* @APPLE_OSREFERENCE_LICENSE_HEADER_END@
*/
+#define DISABLE_DATAQUEUE_WARNING
+
#include <IOKit/IODataQueue.h>
+
+#undef DISABLE_DATAQUEUE_WARNING
+
#include <IOKit/IODataQueueShared.h>
#include <IOKit/IOLib.h>
#include <IOKit/IOMemoryDescriptor.h>
+#include <libkern/OSAtomic.h>
#ifdef enqueue
#undef enqueue
return false;
}
+ if (size > UINT32_MAX - DATA_QUEUE_MEMORY_HEADER_SIZE) {
+ return false;
+ }
+
allocSize = round_page(size + DATA_QUEUE_MEMORY_HEADER_SIZE);
if (allocSize < size) {
if (dataQueue == 0) {
return false;
}
+ bzero(dataQueue, allocSize);
dataQueue->queueSize = size;
- dataQueue->head = 0;
- dataQueue->tail = 0;
+// dataQueue->head = 0;
+// dataQueue->tail = 0;
+
+ if (!notifyMsg) {
+ notifyMsg = IOMalloc(sizeof(mach_msg_header_t));
+ if (!notifyMsg)
+ return false;
+ }
+ bzero(notifyMsg, sizeof(mach_msg_header_t));
return true;
}
Boolean IODataQueue::initWithEntries(UInt32 numEntries, UInt32 entrySize)
{
+ // Checking overflow for (numEntries + 1)*(entrySize + DATA_QUEUE_ENTRY_HEADER_SIZE):
+ // check (entrySize + DATA_QUEUE_ENTRY_HEADER_SIZE)
+ if ((entrySize > UINT32_MAX - DATA_QUEUE_ENTRY_HEADER_SIZE) ||
+ // check (numEntries + 1)
+ (numEntries > UINT32_MAX-1) ||
+ // check (numEntries + 1)*(entrySize + DATA_QUEUE_ENTRY_HEADER_SIZE)
+ (entrySize + DATA_QUEUE_ENTRY_HEADER_SIZE > UINT32_MAX/(numEntries+1))) {
+ return false;
+ }
+
return (initWithCapacity((numEntries + 1) * (DATA_QUEUE_ENTRY_HEADER_SIZE + entrySize)));
}
{
if (dataQueue) {
IOFreeAligned(dataQueue, round_page(dataQueue->queueSize + DATA_QUEUE_MEMORY_HEADER_SIZE));
+ dataQueue = NULL;
+
+ if (notifyMsg) {
+ IOFree(notifyMsg, sizeof(mach_msg_header_t));
+ notifyMsg = NULL;
+ }
}
super::free();
const UInt32 entrySize = dataSize + DATA_QUEUE_ENTRY_HEADER_SIZE;
IODataQueueEntry * entry;
+ // Check for overflow of entrySize
+ if (dataSize > UINT32_MAX - DATA_QUEUE_ENTRY_HEADER_SIZE) {
+ return false;
+ }
+ // Check for underflow of (dataQueue->queueSize - tail)
+ if (dataQueue->queueSize < tail) {
+ return false;
+ }
+
if ( tail >= head )
{
// Is there enough room at the end for the entry?
- if ( (tail + entrySize) <= dataQueue->queueSize )
+ if ((entrySize <= UINT32_MAX - tail) &&
+ ((tail + entrySize) <= dataQueue->queueSize) )
{
entry = (IODataQueueEntry *)((UInt8 *)dataQueue->queue + tail);
// The tail can be out of bound when the size of the new entry
// exactly matches the available space at the end of the queue.
// The tail can range from 0 to dataQueue->queueSize inclusive.
-
- dataQueue->tail += entrySize;
+
+ OSAddAtomic(entrySize, (SInt32 *)&dataQueue->tail);
}
- else if ( head > entrySize ) // Is there enough room at the beginning?
+ else if ( head > entrySize ) // Is there enough room at the beginning?
{
// Wrap around to the beginning, but do not allow the tail to catch
// up to the head.
}
memcpy(&dataQueue->queue->data, data, dataSize);
- dataQueue->tail = entrySize;
+ OSCompareAndSwap(dataQueue->tail, entrySize, &dataQueue->tail);
}
else
{
- return false; // queue is full
+ return false; // queue is full
}
}
else
entry->size = dataSize;
memcpy(&entry->data, data, dataSize);
- dataQueue->tail += entrySize;
+ OSAddAtomic(entrySize, (SInt32 *)&dataQueue->tail);
}
else
{
- return false; // queue is full
+ return false; // queue is full
}
}
// Send notification (via mach message) that data is available.
- if ( ( head == tail ) /* queue was empty prior to enqueue() */
+ if ( ( head == tail ) /* queue was empty prior to enqueue() */
|| ( dataQueue->head == tail ) ) /* queue was emptied during enqueue() */
{
sendDataAvailableNotification();
void IODataQueue::setNotificationPort(mach_port_t port)
{
- static struct _notifyMsg init_msg = { {
- MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0),
- sizeof (struct _notifyMsg),
- MACH_PORT_NULL,
- MACH_PORT_NULL,
- 0,
- 0
- } };
+ mach_msg_header_t * msgh = (mach_msg_header_t *) notifyMsg;
- if (notifyMsg == 0) {
- notifyMsg = IOMalloc(sizeof(struct _notifyMsg));
+ if (msgh) {
+ bzero(msgh, sizeof(mach_msg_header_t));
+ msgh->msgh_bits = MACH_MSGH_BITS(MACH_MSG_TYPE_COPY_SEND, 0);
+ msgh->msgh_size = sizeof(mach_msg_header_t);
+ msgh->msgh_remote_port = port;
}
-
- *((struct _notifyMsg *)notifyMsg) = init_msg;
-
- ((struct _notifyMsg *)notifyMsg)->h.msgh_remote_port = port;
}
void IODataQueue::sendDataAvailableNotification()
{
- kern_return_t kr;
- mach_msg_header_t * msgh;
+ kern_return_t kr;
+ mach_msg_header_t * msgh;
- msgh = (mach_msg_header_t *)notifyMsg;
+ msgh = (mach_msg_header_t *) notifyMsg;
if (msgh && msgh->msgh_remote_port) {
- kr = mach_msg_send_from_kernel_proper(msgh, msgh->msgh_size);
+ kr = mach_msg_send_from_kernel_with_options(msgh, msgh->msgh_size, MACH_SEND_TIMEOUT, MACH_MSG_TIMEOUT_NONE);
switch(kr) {
- case MACH_SEND_TIMED_OUT: // Notification already sent
+ case MACH_SEND_TIMED_OUT: // Notification already sent
case MACH_MSG_SUCCESS:
+ case MACH_SEND_NO_BUFFER:
break;
default:
IOLog("%s: dataAvailableNotification failed - msg_send returned: %d\n", /*getName()*/"IODataQueue", kr);
return descriptor;
}
+
projects / apple / xnu.git / blobdiff