1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Tty buffer allocation management
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20 #include "tty.h"
21
22 #define MIN_TTYB_SIZE 256
23 #define TTYB_ALIGN_MASK 255
24
25 /*
26 * Byte threshold to limit memory consumption for flip buffers.
27 * The actual memory limit is > 2x this amount.
28 */
29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL)
30
31 /*
32 * We default to dicing tty buffer allocations to this many characters
33 * in order to avoid multiple page allocations. We know the size of
34 * tty_buffer itself but it must also be taken into account that the
35 * buffer is 256 byte aligned. See tty_buffer_find for the allocation
36 * logic this must match.
37 */
38
39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40
41 /**
42 * tty_buffer_lock_exclusive - gain exclusive access to buffer
43 * tty_buffer_unlock_exclusive - release exclusive access
44 *
45 * @port: tty port owning the flip buffer
46 *
47 * Guarantees safe use of the line discipline's receive_buf() method by
48 * excluding the buffer work and any pending flush from using the flip
49 * buffer. Data can continue to be added concurrently to the flip buffer
50 * from the driver side.
51 *
52 * On release, the buffer work is restarted if there is data in the
53 * flip buffer
54 */
55
tty_buffer_lock_exclusive(struct tty_port * port)56 void tty_buffer_lock_exclusive(struct tty_port *port)
57 {
58 struct tty_bufhead *buf = &port->buf;
59
60 atomic_inc(&buf->priority);
61 mutex_lock(&buf->lock);
62 }
63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
64
tty_buffer_unlock_exclusive(struct tty_port * port)65 void tty_buffer_unlock_exclusive(struct tty_port *port)
66 {
67 struct tty_bufhead *buf = &port->buf;
68 int restart;
69
70 restart = buf->head->commit != buf->head->read;
71
72 atomic_dec(&buf->priority);
73 mutex_unlock(&buf->lock);
74 if (restart)
75 queue_work(system_unbound_wq, &buf->work);
76 }
77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
78
79 /**
80 * tty_buffer_space_avail - return unused buffer space
81 * @port: tty port owning the flip buffer
82 *
83 * Returns the # of bytes which can be written by the driver without
84 * reaching the buffer limit.
85 *
86 * Note: this does not guarantee that memory is available to write
87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to
88 * pre-allocate if memory guarantee is required).
89 */
90
tty_buffer_space_avail(struct tty_port * port)91 unsigned int tty_buffer_space_avail(struct tty_port *port)
92 {
93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
94
95 return max(space, 0);
96 }
97 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
98
tty_buffer_reset(struct tty_buffer * p,size_t size)99 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
100 {
101 p->used = 0;
102 p->size = size;
103 p->next = NULL;
104 p->commit = 0;
105 p->read = 0;
106 p->flags = 0;
107 }
108
109 /**
110 * tty_buffer_free_all - free buffers used by a tty
111 * @port: tty port to free from
112 *
113 * Remove all the buffers pending on a tty whether queued with data
114 * or in the free ring. Must be called when the tty is no longer in use
115 */
116
tty_buffer_free_all(struct tty_port * port)117 void tty_buffer_free_all(struct tty_port *port)
118 {
119 struct tty_bufhead *buf = &port->buf;
120 struct tty_buffer *p, *next;
121 struct llist_node *llist;
122 unsigned int freed = 0;
123 int still_used;
124
125 while ((p = buf->head) != NULL) {
126 buf->head = p->next;
127 freed += p->size;
128 if (p->size > 0)
129 kfree(p);
130 }
131 llist = llist_del_all(&buf->free);
132 llist_for_each_entry_safe(p, next, llist, free)
133 kfree(p);
134
135 tty_buffer_reset(&buf->sentinel, 0);
136 buf->head = &buf->sentinel;
137 buf->tail = &buf->sentinel;
138
139 still_used = atomic_xchg(&buf->mem_used, 0);
140 WARN(still_used != freed, "we still have not freed %d bytes!",
141 still_used - freed);
142 }
143
144 /**
145 * tty_buffer_alloc - allocate a tty buffer
146 * @port: tty port
147 * @size: desired size (characters)
148 *
149 * Allocate a new tty buffer to hold the desired number of characters.
150 * We round our buffers off in 256 character chunks to get better
151 * allocation behaviour.
152 * Return NULL if out of memory or the allocation would exceed the
153 * per device queue
154 */
155
tty_buffer_alloc(struct tty_port * port,size_t size)156 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
157 {
158 struct llist_node *free;
159 struct tty_buffer *p;
160
161 /* Round the buffer size out */
162 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
163
164 if (size <= MIN_TTYB_SIZE) {
165 free = llist_del_first(&port->buf.free);
166 if (free) {
167 p = llist_entry(free, struct tty_buffer, free);
168 goto found;
169 }
170 }
171
172 /* Should possibly check if this fails for the largest buffer we
173 * have queued and recycle that ?
174 */
175 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
176 return NULL;
177 p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
178 GFP_ATOMIC | __GFP_NOWARN);
179 if (p == NULL)
180 return NULL;
181
182 found:
183 tty_buffer_reset(p, size);
184 atomic_add(size, &port->buf.mem_used);
185 return p;
186 }
187
188 /**
189 * tty_buffer_free - free a tty buffer
190 * @port: tty port owning the buffer
191 * @b: the buffer to free
192 *
193 * Free a tty buffer, or add it to the free list according to our
194 * internal strategy
195 */
196
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)197 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
198 {
199 struct tty_bufhead *buf = &port->buf;
200
201 /* Dumb strategy for now - should keep some stats */
202 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
203
204 if (b->size > MIN_TTYB_SIZE)
205 kfree(b);
206 else if (b->size > 0)
207 llist_add(&b->free, &buf->free);
208 }
209
210 /**
211 * tty_buffer_flush - flush full tty buffers
212 * @tty: tty to flush
213 * @ld: optional ldisc ptr (must be referenced)
214 *
215 * flush all the buffers containing receive data. If ld != NULL,
216 * flush the ldisc input buffer.
217 *
218 * Locking: takes buffer lock to ensure single-threaded flip buffer
219 * 'consumer'
220 */
221
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)222 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
223 {
224 struct tty_port *port = tty->port;
225 struct tty_bufhead *buf = &port->buf;
226 struct tty_buffer *next;
227
228 atomic_inc(&buf->priority);
229
230 mutex_lock(&buf->lock);
231 /* paired w/ release in __tty_buffer_request_room; ensures there are
232 * no pending memory accesses to the freed buffer
233 */
234 while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
235 tty_buffer_free(port, buf->head);
236 buf->head = next;
237 }
238 buf->head->read = buf->head->commit;
239
240 if (ld && ld->ops->flush_buffer)
241 ld->ops->flush_buffer(tty);
242
243 atomic_dec(&buf->priority);
244 mutex_unlock(&buf->lock);
245 }
246
247 /**
248 * __tty_buffer_request_room - grow tty buffer if needed
249 * @port: tty port
250 * @size: size desired
251 * @flags: buffer flags if new buffer allocated (default = 0)
252 *
253 * Make at least size bytes of linear space available for the tty
254 * buffer. If we fail return the size we managed to find.
255 *
256 * Will change over to a new buffer if the current buffer is encoded as
257 * TTY_NORMAL (so has no flags buffer) and the new buffer requires
258 * a flags buffer.
259 */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)260 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
261 int flags)
262 {
263 struct tty_bufhead *buf = &port->buf;
264 struct tty_buffer *b, *n;
265 int left, change;
266
267 b = buf->tail;
268 if (b->flags & TTYB_NORMAL)
269 left = 2 * b->size - b->used;
270 else
271 left = b->size - b->used;
272
273 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
274 if (change || left < size) {
275 /* This is the slow path - looking for new buffers to use */
276 n = tty_buffer_alloc(port, size);
277 if (n != NULL) {
278 n->flags = flags;
279 buf->tail = n;
280 /* paired w/ acquire in flush_to_ldisc(); ensures
281 * flush_to_ldisc() sees buffer data.
282 */
283 smp_store_release(&b->commit, b->used);
284 /* paired w/ acquire in flush_to_ldisc(); ensures the
285 * latest commit value can be read before the head is
286 * advanced to the next buffer
287 */
288 smp_store_release(&b->next, n);
289 } else if (change)
290 size = 0;
291 else
292 size = left;
293 }
294 return size;
295 }
296
tty_buffer_request_room(struct tty_port * port,size_t size)297 int tty_buffer_request_room(struct tty_port *port, size_t size)
298 {
299 return __tty_buffer_request_room(port, size, 0);
300 }
301 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
302
303 /**
304 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
305 * @port: tty port
306 * @chars: characters
307 * @flag: flag value for each character
308 * @size: size
309 *
310 * Queue a series of bytes to the tty buffering. All the characters
311 * passed are marked with the supplied flag. Returns the number added.
312 */
313
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)314 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
315 const unsigned char *chars, char flag, size_t size)
316 {
317 int copied = 0;
318
319 do {
320 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
321 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
322 int space = __tty_buffer_request_room(port, goal, flags);
323 struct tty_buffer *tb = port->buf.tail;
324
325 if (unlikely(space == 0))
326 break;
327 memcpy(char_buf_ptr(tb, tb->used), chars, space);
328 if (~tb->flags & TTYB_NORMAL)
329 memset(flag_buf_ptr(tb, tb->used), flag, space);
330 tb->used += space;
331 copied += space;
332 chars += space;
333 /* There is a small chance that we need to split the data over
334 * several buffers. If this is the case we must loop.
335 */
336 } while (unlikely(size > copied));
337 return copied;
338 }
339 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
340
341 /**
342 * tty_insert_flip_string_flags - Add characters to the tty buffer
343 * @port: tty port
344 * @chars: characters
345 * @flags: flag bytes
346 * @size: size
347 *
348 * Queue a series of bytes to the tty buffering. For each character
349 * the flags array indicates the status of the character. Returns the
350 * number added.
351 */
352
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)353 int tty_insert_flip_string_flags(struct tty_port *port,
354 const unsigned char *chars, const char *flags, size_t size)
355 {
356 int copied = 0;
357
358 do {
359 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
360 int space = tty_buffer_request_room(port, goal);
361 struct tty_buffer *tb = port->buf.tail;
362
363 if (unlikely(space == 0))
364 break;
365 memcpy(char_buf_ptr(tb, tb->used), chars, space);
366 memcpy(flag_buf_ptr(tb, tb->used), flags, space);
367 tb->used += space;
368 copied += space;
369 chars += space;
370 flags += space;
371 /* There is a small chance that we need to split the data over
372 * several buffers. If this is the case we must loop.
373 */
374 } while (unlikely(size > copied));
375 return copied;
376 }
377 EXPORT_SYMBOL(tty_insert_flip_string_flags);
378
379 /**
380 * __tty_insert_flip_char - Add one character to the tty buffer
381 * @port: tty port
382 * @ch: character
383 * @flag: flag byte
384 *
385 * Queue a single byte to the tty buffering, with an optional flag.
386 * This is the slow path of tty_insert_flip_char.
387 */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)388 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
389 {
390 struct tty_buffer *tb;
391 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
392
393 if (!__tty_buffer_request_room(port, 1, flags))
394 return 0;
395
396 tb = port->buf.tail;
397 if (~tb->flags & TTYB_NORMAL)
398 *flag_buf_ptr(tb, tb->used) = flag;
399 *char_buf_ptr(tb, tb->used++) = ch;
400
401 return 1;
402 }
403 EXPORT_SYMBOL(__tty_insert_flip_char);
404
405 /**
406 * tty_prepare_flip_string - make room for characters
407 * @port: tty port
408 * @chars: return pointer for character write area
409 * @size: desired size
410 *
411 * Prepare a block of space in the buffer for data. Returns the length
412 * available and buffer pointer to the space which is now allocated and
413 * accounted for as ready for normal characters. This is used for drivers
414 * that need their own block copy routines into the buffer. There is no
415 * guarantee the buffer is a DMA target!
416 */
417
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)418 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
419 size_t size)
420 {
421 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
422
423 if (likely(space)) {
424 struct tty_buffer *tb = port->buf.tail;
425
426 *chars = char_buf_ptr(tb, tb->used);
427 if (~tb->flags & TTYB_NORMAL)
428 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
429 tb->used += space;
430 }
431 return space;
432 }
433 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
434
435 /**
436 * tty_ldisc_receive_buf - forward data to line discipline
437 * @ld: line discipline to process input
438 * @p: char buffer
439 * @f: TTY_* flags buffer
440 * @count: number of bytes to process
441 *
442 * Callers other than flush_to_ldisc() need to exclude the kworker
443 * from concurrent use of the line discipline, see paste_selection().
444 *
445 * Returns the number of bytes processed
446 */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,const char * f,int count)447 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
448 const char *f, int count)
449 {
450 if (ld->ops->receive_buf2)
451 count = ld->ops->receive_buf2(ld->tty, p, f, count);
452 else {
453 count = min_t(int, count, ld->tty->receive_room);
454 if (count && ld->ops->receive_buf)
455 ld->ops->receive_buf(ld->tty, p, f, count);
456 }
457 return count;
458 }
459 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
460
461 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)462 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
463 {
464 unsigned char *p = char_buf_ptr(head, head->read);
465 const char *f = NULL;
466 int n;
467
468 if (~head->flags & TTYB_NORMAL)
469 f = flag_buf_ptr(head, head->read);
470
471 n = port->client_ops->receive_buf(port, p, f, count);
472 if (n > 0)
473 memset(p, 0, n);
474 return n;
475 }
476
477 /**
478 * flush_to_ldisc
479 * @work: tty structure passed from work queue.
480 *
481 * This routine is called out of the software interrupt to flush data
482 * from the buffer chain to the line discipline.
483 *
484 * The receive_buf method is single threaded for each tty instance.
485 *
486 * Locking: takes buffer lock to ensure single-threaded flip buffer
487 * 'consumer'
488 */
489
flush_to_ldisc(struct work_struct * work)490 static void flush_to_ldisc(struct work_struct *work)
491 {
492 struct tty_port *port = container_of(work, struct tty_port, buf.work);
493 struct tty_bufhead *buf = &port->buf;
494
495 mutex_lock(&buf->lock);
496
497 while (1) {
498 struct tty_buffer *head = buf->head;
499 struct tty_buffer *next;
500 int count;
501
502 /* Ldisc or user is trying to gain exclusive access */
503 if (atomic_read(&buf->priority))
504 break;
505
506 /* paired w/ release in __tty_buffer_request_room();
507 * ensures commit value read is not stale if the head
508 * is advancing to the next buffer
509 */
510 next = smp_load_acquire(&head->next);
511 /* paired w/ release in __tty_buffer_request_room() or in
512 * tty_buffer_flush(); ensures we see the committed buffer data
513 */
514 count = smp_load_acquire(&head->commit) - head->read;
515 if (!count) {
516 if (next == NULL)
517 break;
518 buf->head = next;
519 tty_buffer_free(port, head);
520 continue;
521 }
522
523 count = receive_buf(port, head, count);
524 if (!count)
525 break;
526 head->read += count;
527
528 if (need_resched())
529 cond_resched();
530 }
531
532 mutex_unlock(&buf->lock);
533
534 }
535
tty_flip_buffer_commit(struct tty_buffer * tail)536 static inline void tty_flip_buffer_commit(struct tty_buffer *tail)
537 {
538 /*
539 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees
540 * buffer data.
541 */
542 smp_store_release(&tail->commit, tail->used);
543 }
544
545 /**
546 * tty_flip_buffer_push - terminal
547 * @port: tty port to push
548 *
549 * Queue a push of the terminal flip buffers to the line discipline.
550 * Can be called from IRQ/atomic context.
551 *
552 * In the event of the queue being busy for flipping the work will be
553 * held off and retried later.
554 */
555
tty_flip_buffer_push(struct tty_port * port)556 void tty_flip_buffer_push(struct tty_port *port)
557 {
558 struct tty_bufhead *buf = &port->buf;
559
560 tty_flip_buffer_commit(buf->tail);
561 queue_work(system_unbound_wq, &buf->work);
562 }
563 EXPORT_SYMBOL(tty_flip_buffer_push);
564
565 /**
566 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and
567 * push
568 * @port: tty port
569 * @chars: characters
570 * @size: size
571 *
572 * The function combines tty_insert_flip_string() and tty_flip_buffer_push()
573 * with the exception of properly holding the @port->lock.
574 *
575 * To be used only internally (by pty currently).
576 *
577 * Returns: the number added.
578 */
tty_insert_flip_string_and_push_buffer(struct tty_port * port,const unsigned char * chars,size_t size)579 int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
580 const unsigned char *chars, size_t size)
581 {
582 struct tty_bufhead *buf = &port->buf;
583 unsigned long flags;
584
585 spin_lock_irqsave(&port->lock, flags);
586 size = tty_insert_flip_string(port, chars, size);
587 if (size)
588 tty_flip_buffer_commit(buf->tail);
589 spin_unlock_irqrestore(&port->lock, flags);
590
591 queue_work(system_unbound_wq, &buf->work);
592
593 return size;
594 }
595
596 /**
597 * tty_buffer_init - prepare a tty buffer structure
598 * @port: tty port to initialise
599 *
600 * Set up the initial state of the buffer management for a tty device.
601 * Must be called before the other tty buffer functions are used.
602 */
603
tty_buffer_init(struct tty_port * port)604 void tty_buffer_init(struct tty_port *port)
605 {
606 struct tty_bufhead *buf = &port->buf;
607
608 mutex_init(&buf->lock);
609 tty_buffer_reset(&buf->sentinel, 0);
610 buf->head = &buf->sentinel;
611 buf->tail = &buf->sentinel;
612 init_llist_head(&buf->free);
613 atomic_set(&buf->mem_used, 0);
614 atomic_set(&buf->priority, 0);
615 INIT_WORK(&buf->work, flush_to_ldisc);
616 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
617 }
618
619 /**
620 * tty_buffer_set_limit - change the tty buffer memory limit
621 * @port: tty port to change
622 * @limit: memory limit to set
623 *
624 * Change the tty buffer memory limit.
625 * Must be called before the other tty buffer functions are used.
626 */
627
tty_buffer_set_limit(struct tty_port * port,int limit)628 int tty_buffer_set_limit(struct tty_port *port, int limit)
629 {
630 if (limit < MIN_TTYB_SIZE)
631 return -EINVAL;
632 port->buf.mem_limit = limit;
633 return 0;
634 }
635 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
636
637 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)638 void tty_buffer_set_lock_subclass(struct tty_port *port)
639 {
640 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
641 }
642
tty_buffer_restart_work(struct tty_port * port)643 bool tty_buffer_restart_work(struct tty_port *port)
644 {
645 return queue_work(system_unbound_wq, &port->buf.work);
646 }
647
tty_buffer_cancel_work(struct tty_port * port)648 bool tty_buffer_cancel_work(struct tty_port *port)
649 {
650 return cancel_work_sync(&port->buf.work);
651 }
652
tty_buffer_flush_work(struct tty_port * port)653 void tty_buffer_flush_work(struct tty_port *port)
654 {
655 flush_work(&port->buf.work);
656 }
657