Opened 14 years ago

Closed 14 years ago

#138 closed defect (fixed)

Sync call answer may refer to a non-existent answerbox.

Reported by: Tomas Brambora Owned by: Jakub Jermář
Priority: major Milestone: 0.4.2
Component: helenos/kernel/generic Version: mainline
Keywords: ipc Cc:
Blocker for: Depends on:
See also:

Description

If wait_for_call() is interrupted in sync_call, the answerbox gets deallocated which renders the pointer to the caller answerbox in the call stale.

Change History (2)

comment:1 by Jakub Jermář, 14 years ago

Component: unspecifiedkernel/generic
Keywords: ipc added
Owner: set to Jakub Jermář
Status: newassigned

comment:2 by Jakub Jermář, 14 years ago

Resolution: fixed
Status: assignedclosed

Fixed in changeset:head,142.

Actually the call structure used by sys_ipc_call_sync() was also allocated statically, so it suffered the same problem as the answerbox from ipc_call_sync().

The call and the answerbox are now allocated dynamically. I introduced a per-task list of synchronous answerboxes with pending answers. This list is cleaned up by ipc_cleanup(). The fix guarantees roughly the following:

  • no panic due to referencing variables that once lived on the stack
  • no uninterruptible wait for someone else to answer the call
    • the situation is now the same as for the asynchronous calls - we wait for the answer anyway in ipc_cleanup, but only after we have hung up all phones
  • no memory leak of the call and answerbox structures, provided that the interrupted thread exits before reaching userspace again (which holds)
Note: See TracTickets for help on using tickets.