1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Tty buffer allocation management
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20
21
22 #define MIN_TTYB_SIZE 256
23 #define TTYB_ALIGN_MASK 255
24
25 /*
26 * Byte threshold to limit memory consumption for flip buffers.
27 * The actual memory limit is > 2x this amount.
28 */
29 #define TTYB_DEFAULT_MEM_LIMIT 65536
30
31 /*
32 * We default to dicing tty buffer allocations to this many characters
33 * in order to avoid multiple page allocations. We know the size of
34 * tty_buffer itself but it must also be taken into account that the
35 * the buffer is 256 byte aligned. See tty_buffer_find for the allocation
36 * logic this must match
37 */
38
39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40
41 /**
42 * tty_buffer_lock_exclusive - gain exclusive access to buffer
43 * tty_buffer_unlock_exclusive - release exclusive access
44 *
45 * @port - tty_port owning the flip buffer
46 *
47 * Guarantees safe use of the line discipline's receive_buf() method by
48 * excluding the buffer work and any pending flush from using the flip
49 * buffer. Data can continue to be added concurrently to the flip buffer
50 * from the driver side.
51 *
52 * On release, the buffer work is restarted if there is data in the
53 * flip buffer
54 */
55
tty_buffer_lock_exclusive(struct tty_port * port)56 void tty_buffer_lock_exclusive(struct tty_port *port)
57 {
58 struct tty_bufhead *buf = &port->buf;
59
60 atomic_inc(&buf->priority);
61 mutex_lock(&buf->lock);
62 }
63 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
64
tty_buffer_unlock_exclusive(struct tty_port * port)65 void tty_buffer_unlock_exclusive(struct tty_port *port)
66 {
67 struct tty_bufhead *buf = &port->buf;
68 int restart;
69
70 restart = buf->head->commit != buf->head->read;
71
72 atomic_dec(&buf->priority);
73 mutex_unlock(&buf->lock);
74 if (restart)
75 queue_work(system_unbound_wq, &buf->work);
76 }
77 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
78
79 /**
80 * tty_buffer_space_avail - return unused buffer space
81 * @port - tty_port owning the flip buffer
82 *
83 * Returns the # of bytes which can be written by the driver without
84 * reaching the buffer limit.
85 *
86 * Note: this does not guarantee that memory is available to write
87 * the returned # of bytes (use tty_prepare_flip_string_xxx() to
88 * pre-allocate if memory guarantee is required).
89 */
90
tty_buffer_space_avail(struct tty_port * port)91 int tty_buffer_space_avail(struct tty_port *port)
92 {
93 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
94 return max(space, 0);
95 }
96 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
97
tty_buffer_reset(struct tty_buffer * p,size_t size)98 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
99 {
100 p->used = 0;
101 p->size = size;
102 p->next = NULL;
103 p->commit = 0;
104 p->read = 0;
105 p->flags = 0;
106 }
107
108 /**
109 * tty_buffer_free_all - free buffers used by a tty
110 * @tty: tty to free from
111 *
112 * Remove all the buffers pending on a tty whether queued with data
113 * or in the free ring. Must be called when the tty is no longer in use
114 */
115
tty_buffer_free_all(struct tty_port * port)116 void tty_buffer_free_all(struct tty_port *port)
117 {
118 struct tty_bufhead *buf = &port->buf;
119 struct tty_buffer *p, *next;
120 struct llist_node *llist;
121
122 while ((p = buf->head) != NULL) {
123 buf->head = p->next;
124 if (p->size > 0)
125 kfree(p);
126 }
127 llist = llist_del_all(&buf->free);
128 llist_for_each_entry_safe(p, next, llist, free)
129 kfree(p);
130
131 tty_buffer_reset(&buf->sentinel, 0);
132 buf->head = &buf->sentinel;
133 buf->tail = &buf->sentinel;
134
135 atomic_set(&buf->mem_used, 0);
136 }
137
138 /**
139 * tty_buffer_alloc - allocate a tty buffer
140 * @tty: tty device
141 * @size: desired size (characters)
142 *
143 * Allocate a new tty buffer to hold the desired number of characters.
144 * We round our buffers off in 256 character chunks to get better
145 * allocation behaviour.
146 * Return NULL if out of memory or the allocation would exceed the
147 * per device queue
148 */
149
tty_buffer_alloc(struct tty_port * port,size_t size)150 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
151 {
152 struct llist_node *free;
153 struct tty_buffer *p;
154
155 /* Round the buffer size out */
156 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
157
158 if (size <= MIN_TTYB_SIZE) {
159 free = llist_del_first(&port->buf.free);
160 if (free) {
161 p = llist_entry(free, struct tty_buffer, free);
162 goto found;
163 }
164 }
165
166 /* Should possibly check if this fails for the largest buffer we
167 have queued and recycle that ? */
168 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
169 return NULL;
170 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
171 if (p == NULL)
172 return NULL;
173
174 found:
175 tty_buffer_reset(p, size);
176 atomic_add(size, &port->buf.mem_used);
177 return p;
178 }
179
180 /**
181 * tty_buffer_free - free a tty buffer
182 * @tty: tty owning the buffer
183 * @b: the buffer to free
184 *
185 * Free a tty buffer, or add it to the free list according to our
186 * internal strategy
187 */
188
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)189 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
190 {
191 struct tty_bufhead *buf = &port->buf;
192
193 /* Dumb strategy for now - should keep some stats */
194 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
195
196 if (b->size > MIN_TTYB_SIZE)
197 kfree(b);
198 else if (b->size > 0)
199 llist_add(&b->free, &buf->free);
200 }
201
202 /**
203 * tty_buffer_flush - flush full tty buffers
204 * @tty: tty to flush
205 * @ld: optional ldisc ptr (must be referenced)
206 *
207 * flush all the buffers containing receive data. If ld != NULL,
208 * flush the ldisc input buffer.
209 *
210 * Locking: takes buffer lock to ensure single-threaded flip buffer
211 * 'consumer'
212 */
213
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)214 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
215 {
216 struct tty_port *port = tty->port;
217 struct tty_bufhead *buf = &port->buf;
218 struct tty_buffer *next;
219
220 atomic_inc(&buf->priority);
221
222 mutex_lock(&buf->lock);
223 /* paired w/ release in __tty_buffer_request_room; ensures there are
224 * no pending memory accesses to the freed buffer
225 */
226 while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
227 tty_buffer_free(port, buf->head);
228 buf->head = next;
229 }
230 buf->head->read = buf->head->commit;
231
232 if (ld && ld->ops->flush_buffer)
233 ld->ops->flush_buffer(tty);
234
235 atomic_dec(&buf->priority);
236 mutex_unlock(&buf->lock);
237 }
238
239 /**
240 * tty_buffer_request_room - grow tty buffer if needed
241 * @tty: tty structure
242 * @size: size desired
243 * @flags: buffer flags if new buffer allocated (default = 0)
244 *
245 * Make at least size bytes of linear space available for the tty
246 * buffer. If we fail return the size we managed to find.
247 *
248 * Will change over to a new buffer if the current buffer is encoded as
249 * TTY_NORMAL (so has no flags buffer) and the new buffer requires
250 * a flags buffer.
251 */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)252 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
253 int flags)
254 {
255 struct tty_bufhead *buf = &port->buf;
256 struct tty_buffer *b, *n;
257 int left, change;
258
259 b = buf->tail;
260 if (b->flags & TTYB_NORMAL)
261 left = 2 * b->size - b->used;
262 else
263 left = b->size - b->used;
264
265 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
266 if (change || left < size) {
267 /* This is the slow path - looking for new buffers to use */
268 n = tty_buffer_alloc(port, size);
269 if (n != NULL) {
270 n->flags = flags;
271 buf->tail = n;
272 /* paired w/ acquire in flush_to_ldisc(); ensures
273 * flush_to_ldisc() sees buffer data.
274 */
275 smp_store_release(&b->commit, b->used);
276 /* paired w/ acquire in flush_to_ldisc(); ensures the
277 * latest commit value can be read before the head is
278 * advanced to the next buffer
279 */
280 smp_store_release(&b->next, n);
281 } else if (change)
282 size = 0;
283 else
284 size = left;
285 }
286 return size;
287 }
288
tty_buffer_request_room(struct tty_port * port,size_t size)289 int tty_buffer_request_room(struct tty_port *port, size_t size)
290 {
291 return __tty_buffer_request_room(port, size, 0);
292 }
293 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
294
295 /**
296 * tty_insert_flip_string_fixed_flag - Add characters to the tty buffer
297 * @port: tty port
298 * @chars: characters
299 * @flag: flag value for each character
300 * @size: size
301 *
302 * Queue a series of bytes to the tty buffering. All the characters
303 * passed are marked with the supplied flag. Returns the number added.
304 */
305
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)306 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
307 const unsigned char *chars, char flag, size_t size)
308 {
309 int copied = 0;
310 do {
311 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
312 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
313 int space = __tty_buffer_request_room(port, goal, flags);
314 struct tty_buffer *tb = port->buf.tail;
315 if (unlikely(space == 0))
316 break;
317 memcpy(char_buf_ptr(tb, tb->used), chars, space);
318 if (~tb->flags & TTYB_NORMAL)
319 memset(flag_buf_ptr(tb, tb->used), flag, space);
320 tb->used += space;
321 copied += space;
322 chars += space;
323 /* There is a small chance that we need to split the data over
324 several buffers. If this is the case we must loop */
325 } while (unlikely(size > copied));
326 return copied;
327 }
328 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
329
330 /**
331 * tty_insert_flip_string_flags - Add characters to the tty buffer
332 * @port: tty port
333 * @chars: characters
334 * @flags: flag bytes
335 * @size: size
336 *
337 * Queue a series of bytes to the tty buffering. For each character
338 * the flags array indicates the status of the character. Returns the
339 * number added.
340 */
341
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)342 int tty_insert_flip_string_flags(struct tty_port *port,
343 const unsigned char *chars, const char *flags, size_t size)
344 {
345 int copied = 0;
346 do {
347 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
348 int space = tty_buffer_request_room(port, goal);
349 struct tty_buffer *tb = port->buf.tail;
350 if (unlikely(space == 0))
351 break;
352 memcpy(char_buf_ptr(tb, tb->used), chars, space);
353 memcpy(flag_buf_ptr(tb, tb->used), flags, space);
354 tb->used += space;
355 copied += space;
356 chars += space;
357 flags += space;
358 /* There is a small chance that we need to split the data over
359 several buffers. If this is the case we must loop */
360 } while (unlikely(size > copied));
361 return copied;
362 }
363 EXPORT_SYMBOL(tty_insert_flip_string_flags);
364
365 /**
366 * __tty_insert_flip_char - Add one character to the tty buffer
367 * @port: tty port
368 * @ch: character
369 * @flag: flag byte
370 *
371 * Queue a single byte to the tty buffering, with an optional flag.
372 * This is the slow path of tty_insert_flip_char.
373 */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)374 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
375 {
376 struct tty_buffer *tb;
377 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
378
379 if (!__tty_buffer_request_room(port, 1, flags))
380 return 0;
381
382 tb = port->buf.tail;
383 if (~tb->flags & TTYB_NORMAL)
384 *flag_buf_ptr(tb, tb->used) = flag;
385 *char_buf_ptr(tb, tb->used++) = ch;
386
387 return 1;
388 }
389 EXPORT_SYMBOL(__tty_insert_flip_char);
390
391 /**
392 * tty_schedule_flip - push characters to ldisc
393 * @port: tty port to push from
394 *
395 * Takes any pending buffers and transfers their ownership to the
396 * ldisc side of the queue. It then schedules those characters for
397 * processing by the line discipline.
398 */
399
tty_schedule_flip(struct tty_port * port)400 void tty_schedule_flip(struct tty_port *port)
401 {
402 struct tty_bufhead *buf = &port->buf;
403
404 /* paired w/ acquire in flush_to_ldisc(); ensures
405 * flush_to_ldisc() sees buffer data.
406 */
407 smp_store_release(&buf->tail->commit, buf->tail->used);
408 queue_work(system_unbound_wq, &buf->work);
409 }
410 EXPORT_SYMBOL(tty_schedule_flip);
411
412 /**
413 * tty_prepare_flip_string - make room for characters
414 * @port: tty port
415 * @chars: return pointer for character write area
416 * @size: desired size
417 *
418 * Prepare a block of space in the buffer for data. Returns the length
419 * available and buffer pointer to the space which is now allocated and
420 * accounted for as ready for normal characters. This is used for drivers
421 * that need their own block copy routines into the buffer. There is no
422 * guarantee the buffer is a DMA target!
423 */
424
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)425 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
426 size_t size)
427 {
428 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
429 if (likely(space)) {
430 struct tty_buffer *tb = port->buf.tail;
431 *chars = char_buf_ptr(tb, tb->used);
432 if (~tb->flags & TTYB_NORMAL)
433 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
434 tb->used += space;
435 }
436 return space;
437 }
438 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
439
440 /**
441 * tty_ldisc_receive_buf - forward data to line discipline
442 * @ld: line discipline to process input
443 * @p: char buffer
444 * @f: TTY_* flags buffer
445 * @count: number of bytes to process
446 *
447 * Callers other than flush_to_ldisc() need to exclude the kworker
448 * from concurrent use of the line discipline, see paste_selection().
449 *
450 * Returns the number of bytes processed
451 */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,char * f,int count)452 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
453 char *f, int count)
454 {
455 if (ld->ops->receive_buf2)
456 count = ld->ops->receive_buf2(ld->tty, p, f, count);
457 else {
458 count = min_t(int, count, ld->tty->receive_room);
459 if (count && ld->ops->receive_buf)
460 ld->ops->receive_buf(ld->tty, p, f, count);
461 }
462 return count;
463 }
464 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
465
466 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)467 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
468 {
469 unsigned char *p = char_buf_ptr(head, head->read);
470 char *f = NULL;
471
472 if (~head->flags & TTYB_NORMAL)
473 f = flag_buf_ptr(head, head->read);
474
475 return port->client_ops->receive_buf(port, p, f, count);
476 }
477
478 /**
479 * flush_to_ldisc
480 * @work: tty structure passed from work queue.
481 *
482 * This routine is called out of the software interrupt to flush data
483 * from the buffer chain to the line discipline.
484 *
485 * The receive_buf method is single threaded for each tty instance.
486 *
487 * Locking: takes buffer lock to ensure single-threaded flip buffer
488 * 'consumer'
489 */
490
flush_to_ldisc(struct work_struct * work)491 static void flush_to_ldisc(struct work_struct *work)
492 {
493 struct tty_port *port = container_of(work, struct tty_port, buf.work);
494 struct tty_bufhead *buf = &port->buf;
495
496 mutex_lock(&buf->lock);
497
498 while (1) {
499 struct tty_buffer *head = buf->head;
500 struct tty_buffer *next;
501 int count;
502
503 /* Ldisc or user is trying to gain exclusive access */
504 if (atomic_read(&buf->priority))
505 break;
506
507 /* paired w/ release in __tty_buffer_request_room();
508 * ensures commit value read is not stale if the head
509 * is advancing to the next buffer
510 */
511 next = smp_load_acquire(&head->next);
512 /* paired w/ release in __tty_buffer_request_room() or in
513 * tty_buffer_flush(); ensures we see the committed buffer data
514 */
515 count = smp_load_acquire(&head->commit) - head->read;
516 if (!count) {
517 if (next == NULL)
518 break;
519 buf->head = next;
520 tty_buffer_free(port, head);
521 continue;
522 }
523
524 count = receive_buf(port, head, count);
525 if (!count)
526 break;
527 head->read += count;
528 }
529
530 mutex_unlock(&buf->lock);
531
532 }
533
534 /**
535 * tty_flip_buffer_push - terminal
536 * @port: tty port to push
537 *
538 * Queue a push of the terminal flip buffers to the line discipline.
539 * Can be called from IRQ/atomic context.
540 *
541 * In the event of the queue being busy for flipping the work will be
542 * held off and retried later.
543 */
544
tty_flip_buffer_push(struct tty_port * port)545 void tty_flip_buffer_push(struct tty_port *port)
546 {
547 tty_schedule_flip(port);
548 }
549 EXPORT_SYMBOL(tty_flip_buffer_push);
550
551 /**
552 * tty_buffer_init - prepare a tty buffer structure
553 * @tty: tty to initialise
554 *
555 * Set up the initial state of the buffer management for a tty device.
556 * Must be called before the other tty buffer functions are used.
557 */
558
tty_buffer_init(struct tty_port * port)559 void tty_buffer_init(struct tty_port *port)
560 {
561 struct tty_bufhead *buf = &port->buf;
562
563 mutex_init(&buf->lock);
564 tty_buffer_reset(&buf->sentinel, 0);
565 buf->head = &buf->sentinel;
566 buf->tail = &buf->sentinel;
567 init_llist_head(&buf->free);
568 atomic_set(&buf->mem_used, 0);
569 atomic_set(&buf->priority, 0);
570 INIT_WORK(&buf->work, flush_to_ldisc);
571 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
572 }
573
574 /**
575 * tty_buffer_set_limit - change the tty buffer memory limit
576 * @port: tty port to change
577 *
578 * Change the tty buffer memory limit.
579 * Must be called before the other tty buffer functions are used.
580 */
581
tty_buffer_set_limit(struct tty_port * port,int limit)582 int tty_buffer_set_limit(struct tty_port *port, int limit)
583 {
584 if (limit < MIN_TTYB_SIZE)
585 return -EINVAL;
586 port->buf.mem_limit = limit;
587 return 0;
588 }
589 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
590
591 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)592 void tty_buffer_set_lock_subclass(struct tty_port *port)
593 {
594 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
595 }
596
tty_buffer_restart_work(struct tty_port * port)597 bool tty_buffer_restart_work(struct tty_port *port)
598 {
599 return queue_work(system_unbound_wq, &port->buf.work);
600 }
601
tty_buffer_cancel_work(struct tty_port * port)602 bool tty_buffer_cancel_work(struct tty_port *port)
603 {
604 return cancel_work_sync(&port->buf.work);
605 }
606
tty_buffer_flush_work(struct tty_port * port)607 void tty_buffer_flush_work(struct tty_port *port)
608 {
609 flush_work(&port->buf.work);
610 }
611