Context Navigation

ipc.c@ 27526e87

Visit:

lfn serial ticket/834-toolchain-update topic/msim-upgrade topic/simplify-dev-export

Last change on this file since 27526e87 was 27526e87, checked in by Jakub Jermar <jakub@…>, 17 years ago

Kernel's ipc_data_t and uspace's ipc_call_t must be in sync.

This commit fixes a problem introduced in revision 3362, when
ipc_data_t was enlarged by the caller_phone member. This resulted
in sys_ipc_wait_for_call() passing larger structure to uspace
than requested, leading to a random damage of userspace memory.

Property mode set to 100644

File size: 17.2 KB

Line
1	/*
2	* Copyright (c) 2006 Ondrej Palkovsky
3	* All rights reserved.
4	*
5	* Redistribution and use in source and binary forms, with or without
6	* modification, are permitted provided that the following conditions
7	* are met:
8	*
9	* - Redistributions of source code must retain the above copyright
10	* notice, this list of conditions and the following disclaimer.
11	* - Redistributions in binary form must reproduce the above copyright
12	* notice, this list of conditions and the following disclaimer in the
13	* documentation and/or other materials provided with the distribution.
14	* - The name of the author may not be used to endorse or promote products
15	* derived from this software without specific prior written permission.
16	*
17	* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18	* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
19	* OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
20	* IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
21	* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
22	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
23	* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
24	* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
25	* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
26	* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27	*/
28
29	/** @addtogroup genericipc
30	* @{
31	*/
32	/** @file
33	*/
34
35	/* Lock ordering
36	*
37	* First the answerbox, then the phone.
38	*/
39
40	#include <synch/synch.h>
41	#include <synch/spinlock.h>
42	#include <synch/mutex.h>
43	#include <synch/waitq.h>
44	#include <synch/synch.h>
45	#include <ipc/ipc.h>
46	#include <errno.h>
47	#include <mm/slab.h>
48	#include <arch.h>
49	#include <proc/task.h>
50	#include <memstr.h>
51	#include <debug.h>
52
53	#include <print.h>
54	#include <proc/thread.h>
55	#include <arch/interrupt.h>
56	#include <ipc/irq.h>
57
58	/** Open channel that is assigned automatically to new tasks */
59	answerbox_t *ipc_phone_0 = NULL;
60
61	static slab_cache_t *ipc_call_slab;
62
63	/** Initialize a call structure.
64	*
65	* @param call Call structure to be initialized.
66	*/
67	static void _ipc_call_init(call_t *call)
68	{
69	memsetb(call, sizeof(*call), 0);
70	call->callerbox = &TASK->answerbox;
71	call->sender = TASK;
72	call->buffer = NULL;
73	}
74
75	/** Allocate and initialize a call structure.
76	*
77	* The call is initialized, so that the reply will be directed to
78	* TASK->answerbox.
79	*
80	* @param flags Parameters for slab_alloc (e.g FRAME_ATOMIC).
81	*
82	* @return If flags permit it, return NULL, or initialized kernel
83	* call structure.
84	*/
85	call_t *ipc_call_alloc(int flags)
86	{
87	call_t *call;
88
89	call = slab_alloc(ipc_call_slab, flags);
90	if (call)
91	_ipc_call_init(call);
92
93	return call;
94	}
95
96	/** Initialize a statically allocated call structure.
97	*
98	* @param call Statically allocated kernel call structure to be
99	* initialized.
100	*/
101	void ipc_call_static_init(call_t *call)
102	{
103	_ipc_call_init(call);
104	call->flags \|= IPC_CALL_STATIC_ALLOC;
105	}
106
107	/** Deallocate a call structure.
108	*
109	* @param call Call structure to be freed.
110	*/
111	void ipc_call_free(call_t *call)
112	{
113	ASSERT(!(call->flags & IPC_CALL_STATIC_ALLOC));
114	/* Check to see if we have data in the IPC_M_DATA_SEND buffer. */
115	if (call->buffer)
116	free(call->buffer);
117	slab_free(ipc_call_slab, call);
118	}
119
120	/** Initialize an answerbox structure.
121	*
122	* @param box Answerbox structure to be initialized.
123	* @param task Task to which the answerbox belongs.
124	*/
125	void ipc_answerbox_init(answerbox_t box, task_t task)
126	{
127	spinlock_initialize(&box->lock, "ipc_box_lock");
128	spinlock_initialize(&box->irq_lock, "ipc_box_irqlock");
129	waitq_initialize(&box->wq);
130	list_initialize(&box->connected_phones);
131	list_initialize(&box->calls);
132	list_initialize(&box->dispatched_calls);
133	list_initialize(&box->answers);
134	list_initialize(&box->irq_notifs);
135	list_initialize(&box->irq_head);
136	box->task = task;
137	}
138
139	/** Connect a phone to an answerbox.
140	*
141	* @param phone Initialized phone structure.
142	* @param box Initialized answerbox structure.
143	*/
144	void ipc_phone_connect(phone_t phone, answerbox_t box)
145	{
146	mutex_lock(&phone->lock);
147
148	phone->state = IPC_PHONE_CONNECTED;
149	phone->callee = box;
150
151	spinlock_lock(&box->lock);
152	list_append(&phone->link, &box->connected_phones);
153	spinlock_unlock(&box->lock);
154
155	mutex_unlock(&phone->lock);
156	}
157
158	/** Initialize a phone structure.
159	*
160	* @param phone Phone structure to be initialized.
161	*/
162	void ipc_phone_init(phone_t *phone)
163	{
164	mutex_initialize(&phone->lock, MUTEX_PASSIVE);
165	phone->callee = NULL;
166	phone->state = IPC_PHONE_FREE;
167	atomic_set(&phone->active_calls, 0);
168	}
169
170	/** Helper function to facilitate synchronous calls.
171	*
172	* @param phone Destination kernel phone structure.
173	* @param request Call structure with request.
174	*
175	* @return EOK on success or EINTR if the sleep was interrupted.
176	*/
177	int ipc_call_sync(phone_t phone, call_t request)
178	{
179	answerbox_t sync_box;
180
181	ipc_answerbox_init(&sync_box, TASK);
182
183	/* We will receive data in a special box. */
184	request->callerbox = &sync_box;
185
186	ipc_call(phone, request);
187	if (!ipc_wait_for_call(&sync_box, SYNCH_NO_TIMEOUT,
188	SYNCH_FLAGS_INTERRUPTIBLE))
189	return EINTR;
190	return EOK;
191	}
192
193	/** Answer a message which was not dispatched and is not listed in any queue.
194	*
195	* @param call Call structure to be answered.
196	*/
197	static void _ipc_answer_free_call(call_t *call)
198	{
199	answerbox_t *callerbox = call->callerbox;
200
201	call->flags \|= IPC_CALL_ANSWERED;
202
203	if (call->flags & IPC_CALL_FORWARDED) {
204	if (call->caller_phone) {
205	/* Demasquerade the caller phone. */
206	call->data.phone = call->caller_phone;
207	}
208	}
209
210	spinlock_lock(&callerbox->lock);
211	list_append(&call->link, &callerbox->answers);
212	spinlock_unlock(&callerbox->lock);
213	waitq_wakeup(&callerbox->wq, WAKEUP_FIRST);
214	}
215
216	/** Answer a message which is in a callee queue.
217	*
218	* @param box Answerbox that is answering the message.
219	* @param call Modified request that is being sent back.
220	*/
221	void ipc_answer(answerbox_t box, call_t call)
222	{
223	/* Remove from active box */
224	spinlock_lock(&box->lock);
225	list_remove(&call->link);
226	spinlock_unlock(&box->lock);
227	/* Send back answer */
228	_ipc_answer_free_call(call);
229	}
230
231	/** Simulate sending back a message.
232	*
233	* Most errors are better handled by forming a normal backward
234	* message and sending it as a normal answer.
235	*
236	* @param phone Phone structure the call should appear to come from.
237	* @param call Call structure to be answered.
238	* @param err Return value to be used for the answer.
239	*/
240	void ipc_backsend_err(phone_t phone, call_t call, unative_t err)
241	{
242	call->data.phone = phone;
243	atomic_inc(&phone->active_calls);
244	IPC_SET_RETVAL(call->data, err);
245	_ipc_answer_free_call(call);
246	}
247
248	/** Unsafe unchecking version of ipc_call.
249	*
250	* @param phone Phone structure the call comes from.
251	* @param box Destination answerbox structure.
252	* @param call Call structure with request.
253	*/
254	static void _ipc_call(phone_t phone, answerbox_t box, call_t *call)
255	{
256	if (!(call->flags & IPC_CALL_FORWARDED)) {
257	atomic_inc(&phone->active_calls);
258	call->data.phone = phone;
259	}
260
261	spinlock_lock(&box->lock);
262	list_append(&call->link, &box->calls);
263	spinlock_unlock(&box->lock);
264	waitq_wakeup(&box->wq, WAKEUP_FIRST);
265	}
266
267	/** Send an asynchronous request using a phone to an answerbox.
268	*
269	* @param phone Phone structure the call comes from and which is
270	* connected to the destination answerbox.
271	* @param call Call structure with request.
272	*
273	* @return Return 0 on success, ENOENT on error.
274	*/
275	int ipc_call(phone_t phone, call_t call)
276	{
277	answerbox_t *box;
278
279	mutex_lock(&phone->lock);
280	if (phone->state != IPC_PHONE_CONNECTED) {
281	mutex_unlock(&phone->lock);
282	if (call->flags & IPC_CALL_FORWARDED) {
283	IPC_SET_RETVAL(call->data, EFORWARD);
284	_ipc_answer_free_call(call);
285	} else {
286	if (phone->state == IPC_PHONE_HUNGUP)
287	ipc_backsend_err(phone, call, EHANGUP);
288	else
289	ipc_backsend_err(phone, call, ENOENT);
290	}
291	return ENOENT;
292	}
293	box = phone->callee;
294	_ipc_call(phone, box, call);
295
296	mutex_unlock(&phone->lock);
297	return 0;
298	}
299
300	/** Disconnect phone from answerbox.
301	*
302	* This call leaves the phone in the HUNGUP state. The change to 'free' is done
303	* lazily later.
304	*
305	* @param phone Phone structure to be hung up.
306	*
307	* @return Return 0 if the phone is disconnected.
308	* Return -1 if the phone was already disconnected.
309	*/
310	int ipc_phone_hangup(phone_t *phone)
311	{
312	answerbox_t *box;
313	call_t *call;
314
315	mutex_lock(&phone->lock);
316	if (phone->state == IPC_PHONE_FREE \|\|
317	phone->state == IPC_PHONE_HUNGUP \|\|
318	phone->state == IPC_PHONE_CONNECTING) {
319	mutex_unlock(&phone->lock);
320	return -1;
321	}
322	box = phone->callee;
323	if (phone->state != IPC_PHONE_SLAMMED) {
324	/* Remove myself from answerbox */
325	spinlock_lock(&box->lock);
326	list_remove(&phone->link);
327	spinlock_unlock(&box->lock);
328
329	if (phone->state != IPC_PHONE_SLAMMED) {
330	call = ipc_call_alloc(0);
331	IPC_SET_METHOD(call->data, IPC_M_PHONE_HUNGUP);
332	call->flags \|= IPC_CALL_DISCARD_ANSWER;
333	_ipc_call(phone, box, call);
334	}
335	}
336
337	phone->state = IPC_PHONE_HUNGUP;
338	mutex_unlock(&phone->lock);
339
340	return 0;
341	}
342
343	/** Forwards call from one answerbox to another one.
344	*
345	* @param call Call structure to be redirected.
346	* @param newphone Phone structure to target answerbox.
347	* @param oldbox Old answerbox structure.
348	* @param mode Flags that specify mode of the forward operation.
349	*
350	* @return Return 0 if forwarding succeeded or an error code if
351	* there was error.
352	*
353	* The return value serves only as an information for the forwarder,
354	* the original caller is notified automatically with EFORWARD.
355	*/
356	int ipc_forward(call_t call, phone_t newphone, answerbox_t *oldbox, int mode)
357	{
358	spinlock_lock(&oldbox->lock);
359	list_remove(&call->link);
360	spinlock_unlock(&oldbox->lock);
361
362	if (mode & IPC_FF_ROUTE_FROM_ME) {
363	if (!call->caller_phone)
364	call->caller_phone = call->data.phone;
365	call->data.phone = newphone;
366	}
367
368	return ipc_call(newphone, call);
369	}
370
371
372	/** Wait for a phone call.
373	*
374	* @param box Answerbox expecting the call.
375	* @param usec Timeout in microseconds. See documentation for
376	* waitq_sleep_timeout() for decription of its special
377	* meaning.
378	* @param flags Select mode of sleep operation. See documentation for
379	* waitq_sleep_timeout() for description of its special
380	* meaning.
381	* @return Recived call structure or NULL.
382	*
383	* To distinguish between a call and an answer, have a look at call->flags.
384	*/
385	call_t ipc_wait_for_call(answerbox_t box, uint32_t usec, int flags)
386	{
387	call_t *request;
388	ipl_t ipl;
389	int rc;
390
391	restart:
392	rc = waitq_sleep_timeout(&box->wq, usec, flags);
393	if (SYNCH_FAILED(rc))
394	return NULL;
395
396	spinlock_lock(&box->lock);
397	if (!list_empty(&box->irq_notifs)) {
398	ipl = interrupts_disable();
399	spinlock_lock(&box->irq_lock);
400
401	request = list_get_instance(box->irq_notifs.next, call_t, link);
402	list_remove(&request->link);
403
404	spinlock_unlock(&box->irq_lock);
405	interrupts_restore(ipl);
406	} else if (!list_empty(&box->answers)) {
407	/* Handle asynchronous answers */
408	request = list_get_instance(box->answers.next, call_t, link);
409	list_remove(&request->link);
410	atomic_dec(&request->data.phone->active_calls);
411	} else if (!list_empty(&box->calls)) {
412	/* Handle requests */
413	request = list_get_instance(box->calls.next, call_t, link);
414	list_remove(&request->link);
415	/* Append request to dispatch queue */
416	list_append(&request->link, &box->dispatched_calls);
417	} else {
418	/* This can happen regularly after ipc_cleanup */
419	spinlock_unlock(&box->lock);
420	goto restart;
421	}
422	spinlock_unlock(&box->lock);
423	return request;
424	}
425
426	/** Answer all calls from list with EHANGUP answer.
427	*
428	* @param lst Head of the list to be cleaned up.
429	*/
430	static void ipc_cleanup_call_list(link_t *lst)
431	{
432	call_t *call;
433
434	while (!list_empty(lst)) {
435	call = list_get_instance(lst->next, call_t, link);
436	if (call->buffer)
437	free(call->buffer);
438	list_remove(&call->link);
439
440	IPC_SET_RETVAL(call->data, EHANGUP);
441	_ipc_answer_free_call(call);
442	}
443	}
444
445	/** Cleans up all IPC communication of the current task.
446	*
447	* Note: ipc_hangup sets returning answerbox to TASK->answerbox, you
448	* have to change it as well if you want to cleanup other tasks than TASK.
449	*/
450	void ipc_cleanup(void)
451	{
452	int i;
453	call_t *call;
454	phone_t *phone;
455	DEADLOCK_PROBE_INIT(p_phonelck);
456
457	/* Disconnect all our phones ('ipc_phone_hangup') */
458	for (i = 0; i < IPC_MAX_PHONES; i++)
459	ipc_phone_hangup(&TASK->phones[i]);
460
461	/* Disconnect all connected irqs */
462	ipc_irq_cleanup(&TASK->answerbox);
463
464	/* Disconnect all phones connected to our answerbox */
465	restart_phones:
466	spinlock_lock(&TASK->answerbox.lock);
467	while (!list_empty(&TASK->answerbox.connected_phones)) {
468	phone = list_get_instance(TASK->answerbox.connected_phones.next,
469	phone_t, link);
470	if (SYNCH_FAILED(mutex_trylock(&phone->lock))) {
471	spinlock_unlock(&TASK->answerbox.lock);
472	DEADLOCK_PROBE(p_phonelck, DEADLOCK_THRESHOLD);
473	goto restart_phones;
474	}
475
476	/* Disconnect phone */
477	ASSERT(phone->state == IPC_PHONE_CONNECTED);
478	phone->state = IPC_PHONE_SLAMMED;
479	list_remove(&phone->link);
480
481	mutex_unlock(&phone->lock);
482	}
483
484	/* Answer all messages in 'calls' and 'dispatched_calls' queues */
485	ipc_cleanup_call_list(&TASK->answerbox.dispatched_calls);
486	ipc_cleanup_call_list(&TASK->answerbox.calls);
487	spinlock_unlock(&TASK->answerbox.lock);
488
489	/* Wait for all async answers to arrive */
490	while (1) {
491	/* Go through all phones, until all are FREE... */
492	/* Locking not needed, no one else should modify
493	* it, when we are in cleanup */
494	for (i = 0; i < IPC_MAX_PHONES; i++) {
495	if (TASK->phones[i].state == IPC_PHONE_HUNGUP &&
496	atomic_get(&TASK->phones[i].active_calls) == 0)
497	TASK->phones[i].state = IPC_PHONE_FREE;
498
499	/* Just for sure, we might have had some
500	* IPC_PHONE_CONNECTING phones */
501	if (TASK->phones[i].state == IPC_PHONE_CONNECTED)
502	ipc_phone_hangup(&TASK->phones[i]);
503	/* If the hangup succeeded, it has sent a HANGUP
504	* message, the IPC is now in HUNGUP state, we
505	* wait for the reply to come */
506
507	if (TASK->phones[i].state != IPC_PHONE_FREE)
508	break;
509	}
510	/* Voila, got into cleanup */
511	if (i == IPC_MAX_PHONES)
512	break;
513
514	call = ipc_wait_for_call(&TASK->answerbox, SYNCH_NO_TIMEOUT,
515	SYNCH_FLAGS_NONE);
516	ASSERT((call->flags & IPC_CALL_ANSWERED) \|\|
517	(call->flags & IPC_CALL_NOTIF));
518	ASSERT(!(call->flags & IPC_CALL_STATIC_ALLOC));
519
520	atomic_dec(&TASK->active_calls);
521	ipc_call_free(call);
522	}
523	}
524
525
526	/** Initilize IPC subsystem */
527	void ipc_init(void)
528	{
529	ipc_call_slab = slab_cache_create("ipc_call", sizeof(call_t), 0, NULL,
530	NULL, 0);
531	}
532
533
534	/** List answerbox contents.
535	*
536	* @param taskid Task ID.
537	*/
538	void ipc_print_task(task_id_t taskid)
539	{
540	task_t *task;
541	int i;
542	call_t *call;
543	link_t *tmp;
544
545	spinlock_lock(&tasks_lock);
546	task = task_find_by_id(taskid);
547	if (task)
548	spinlock_lock(&task->lock);
549	spinlock_unlock(&tasks_lock);
550	if (!task)
551	return;
552
553	/* Print opened phones & details */
554	printf("PHONE:\n");
555	for (i = 0; i < IPC_MAX_PHONES; i++) {
556	if (SYNCH_FAILED(mutex_trylock(&task->phones[i].lock))) {
557	printf("%d: mutex busy\n", i);
558	continue;
559	}
560	if (task->phones[i].state != IPC_PHONE_FREE) {
561	printf("%d: ", i);
562	switch (task->phones[i].state) {
563	case IPC_PHONE_CONNECTING:
564	printf("connecting ");
565	break;
566	case IPC_PHONE_CONNECTED:
567	printf("connected to: %p ",
568	task->phones[i].callee);
569	break;
570	case IPC_PHONE_SLAMMED:
571	printf("slammed by: %p ",
572	task->phones[i].callee);
573	break;
574	case IPC_PHONE_HUNGUP:
575	printf("hung up - was: %p ",
576	task->phones[i].callee);
577	break;
578	default:
579	break;
580	}
581	printf("active: %ld\n",
582	atomic_get(&task->phones[i].active_calls));
583	}
584	mutex_unlock(&task->phones[i].lock);
585	}
586
587
588	/* Print answerbox - calls */
589	spinlock_lock(&task->answerbox.lock);
590	printf("ABOX - CALLS:\n");
591	for (tmp = task->answerbox.calls.next; tmp != &task->answerbox.calls;
592	tmp = tmp->next) {
593	call = list_get_instance(tmp, call_t, link);
594	printf("Callid: %p Srctask:%" PRIu64 " M:%" PRIun
595	" A1:%" PRIun " A2:%" PRIun " A3:%" PRIun
596	" A4:%" PRIun " A5:%" PRIun " Flags:%x\n", call,
597	call->sender->taskid,
598	IPC_GET_METHOD(call->data), IPC_GET_ARG1(call->data),
599	IPC_GET_ARG2(call->data), IPC_GET_ARG3(call->data),
600	IPC_GET_ARG4(call->data), IPC_GET_ARG5(call->data),
601	call->flags);
602	}
603	/* Print answerbox - calls */
604	printf("ABOX - DISPATCHED CALLS:\n");
605	for (tmp = task->answerbox.dispatched_calls.next;
606	tmp != &task->answerbox.dispatched_calls;
607	tmp = tmp->next) {
608	call = list_get_instance(tmp, call_t, link);
609	printf("Callid: %p Srctask:%" PRIu64 " M:%" PRIun
610	" A1:%" PRIun " A2:%" PRIun " A3:%" PRIun
611	" A4:%" PRIun " A5:%" PRIun " Flags:%x\n", call,
612	call->sender->taskid,
613	IPC_GET_METHOD(call->data), IPC_GET_ARG1(call->data),
614	IPC_GET_ARG2(call->data), IPC_GET_ARG3(call->data),
615	IPC_GET_ARG4(call->data), IPC_GET_ARG5(call->data),
616	call->flags);
617	}
618	/* Print answerbox - calls */
619	printf("ABOX - ANSWERS:\n");
620	for (tmp = task->answerbox.answers.next;
621	tmp != &task->answerbox.answers;
622	tmp = tmp->next) {
623	call = list_get_instance(tmp, call_t, link);
624	printf("Callid:%p M:%" PRIun " A1:%" PRIun " A2:%" PRIun
625	" A3:%" PRIun " A4:%" PRIun " A5:%" PRIun " Flags:%x\n",
626	call, IPC_GET_METHOD(call->data), IPC_GET_ARG1(call->data),
627	IPC_GET_ARG2(call->data), IPC_GET_ARG3(call->data),
628	IPC_GET_ARG4(call->data), IPC_GET_ARG5(call->data),
629	call->flags);
630	}
631
632	spinlock_unlock(&task->answerbox.lock);
633	spinlock_unlock(&task->lock);
634	}
635
636	/** @}
637	*/

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: mainline/kernel/generic/src/ipc/ipc.c@ 27526e87

Download in other formats: