1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * Tty buffer allocation management
4 */
5
6 #include <linux/types.h>
7 #include <linux/errno.h>
8 #include <linux/tty.h>
9 #include <linux/tty_driver.h>
10 #include <linux/tty_flip.h>
11 #include <linux/timer.h>
12 #include <linux/string.h>
13 #include <linux/slab.h>
14 #include <linux/sched.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
19 #include <linux/ratelimit.h>
20 #include "tty.h"
21
22 #define MIN_TTYB_SIZE 256
23 #define TTYB_ALIGN_MASK 255
24
25 /*
26 * Byte threshold to limit memory consumption for flip buffers.
27 * The actual memory limit is > 2x this amount.
28 */
29 #define TTYB_DEFAULT_MEM_LIMIT (640 * 1024UL)
30
31 /*
32 * We default to dicing tty buffer allocations to this many characters
33 * in order to avoid multiple page allocations. We know the size of
34 * tty_buffer itself but it must also be taken into account that the
35 * buffer is 256 byte aligned. See tty_buffer_find for the allocation
36 * logic this must match.
37 */
38
39 #define TTY_BUFFER_PAGE (((PAGE_SIZE - sizeof(struct tty_buffer)) / 2) & ~0xFF)
40
41 /**
42 * tty_buffer_lock_exclusive - gain exclusive access to buffer
43 * @port: tty port owning the flip buffer
44 *
45 * Guarantees safe use of the &tty_ldisc_ops.receive_buf() method by excluding
46 * the buffer work and any pending flush from using the flip buffer. Data can
47 * continue to be added concurrently to the flip buffer from the driver side.
48 *
49 * See also tty_buffer_unlock_exclusive().
50 */
tty_buffer_lock_exclusive(struct tty_port * port)51 void tty_buffer_lock_exclusive(struct tty_port *port)
52 {
53 struct tty_bufhead *buf = &port->buf;
54
55 atomic_inc(&buf->priority);
56 mutex_lock(&buf->lock);
57 }
58 EXPORT_SYMBOL_GPL(tty_buffer_lock_exclusive);
59
60 /**
61 * tty_buffer_unlock_exclusive - release exclusive access
62 * @port: tty port owning the flip buffer
63 *
64 * The buffer work is restarted if there is data in the flip buffer.
65 *
66 * See also tty_buffer_lock_exclusive().
67 */
tty_buffer_unlock_exclusive(struct tty_port * port)68 void tty_buffer_unlock_exclusive(struct tty_port *port)
69 {
70 struct tty_bufhead *buf = &port->buf;
71 int restart;
72
73 restart = buf->head->commit != buf->head->read;
74
75 atomic_dec(&buf->priority);
76 mutex_unlock(&buf->lock);
77 if (restart)
78 queue_work(system_unbound_wq, &buf->work);
79 }
80 EXPORT_SYMBOL_GPL(tty_buffer_unlock_exclusive);
81
82 /**
83 * tty_buffer_space_avail - return unused buffer space
84 * @port: tty port owning the flip buffer
85 *
86 * Returns: the # of bytes which can be written by the driver without reaching
87 * the buffer limit.
88 *
89 * Note: this does not guarantee that memory is available to write the returned
90 * # of bytes (use tty_prepare_flip_string() to pre-allocate if memory
91 * guarantee is required).
92 */
tty_buffer_space_avail(struct tty_port * port)93 unsigned int tty_buffer_space_avail(struct tty_port *port)
94 {
95 int space = port->buf.mem_limit - atomic_read(&port->buf.mem_used);
96
97 return max(space, 0);
98 }
99 EXPORT_SYMBOL_GPL(tty_buffer_space_avail);
100
tty_buffer_reset(struct tty_buffer * p,size_t size)101 static void tty_buffer_reset(struct tty_buffer *p, size_t size)
102 {
103 p->used = 0;
104 p->size = size;
105 p->next = NULL;
106 p->commit = 0;
107 p->read = 0;
108 p->flags = 0;
109 }
110
111 /**
112 * tty_buffer_free_all - free buffers used by a tty
113 * @port: tty port to free from
114 *
115 * Remove all the buffers pending on a tty whether queued with data or in the
116 * free ring. Must be called when the tty is no longer in use.
117 */
tty_buffer_free_all(struct tty_port * port)118 void tty_buffer_free_all(struct tty_port *port)
119 {
120 struct tty_bufhead *buf = &port->buf;
121 struct tty_buffer *p, *next;
122 struct llist_node *llist;
123 unsigned int freed = 0;
124 int still_used;
125
126 while ((p = buf->head) != NULL) {
127 buf->head = p->next;
128 freed += p->size;
129 if (p->size > 0)
130 kfree(p);
131 }
132 llist = llist_del_all(&buf->free);
133 llist_for_each_entry_safe(p, next, llist, free)
134 kfree(p);
135
136 tty_buffer_reset(&buf->sentinel, 0);
137 buf->head = &buf->sentinel;
138 buf->tail = &buf->sentinel;
139
140 still_used = atomic_xchg(&buf->mem_used, 0);
141 WARN(still_used != freed, "we still have not freed %d bytes!",
142 still_used - freed);
143 }
144
145 /**
146 * tty_buffer_alloc - allocate a tty buffer
147 * @port: tty port
148 * @size: desired size (characters)
149 *
150 * Allocate a new tty buffer to hold the desired number of characters. We
151 * round our buffers off in 256 character chunks to get better allocation
152 * behaviour.
153 *
154 * Returns: %NULL if out of memory or the allocation would exceed the per
155 * device queue.
156 */
tty_buffer_alloc(struct tty_port * port,size_t size)157 static struct tty_buffer *tty_buffer_alloc(struct tty_port *port, size_t size)
158 {
159 struct llist_node *free;
160 struct tty_buffer *p;
161
162 /* Round the buffer size out */
163 size = __ALIGN_MASK(size, TTYB_ALIGN_MASK);
164
165 if (size <= MIN_TTYB_SIZE) {
166 free = llist_del_first(&port->buf.free);
167 if (free) {
168 p = llist_entry(free, struct tty_buffer, free);
169 goto found;
170 }
171 }
172
173 /* Should possibly check if this fails for the largest buffer we
174 * have queued and recycle that ?
175 */
176 if (atomic_read(&port->buf.mem_used) > port->buf.mem_limit)
177 return NULL;
178 p = kmalloc(sizeof(struct tty_buffer) + 2 * size,
179 GFP_ATOMIC | __GFP_NOWARN);
180 if (p == NULL)
181 return NULL;
182
183 found:
184 tty_buffer_reset(p, size);
185 atomic_add(size, &port->buf.mem_used);
186 return p;
187 }
188
189 /**
190 * tty_buffer_free - free a tty buffer
191 * @port: tty port owning the buffer
192 * @b: the buffer to free
193 *
194 * Free a tty buffer, or add it to the free list according to our internal
195 * strategy.
196 */
tty_buffer_free(struct tty_port * port,struct tty_buffer * b)197 static void tty_buffer_free(struct tty_port *port, struct tty_buffer *b)
198 {
199 struct tty_bufhead *buf = &port->buf;
200
201 /* Dumb strategy for now - should keep some stats */
202 WARN_ON(atomic_sub_return(b->size, &buf->mem_used) < 0);
203
204 if (b->size > MIN_TTYB_SIZE)
205 kfree(b);
206 else if (b->size > 0)
207 llist_add(&b->free, &buf->free);
208 }
209
210 /**
211 * tty_buffer_flush - flush full tty buffers
212 * @tty: tty to flush
213 * @ld: optional ldisc ptr (must be referenced)
214 *
215 * Flush all the buffers containing receive data. If @ld != %NULL, flush the
216 * ldisc input buffer.
217 *
218 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'.
219 */
tty_buffer_flush(struct tty_struct * tty,struct tty_ldisc * ld)220 void tty_buffer_flush(struct tty_struct *tty, struct tty_ldisc *ld)
221 {
222 struct tty_port *port = tty->port;
223 struct tty_bufhead *buf = &port->buf;
224 struct tty_buffer *next;
225
226 atomic_inc(&buf->priority);
227
228 mutex_lock(&buf->lock);
229 /* paired w/ release in __tty_buffer_request_room; ensures there are
230 * no pending memory accesses to the freed buffer
231 */
232 while ((next = smp_load_acquire(&buf->head->next)) != NULL) {
233 tty_buffer_free(port, buf->head);
234 buf->head = next;
235 }
236 buf->head->read = buf->head->commit;
237
238 if (ld && ld->ops->flush_buffer)
239 ld->ops->flush_buffer(tty);
240
241 atomic_dec(&buf->priority);
242 mutex_unlock(&buf->lock);
243 }
244
245 /**
246 * __tty_buffer_request_room - grow tty buffer if needed
247 * @port: tty port
248 * @size: size desired
249 * @flags: buffer flags if new buffer allocated (default = 0)
250 *
251 * Make at least @size bytes of linear space available for the tty buffer.
252 *
253 * Will change over to a new buffer if the current buffer is encoded as
254 * %TTY_NORMAL (so has no flags buffer) and the new buffer requires a flags
255 * buffer.
256 *
257 * Returns: the size we managed to find.
258 */
__tty_buffer_request_room(struct tty_port * port,size_t size,int flags)259 static int __tty_buffer_request_room(struct tty_port *port, size_t size,
260 int flags)
261 {
262 struct tty_bufhead *buf = &port->buf;
263 struct tty_buffer *b, *n;
264 int left, change;
265
266 b = buf->tail;
267 if (b->flags & TTYB_NORMAL)
268 left = 2 * b->size - b->used;
269 else
270 left = b->size - b->used;
271
272 change = (b->flags & TTYB_NORMAL) && (~flags & TTYB_NORMAL);
273 if (change || left < size) {
274 /* This is the slow path - looking for new buffers to use */
275 n = tty_buffer_alloc(port, size);
276 if (n != NULL) {
277 n->flags = flags;
278 buf->tail = n;
279 /* paired w/ acquire in flush_to_ldisc(); ensures
280 * flush_to_ldisc() sees buffer data.
281 */
282 smp_store_release(&b->commit, b->used);
283 /* paired w/ acquire in flush_to_ldisc(); ensures the
284 * latest commit value can be read before the head is
285 * advanced to the next buffer
286 */
287 smp_store_release(&b->next, n);
288 } else if (change)
289 size = 0;
290 else
291 size = left;
292 }
293 return size;
294 }
295
tty_buffer_request_room(struct tty_port * port,size_t size)296 int tty_buffer_request_room(struct tty_port *port, size_t size)
297 {
298 return __tty_buffer_request_room(port, size, 0);
299 }
300 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
301
302 /**
303 * tty_insert_flip_string_fixed_flag - add characters to the tty buffer
304 * @port: tty port
305 * @chars: characters
306 * @flag: flag value for each character
307 * @size: size
308 *
309 * Queue a series of bytes to the tty buffering. All the characters passed are
310 * marked with the supplied flag.
311 *
312 * Returns: the number added.
313 */
tty_insert_flip_string_fixed_flag(struct tty_port * port,const unsigned char * chars,char flag,size_t size)314 int tty_insert_flip_string_fixed_flag(struct tty_port *port,
315 const unsigned char *chars, char flag, size_t size)
316 {
317 int copied = 0;
318
319 do {
320 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
321 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
322 int space = __tty_buffer_request_room(port, goal, flags);
323 struct tty_buffer *tb = port->buf.tail;
324
325 if (unlikely(space == 0))
326 break;
327 memcpy(char_buf_ptr(tb, tb->used), chars, space);
328 if (~tb->flags & TTYB_NORMAL)
329 memset(flag_buf_ptr(tb, tb->used), flag, space);
330 tb->used += space;
331 copied += space;
332 chars += space;
333 /* There is a small chance that we need to split the data over
334 * several buffers. If this is the case we must loop.
335 */
336 } while (unlikely(size > copied));
337 return copied;
338 }
339 EXPORT_SYMBOL(tty_insert_flip_string_fixed_flag);
340
341 /**
342 * tty_insert_flip_string_flags - add characters to the tty buffer
343 * @port: tty port
344 * @chars: characters
345 * @flags: flag bytes
346 * @size: size
347 *
348 * Queue a series of bytes to the tty buffering. For each character the flags
349 * array indicates the status of the character.
350 *
351 * Returns: the number added.
352 */
tty_insert_flip_string_flags(struct tty_port * port,const unsigned char * chars,const char * flags,size_t size)353 int tty_insert_flip_string_flags(struct tty_port *port,
354 const unsigned char *chars, const char *flags, size_t size)
355 {
356 int copied = 0;
357
358 do {
359 int goal = min_t(size_t, size - copied, TTY_BUFFER_PAGE);
360 int space = tty_buffer_request_room(port, goal);
361 struct tty_buffer *tb = port->buf.tail;
362
363 if (unlikely(space == 0))
364 break;
365 memcpy(char_buf_ptr(tb, tb->used), chars, space);
366 memcpy(flag_buf_ptr(tb, tb->used), flags, space);
367 tb->used += space;
368 copied += space;
369 chars += space;
370 flags += space;
371 /* There is a small chance that we need to split the data over
372 * several buffers. If this is the case we must loop.
373 */
374 } while (unlikely(size > copied));
375 return copied;
376 }
377 EXPORT_SYMBOL(tty_insert_flip_string_flags);
378
379 /**
380 * __tty_insert_flip_char - add one character to the tty buffer
381 * @port: tty port
382 * @ch: character
383 * @flag: flag byte
384 *
385 * Queue a single byte @ch to the tty buffering, with an optional flag. This is
386 * the slow path of tty_insert_flip_char().
387 */
__tty_insert_flip_char(struct tty_port * port,unsigned char ch,char flag)388 int __tty_insert_flip_char(struct tty_port *port, unsigned char ch, char flag)
389 {
390 struct tty_buffer *tb;
391 int flags = (flag == TTY_NORMAL) ? TTYB_NORMAL : 0;
392
393 if (!__tty_buffer_request_room(port, 1, flags))
394 return 0;
395
396 tb = port->buf.tail;
397 if (~tb->flags & TTYB_NORMAL)
398 *flag_buf_ptr(tb, tb->used) = flag;
399 *char_buf_ptr(tb, tb->used++) = ch;
400
401 return 1;
402 }
403 EXPORT_SYMBOL(__tty_insert_flip_char);
404
405 /**
406 * tty_prepare_flip_string - make room for characters
407 * @port: tty port
408 * @chars: return pointer for character write area
409 * @size: desired size
410 *
411 * Prepare a block of space in the buffer for data.
412 *
413 * This is used for drivers that need their own block copy routines into the
414 * buffer. There is no guarantee the buffer is a DMA target!
415 *
416 * Returns: the length available and buffer pointer (@chars) to the space which
417 * is now allocated and accounted for as ready for normal characters.
418 */
tty_prepare_flip_string(struct tty_port * port,unsigned char ** chars,size_t size)419 int tty_prepare_flip_string(struct tty_port *port, unsigned char **chars,
420 size_t size)
421 {
422 int space = __tty_buffer_request_room(port, size, TTYB_NORMAL);
423
424 if (likely(space)) {
425 struct tty_buffer *tb = port->buf.tail;
426
427 *chars = char_buf_ptr(tb, tb->used);
428 if (~tb->flags & TTYB_NORMAL)
429 memset(flag_buf_ptr(tb, tb->used), TTY_NORMAL, space);
430 tb->used += space;
431 }
432 return space;
433 }
434 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
435
436 /**
437 * tty_ldisc_receive_buf - forward data to line discipline
438 * @ld: line discipline to process input
439 * @p: char buffer
440 * @f: %TTY_NORMAL, %TTY_BREAK, etc. flags buffer
441 * @count: number of bytes to process
442 *
443 * Callers other than flush_to_ldisc() need to exclude the kworker from
444 * concurrent use of the line discipline, see paste_selection().
445 *
446 * Returns: the number of bytes processed.
447 */
tty_ldisc_receive_buf(struct tty_ldisc * ld,const unsigned char * p,const char * f,int count)448 int tty_ldisc_receive_buf(struct tty_ldisc *ld, const unsigned char *p,
449 const char *f, int count)
450 {
451 if (ld->ops->receive_buf2)
452 count = ld->ops->receive_buf2(ld->tty, p, f, count);
453 else {
454 count = min_t(int, count, ld->tty->receive_room);
455 if (count && ld->ops->receive_buf)
456 ld->ops->receive_buf(ld->tty, p, f, count);
457 }
458 return count;
459 }
460 EXPORT_SYMBOL_GPL(tty_ldisc_receive_buf);
461
462 static int
receive_buf(struct tty_port * port,struct tty_buffer * head,int count)463 receive_buf(struct tty_port *port, struct tty_buffer *head, int count)
464 {
465 unsigned char *p = char_buf_ptr(head, head->read);
466 const char *f = NULL;
467 int n;
468
469 if (~head->flags & TTYB_NORMAL)
470 f = flag_buf_ptr(head, head->read);
471
472 n = port->client_ops->receive_buf(port, p, f, count);
473 if (n > 0)
474 memset(p, 0, n);
475 return n;
476 }
477
478 /**
479 * flush_to_ldisc - flush data from buffer to ldisc
480 * @work: tty structure passed from work queue.
481 *
482 * This routine is called out of the software interrupt to flush data from the
483 * buffer chain to the line discipline.
484 *
485 * The receive_buf() method is single threaded for each tty instance.
486 *
487 * Locking: takes buffer lock to ensure single-threaded flip buffer 'consumer'.
488 */
flush_to_ldisc(struct work_struct * work)489 static void flush_to_ldisc(struct work_struct *work)
490 {
491 struct tty_port *port = container_of(work, struct tty_port, buf.work);
492 struct tty_bufhead *buf = &port->buf;
493
494 mutex_lock(&buf->lock);
495
496 while (1) {
497 struct tty_buffer *head = buf->head;
498 struct tty_buffer *next;
499 int count;
500
501 /* Ldisc or user is trying to gain exclusive access */
502 if (atomic_read(&buf->priority))
503 break;
504
505 /* paired w/ release in __tty_buffer_request_room();
506 * ensures commit value read is not stale if the head
507 * is advancing to the next buffer
508 */
509 next = smp_load_acquire(&head->next);
510 /* paired w/ release in __tty_buffer_request_room() or in
511 * tty_buffer_flush(); ensures we see the committed buffer data
512 */
513 count = smp_load_acquire(&head->commit) - head->read;
514 if (!count) {
515 if (next == NULL)
516 break;
517 buf->head = next;
518 tty_buffer_free(port, head);
519 continue;
520 }
521
522 count = receive_buf(port, head, count);
523 if (!count)
524 break;
525 head->read += count;
526
527 if (need_resched())
528 cond_resched();
529 }
530
531 mutex_unlock(&buf->lock);
532
533 }
534
tty_flip_buffer_commit(struct tty_buffer * tail)535 static inline void tty_flip_buffer_commit(struct tty_buffer *tail)
536 {
537 /*
538 * Paired w/ acquire in flush_to_ldisc(); ensures flush_to_ldisc() sees
539 * buffer data.
540 */
541 smp_store_release(&tail->commit, tail->used);
542 }
543
544 /**
545 * tty_flip_buffer_push - push terminal buffers
546 * @port: tty port to push
547 *
548 * Queue a push of the terminal flip buffers to the line discipline. Can be
549 * called from IRQ/atomic context.
550 *
551 * In the event of the queue being busy for flipping the work will be held off
552 * and retried later.
553 */
tty_flip_buffer_push(struct tty_port * port)554 void tty_flip_buffer_push(struct tty_port *port)
555 {
556 struct tty_bufhead *buf = &port->buf;
557
558 tty_flip_buffer_commit(buf->tail);
559 queue_work(system_unbound_wq, &buf->work);
560 }
561 EXPORT_SYMBOL(tty_flip_buffer_push);
562
563 /**
564 * tty_insert_flip_string_and_push_buffer - add characters to the tty buffer and
565 * push
566 * @port: tty port
567 * @chars: characters
568 * @size: size
569 *
570 * The function combines tty_insert_flip_string() and tty_flip_buffer_push()
571 * with the exception of properly holding the @port->lock.
572 *
573 * To be used only internally (by pty currently).
574 *
575 * Returns: the number added.
576 */
tty_insert_flip_string_and_push_buffer(struct tty_port * port,const unsigned char * chars,size_t size)577 int tty_insert_flip_string_and_push_buffer(struct tty_port *port,
578 const unsigned char *chars, size_t size)
579 {
580 struct tty_bufhead *buf = &port->buf;
581 unsigned long flags;
582
583 spin_lock_irqsave(&port->lock, flags);
584 size = tty_insert_flip_string(port, chars, size);
585 if (size)
586 tty_flip_buffer_commit(buf->tail);
587 spin_unlock_irqrestore(&port->lock, flags);
588
589 queue_work(system_unbound_wq, &buf->work);
590
591 return size;
592 }
593
594 /**
595 * tty_buffer_init - prepare a tty buffer structure
596 * @port: tty port to initialise
597 *
598 * Set up the initial state of the buffer management for a tty device. Must be
599 * called before the other tty buffer functions are used.
600 */
tty_buffer_init(struct tty_port * port)601 void tty_buffer_init(struct tty_port *port)
602 {
603 struct tty_bufhead *buf = &port->buf;
604
605 mutex_init(&buf->lock);
606 tty_buffer_reset(&buf->sentinel, 0);
607 buf->head = &buf->sentinel;
608 buf->tail = &buf->sentinel;
609 init_llist_head(&buf->free);
610 atomic_set(&buf->mem_used, 0);
611 atomic_set(&buf->priority, 0);
612 INIT_WORK(&buf->work, flush_to_ldisc);
613 buf->mem_limit = TTYB_DEFAULT_MEM_LIMIT;
614 }
615
616 /**
617 * tty_buffer_set_limit - change the tty buffer memory limit
618 * @port: tty port to change
619 * @limit: memory limit to set
620 *
621 * Change the tty buffer memory limit.
622 *
623 * Must be called before the other tty buffer functions are used.
624 */
tty_buffer_set_limit(struct tty_port * port,int limit)625 int tty_buffer_set_limit(struct tty_port *port, int limit)
626 {
627 if (limit < MIN_TTYB_SIZE)
628 return -EINVAL;
629 port->buf.mem_limit = limit;
630 return 0;
631 }
632 EXPORT_SYMBOL_GPL(tty_buffer_set_limit);
633
634 /* slave ptys can claim nested buffer lock when handling BRK and INTR */
tty_buffer_set_lock_subclass(struct tty_port * port)635 void tty_buffer_set_lock_subclass(struct tty_port *port)
636 {
637 lockdep_set_subclass(&port->buf.lock, TTY_LOCK_SLAVE);
638 }
639
tty_buffer_restart_work(struct tty_port * port)640 bool tty_buffer_restart_work(struct tty_port *port)
641 {
642 return queue_work(system_unbound_wq, &port->buf.work);
643 }
644
tty_buffer_cancel_work(struct tty_port * port)645 bool tty_buffer_cancel_work(struct tty_port *port)
646 {
647 return cancel_work_sync(&port->buf.work);
648 }
649
tty_buffer_flush_work(struct tty_port * port)650 void tty_buffer_flush_work(struct tty_port *port)
651 {
652 flush_work(&port->buf.work);
653 }
654