diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2015-04-23 01:42:49 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2015-04-23 01:42:49 +0200 |
| commit | bdd46d40d96c4da6f2b98d4e1b2aa04ba5f5848e (patch) | |
| tree | ab5973113ef1780564b47cf443a22adbf18060e1 /ipc/ipc_kmsg.c | |
| parent | c9aae1b6dadccfe81f919a2cc1eb393b1fda9b03 (diff) | |
| download | gnumach-bdd46d40d96c4da6f2b98d4e1b2aa04ba5f5848e.tar.gz gnumach-bdd46d40d96c4da6f2b98d4e1b2aa04ba5f5848e.tar.bz2 gnumach-bdd46d40d96c4da6f2b98d4e1b2aa04ba5f5848e.zip | |
Avoid accessing ip_protected_payload without the lock.
* ipc/ipc_kmsg.c (ipc_kmsg_copyout_header): Avoid accessing
dest->ip_protected_payload without the lock.
* ipc/mach_msg.c (ipc/mach_msg.c): Avoid accessing
dest_port->ip_protected_payload without the lock.
Diffstat (limited to 'ipc/ipc_kmsg.c')
| -rw-r--r-- | ipc/ipc_kmsg.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index 66643fd5..c0f07dd8 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -1766,6 +1766,7 @@ ipc_kmsg_copyout_header( case MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND, 0): { mach_port_t dest_name; ipc_port_t nsrequest; + unsigned long payload; /* receiving an asynchronous message */ @@ -1784,6 +1785,7 @@ ipc_kmsg_copyout_header( dest_name = dest->ip_receiver_name; else dest_name = MACH_PORT_NULL; + payload = dest->ip_protected_payload; if ((--dest->ip_srights == 0) && ((nsrequest = dest->ip_nsrequest) != IP_NULL)) { @@ -1805,8 +1807,7 @@ ipc_kmsg_copyout_header( msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | MACH_MSGH_BITS( 0, MACH_MSG_TYPE_PROTECTED_PAYLOAD)); - msg->msgh_protected_payload = - dest->ip_protected_payload; + msg->msgh_protected_payload = payload; } msg->msgh_remote_port = MACH_PORT_NULL; return MACH_MSG_SUCCESS; @@ -1820,6 +1821,7 @@ ipc_kmsg_copyout_header( ipc_port_t reply = (ipc_port_t) msg->msgh_local_port; mach_port_t dest_name, reply_name; ipc_port_t nsrequest; + unsigned long payload; /* receiving a request message */ @@ -1890,6 +1892,7 @@ ipc_kmsg_copyout_header( dest_name = dest->ip_receiver_name; else dest_name = MACH_PORT_NULL; + payload = dest->ip_protected_payload; if ((--dest->ip_srights == 0) && ((nsrequest = dest->ip_nsrequest) != IP_NULL)) { @@ -1912,8 +1915,7 @@ ipc_kmsg_copyout_header( msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND_ONCE, MACH_MSG_TYPE_PROTECTED_PAYLOAD)); - msg->msgh_protected_payload = - dest->ip_protected_payload; + msg->msgh_protected_payload = payload; } msg->msgh_remote_port = reply_name; return MACH_MSG_SUCCESS; @@ -1921,6 +1923,7 @@ ipc_kmsg_copyout_header( case MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND_ONCE, 0): { mach_port_t dest_name; + unsigned long payload; /* receiving a reply message */ @@ -1934,6 +1937,8 @@ ipc_kmsg_copyout_header( assert(dest->ip_sorights > 0); + payload = dest->ip_protected_payload; + if (dest->ip_receiver == space) { ip_release(dest); dest->ip_sorights--; @@ -1955,8 +1960,7 @@ ipc_kmsg_copyout_header( msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | MACH_MSGH_BITS(0, MACH_MSG_TYPE_PROTECTED_PAYLOAD)); - msg->msgh_protected_payload = - dest->ip_protected_payload; + msg->msgh_protected_payload = payload; } msg->msgh_remote_port = MACH_PORT_NULL; return MACH_MSG_SUCCESS; @@ -1973,6 +1977,7 @@ ipc_kmsg_copyout_header( mach_msg_type_name_t reply_type = MACH_MSGH_BITS_LOCAL(mbits); ipc_port_t reply = (ipc_port_t) msg->msgh_local_port; mach_port_t dest_name, reply_name; + unsigned long payload; if (IP_VALID(reply)) { ipc_port_t notify_port; @@ -2219,6 +2224,7 @@ ipc_kmsg_copyout_header( */ copyout_dest: + payload = dest->ip_protected_payload; if (ip_active(dest)) { ipc_object_copyout_dest(space, (ipc_object_t) dest, @@ -2255,8 +2261,9 @@ ipc_kmsg_copyout_header( msg->msgh_bits = (MACH_MSGH_BITS_OTHER(mbits) | MACH_MSGH_BITS(reply_type, MACH_MSG_TYPE_PROTECTED_PAYLOAD)); - msg->msgh_protected_payload = dest->ip_protected_payload; + msg->msgh_protected_payload = payload; } + msg->msgh_remote_port = reply_name; } |