char *f = NULL;
455 int n;
456
457 if (~head->flags & TTYB_NORMAL)
458 f = flag_buf_ptr(head, head->read);
459
460 n = port->client_ops->receive_buf(port, p, f, count);
461 if (n > 0)
462 memset(p, 0, n);
463 return n;
464 }
465
466 /**
467 * flush_to_ldisc
468 * @work: tty structure passed from work queue.
469 *
470 * This routine is called out of the software interrupt to flush data
471 * from the buffer chain to the line discipline.
472 *
473 * The receive_buf method is single threaded for each tty instance.
474 *
475 * Locking: takes buffer lock to ensure single-threaded flip buffer
476 * 'consumer'
477 */
478
flush_to_ldisc(struct work_struct * work)479 static void flush_to_ldisc(struct work_struct *work)
480 {
481 struct tty_port *port = container_of(work, struct tty_port, buf.work);
482 struct tty_bufhead *buf = &port->buf;
483
484 mutex_lock(&buf->lock);
485
486 while (1) {
487 struct tty_buffer *head = buf->head;
488 struct tty_buffer *next;
489 int count;
490
491 /* Ldisc or user is trying to gain exclusive access */
492 if (atomic_read(&buf->priority))
493 break;
494
495 /* paired w/ release in __tty_buffer_request_room();
496 * ensures commit value read is not stale if the head
497 * is advancing to the next buffer
498 */
499 next = smp_load_acquire(&head->next);
500 /* paired w/ release in __tty_buffer_request_room() or in
501 * tty_buffer_flush(); ensures we see the committed buffer data
502 */
503 count = smp_load_acquire(&head->commit) - head->read;
504 if (!count) {
505 if (next == NULL)
506 break;
507 buf->head = next;
508 tty_buffer_free(port, head);
509 continue;
510 }
511
512 count = receive_buf(port, head, count);
513 if (!count)
514 break;
515 head->read += count;
516
517 if (need_resched())
518 cond_resched();
519 }
520
521 mutex_unlock(&buf->lock);
522
523 }
524
tty_flip_buffer_commit(struct tty_buffer * tail)525 static inline void tty_flip_buffer_commit(struct tty_buffer *tail)
526 {
527 /*
528 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees
529 * buffer data.
530 */
531 smp_store_release(&tail->commit, tail->used);
532 }
533
534 /**
535 * tty_flip_buffer_push - terminal
536 * @port: tty port to push
537 *
538 * Queue a push of the terminal flip buffers to the line discipline.
539 * Can be called from IRQ/atomic context.
540 *
541 * In the event of the queue being busy for flipping the work will be
542 * held off and retried later.
543 */
544
tty_flip_buffer_push(struct tty_port * port)545 void tty_flip_buffer_push(struct tty_port *port)
546 {
547 struct tty_bufhead *buf = &port->buf;
548
549 tty_flip_buffer_commit(buf->tail);
550 queue_work(system_unbound_wq, &buf->work);
551 }
552 EXPORT_SYMBOL(tty_flip_buffer_push);
553
554 /**
555 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and
556 * push
557 * @port: tty port
558 * @chars: characters
559 * @size: size
560 *
561 * The function combines tty_insert_flip_string() and tty_flip_buffer_push()
562 * with the exception of properly holding the @port->lock.
563 *
564 * To be used only internally (by pty currently).
565 *
566 * Returns: the number added.
567 */
tty_insert_flip_string_and_push_buffer(struct tty_port * port,const unsigned char * chars,size_t size)568 int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
569 const unsigned char *chars, size_t size)
570 {
571 struct tty_bufhead *buf = &port->buf;
572 unsigned long flags;
573
574 spin_lock_irqsave(&port->lock, flags);
575 size = tty_insert_flip_string(port, chars, size);
576 if (size)
577 tty_flip_buffer_commit(buf->tail);
578 spin_unlock_irqrestore(&port->lock, flags);
579
580 queue_work(system_unbound_wq, &buf->work);
581
582 return size;
583 }
584
585 /**
586 * tty_buffer_init - prepare a tty buffer structure
587 * @port: tty port to initialise
588 *
589 * Set up the initial state of the buffer management for a tty device.
590 * Must be called before the other tty buffer functions are used.
591 */
592
tty_buffer_init(struct tty_port * port)593 void tty_buffer_init(struct tty_port *port)
594 {
595 struct tty_bufhead *buf = &port->buf;
596
597 mutex_init(&buf->lock);
598 tty_buffer_reset(&buf->sentinel, 0);
599 buf->head = &buf->sentinel;
600 buf->tail = &buf->sentinel;
601 init_llist_head(&buf->free);
602 atomic_set(&buf->mem_used, 0);
603 atomic_set(&buf->priority, 0);
604 INIT_WORK(&buf->work, flush_to_ldisc);
605 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
606 }
607
608 /**
609 * tty_buffer_set_limit - change the tty buffer memory limit
610 * @port: tty port to change
611 *
612 * Change the tty buffer memory limit.
613 * Must be called before the other tty buffer functions are used.
614 */
615
tty_buffer_set_limit(struct tty_port * port,int limit)616 int tty_buffer_set_limit(struct tty_port *port, int limit)
617 {
618 if (limit < MIN_TTYB_SIZE)
619 return -EINVAL;
620 port->buf.mem_limit = limit;
621 return 0;
622 }
623 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
624
625 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)626 void tty_buffer_set_lock_subclass(struct tty_port *port)
627 {
628 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
629 }
630
tty_buffer_restart_work(struct tty_port * port)631 bool tty_buffer_restart_work(struct tty_port *port)
632 {
633 return queue_work(system_unbound_wq, &port->buf.work);
634 }
635
tty_buffer_cancel_work(struct tty_port * port)636 bool tty_buffer_cancel_work(struct tty_port *port)
637 {
638 return cancel_work_sync(&port->buf.work);
639 }
640
tty_buffer_flush_work(struct tty_port * port)641 void tty_buffer_flush_work(struct tty_port *port)
642 {
643 flush_work(&port->buf.work);
644 }
645