Changeset 26a6ed4 in mainline

Timestamp:

2018-03-11T07:35:05Z (6 years ago)

Author:

Jakub Jermar <jakub@…>

Children:

bbf38ad

Parents:

813fc8c

git-author:

Jakub Jermar <jakub@…> (2018-03-10 18:18:12)

git-committer:

Jakub Jermar <jakub@…> (2018-03-11 07:35:05)

Message:

Allow phone_alloc to not publish the capability

This makes it possible and race-free to defer publishing the new
capability until the phone object is connected.

Location:

kernel/generic

Files:

• include/ipc/ipcrsc.h (modified) (1 diff)
• src/ipc/ipcrsc.c (modified) (3 diffs)
• src/ipc/kbox.c (modified) (1 diff)
• src/ipc/ops/conctmeto.c (modified) (1 diff)
• src/ipc/ops/concttome.c (modified) (1 diff)
• src/proc/task.c (modified) (1 diff)

kernel/generic/include/ipc/ipcrsc.h

@@ -40 +40 @@
 #include <cap/cap.h>
 
-extern errno_t phone_alloc(task_t *, cap_handle_t *);
+extern errno_t phone_alloc(task_t *, bool, cap_handle_t *, kobject_t **);
 extern bool phone_connect(cap_handle_t, answerbox_t *);
 extern void phone_dealloc(cap_handle_t);

kernel/generic/src/ipc/ipcrsc.c

@@ -150 +150 @@
 /** Allocate new phone in the specified task.
  *
- * @param task  Task for which to allocate a new phone.
- *
- * @param[out] out_handle  New phone capability handle.
+ * @param[in]  task     Task for which to allocate a new phone.
+ * @param[in]  publish  If true, the new capability will be published.
+ * @param[out] phandle  New phone capability handle.
+ * @param[out] kobject  New phone kobject.
  *
  * @return  An error code if a new capability cannot be allocated.
  */
-errno_t phone_alloc(task_t *task, cap_handle_t *out_handle)
+errno_t phone_alloc(task_t *task, bool publish, cap_handle_t *phandle,
+    kobject_t **kobject)
 {
         cap_handle_t handle;
@@ -166 +168 @@
                         return ENOMEM;
                 }
-                kobject_t *kobject = malloc(sizeof(kobject_t), FRAME_ATOMIC);
-                if (!kobject) {
+                kobject_t *kobj = malloc(sizeof(kobject_t), FRAME_ATOMIC);
+                if (!kobj) {
                         cap_free(TASK, handle);
                         slab_free(phone_cache, phone);
@@ -176 +178 @@
                 phone->state = IPC_PHONE_CONNECTING;
 
-                kobject_initialize(kobject, KOBJECT_TYPE_PHONE, phone,
+                kobject_initialize(kobj, KOBJECT_TYPE_PHONE, phone,
                     &phone_kobject_ops);
-                phone->kobject = kobject;
-
-                cap_publish(task, handle, kobject);
-
-                *out_handle = handle;
+                phone->kobject = kobj;
+
+                if (publish)
+                        cap_publish(task, handle, kobj);
+
+                *phandle = handle;
+                if (kobject)
+                        *kobject = kobj;
         }
         return rc;

kernel/generic/src/ipc/kbox.c

@@ -253 +253 @@
         /* Allocate a new phone. */
         cap_handle_t phone_handle;
-        errno_t rc = phone_alloc(TASK, &phone_handle);
+        errno_t rc = phone_alloc(TASK, true, &phone_handle, NULL);
         if (rc != EOK) {
                 mutex_unlock(&task->kb.cleanup_lock);

kernel/generic/src/ipc/ops/conctmeto.c

@@ -42 +42 @@
 static errno_t request_preprocess(call_t *call, phone_t *phone)
 {
+        /*
+         * Create the new phone and capability, but don't publish them yet.
+         * That will be done once the phone is connected.
+         */
         cap_handle_t phone_handle;
-        errno_t rc = phone_alloc(TASK, &phone_handle);
+        kobject_t *phone_obj;
+        errno_t rc = phone_alloc(TASK, false, &phone_handle, &phone_obj);
         if (rc != EOK) {
                 call->priv = -1;
                 return rc;
-        }
-
-        /*
-         * The capability is now published, but the phone is not connected yet.
-         * The user cannot use it to send anything over it, in fact the
-         * userspace can only unpublish and free the capability at this point.
-         *
-         * We now proceed to test the capability is still there. We don't care
-         * if the user destroyed the old one and recreated a new published one
-         * of the same type under the same handle.
-         *
-         * If the capability is in place we temporarily unpublish it to make
-         * sure the user cannot fiddle with it while we are connecting.
-         */
-
-        kobject_t *phone_obj = cap_unpublish(TASK, phone_handle,
-            KOBJECT_TYPE_PHONE);
-        if (!phone_obj) {
-                /*
-                 * Another thread of the same task can destroy the new
-                 * capability before we manage to get a reference from it.
-                 */
-                call->priv = -1;
-                return ENOENT;
         }
 

kernel/generic/src/ipc/ops/concttome.c

@@ -43 +43 @@
 {
         cap_handle_t phone_handle;
-        errno_t rc = phone_alloc(TASK, &phone_handle);
+        errno_t rc = phone_alloc(TASK, true, &phone_handle, NULL);
         IPC_SET_ARG5(call->data, (rc == EOK) ? phone_handle : -1);
         return 0;

kernel/generic/src/proc/task.c

@@ -246 +246 @@
             (container_check(ipc_box_0->task->container, task->container))) {
                 cap_handle_t phone_handle;
-                errno_t rc = phone_alloc(task, &phone_handle);
+                errno_t rc = phone_alloc(task, true, &phone_handle, NULL);
                 if (rc != EOK) {
                         task->as = NULL;