source: mainline/uspace/srv/ns/task.c@ 166a1f57

lfn serial ticket/834-toolchain-update topic/msim-upgrade topic/simplify-dev-export
Last change on this file since 166a1f57 was 166a1f57, checked in by Martin Sucha <sucha14@…>, 12 years ago

Fix use-after-free in ns
  • Property mode set to 100644
File size: 8.2 KB
Line 
1/*
2 * Copyright (c) 2009 Martin Decky
3 * Copyright (c) 2009 Jiri Svoboda
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * - Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 * - The name of the author may not be used to endorse or promote products
16 * derived from this software without specific prior written permission.
17 *
18 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
19 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
20 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
21 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
22 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
23 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
24 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
25 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
26 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
27 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
28 */
29
30/** @addtogroup ns
31 * @{
32 */
33
34#include <ipc/ipc.h>
35#include <adt/hash_table.h>
36#include <stdbool.h>
37#include <errno.h>
38#include <assert.h>
39#include <stdio.h>
40#include <macros.h>
41#include <malloc.h>
42#include "task.h"
43#include "ns.h"
44
45
46/* TODO:
47 *
48 * As there is currently no convention that each task has to be waited
49 * for, the NS can leak memory because of the zombie tasks.
50 *
51 */
52
53/** Task hash table item. */
54typedef struct {
55 ht_link_t link;
56
57 task_id_t id; /**< Task ID. */
58 bool finished; /**< Task is done. */
59 bool have_rval; /**< Task returned a value. */
60 int retval; /**< The return value. */
61} hashed_task_t;
62
63
64static size_t task_key_hash(void *key)
65{
66 return *(task_id_t*)key;
67}
68
69static size_t task_hash(const ht_link_t *item)
70{
71 hashed_task_t *ht = hash_table_get_inst(item, hashed_task_t, link);
72 return ht->id;
73}
74
75static bool task_key_equal(void *key, const ht_link_t *item)
76{
77 hashed_task_t *ht = hash_table_get_inst(item, hashed_task_t, link);
78 return ht->id == *(task_id_t*)key;
79}
80
81/** Perform actions after removal of item from the hash table. */
82static void task_remove(ht_link_t *item)
83{
84 free(hash_table_get_inst(item, hashed_task_t, link));
85}
86
87/** Operations for task hash table. */
88static hash_table_ops_t task_hash_table_ops = {
89 .hash = task_hash,
90 .key_hash = task_key_hash,
91 .key_equal = task_key_equal,
92 .equal = NULL,
93 .remove_callback = task_remove
94};
95
96/** Task hash table structure. */
97static hash_table_t task_hash_table;
98
99typedef struct {
100 ht_link_t link;
101 sysarg_t in_phone_hash; /**< Incoming phone hash. */
102 task_id_t id; /**< Task ID. */
103} p2i_entry_t;
104
105/* phone-to-id hash table operations */
106
107static size_t p2i_key_hash(void *key)
108{
109 sysarg_t in_phone_hash = *(sysarg_t*)key;
110 return in_phone_hash;
111}
112
113static size_t p2i_hash(const ht_link_t *item)
114{
115 p2i_entry_t *entry = hash_table_get_inst(item, p2i_entry_t, link);
116 return entry->in_phone_hash;
117}
118
119static bool p2i_key_equal(void *key, const ht_link_t *item)
120{
121 sysarg_t in_phone_hash = *(sysarg_t*)key;
122 p2i_entry_t *entry = hash_table_get_inst(item, p2i_entry_t, link);
123
124 return (in_phone_hash == entry->in_phone_hash);
125}
126
127/** Perform actions after removal of item from the hash table.
128 *
129 * @param item Item that was removed from the hash table.
130 *
131 */
132static void p2i_remove(ht_link_t *item)
133{
134 assert(item);
135 free(hash_table_get_inst(item, p2i_entry_t, link));
136}
137
138/** Operations for task hash table. */
139static hash_table_ops_t p2i_ops = {
140 .hash = p2i_hash,
141 .key_hash = p2i_key_hash,
142 .key_equal = p2i_key_equal,
143 .equal = NULL,
144 .remove_callback = p2i_remove
145};
146
147/** Map phone hash to task ID */
148static hash_table_t phone_to_id;
149
150/** Pending task wait structure. */
151typedef struct {
152 link_t link;
153 task_id_t id; /**< Task ID. */
154 ipc_callid_t callid; /**< Call ID waiting for the connection */
155} pending_wait_t;
156
157static list_t pending_wait;
158
159int task_init(void)
160{
161 if (!hash_table_create(&task_hash_table, 0, 0, &task_hash_table_ops)) {
162 printf(NAME ": No memory available for tasks\n");
163 return ENOMEM;
164 }
165
166 if (!hash_table_create(&phone_to_id, 0, 0, &p2i_ops)) {
167 printf(NAME ": No memory available for tasks\n");
168 return ENOMEM;
169 }
170
171 list_initialize(&pending_wait);
172 return EOK;
173}
174
175/** Process pending wait requests */
176void process_pending_wait(void)
177{
178 task_exit_t texit;
179
180loop:
181 list_foreach(pending_wait, cur) {
182 pending_wait_t *pr = list_get_instance(cur, pending_wait_t, link);
183
184 ht_link_t *link = hash_table_find(&task_hash_table, &pr->id);
185 if (!link)
186 continue;
187
188 hashed_task_t *ht = hash_table_get_inst(link, hashed_task_t, link);
189 if (!ht->finished)
190 continue;
191
192 if (!(pr->callid & IPC_CALLID_NOTIFICATION)) {
193 texit = ht->have_rval ? TASK_EXIT_NORMAL :
194 TASK_EXIT_UNEXPECTED;
195 ipc_answer_2(pr->callid, EOK, texit,
196 ht->retval);
197 }
198
199 hash_table_remove(&task_hash_table, &pr->id);
200 list_remove(cur);
201 free(pr);
202 goto loop;
203 }
204}
205
206void wait_for_task(task_id_t id, ipc_call_t *call, ipc_callid_t callid)
207{
208 sysarg_t retval;
209 task_exit_t texit;
210 bool remove = false;
211
212 ht_link_t *link = hash_table_find(&task_hash_table, &id);
213 hashed_task_t *ht = (link != NULL) ?
214 hash_table_get_inst(link, hashed_task_t, link) : NULL;
215
216 if (ht == NULL) {
217 /* No such task exists. */
218 ipc_answer_0(callid, ENOENT);
219 return;
220 }
221
222 if (!ht->finished) {
223 /* Add to pending list */
224 pending_wait_t *pr =
225 (pending_wait_t *) malloc(sizeof(pending_wait_t));
226 if (!pr) {
227 retval = ENOMEM;
228 goto out;
229 }
230
231 link_initialize(&pr->link);
232 pr->id = id;
233 pr->callid = callid;
234 list_append(&pr->link, &pending_wait);
235 return;
236 }
237
238 remove = true;
239 retval = EOK;
240
241out:
242 if (!(callid & IPC_CALLID_NOTIFICATION)) {
243 texit = ht->have_rval ? TASK_EXIT_NORMAL : TASK_EXIT_UNEXPECTED;
244 ipc_answer_2(callid, retval, texit, ht->retval);
245 }
246 if (remove)
247 hash_table_remove_item(&task_hash_table, link);
248}
249
250int ns_task_id_intro(ipc_call_t *call)
251{
252
253 task_id_t id = MERGE_LOUP32(IPC_GET_ARG1(*call), IPC_GET_ARG2(*call));
254
255 ht_link_t *link = hash_table_find(&phone_to_id, &call->in_phone_hash);
256 if (link != NULL)
257 return EEXISTS;
258
259 p2i_entry_t *entry = (p2i_entry_t *) malloc(sizeof(p2i_entry_t));
260 if (entry == NULL)
261 return ENOMEM;
262
263 hashed_task_t *ht = (hashed_task_t *) malloc(sizeof(hashed_task_t));
264 if (ht == NULL)
265 return ENOMEM;
266
267 /*
268 * Insert into the phone-to-id map.
269 */
270
271 entry->in_phone_hash = call->in_phone_hash;
272 entry->id = id;
273 hash_table_insert(&phone_to_id, &entry->link);
274
275 /*
276 * Insert into the main table.
277 */
278
279 ht->id = id;
280 ht->finished = false;
281 ht->have_rval = false;
282 ht->retval = -1;
283 hash_table_insert(&task_hash_table, &ht->link);
284
285 return EOK;
286}
287
288static int get_id_by_phone(sysarg_t phone_hash, task_id_t *id)
289{
290 ht_link_t *link = hash_table_find(&phone_to_id, &phone_hash);
291 if (link == NULL)
292 return ENOENT;
293
294 p2i_entry_t *entry = hash_table_get_inst(link, p2i_entry_t, link);
295 *id = entry->id;
296
297 return EOK;
298}
299
300int ns_task_retval(ipc_call_t *call)
301{
302 task_id_t id;
303 int rc = get_id_by_phone(call->in_phone_hash, &id);
304 if (rc != EOK)
305 return rc;
306
307 ht_link_t *link = hash_table_find(&task_hash_table, &id);
308 hashed_task_t *ht = (link != NULL) ?
309 hash_table_get_inst(link, hashed_task_t, link) : NULL;
310
311 if ((ht == NULL) || (ht->finished))
312 return EINVAL;
313
314 ht->finished = true;
315 ht->have_rval = true;
316 ht->retval = IPC_GET_ARG1(*call);
317
318 return EOK;
319}
320
321int ns_task_disconnect(ipc_call_t *call)
322{
323 task_id_t id;
324 int rc = get_id_by_phone(call->in_phone_hash, &id);
325 if (rc != EOK)
326 return rc;
327
328 /* Delete from phone-to-id map. */
329 hash_table_remove(&phone_to_id, &call->in_phone_hash);
330
331 /* Mark task as finished. */
332 ht_link_t *link = hash_table_find(&task_hash_table, &id);
333 if (link == NULL)
334 return EOK;
335
336 hashed_task_t *ht = hash_table_get_inst(link, hashed_task_t, link);
337
338 ht->finished = true;
339
340 return EOK;
341}
342
343/**
344 * @}
345 */
Note: See TracBrowser for help on using the repository browser.