n_tty: Don't wrap input buffer indices at buffer size
Wrap read_buf indices (read_head, read_tail, canon_head) at
max representable value, instead of at the N_TTY_BUF_SIZE. This step
is necessary to allow lockless reads of these shared variables
(by updating the variables atomically).
Signed-off-by: Peter Hurley <peter@hurleysoftware.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
index 371612b..b2fef10 100644
--- a/drivers/tty/n_tty.c
+++ b/drivers/tty/n_tty.c
@@ -96,8 +96,8 @@
DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
char *read_buf;
- int read_head;
- int read_tail;
+ size_t read_head;
+ size_t read_tail;
int read_cnt;
int minimum_to_wake;
@@ -106,7 +106,7 @@
unsigned int echo_cnt;
int canon_data;
- unsigned long canon_head;
+ size_t canon_head;
unsigned int canon_column;
struct mutex atomic_read_lock;
@@ -120,6 +120,16 @@
return ldata->read_cnt;
}
+static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
+{
+ return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
+}
+
+static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
+{
+ return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
+}
+
static inline int tty_put_user(struct tty_struct *tty, unsigned char x,
unsigned char __user *ptr)
{
@@ -186,8 +196,8 @@
static void put_tty_queue_nolock(unsigned char c, struct n_tty_data *ldata)
{
if (read_cnt(ldata) < N_TTY_BUF_SIZE) {
- ldata->read_buf[ldata->read_head] = c;
- ldata->read_head = (ldata->read_head + 1) & (N_TTY_BUF_SIZE-1);
+ *read_buf_addr(ldata, ldata->read_head) = c;
+ ldata->read_head++;
ldata->read_cnt++;
}
}
@@ -289,13 +299,10 @@
ssize_t n = 0;
raw_spin_lock_irqsave(&ldata->read_lock, flags);
- if (!ldata->icanon) {
+ if (!ldata->icanon)
n = read_cnt(ldata);
- } else if (ldata->canon_data) {
- n = (ldata->canon_head > ldata->read_tail) ?
- ldata->canon_head - ldata->read_tail :
- ldata->canon_head + (N_TTY_BUF_SIZE - ldata->read_tail);
- }
+ else
+ n = ldata->canon_head - ldata->read_tail;
raw_spin_unlock_irqrestore(&ldata->read_lock, flags);
return n;
}
@@ -918,7 +925,9 @@
{
struct n_tty_data *ldata = tty->disc_data;
enum { ERASE, WERASE, KILL } kill_type;
- int head, seen_alnums, cnt;
+ size_t head;
+ size_t cnt;
+ int seen_alnums;
unsigned long flags;
/* FIXME: locking needed ? */
@@ -962,8 +971,8 @@
/* erase a single possibly multibyte character */
do {
- head = (head - 1) & (N_TTY_BUF_SIZE-1);
- c = ldata->read_buf[head];
+ head--;
+ c = read_buf(ldata, head);
} while (is_continuation(c, tty) && head != ldata->canon_head);
/* do not partially erase */
@@ -977,7 +986,7 @@
else if (seen_alnums)
break;
}
- cnt = (ldata->read_head - head) & (N_TTY_BUF_SIZE-1);
+ cnt = ldata->read_head - head;
raw_spin_lock_irqsave(&ldata->read_lock, flags);
ldata->read_head = head;
ldata->read_cnt -= cnt;
@@ -991,9 +1000,8 @@
/* if cnt > 1, output a multi-byte character */
echo_char(c, tty);
while (--cnt > 0) {
- head = (head+1) & (N_TTY_BUF_SIZE-1);
- echo_char_raw(ldata->read_buf[head],
- ldata);
+ head++;
+ echo_char_raw(read_buf(ldata, head), ldata);
echo_move_back_col(ldata);
}
} else if (kill_type == ERASE && !L_ECHOE(tty)) {
@@ -1001,7 +1009,7 @@
} else if (c == '\t') {
unsigned int num_chars = 0;
int after_tab = 0;
- unsigned long tail = ldata->read_head;
+ size_t tail = ldata->read_head;
/*
* Count the columns used for characters
@@ -1011,8 +1019,8 @@
* number of columns.
*/
while (tail != ldata->canon_head) {
- tail = (tail-1) & (N_TTY_BUF_SIZE-1);
- c = ldata->read_buf[tail];
+ tail--;
+ c = read_buf(ldata, tail);
if (c == '\t') {
after_tab = 1;
break;
@@ -1296,14 +1304,14 @@
}
if (c == REPRINT_CHAR(tty) && L_ECHO(tty) &&
L_IEXTEN(tty)) {
- unsigned long tail = ldata->canon_head;
+ size_t tail = ldata->canon_head;
finish_erasing(ldata);
echo_char(c, tty);
echo_char_raw('\n', ldata);
while (tail != ldata->read_head) {
- echo_char(ldata->read_buf[tail], tty);
- tail = (tail+1) & (N_TTY_BUF_SIZE-1);
+ echo_char(read_buf(ldata, tail), tty);
+ tail++;
}
process_echoes(tty);
return;
@@ -1356,7 +1364,7 @@
handle_newline:
raw_spin_lock_irqsave(&ldata->read_lock, flags);
- set_bit(ldata->read_head, ldata->read_flags);
+ set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
put_tty_queue_nolock(c, ldata);
ldata->canon_head = ldata->read_head;
ldata->canon_data++;
@@ -1436,19 +1444,19 @@
if (ldata->real_raw) {
raw_spin_lock_irqsave(&ldata->read_lock, cpuflags);
i = min(N_TTY_BUF_SIZE - read_cnt(ldata),
- N_TTY_BUF_SIZE - ldata->read_head);
+ N_TTY_BUF_SIZE - (ldata->read_head & (N_TTY_BUF_SIZE - 1)));
i = min(count, i);
- memcpy(ldata->read_buf + ldata->read_head, cp, i);
- ldata->read_head = (ldata->read_head + i) & (N_TTY_BUF_SIZE-1);
+ memcpy(read_buf_addr(ldata, ldata->read_head), cp, i);
+ ldata->read_head += i;
ldata->read_cnt += i;
cp += i;
count -= i;
i = min(N_TTY_BUF_SIZE - read_cnt(ldata),
- N_TTY_BUF_SIZE - ldata->read_head);
+ N_TTY_BUF_SIZE - (ldata->read_head & (N_TTY_BUF_SIZE - 1)));
i = min(count, i);
- memcpy(ldata->read_buf + ldata->read_head, cp, i);
- ldata->read_head = (ldata->read_head + i) & (N_TTY_BUF_SIZE-1);
+ memcpy(read_buf_addr(ldata, ldata->read_head), cp, i);
+ ldata->read_head += i;
ldata->read_cnt += i;
raw_spin_unlock_irqrestore(&ldata->read_lock, cpuflags);
} else {
@@ -1739,21 +1747,21 @@
size_t n;
unsigned long flags;
bool is_eof;
+ size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
retval = 0;
raw_spin_lock_irqsave(&ldata->read_lock, flags);
- n = min(read_cnt(ldata), N_TTY_BUF_SIZE - ldata->read_tail);
+ n = min(read_cnt(ldata), N_TTY_BUF_SIZE - tail);
n = min(*nr, n);
raw_spin_unlock_irqrestore(&ldata->read_lock, flags);
if (n) {
- retval = copy_to_user(*b, &ldata->read_buf[ldata->read_tail], n);
+ retval = copy_to_user(*b, read_buf_addr(ldata, tail), n);
n -= retval;
- is_eof = n == 1 &&
- ldata->read_buf[ldata->read_tail] == EOF_CHAR(tty);
- tty_audit_add_data(tty, &ldata->read_buf[ldata->read_tail], n,
+ is_eof = n == 1 && read_buf(ldata, tail) == EOF_CHAR(tty);
+ tty_audit_add_data(tty, read_buf_addr(ldata, tail), n,
ldata->icanon);
raw_spin_lock_irqsave(&ldata->read_lock, flags);
- ldata->read_tail = (ldata->read_tail + n) & (N_TTY_BUF_SIZE-1);
+ ldata->read_tail += n;
ldata->read_cnt -= n;
/* Turn single EOF into zero-length read */
if (L_EXTPROC(tty) && ldata->icanon && is_eof && !read_cnt(ldata))
@@ -1785,8 +1793,9 @@
struct n_tty_data *ldata = tty->disc_data;
unsigned long flags;
size_t n, size, more, c;
- unsigned long eol;
- int ret, tail, found = 0;
+ size_t eol;
+ size_t tail;
+ int ret, found = 0;
/* N.B. avoid overrun if nr == 0 */
@@ -1798,10 +1807,10 @@
return 0;
}
- tail = ldata->read_tail;
+ tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
- n_tty_trace("%s: nr:%zu tail:%d n:%zu size:%zu\n",
+ n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
__func__, *nr, tail, n, size);
eol = find_next_bit(ldata->read_flags, size, tail);
@@ -1818,21 +1827,21 @@
n = (found + eol + size) & (N_TTY_BUF_SIZE - 1);
c = n;
- if (found && ldata->read_buf[eol] == __DISABLED_CHAR)
+ if (found && read_buf(ldata, eol) == __DISABLED_CHAR)
n--;
- n_tty_trace("%s: eol:%lu found:%d n:%zu c:%zu size:%zu more:%zu\n",
+ n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu size:%zu more:%zu\n",
__func__, eol, found, n, c, size, more);
raw_spin_unlock_irqrestore(&ldata->read_lock, flags);
if (n > size) {
- ret = copy_to_user(*b, &ldata->read_buf[tail], size);
+ ret = copy_to_user(*b, read_buf_addr(ldata, tail), size);
if (ret)
return -EFAULT;
ret = copy_to_user(*b + size, ldata->read_buf, n - size);
} else
- ret = copy_to_user(*b, &ldata->read_buf[tail], n);
+ ret = copy_to_user(*b, read_buf_addr(ldata, tail), n);
if (ret)
return -EFAULT;
@@ -1840,7 +1849,7 @@
*nr -= n;
raw_spin_lock_irqsave(&ldata->read_lock, flags);
- ldata->read_tail = (ldata->read_tail + c) & (N_TTY_BUF_SIZE - 1);
+ ldata->read_tail += c;
ldata->read_cnt -= c;
if (found) {
__clear_bit(eol, ldata->read_flags);
@@ -2230,19 +2239,19 @@
static unsigned long inq_canon(struct n_tty_data *ldata)
{
- int nr, head, tail;
+ size_t nr, head, tail;
if (!ldata->canon_data)
return 0;
head = ldata->canon_head;
tail = ldata->read_tail;
- nr = (head - tail) & (N_TTY_BUF_SIZE-1);
+ nr = head - tail;
/* Skip EOF-chars.. */
while (head != tail) {
- if (test_bit(tail, ldata->read_flags) &&
- ldata->read_buf[tail] == __DISABLED_CHAR)
+ if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
+ read_buf(ldata, tail) == __DISABLED_CHAR)
nr--;
- tail = (tail+1) & (N_TTY_BUF_SIZE-1);
+ tail++;
}
return nr;
}