• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Tty buffer allocation management
4  */
5 
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20 
21 
22 #define MIN_TTYB_SIZE	256
23 #define TTYB_ALIGN_MASK	255
24 
25 /*
26  * Byte threshold to limit memory consumption for flip buffers.
27  * The actual memory limit is > 2x this amount.
28  */
29 #define TTYB_DEFAULT_MEM_LIMIT	(640 * 1024UL)
30 
31 /*
32  * We default to dicing tty buffer allocations to this many characters
33  * in order to avoid multiple page allocations. We know the size of
34  * tty_buffer itself but it must also be taken into account that the
35  * the buffer is 256 byte aligned. See tty_buffer_find for the allocation
36  * logic this must match
37  */
38 
39 #define TTY_BUFFER_PAGE	(((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40 
41 /**
42  *	tty_buffer_lock_exclusive	-	gain exclusive access to buffer
43  *	tty_buffer_unlock_exclusive	-	release exclusive access
44  *
45  *	@port: tty port owning the flip buffer
46  *
47  *	Guarantees safe use of the line discipline's receive_buf() method by
48  *	excluding the buffer work and any pending flush from using the flip
49  *	buffer. Data can continue to be added concurrently to the flip buffer
50  *	from the driver side.
51  *
52  *	On release, the buffer work is restarted if there is data in the
53  *	flip buffer
54  */
55 
tty_buffer_lock_exclusive(struct tty_port * port)56 void tty_buffer_lock_exclusive(struct tty_port *port)
57 {
58 	struct tty_bufhead *buf = &port->buf;
59 
60 	atomic_inc(&buf->priority);
61 	mutex_lock(&buf->lock);
62 }
63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
64 
tty_buffer_unlock_exclusive(struct tty_port * port)65 void tty_buffer_unlock_exclusive(struct tty_port *port)
66 {
67 	struct tty_bufhead *buf = &port->buf;
68 	int restart;
69 
70 	restart = buf->head->commit != buf->head->read;
71 
72 	atomic_dec(&buf->priority);
73 	mutex_unlock(&buf->lock);
74 	if (restart)
75 		queue_work(system_unbound_wq, &buf->work);
76 }
77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
78 
79 /**
80  *	tty_buffer_space_avail	-	return unused buffer space
81  *	@port: tty port owning the flip buffer
82  *
83  *	Returns the # of bytes which can be written by the driver without
84  *	reaching the buffer limit.
85  *
86  *	Note: this does not guarantee that memory is available to write
87  *	the returned # of bytes (use tty_prepare_flip_string_xxx() to
88  *	pre-allocate if memory guarantee is required).
89  */
90 
tty_buffer_space_avail(struct tty_port * port)91 int tty_buffer_space_avail(struct tty_port *port)
92 {
93 	int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
94 	return max(space, 0);
95 }
96 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
97 
tty_buffer_reset(struct tty_buffer * p,size_t size)98 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
99 {
100 	p->used = 0;
101 	p->size = size;
102 	p->next = NULL;
103 	p->commit = 0;
104 	p->read = 0;
105 	p->flags = 0;
106 }
107 
108 /**
109  *	tty_buffer_free_all		-	free buffers used by a tty
110  *	@port: tty port to free from
111  *
112  *	Remove all the buffers pending on a tty whether queued with data
113  *	or in the free ring. Must be called when the tty is no longer in use
114  */
115 
tty_buffer_free_all(struct tty_port * port)116 void tty_buffer_free_all(struct tty_port *port)
117 {
118 	struct tty_bufhead *buf = &port->buf;
119 	struct tty_buffer *p, *next;
120 	struct llist_node *llist;
121 	unsigned int freed = 0;
122 	int still_used;
123 
124 	while ((p = buf->head) != NULL) {
125 		buf->head = p->next;
126 		freed += p->size;
127 		if (p->size > 0)
128 			kfree(p);
129 	}
130 	llist = llist_del_all(&buf->free);
131 	llist_for_each_entry_safe(p, next, llist, free)
132 		kfree(p);
133 
134 	tty_buffer_reset(&buf->sentinel, 0);
135 	buf->head = &buf->sentinel;
136 	buf->tail = &buf->sentinel;
137 
138 	still_used = atomic_xchg(&buf->mem_used, 0);
139 	WARN(still_used != freed, "we still have not freed %d bytes!",
140 			still_used - freed);
141 }
142 
143 /**
144  *	tty_buffer_alloc	-	allocate a tty buffer
145  *	@port: tty port
146  *	@size: desired size (characters)
147  *
148  *	Allocate a new tty buffer to hold the desired number of characters.
149  *	We round our buffers off in 256 character chunks to get better
150  *	allocation behaviour.
151  *	Return NULL if out of memory or the allocation would exceed the
152  *	per device queue
153  */
154 
tty_buffer_alloc(struct tty_port * port,size_t size)155 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
156 {
157 	struct llist_node *free;
158 	struct tty_buffer *p;
159 
160 	/* Round the buffer size out */
161 	size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
162 
163 	if (size <= MIN_TTYB_SIZE) {
164 		free = llist_del_first(&port->buf.free);
165 		if (free) {
166 			p = llist_entry(free, struct tty_buffer, free);
167 			goto found;
168 		}
169 	}
170 
171 	/* Should possibly check if this fails for the largest buffer we
172 	   have queued and recycle that ? */
173 	if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
174 		return NULL;
175 	p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
176 		    GFP_ATOMIC | __GFP_NOWARN);
177 	if (p == NULL)
178 		return NULL;
179 
180 found:
181 	tty_buffer_reset(p, size);
182 	atomic_add(size, &port->buf.mem_used);
183 	return p;
184 }
185 
186 /**
187  *	tty_buffer_free		-	free a tty buffer
188  *	@port: tty port owning the buffer
189  *	@b: the buffer to free
190  *
191  *	Free a tty buffer, or add it to the free list according to our
192  *	internal strategy
193  */
194 
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)195 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
196 {
197 	struct tty_bufhead *buf = &port->buf;
198 
199 	/* Dumb strategy for now - should keep some stats */
200 	WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
201 
202 	if (b->size > MIN_TTYB_SIZE)
203 		kfree(b);
204 	else if (b->size > 0)
205 		llist_add(&b->free, &buf->free);
206 }
207 
208 /**
209  *	tty_buffer_flush		-	flush full tty buffers
210  *	@tty: tty to flush
211  *	@ld:  optional ldisc ptr (must be referenced)
212  *
213  *	flush all the buffers containing receive data. If ld != NULL,
214  *	flush the ldisc input buffer.
215  *
216  *	Locking: takes buffer lock to ensure single-threaded flip buffer
217  *		 'consumer'
218  */
219 
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)220 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
221 {
222 	struct tty_port *port = tty->port;
223 	struct tty_bufhead *buf = &port->buf;
224 	struct tty_buffer *next;
225 
226 	atomic_inc(&buf->priority);
227 
228 	mutex_lock(&buf->lock);
229 	/* paired w/ release in __tty_buffer_request_room; ensures there are
230 	 * no pending memory accesses to the freed buffer
231 	 */
232 	while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
233 		tty_buffer_free(port, buf->head);
234 		buf->head = next;
235 	}
236 	buf->head->read = buf->head->commit;
237 
238 	if (ld && ld->ops->flush_buffer)
239 		ld->ops->flush_buffer(tty);
240 
241 	atomic_dec(&buf->priority);
242 	mutex_unlock(&buf->lock);
243 }
244 
245 /**
246  *	tty_buffer_request_room		-	grow tty buffer if needed
247  *	@port: tty port
248  *	@size: size desired
249  *	@flags: buffer flags if new buffer allocated (default = 0)
250  *
251  *	Make at least size bytes of linear space available for the tty
252  *	buffer. If we fail return the size we managed to find.
253  *
254  *	Will change over to a new buffer if the current buffer is encoded as
255  *	TTY_NORMAL (so has no flags buffer) and the new buffer requires
256  *	a flags buffer.
257  */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)258 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
259 				     int flags)
260 {
261 	struct tty_bufhead *buf = &port->buf;
262 	struct tty_buffer *b, *n;
263 	int left, change;
264 
265 	b = buf->tail;
266 	if (b->flags & TTYB_NORMAL)
267 		left = 2 * b->size - b->used;
268 	else
269 		left = b->size - b->used;
270 
271 	change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
272 	if (change || left < size) {
273 		/* This is the slow path - looking for new buffers to use */
274 		n = tty_buffer_alloc(port, size);
275 		if (n != NULL) {
276 			n->flags = flags;
277 			buf->tail = n;
278 			/* paired w/ acquire in flush_to_ldisc(); ensures
279 			 * flush_to_ldisc() sees buffer data.
280 			 */
281 			smp_store_release(&b->commit, b->used);
282 			/* paired w/ acquire in flush_to_ldisc(); ensures the
283 			 * latest commit value can be read before the head is
284 			 * advanced to the next buffer
285 			 */
286 			smp_store_release(&b->next, n);
287 		} else if (change)
288 			size = 0;
289 		else
290 			size = left;
291 	}
292 	return size;
293 }
294 
tty_buffer_request_room(struct tty_port * port,size_t size)295 int tty_buffer_request_room(struct tty_port *port, size_t size)
296 {
297 	return __tty_buffer_request_room(port, size, 0);
298 }
299 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
300 
301 /**
302  *	tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
303  *	@port: tty port
304  *	@chars: characters
305  *	@flag: flag value for each character
306  *	@size: size
307  *
308  *	Queue a series of bytes to the tty buffering. All the characters
309  *	passed are marked with the supplied flag. Returns the number added.
310  */
311 
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)312 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
313 		const unsigned char *chars, char flag, size_t size)
314 {
315 	int copied = 0;
316 	do {
317 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
318 		int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
319 		int space = __tty_buffer_request_room(port, goal, flags);
320 		struct tty_buffer *tb = port->buf.tail;
321 		if (unlikely(space == 0))
322 			break;
323 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
324 		if (~tb->flags & TTYB_NORMAL)
325 			memset(flag_buf_ptr(tb, tb->used), flag, space);
326 		tb->used += space;
327 		copied += space;
328 		chars += space;
329 		/* There is a small chance that we need to split the data over
330 		   several buffers. If this is the case we must loop */
331 	} while (unlikely(size > copied));
332 	return copied;
333 }
334 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
335 
336 /**
337  *	tty_insert_flip_string_flags	-	Add characters to the tty buffer
338  *	@port: tty port
339  *	@chars: characters
340  *	@flags: flag bytes
341  *	@size: size
342  *
343  *	Queue a series of bytes to the tty buffering. For each character
344  *	the flags array indicates the status of the character. Returns the
345  *	number added.
346  */
347 
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)348 int tty_insert_flip_string_flags(struct tty_port *port,
349 		const unsigned char *chars, const char *flags, size_t size)
350 {
351 	int copied = 0;
352 	do {
353 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
354 		int space = tty_buffer_request_room(port, goal);
355 		struct tty_buffer *tb = port->buf.tail;
356 		if (unlikely(space == 0))
357 			break;
358 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
359 		memcpy(flag_buf_ptr(tb, tb->used), flags, space);
360 		tb->used += space;
361 		copied += space;
362 		chars += space;
363 		flags += space;
364 		/* There is a small chance that we need to split the data over
365 		   several buffers. If this is the case we must loop */
366 	} while (unlikely(size > copied));
367 	return copied;
368 }
369 EXPORT_SYMBOL(tty_insert_flip_string_flags);
370 
371 /**
372  *	__tty_insert_flip_char   -	Add one character to the tty buffer
373  *	@port: tty port
374  *	@ch: character
375  *	@flag: flag byte
376  *
377  *	Queue a single byte to the tty buffering, with an optional flag.
378  *	This is the slow path of tty_insert_flip_char.
379  */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)380 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
381 {
382 	struct tty_buffer *tb;
383 	int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
384 
385 	if (!__tty_buffer_request_room(port, 1, flags))
386 		return 0;
387 
388 	tb = port->buf.tail;
389 	if (~tb->flags & TTYB_NORMAL)
390 		*flag_buf_ptr(tb, tb->used) = flag;
391 	*char_buf_ptr(tb, tb->used++) = ch;
392 
393 	return 1;
394 }
395 EXPORT_SYMBOL(__tty_insert_flip_char);
396 
397 /**
398  *	tty_prepare_flip_string		-	make room for characters
399  *	@port: tty port
400  *	@chars: return pointer for character write area
401  *	@size: desired size
402  *
403  *	Prepare a block of space in the buffer for data. Returns the length
404  *	available and buffer pointer to the space which is now allocated and
405  *	accounted for as ready for normal characters. This is used for drivers
406  *	that need their own block copy routines into the buffer. There is no
407  *	guarantee the buffer is a DMA target!
408  */
409 
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)410 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
411 		size_t size)
412 {
413 	int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
414 	if (likely(space)) {
415 		struct tty_buffer *tb = port->buf.tail;
416 		*chars = char_buf_ptr(tb, tb->used);
417 		if (~tb->flags & TTYB_NORMAL)
418 			memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
419 		tb->used += space;
420 	}
421 	return space;
422 }
423 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
424 
425 /**
426  *	tty_ldisc_receive_buf		-	forward data to line discipline
427  *	@ld:	line discipline to process input
428  *	@p:	char buffer
429  *	@f:	TTY_* flags buffer
430  *	@count:	number of bytes to process
431  *
432  *	Callers other than flush_to_ldisc() need to exclude the kworker
433  *	from concurrent use of the line discipline, see paste_selection().
434  *
435  *	Returns the number of bytes processed
436  */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,char * f,int count)437 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
438 			  char *f, int count)
439 {
440 	if (ld->ops->receive_buf2)
441 		count = ld->ops->receive_buf2(ld->tty, p, f, count);
442 	else {
443 		count = min_t(int, count, ld->tty->receive_room);
444 		if (count && ld->ops->receive_buf)
445 			ld->ops->receive_buf(ld->tty, p, f, count);
446 	}
447 	return count;
448 }
449 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
450 
451 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)452 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
453 {
454 	unsigned char *p = char_buf_ptr(head, head->read);
455 	char	      *f = NULL;
456 	int n;
457 
458 	if (~head->flags & TTYB_NORMAL)
459 		f = flag_buf_ptr(head, head->read);
460 
461 	n = port->client_ops->receive_buf(port, p, f, count);
462 	if (n > 0)
463 		memset(p, 0, n);
464 	return n;
465 }
466 
467 /**
468  *	flush_to_ldisc
469  *	@work: tty structure passed from work queue.
470  *
471  *	This routine is called out of the software interrupt to flush data
472  *	from the buffer chain to the line discipline.
473  *
474  *	The receive_buf method is single threaded for each tty instance.
475  *
476  *	Locking: takes buffer lock to ensure single-threaded flip buffer
477  *		 'consumer'
478  */
479 
flush_to_ldisc(struct work_struct * work)480 static void flush_to_ldisc(struct work_struct *work)
481 {
482 	struct tty_port *port = container_of(work, struct tty_port, buf.work);
483 	struct tty_bufhead *buf = &port->buf;
484 
485 	mutex_lock(&buf->lock);
486 
487 	while (1) {
488 		struct tty_buffer *head = buf->head;
489 		struct tty_buffer *next;
490 		int count;
491 
492 		/* Ldisc or user is trying to gain exclusive access */
493 		if (atomic_read(&buf->priority))
494 			break;
495 
496 		/* paired w/ release in __tty_buffer_request_room();
497 		 * ensures commit value read is not stale if the head
498 		 * is advancing to the next buffer
499 		 */
500 		next = smp_load_acquire(&head->next);
501 		/* paired w/ release in __tty_buffer_request_room() or in
502 		 * tty_buffer_flush(); ensures we see the committed buffer data
503 		 */
504 		count = smp_load_acquire(&head->commit) - head->read;
505 		if (!count) {
506 			if (next == NULL)
507 				break;
508 			buf->head = next;
509 			tty_buffer_free(port, head);
510 			continue;
511 		}
512 
513 		count = receive_buf(port, head, count);
514 		if (!count)
515 			break;
516 		head->read += count;
517 
518 		if (need_resched())
519 			cond_resched();
520 	}
521 
522 	mutex_unlock(&buf->lock);
523 
524 }
525 
tty_flip_buffer_commit(struct tty_buffer * tail)526 static inline void tty_flip_buffer_commit(struct tty_buffer *tail)
527 {
528 	/*
529 	 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees
530 	 * buffer data.
531 	 */
532 	smp_store_release(&tail->commit, tail->used);
533 }
534 
535 /**
536  *	tty_flip_buffer_push	-	terminal
537  *	@port: tty port to push
538  *
539  *	Queue a push of the terminal flip buffers to the line discipline.
540  *	Can be called from IRQ/atomic context.
541  *
542  *	In the event of the queue being busy for flipping the work will be
543  *	held off and retried later.
544  */
545 
tty_flip_buffer_push(struct tty_port * port)546 void tty_flip_buffer_push(struct tty_port *port)
547 {
548 	struct tty_bufhead *buf = &port->buf;
549 
550 	tty_flip_buffer_commit(buf->tail);
551 	queue_work(system_unbound_wq, &buf->work);
552 }
553 EXPORT_SYMBOL(tty_flip_buffer_push);
554 
555 /**
556  * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and
557  *	push
558  * @port: tty port
559  * @chars: characters
560  * @size: size
561  *
562  * The function combines tty_insert_flip_string() and tty_flip_buffer_push()
563  * with the exception of properly holding the @port->lock.
564  *
565  * To be used only internally (by pty currently).
566  *
567  * Returns: the number added.
568  */
tty_insert_flip_string_and_push_buffer(struct tty_port * port,const unsigned char * chars,size_t size)569 int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
570 		const unsigned char *chars, size_t size)
571 {
572 	struct tty_bufhead *buf = &port->buf;
573 	unsigned long flags;
574 
575 	spin_lock_irqsave(&port->lock, flags);
576 	size = tty_insert_flip_string(port, chars, size);
577 	if (size)
578 		tty_flip_buffer_commit(buf->tail);
579 	spin_unlock_irqrestore(&port->lock, flags);
580 
581 	queue_work(system_unbound_wq, &buf->work);
582 
583 	return size;
584 }
585 
586 /**
587  *	tty_buffer_init		-	prepare a tty buffer structure
588  *	@port: tty port to initialise
589  *
590  *	Set up the initial state of the buffer management for a tty device.
591  *	Must be called before the other tty buffer functions are used.
592  */
593 
tty_buffer_init(struct tty_port * port)594 void tty_buffer_init(struct tty_port *port)
595 {
596 	struct tty_bufhead *buf = &port->buf;
597 
598 	mutex_init(&buf->lock);
599 	tty_buffer_reset(&buf->sentinel, 0);
600 	buf->head = &buf->sentinel;
601 	buf->tail = &buf->sentinel;
602 	init_llist_head(&buf->free);
603 	atomic_set(&buf->mem_used, 0);
604 	atomic_set(&buf->priority, 0);
605 	INIT_WORK(&buf->work, flush_to_ldisc);
606 	buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
607 }
608 
609 /**
610  *	tty_buffer_set_limit	-	change the tty buffer memory limit
611  *	@port: tty port to change
612  *
613  *	Change the tty buffer memory limit.
614  *	Must be called before the other tty buffer functions are used.
615  */
616 
tty_buffer_set_limit(struct tty_port * port,int limit)617 int tty_buffer_set_limit(struct tty_port *port, int limit)
618 {
619 	if (limit < MIN_TTYB_SIZE)
620 		return -EINVAL;
621 	port->buf.mem_limit = limit;
622 	return 0;
623 }
624 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
625 
626 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)627 void tty_buffer_set_lock_subclass(struct tty_port *port)
628 {
629 	lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
630 }
631 
tty_buffer_restart_work(struct tty_port * port)632 bool tty_buffer_restart_work(struct tty_port *port)
633 {
634 	return queue_work(system_unbound_wq, &port->buf.work);
635 }
636 
tty_buffer_cancel_work(struct tty_port * port)637 bool tty_buffer_cancel_work(struct tty_port *port)
638 {
639 	return cancel_work_sync(&port->buf.work);
640 }
641 
tty_buffer_flush_work(struct tty_port * port)642 void tty_buffer_flush_work(struct tty_port *port)
643 {
644 	flush_work(&port->buf.work);
645 }
646