Fork us on GitHub Follow us on Facebook Follow us on Twitter

Opened 7 years ago

Closed 7 years ago

#488 closed defect (fixed)

ipc_cleanup() may leave new callback connections behind

Reported by: Jakub Jermář Owned by: Jakub Jermář
Priority: major Milestone: 0.6.0
Component: helenos/kernel/generic Version: mainline
Keywords: ipc Cc:
Blocker for: Depends on:
See also:

Description

In theory, when an IPC_M_CONNECT_TO_ME call is answered after ipc_cleanup() calls ipc_answerbox_slam_phones(), the other side will have an open phone connected to the exiting task's answerbox. ipc_cleanup() will not notice this and will leave the foreign phone connected. This will sooner or later result in kernel memory corruption because the phone will be linked to unallocated memory.

Change History (2)

comment:1 Changed 7 years ago by Jakub Jermář

I am planning to fix this soon in lp:~jakub/helenos/camp2012.

comment:2 Changed 7 years ago by Jakub Jermář

Resolution: fixed
Status: newclosed

Fixed in mainline,1665.

Note: See TracTickets for help on using tickets.