Seregon/zftpd

Zero-copy FTP/HTTP Daemon compatible with all POSIX systems

C/11.0 KB/No license
src/ftp_buffer_pool.c
raw
zftpd / src / ftp_buffer_pool.c
1/*
2MIT License
3 
4Copyright (c) 2026 Seregon
5 
6Permission is hereby granted, free of charge, to any person obtaining a copy
7of this software and associated documentation files (the "Software"), to deal
8in the Software without restriction, including without limitation the rights
9to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10copies of the Software, and to permit persons to whom the Software is
11furnished to do so, subject to the following conditions:
12 
13The above copyright notice and this permission notice shall be included in all
14copies or substantial portions of the Software.
15 
16THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
19AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22SOFTWARE.
23*/
24/**
25 * @file ftp_buffer_pool.h
26 * @brief FTP stream buffer pool
27 *
28 * @author Seregon
29 * @version 1.0.0
30 *
31 * PLATFORMS: FreeBSD (PS4/PS5 kqueue), Linux (epoll)
32 * DESIGN: Single-threaded, non-blocking I/O
33 *
34 */
35#include "ftp_buffer_pool.h"
36 
37#include "ftp_config.h"
38#include <stdatomic.h>
39#include <stdint.h>
40 
41#ifndef FTP_STREAM_BUFFER_SIZE
42#define FTP_STREAM_BUFFER_SIZE 65536U
43#endif
44 
45#ifndef FTP_STREAM_BUFFER_COUNT
46#define FTP_STREAM_BUFFER_COUNT FTP_MAX_SESSIONS
47#endif
48 
49static _Alignas(64) uint8_t
50 g_stream_buffers[FTP_STREAM_BUFFER_COUNT][FTP_STREAM_BUFFER_SIZE];
51static atomic_uint_fast32_t g_stream_buffer_mask = ATOMIC_VAR_INIT(0U);
52 
53/*
54 * VULN-06 fix: guard against 1U << i undefined behavior
55 *
56 * FTP_MAX_SESSIONS up to 256 is allowed by ftp_config.h,
57 * but the bitmask is uint_fast32_t (may be 32-bit on ARM).
58 * If BUFFER_COUNT > bit width, slots beyond bit 31 are
59 * invisible and those sessions can never acquire a buffer.
60 *
61 * This assert fires at compile time if misconfigured.
62 */
63_Static_assert(FTP_STREAM_BUFFER_COUNT <= (sizeof(uint_fast32_t) * 8U),
64 "FTP_STREAM_BUFFER_COUNT exceeds atomic bitmask width "
65 "(reduce FTP_MAX_SESSIONS or widen the mask type)");
66 
67void *ftp_buffer_acquire(void) {
68 for (;;) {
69 uint_fast32_t mask = atomic_load(&g_stream_buffer_mask);
70 
71 uint_fast32_t found = 0U;
72 for (uint_fast32_t i = 0U; i < (uint_fast32_t)FTP_STREAM_BUFFER_COUNT;
73 i++) {
74 uint_fast32_t bit = 1U << i;
75 if ((mask & bit) != 0U) {
76 continue;
77 }
78 
79 uint_fast32_t expected = mask;
80 uint_fast32_t desired = mask | bit;
81 if (atomic_compare_exchange_strong(&g_stream_buffer_mask, &expected,
82 desired)) {
83 return (void *)g_stream_buffers[i];
84 }
85 
86 found = 1U;
87 break; /* CAS failed, re-read mask from outer loop */
88 }
89 
90 /*
91 * If CAS failed (found==1), the outer loop retries with a fresh mask.
92 * If no free slot was found (found==0), check if mask changed
93 * since we read it; if unchanged, all buffers are truly occupied.
94 */
95 if ((found == 0U) && (mask == atomic_load(&g_stream_buffer_mask))) {
96 return NULL;
97 }
98 }
99}
100 
101void ftp_buffer_release(void *buffer) {
102 if (buffer == NULL) {
103 return;
104 }
105 
106 for (uint_fast32_t i = 0U; i < (uint_fast32_t)FTP_STREAM_BUFFER_COUNT; i++) {
107 if ((void *)g_stream_buffers[i] == buffer) {
108 uint_fast32_t bit = 1U << i;
109 (void)atomic_fetch_and(&g_stream_buffer_mask, ~bit);
110 return;
111 }
112 }
113}
114 
115size_t ftp_buffer_size(void) { return (size_t)FTP_STREAM_BUFFER_SIZE; }
116