Changeset 27526e87 in mainline


Ignore:
Timestamp:
2008-09-09T19:24:42Z (16 years ago)
Author:
Jakub Jermar <jakub@…>
Branches:
lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export
Children:
0320823
Parents:
e40e3007
Message:

Kernel's ipc_data_t and uspace's ipc_call_t must be in sync.

This commit fixes a problem introduced in revision 3362, when
ipc_data_t was enlarged by the caller_phone member. This resulted
in sys_ipc_wait_for_call() passing larger structure to uspace
than requested, leading to a random damage of userspace memory.

Location:
kernel/generic
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • kernel/generic/include/ipc/ipc.h

    re40e3007 r27526e87  
    261261        unative_t args[IPC_CALL_LEN];
    262262        phone_t *phone;
     263} ipc_data_t;
     264
     265typedef struct {
     266        link_t link;
     267
     268        int flags;
     269
     270        /** Identification of the caller. */
     271        struct task *sender;
     272        /** The caller box is different from sender->answerbox for synchronous
     273         *  calls. */
     274        answerbox_t *callerbox;
     275
     276        /** Private data to internal IPC. */
     277        unative_t priv;
     278
     279        /** Data passed from/to userspace. */
     280        ipc_data_t data;
     281
     282        /** Buffer for IPC_M_DATA_WRITE and IPC_M_DATA_READ. */
     283        uint8_t *buffer;
     284
    263285        /*
    264286         * The forward operation can masquerade the caller phone. For those
     
    267289         */
    268290        phone_t *caller_phone;
    269 } ipc_data_t;
    270 
    271 typedef struct {
    272         link_t link;
    273 
    274         int flags;
    275 
    276         /** Identification of the caller. */
    277         struct task *sender;
    278         /** The caller box is different from sender->answerbox for synchronous
    279          *  calls. */
    280         answerbox_t *callerbox;
    281 
    282         /** Private data to internal IPC. */
    283         unative_t priv;
    284 
    285         /** Data passed from/to userspace. */
    286         ipc_data_t data;
    287 
    288         /** Buffer for IPC_M_DATA_WRITE and IPC_M_DATA_READ. */
    289         uint8_t *buffer;
    290291} call_t;
    291292

  • kernel/generic/src/ipc/ipc.c

    re40e3007 r27526e87  
    202202
    203203        if (call->flags & IPC_CALL_FORWARDED) {
    204                 if (call->data.caller_phone) {
     204                if (call->caller_phone) {
    205205                        /* Demasquerade the caller phone. */
    206                         call->data.phone = call->data.caller_phone;
     206                        call->data.phone = call->caller_phone;
    207207                }
    208208        }
     
    361361
    362362        if (mode & IPC_FF_ROUTE_FROM_ME) {
    363                 if (!call->data.caller_phone)
    364                         call->data.caller_phone = call->data.phone;
     363                if (!call->caller_phone)
     364                        call->caller_phone = call->data.phone;
    365365                call->data.phone = newphone;
    366366        }
Note: See TracChangeset for help on using the changeset viewer.