cipso: unsigned buf_len cannot be negative
[linux-2.6/next.git] / drivers / char / tty_buffer.c
blob810ee25d66a48fa5042c84b7f4cf47f0a870ef4e
1 /*
2 * Tty buffer allocation management
3 */
5 #include <linux/types.h>
6 #include <linux/errno.h>
7 #include <linux/tty.h>
8 #include <linux/tty_driver.h>
9 #include <linux/tty_flip.h>
10 #include <linux/timer.h>
11 #include <linux/string.h>
12 #include <linux/slab.h>
13 #include <linux/sched.h>
14 #include <linux/init.h>
15 #include <linux/wait.h>
16 #include <linux/bitops.h>
17 #include <linux/delay.h>
18 #include <linux/module.h>
20 /**
21 * tty_buffer_free_all - free buffers used by a tty
22 * @tty: tty to free from
24 * Remove all the buffers pending on a tty whether queued with data
25 * or in the free ring. Must be called when the tty is no longer in use
27 * Locking: none
30 void tty_buffer_free_all(struct tty_struct *tty)
32 struct tty_buffer *thead;
33 while ((thead = tty->buf.head) != NULL) {
34 tty->buf.head = thead->next;
35 kfree(thead);
37 while ((thead = tty->buf.free) != NULL) {
38 tty->buf.free = thead->next;
39 kfree(thead);
41 tty->buf.tail = NULL;
42 tty->buf.memory_used = 0;
45 /**
46 * tty_buffer_alloc - allocate a tty buffer
47 * @tty: tty device
48 * @size: desired size (characters)
50 * Allocate a new tty buffer to hold the desired number of characters.
51 * Return NULL if out of memory or the allocation would exceed the
52 * per device queue
54 * Locking: Caller must hold tty->buf.lock
57 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
59 struct tty_buffer *p;
61 if (tty->buf.memory_used + size > 65536)
62 return NULL;
63 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
64 if (p == NULL)
65 return NULL;
66 p->used = 0;
67 p->size = size;
68 p->next = NULL;
69 p->commit = 0;
70 p->read = 0;
71 p->char_buf_ptr = (char *)(p->data);
72 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
73 tty->buf.memory_used += size;
74 return p;
77 /**
78 * tty_buffer_free - free a tty buffer
79 * @tty: tty owning the buffer
80 * @b: the buffer to free
82 * Free a tty buffer, or add it to the free list according to our
83 * internal strategy
85 * Locking: Caller must hold tty->buf.lock
88 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
90 /* Dumb strategy for now - should keep some stats */
91 tty->buf.memory_used -= b->size;
92 WARN_ON(tty->buf.memory_used < 0);
94 if (b->size >= 512)
95 kfree(b);
96 else {
97 b->next = tty->buf.free;
98 tty->buf.free = b;
103 * __tty_buffer_flush - flush full tty buffers
104 * @tty: tty to flush
106 * flush all the buffers containing receive data. Caller must
107 * hold the buffer lock and must have ensured no parallel flush to
108 * ldisc is running.
110 * Locking: Caller must hold tty->buf.lock
113 static void __tty_buffer_flush(struct tty_struct *tty)
115 struct tty_buffer *thead;
117 while ((thead = tty->buf.head) != NULL) {
118 tty->buf.head = thead->next;
119 tty_buffer_free(tty, thead);
121 tty->buf.tail = NULL;
125 * tty_buffer_flush - flush full tty buffers
126 * @tty: tty to flush
128 * flush all the buffers containing receive data. If the buffer is
129 * being processed by flush_to_ldisc then we defer the processing
130 * to that function
132 * Locking: none
135 void tty_buffer_flush(struct tty_struct *tty)
137 unsigned long flags;
138 spin_lock_irqsave(&tty->buf.lock, flags);
140 /* If the data is being pushed to the tty layer then we can't
141 process it here. Instead set a flag and the flush_to_ldisc
142 path will process the flush request before it exits */
143 if (test_bit(TTY_FLUSHING, &tty->flags)) {
144 set_bit(TTY_FLUSHPENDING, &tty->flags);
145 spin_unlock_irqrestore(&tty->buf.lock, flags);
146 wait_event(tty->read_wait,
147 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
148 return;
149 } else
150 __tty_buffer_flush(tty);
151 spin_unlock_irqrestore(&tty->buf.lock, flags);
155 * tty_buffer_find - find a free tty buffer
156 * @tty: tty owning the buffer
157 * @size: characters wanted
159 * Locate an existing suitable tty buffer or if we are lacking one then
160 * allocate a new one. We round our buffers off in 256 character chunks
161 * to get better allocation behaviour.
163 * Locking: Caller must hold tty->buf.lock
166 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
168 struct tty_buffer **tbh = &tty->buf.free;
169 while ((*tbh) != NULL) {
170 struct tty_buffer *t = *tbh;
171 if (t->size >= size) {
172 *tbh = t->next;
173 t->next = NULL;
174 t->used = 0;
175 t->commit = 0;
176 t->read = 0;
177 tty->buf.memory_used += t->size;
178 return t;
180 tbh = &((*tbh)->next);
182 /* Round the buffer size out */
183 size = (size + 0xFF) & ~0xFF;
184 return tty_buffer_alloc(tty, size);
185 /* Should possibly check if this fails for the largest buffer we
186 have queued and recycle that ? */
190 * tty_buffer_request_room - grow tty buffer if needed
191 * @tty: tty structure
192 * @size: size desired
194 * Make at least size bytes of linear space available for the tty
195 * buffer. If we fail return the size we managed to find.
197 * Locking: Takes tty->buf.lock
199 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
201 struct tty_buffer *b, *n;
202 int left;
203 unsigned long flags;
205 spin_lock_irqsave(&tty->buf.lock, flags);
207 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
208 remove this conditional if its worth it. This would be invisible
209 to the callers */
210 if ((b = tty->buf.tail) != NULL)
211 left = b->size - b->used;
212 else
213 left = 0;
215 if (left < size) {
216 /* This is the slow path - looking for new buffers to use */
217 if ((n = tty_buffer_find(tty, size)) != NULL) {
218 if (b != NULL) {
219 b->next = n;
220 b->commit = b->used;
221 } else
222 tty->buf.head = n;
223 tty->buf.tail = n;
224 } else
225 size = left;
228 spin_unlock_irqrestore(&tty->buf.lock, flags);
229 return size;
231 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
234 * tty_insert_flip_string - Add characters to the tty buffer
235 * @tty: tty structure
236 * @chars: characters
237 * @size: size
239 * Queue a series of bytes to the tty buffering. All the characters
240 * passed are marked as without error. Returns the number added.
242 * Locking: Called functions may take tty->buf.lock
245 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
246 size_t size)
248 int copied = 0;
249 do {
250 int space = tty_buffer_request_room(tty, size - copied);
251 struct tty_buffer *tb = tty->buf.tail;
252 /* If there is no space then tb may be NULL */
253 if (unlikely(space == 0))
254 break;
255 memcpy(tb->char_buf_ptr + tb->used, chars, space);
256 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
257 tb->used += space;
258 copied += space;
259 chars += space;
260 /* There is a small chance that we need to split the data over
261 several buffers. If this is the case we must loop */
262 } while (unlikely(size > copied));
263 return copied;
265 EXPORT_SYMBOL(tty_insert_flip_string);
268 * tty_insert_flip_string_flags - Add characters to the tty buffer
269 * @tty: tty structure
270 * @chars: characters
271 * @flags: flag bytes
272 * @size: size
274 * Queue a series of bytes to the tty buffering. For each character
275 * the flags array indicates the status of the character. Returns the
276 * number added.
278 * Locking: Called functions may take tty->buf.lock
281 int tty_insert_flip_string_flags(struct tty_struct *tty,
282 const unsigned char *chars, const char *flags, size_t size)
284 int copied = 0;
285 do {
286 int space = tty_buffer_request_room(tty, size - copied);
287 struct tty_buffer *tb = tty->buf.tail;
288 /* If there is no space then tb may be NULL */
289 if (unlikely(space == 0))
290 break;
291 memcpy(tb->char_buf_ptr + tb->used, chars, space);
292 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
293 tb->used += space;
294 copied += space;
295 chars += space;
296 flags += space;
297 /* There is a small chance that we need to split the data over
298 several buffers. If this is the case we must loop */
299 } while (unlikely(size > copied));
300 return copied;
302 EXPORT_SYMBOL(tty_insert_flip_string_flags);
305 * tty_schedule_flip - push characters to ldisc
306 * @tty: tty to push from
308 * Takes any pending buffers and transfers their ownership to the
309 * ldisc side of the queue. It then schedules those characters for
310 * processing by the line discipline.
312 * Locking: Takes tty->buf.lock
315 void tty_schedule_flip(struct tty_struct *tty)
317 unsigned long flags;
318 spin_lock_irqsave(&tty->buf.lock, flags);
319 if (tty->buf.tail != NULL)
320 tty->buf.tail->commit = tty->buf.tail->used;
321 spin_unlock_irqrestore(&tty->buf.lock, flags);
322 schedule_delayed_work(&tty->buf.work, 1);
324 EXPORT_SYMBOL(tty_schedule_flip);
327 * tty_prepare_flip_string - make room for characters
328 * @tty: tty
329 * @chars: return pointer for character write area
330 * @size: desired size
332 * Prepare a block of space in the buffer for data. Returns the length
333 * available and buffer pointer to the space which is now allocated and
334 * accounted for as ready for normal characters. This is used for drivers
335 * that need their own block copy routines into the buffer. There is no
336 * guarantee the buffer is a DMA target!
338 * Locking: May call functions taking tty->buf.lock
341 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
342 size_t size)
344 int space = tty_buffer_request_room(tty, size);
345 if (likely(space)) {
346 struct tty_buffer *tb = tty->buf.tail;
347 *chars = tb->char_buf_ptr + tb->used;
348 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
349 tb->used += space;
351 return space;
353 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
356 * tty_prepare_flip_string_flags - make room for characters
357 * @tty: tty
358 * @chars: return pointer for character write area
359 * @flags: return pointer for status flag write area
360 * @size: desired size
362 * Prepare a block of space in the buffer for data. Returns the length
363 * available and buffer pointer to the space which is now allocated and
364 * accounted for as ready for characters. This is used for drivers
365 * that need their own block copy routines into the buffer. There is no
366 * guarantee the buffer is a DMA target!
368 * Locking: May call functions taking tty->buf.lock
371 int tty_prepare_flip_string_flags(struct tty_struct *tty,
372 unsigned char **chars, char **flags, size_t size)
374 int space = tty_buffer_request_room(tty, size);
375 if (likely(space)) {
376 struct tty_buffer *tb = tty->buf.tail;
377 *chars = tb->char_buf_ptr + tb->used;
378 *flags = tb->flag_buf_ptr + tb->used;
379 tb->used += space;
381 return space;
383 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
388 * flush_to_ldisc
389 * @work: tty structure passed from work queue.
391 * This routine is called out of the software interrupt to flush data
392 * from the buffer chain to the line discipline.
394 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
395 * while invoking the line discipline receive_buf method. The
396 * receive_buf method is single threaded for each tty instance.
399 static void flush_to_ldisc(struct work_struct *work)
401 struct tty_struct *tty =
402 container_of(work, struct tty_struct, buf.work.work);
403 unsigned long flags;
404 struct tty_ldisc *disc;
405 struct tty_buffer *tbuf, *head;
406 char *char_buf;
407 unsigned char *flag_buf;
409 disc = tty_ldisc_ref(tty);
410 if (disc == NULL) /* !TTY_LDISC */
411 return;
413 spin_lock_irqsave(&tty->buf.lock, flags);
414 /* So we know a flush is running */
415 set_bit(TTY_FLUSHING, &tty->flags);
416 head = tty->buf.head;
417 if (head != NULL) {
418 tty->buf.head = NULL;
419 for (;;) {
420 int count = head->commit - head->read;
421 if (!count) {
422 if (head->next == NULL)
423 break;
424 tbuf = head;
425 head = head->next;
426 tty_buffer_free(tty, tbuf);
427 continue;
429 /* Ldisc or user is trying to flush the buffers
430 we are feeding to the ldisc, stop feeding the
431 line discipline as we want to empty the queue */
432 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
433 break;
434 if (!tty->receive_room) {
435 schedule_delayed_work(&tty->buf.work, 1);
436 break;
438 if (count > tty->receive_room)
439 count = tty->receive_room;
440 char_buf = head->char_buf_ptr + head->read;
441 flag_buf = head->flag_buf_ptr + head->read;
442 head->read += count;
443 spin_unlock_irqrestore(&tty->buf.lock, flags);
444 disc->ops->receive_buf(tty, char_buf,
445 flag_buf, count);
446 spin_lock_irqsave(&tty->buf.lock, flags);
448 /* Restore the queue head */
449 tty->buf.head = head;
451 /* We may have a deferred request to flush the input buffer,
452 if so pull the chain under the lock and empty the queue */
453 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
454 __tty_buffer_flush(tty);
455 clear_bit(TTY_FLUSHPENDING, &tty->flags);
456 wake_up(&tty->read_wait);
458 clear_bit(TTY_FLUSHING, &tty->flags);
459 spin_unlock_irqrestore(&tty->buf.lock, flags);
461 tty_ldisc_deref(disc);
465 * tty_flip_buffer_push - terminal
466 * @tty: tty to push
468 * Queue a push of the terminal flip buffers to the line discipline. This
469 * function must not be called from IRQ context if tty->low_latency is set.
471 * In the event of the queue being busy for flipping the work will be
472 * held off and retried later.
474 * Locking: tty buffer lock. Driver locks in low latency mode.
477 void tty_flip_buffer_push(struct tty_struct *tty)
479 unsigned long flags;
480 spin_lock_irqsave(&tty->buf.lock, flags);
481 if (tty->buf.tail != NULL)
482 tty->buf.tail->commit = tty->buf.tail->used;
483 spin_unlock_irqrestore(&tty->buf.lock, flags);
485 if (tty->low_latency)
486 flush_to_ldisc(&tty->buf.work.work);
487 else
488 schedule_delayed_work(&tty->buf.work, 1);
490 EXPORT_SYMBOL(tty_flip_buffer_push);
493 * tty_buffer_init - prepare a tty buffer structure
494 * @tty: tty to initialise
496 * Set up the initial state of the buffer management for a tty device.
497 * Must be called before the other tty buffer functions are used.
499 * Locking: none
502 void tty_buffer_init(struct tty_struct *tty)
504 spin_lock_init(&tty->buf.lock);
505 tty->buf.head = NULL;
506 tty->buf.tail = NULL;
507 tty->buf.free = NULL;
508 tty->buf.memory_used = 0;
509 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);