Changeset bde48fa in mainline


Ignore:
Timestamp:
2018-03-13T18:01:47Z (6 years ago)
Author:
Jakub Jermar <jakub@…>
Branches:
lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export
Children:
de1074b
Parents:
ca61894
git-author:
Jakub Jermar <jakub@…> (2018-03-04 17:39:45)
git-committer:
Jakub Jermar <jakub@…> (2018-03-13 18:01:47)
Message:

Fix race condition

The capability created by phone_alloc() may get destroyed before
kobject_get(), so we must test kobject_get() return value.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • kernel/generic/src/ipc/ops/conctmeto.c

    rca61894 rbde48fa  
    5252        }
    5353
    54         /* Set arg5 for server */
     54        /* Set ARG5 for server */
    5555        kobject_t *phone_obj = kobject_get(TASK, phone_handle,
    5656            KOBJECT_TYPE_PHONE);
     57        if (!phone_obj) {
     58                /*
     59                 * Another thread of the same task can destroy the new
     60                 * capability before we manage to get a reference from it.
     61                 */
     62                call->priv = -1;
     63                return ENOENT;
     64        }
    5765        /* Hand over phone_obj's reference to ARG5 */
    5866        IPC_SET_ARG5(call->data, (sysarg_t) phone_obj->phone);
Note: See TracChangeset for help on using the changeset viewer.