• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Tty buffer allocation management
3  */
4 
5 #include <linux/types.h>
6 #include <linux/errno.h>
7 #include <linux/tty.h>
8 #include <linux/tty_driver.h>
9 #include <linux/tty_flip.h>
10 #include <linux/timer.h>
11 #include <linux/string.h>
12 #include <linux/slab.h>
13 #include <linux/sched.h>
14 #include <linux/wait.h>
15 #include <linux/bitops.h>
16 #include <linux/delay.h>
17 #include <linux/module.h>
18 #include <linux/ratelimit.h>
19 
20 
21 #define MIN_TTYB_SIZE	256
22 #define TTYB_ALIGN_MASK	255
23 
24 /*
25  * Byte threshold to limit memory consumption for flip buffers.
26  * The actual memory limit is > 2x this amount.
27  */
28 #define TTYB_DEFAULT_MEM_LIMIT	65536
29 
30 /*
31  * We default to dicing tty buffer allocations to this many characters
32  * in order to avoid multiple page allocations. We know the size of
33  * tty_buffer itself but it must also be taken into account that the
34  * the buffer is 256 byte aligned. See tty_buffer_find for the allocation
35  * logic this must match
36  */
37 
38 #define TTY_BUFFER_PAGE	(((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
39 
40 /**
41  *	tty_buffer_lock_exclusive	-	gain exclusive access to buffer
42  *	tty_buffer_unlock_exclusive	-	release exclusive access
43  *
44  *	@port - tty_port owning the flip buffer
45  *
46  *	Guarantees safe use of the line discipline's receive_buf() method by
47  *	excluding the buffer work and any pending flush from using the flip
48  *	buffer. Data can continue to be added concurrently to the flip buffer
49  *	from the driver side.
50  *
51  *	On release, the buffer work is restarted if there is data in the
52  *	flip buffer
53  */
54 
tty_buffer_lock_exclusive(struct tty_port * port)55 void tty_buffer_lock_exclusive(struct tty_port *port)
56 {
57 	struct tty_bufhead *buf = &port->buf;
58 
59 	atomic_inc(&buf->priority);
60 	mutex_lock(&buf->lock);
61 }
62 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
63 
tty_buffer_unlock_exclusive(struct tty_port * port)64 void tty_buffer_unlock_exclusive(struct tty_port *port)
65 {
66 	struct tty_bufhead *buf = &port->buf;
67 	int restart;
68 
69 	restart = buf->head->commit != buf->head->read;
70 
71 	atomic_dec(&buf->priority);
72 	mutex_unlock(&buf->lock);
73 	if (restart)
74 		queue_work(system_unbound_wq, &buf->work);
75 }
76 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
77 
78 /**
79  *	tty_buffer_space_avail	-	return unused buffer space
80  *	@port - tty_port owning the flip buffer
81  *
82  *	Returns the # of bytes which can be written by the driver without
83  *	reaching the buffer limit.
84  *
85  *	Note: this does not guarantee that memory is available to write
86  *	the returned # of bytes (use tty_prepare_flip_string_xxx() to
87  *	pre-allocate if memory guarantee is required).
88  */
89 
tty_buffer_space_avail(struct tty_port * port)90 int tty_buffer_space_avail(struct tty_port *port)
91 {
92 	int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
93 	return max(space, 0);
94 }
95 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
96 
tty_buffer_reset(struct tty_buffer * p,size_t size)97 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
98 {
99 	p->used = 0;
100 	p->size = size;
101 	p->next = NULL;
102 	p->commit = 0;
103 	p->read = 0;
104 	p->flags = 0;
105 }
106 
107 /**
108  *	tty_buffer_free_all		-	free buffers used by a tty
109  *	@tty: tty to free from
110  *
111  *	Remove all the buffers pending on a tty whether queued with data
112  *	or in the free ring. Must be called when the tty is no longer in use
113  */
114 
tty_buffer_free_all(struct tty_port * port)115 void tty_buffer_free_all(struct tty_port *port)
116 {
117 	struct tty_bufhead *buf = &port->buf;
118 	struct tty_buffer *p, *next;
119 	struct llist_node *llist;
120 
121 	while ((p = buf->head) != NULL) {
122 		buf->head = p->next;
123 		if (p->size > 0)
124 			kfree(p);
125 	}
126 	llist = llist_del_all(&buf->free);
127 	llist_for_each_entry_safe(p, next, llist, free)
128 		kfree(p);
129 
130 	tty_buffer_reset(&buf->sentinel, 0);
131 	buf->head = &buf->sentinel;
132 	buf->tail = &buf->sentinel;
133 
134 	atomic_set(&buf->mem_used, 0);
135 }
136 
137 /**
138  *	tty_buffer_alloc	-	allocate a tty buffer
139  *	@tty: tty device
140  *	@size: desired size (characters)
141  *
142  *	Allocate a new tty buffer to hold the desired number of characters.
143  *	We round our buffers off in 256 character chunks to get better
144  *	allocation behaviour.
145  *	Return NULL if out of memory or the allocation would exceed the
146  *	per device queue
147  */
148 
tty_buffer_alloc(struct tty_port * port,size_t size)149 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
150 {
151 	struct llist_node *free;
152 	struct tty_buffer *p;
153 
154 	/* Round the buffer size out */
155 	size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
156 
157 	if (size <= MIN_TTYB_SIZE) {
158 		free = llist_del_first(&port->buf.free);
159 		if (free) {
160 			p = llist_entry(free, struct tty_buffer, free);
161 			goto found;
162 		}
163 	}
164 
165 	/* Should possibly check if this fails for the largest buffer we
166 	   have queued and recycle that ? */
167 	if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
168 		return NULL;
169 	p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
170 	if (p == NULL)
171 		return NULL;
172 
173 found:
174 	tty_buffer_reset(p, size);
175 	atomic_add(size, &port->buf.mem_used);
176 	return p;
177 }
178 
179 /**
180  *	tty_buffer_free		-	free a tty buffer
181  *	@tty: tty owning the buffer
182  *	@b: the buffer to free
183  *
184  *	Free a tty buffer, or add it to the free list according to our
185  *	internal strategy
186  */
187 
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)188 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
189 {
190 	struct tty_bufhead *buf = &port->buf;
191 
192 	/* Dumb strategy for now - should keep some stats */
193 	WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
194 
195 	if (b->size > MIN_TTYB_SIZE)
196 		kfree(b);
197 	else if (b->size > 0)
198 		llist_add(&b->free, &buf->free);
199 }
200 
201 /**
202  *	tty_buffer_flush		-	flush full tty buffers
203  *	@tty: tty to flush
204  *	@ld:  optional ldisc ptr (must be referenced)
205  *
206  *	flush all the buffers containing receive data. If ld != NULL,
207  *	flush the ldisc input buffer.
208  *
209  *	Locking: takes buffer lock to ensure single-threaded flip buffer
210  *		 'consumer'
211  */
212 
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)213 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
214 {
215 	struct tty_port *port = tty->port;
216 	struct tty_bufhead *buf = &port->buf;
217 	struct tty_buffer *next;
218 
219 	atomic_inc(&buf->priority);
220 
221 	mutex_lock(&buf->lock);
222 	/* paired w/ release in __tty_buffer_request_room; ensures there are
223 	 * no pending memory accesses to the freed buffer
224 	 */
225 	while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
226 		tty_buffer_free(port, buf->head);
227 		buf->head = next;
228 	}
229 	buf->head->read = buf->head->commit;
230 
231 	if (ld && ld->ops->flush_buffer)
232 		ld->ops->flush_buffer(tty);
233 
234 	atomic_dec(&buf->priority);
235 	mutex_unlock(&buf->lock);
236 }
237 
238 /**
239  *	tty_buffer_request_room		-	grow tty buffer if needed
240  *	@tty: tty structure
241  *	@size: size desired
242  *	@flags: buffer flags if new buffer allocated (default = 0)
243  *
244  *	Make at least size bytes of linear space available for the tty
245  *	buffer. If we fail return the size we managed to find.
246  *
247  *	Will change over to a new buffer if the current buffer is encoded as
248  *	TTY_NORMAL (so has no flags buffer) and the new buffer requires
249  *	a flags buffer.
250  */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)251 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
252 				     int flags)
253 {
254 	struct tty_bufhead *buf = &port->buf;
255 	struct tty_buffer *b, *n;
256 	int left, change;
257 
258 	b = buf->tail;
259 	if (b->flags & TTYB_NORMAL)
260 		left = 2 * b->size - b->used;
261 	else
262 		left = b->size - b->used;
263 
264 	change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
265 	if (change || left < size) {
266 		/* This is the slow path - looking for new buffers to use */
267 		n = tty_buffer_alloc(port, size);
268 		if (n != NULL) {
269 			n->flags = flags;
270 			buf->tail = n;
271 			/* paired w/ acquire in flush_to_ldisc(); ensures
272 			 * flush_to_ldisc() sees buffer data.
273 			 */
274 			smp_store_release(&b->commit, b->used);
275 			/* paired w/ acquire in flush_to_ldisc(); ensures the
276 			 * latest commit value can be read before the head is
277 			 * advanced to the next buffer
278 			 */
279 			smp_store_release(&b->next, n);
280 		} else if (change)
281 			size = 0;
282 		else
283 			size = left;
284 	}
285 	return size;
286 }
287 
tty_buffer_request_room(struct tty_port * port,size_t size)288 int tty_buffer_request_room(struct tty_port *port, size_t size)
289 {
290 	return __tty_buffer_request_room(port, size, 0);
291 }
292 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
293 
294 /**
295  *	tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
296  *	@port: tty port
297  *	@chars: characters
298  *	@flag: flag value for each character
299  *	@size: size
300  *
301  *	Queue a series of bytes to the tty buffering. All the characters
302  *	passed are marked with the supplied flag. Returns the number added.
303  */
304 
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)305 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
306 		const unsigned char *chars, char flag, size_t size)
307 {
308 	int copied = 0;
309 	do {
310 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
311 		int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
312 		int space = __tty_buffer_request_room(port, goal, flags);
313 		struct tty_buffer *tb = port->buf.tail;
314 		if (unlikely(space == 0))
315 			break;
316 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
317 		if (~tb->flags & TTYB_NORMAL)
318 			memset(flag_buf_ptr(tb, tb->used), flag, space);
319 		tb->used += space;
320 		copied += space;
321 		chars += space;
322 		/* There is a small chance that we need to split the data over
323 		   several buffers. If this is the case we must loop */
324 	} while (unlikely(size > copied));
325 	return copied;
326 }
327 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
328 
329 /**
330  *	tty_insert_flip_string_flags	-	Add characters to the tty buffer
331  *	@port: tty port
332  *	@chars: characters
333  *	@flags: flag bytes
334  *	@size: size
335  *
336  *	Queue a series of bytes to the tty buffering. For each character
337  *	the flags array indicates the status of the character. Returns the
338  *	number added.
339  */
340 
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)341 int tty_insert_flip_string_flags(struct tty_port *port,
342 		const unsigned char *chars, const char *flags, size_t size)
343 {
344 	int copied = 0;
345 	do {
346 		int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
347 		int space = tty_buffer_request_room(port, goal);
348 		struct tty_buffer *tb = port->buf.tail;
349 		if (unlikely(space == 0))
350 			break;
351 		memcpy(char_buf_ptr(tb, tb->used), chars, space);
352 		memcpy(flag_buf_ptr(tb, tb->used), flags, space);
353 		tb->used += space;
354 		copied += space;
355 		chars += space;
356 		flags += space;
357 		/* There is a small chance that we need to split the data over
358 		   several buffers. If this is the case we must loop */
359 	} while (unlikely(size > copied));
360 	return copied;
361 }
362 EXPORT_SYMBOL(tty_insert_flip_string_flags);
363 
364 /**
365  *	__tty_insert_flip_char   -	Add one character to the tty buffer
366  *	@port: tty port
367  *	@ch: character
368  *	@flag: flag byte
369  *
370  *	Queue a single byte to the tty buffering, with an optional flag.
371  *	This is the slow path of tty_insert_flip_char.
372  */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)373 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
374 {
375 	struct tty_buffer *tb;
376 	int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
377 
378 	if (!__tty_buffer_request_room(port, 1, flags))
379 		return 0;
380 
381 	tb = port->buf.tail;
382 	if (~tb->flags & TTYB_NORMAL)
383 		*flag_buf_ptr(tb, tb->used) = flag;
384 	*char_buf_ptr(tb, tb->used++) = ch;
385 
386 	return 1;
387 }
388 EXPORT_SYMBOL(__tty_insert_flip_char);
389 
390 /**
391  *	tty_schedule_flip	-	push characters to ldisc
392  *	@port: tty port to push from
393  *
394  *	Takes any pending buffers and transfers their ownership to the
395  *	ldisc side of the queue. It then schedules those characters for
396  *	processing by the line discipline.
397  */
398 
tty_schedule_flip(struct tty_port * port)399 void tty_schedule_flip(struct tty_port *port)
400 {
401 	struct tty_bufhead *buf = &port->buf;
402 
403 	/* paired w/ acquire in flush_to_ldisc(); ensures
404 	 * flush_to_ldisc() sees buffer data.
405 	 */
406 	smp_store_release(&buf->tail->commit, buf->tail->used);
407 	queue_work(system_unbound_wq, &buf->work);
408 }
409 EXPORT_SYMBOL(tty_schedule_flip);
410 
411 /**
412  *	tty_prepare_flip_string		-	make room for characters
413  *	@port: tty port
414  *	@chars: return pointer for character write area
415  *	@size: desired size
416  *
417  *	Prepare a block of space in the buffer for data. Returns the length
418  *	available and buffer pointer to the space which is now allocated and
419  *	accounted for as ready for normal characters. This is used for drivers
420  *	that need their own block copy routines into the buffer. There is no
421  *	guarantee the buffer is a DMA target!
422  */
423 
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)424 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
425 		size_t size)
426 {
427 	int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
428 	if (likely(space)) {
429 		struct tty_buffer *tb = port->buf.tail;
430 		*chars = char_buf_ptr(tb, tb->used);
431 		if (~tb->flags & TTYB_NORMAL)
432 			memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
433 		tb->used += space;
434 	}
435 	return space;
436 }
437 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
438 
439 /**
440  *	tty_ldisc_receive_buf		-	forward data to line discipline
441  *	@ld:	line discipline to process input
442  *	@p:	char buffer
443  *	@f:	TTY_* flags buffer
444  *	@count:	number of bytes to process
445  *
446  *	Callers other than flush_to_ldisc() need to exclude the kworker
447  *	from concurrent use of the line discipline, see paste_selection().
448  *
449  *	Returns the number of bytes processed
450  */
tty_ldisc_receive_buf(struct tty_ldisc * ld,unsigned char * p,char * f,int count)451 int tty_ldisc_receive_buf(struct tty_ldisc *ld, unsigned char *p,
452 			  char *f, int count)
453 {
454 	if (ld->ops->receive_buf2)
455 		count = ld->ops->receive_buf2(ld->tty, p, f, count);
456 	else {
457 		count = min_t(int, count, ld->tty->receive_room);
458 		if (count && ld->ops->receive_buf)
459 			ld->ops->receive_buf(ld->tty, p, f, count);
460 	}
461 	return count;
462 }
463 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
464 
465 static int
receive_buf(struct tty_ldisc * ld,struct tty_buffer * head,int count)466 receive_buf(struct tty_ldisc *ld, struct tty_buffer *head, int count)
467 {
468 	unsigned char *p = char_buf_ptr(head, head->read);
469 	char	      *f = NULL;
470 
471 	if (~head->flags & TTYB_NORMAL)
472 		f = flag_buf_ptr(head, head->read);
473 
474 	return tty_ldisc_receive_buf(ld, p, f, count);
475 }
476 
477 /**
478  *	flush_to_ldisc
479  *	@work: tty structure passed from work queue.
480  *
481  *	This routine is called out of the software interrupt to flush data
482  *	from the buffer chain to the line discipline.
483  *
484  *	The receive_buf method is single threaded for each tty instance.
485  *
486  *	Locking: takes buffer lock to ensure single-threaded flip buffer
487  *		 'consumer'
488  */
489 
flush_to_ldisc(struct work_struct * work)490 static void flush_to_ldisc(struct work_struct *work)
491 {
492 	struct tty_port *port = container_of(work, struct tty_port, buf.work);
493 	struct tty_bufhead *buf = &port->buf;
494 	struct tty_struct *tty;
495 	struct tty_ldisc *disc;
496 
497 	tty = READ_ONCE(port->itty);
498 	if (tty == NULL)
499 		return;
500 
501 	disc = tty_ldisc_ref(tty);
502 	if (disc == NULL)
503 		return;
504 
505 	mutex_lock(&buf->lock);
506 
507 	while (1) {
508 		struct tty_buffer *head = buf->head;
509 		struct tty_buffer *next;
510 		int count;
511 
512 		/* Ldisc or user is trying to gain exclusive access */
513 		if (atomic_read(&buf->priority))
514 			break;
515 
516 		/* paired w/ release in __tty_buffer_request_room();
517 		 * ensures commit value read is not stale if the head
518 		 * is advancing to the next buffer
519 		 */
520 		next = smp_load_acquire(&head->next);
521 		/* paired w/ release in __tty_buffer_request_room() or in
522 		 * tty_buffer_flush(); ensures we see the committed buffer data
523 		 */
524 		count = smp_load_acquire(&head->commit) - head->read;
525 		if (!count) {
526 			if (next == NULL)
527 				break;
528 			buf->head = next;
529 			tty_buffer_free(port, head);
530 			continue;
531 		}
532 
533 		count = receive_buf(disc, head, count);
534 		if (!count)
535 			break;
536 		head->read += count;
537 	}
538 
539 	mutex_unlock(&buf->lock);
540 
541 	tty_ldisc_deref(disc);
542 }
543 
544 /**
545  *	tty_flip_buffer_push	-	terminal
546  *	@port: tty port to push
547  *
548  *	Queue a push of the terminal flip buffers to the line discipline.
549  *	Can be called from IRQ/atomic context.
550  *
551  *	In the event of the queue being busy for flipping the work will be
552  *	held off and retried later.
553  */
554 
tty_flip_buffer_push(struct tty_port * port)555 void tty_flip_buffer_push(struct tty_port *port)
556 {
557 	tty_schedule_flip(port);
558 }
559 EXPORT_SYMBOL(tty_flip_buffer_push);
560 
561 /**
562  *	tty_buffer_init		-	prepare a tty buffer structure
563  *	@tty: tty to initialise
564  *
565  *	Set up the initial state of the buffer management for a tty device.
566  *	Must be called before the other tty buffer functions are used.
567  */
568 
tty_buffer_init(struct tty_port * port)569 void tty_buffer_init(struct tty_port *port)
570 {
571 	struct tty_bufhead *buf = &port->buf;
572 
573 	mutex_init(&buf->lock);
574 	tty_buffer_reset(&buf->sentinel, 0);
575 	buf->head = &buf->sentinel;
576 	buf->tail = &buf->sentinel;
577 	init_llist_head(&buf->free);
578 	atomic_set(&buf->mem_used, 0);
579 	atomic_set(&buf->priority, 0);
580 	INIT_WORK(&buf->work, flush_to_ldisc);
581 	buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
582 }
583 
584 /**
585  *	tty_buffer_set_limit	-	change the tty buffer memory limit
586  *	@port: tty port to change
587  *
588  *	Change the tty buffer memory limit.
589  *	Must be called before the other tty buffer functions are used.
590  */
591 
tty_buffer_set_limit(struct tty_port * port,int limit)592 int tty_buffer_set_limit(struct tty_port *port, int limit)
593 {
594 	if (limit < MIN_TTYB_SIZE)
595 		return -EINVAL;
596 	port->buf.mem_limit = limit;
597 	return 0;
598 }
599 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
600 
601 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)602 void tty_buffer_set_lock_subclass(struct tty_port *port)
603 {
604 	lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
605 }
606 
tty_buffer_restart_work(struct tty_port * port)607 bool tty_buffer_restart_work(struct tty_port *port)
608 {
609 	return queue_work(system_unbound_wq, &port->buf.work);
610 }
611 
tty_buffer_cancel_work(struct tty_port * port)612 bool tty_buffer_cancel_work(struct tty_port *port)
613 {
614 	return cancel_work_sync(&port->buf.work);
615 }
616 
tty_buffer_flush_work(struct tty_port * port)617 void tty_buffer_flush_work(struct tty_port *port)
618 {
619 	flush_work(&port->buf.work);
620 }
621