diff options
| author | Justus Winter <4winter@informatik.uni-hamburg.de> | 2015-07-15 15:11:05 +0200 |
|---|---|---|
| committer | Justus Winter <4winter@informatik.uni-hamburg.de> | 2015-07-15 15:23:14 +0200 |
| commit | 8a68e0a6f3a62c3e382791774e5feb9506e1f7d8 (patch) | |
| tree | 23f540f600ddb922e241067779bcd3a98d5d13fa /ipc/ipc_object.c | |
| parent | 3b3e25e36a01df682973c1c72b084fe4c9bbdea8 (diff) | |
| download | gnumach-8a68e0a6f3a62c3e382791774e5feb9506e1f7d8.tar.gz gnumach-8a68e0a6f3a62c3e382791774e5feb9506e1f7d8.tar.bz2 gnumach-8a68e0a6f3a62c3e382791774e5feb9506e1f7d8.zip | |
ipc: fix the locking of the IPC entry allocation functions
* ipc/ipc_entry.c (ipc_entry_alloc): Assume the space is write-locked.
(ipc_entry_alloc_name): Likewise.
* ipc/ipc_object.c: Fix the locking around all call sites to the two
functions where the space was not locked before.
Diffstat (limited to 'ipc/ipc_object.c')
| -rw-r--r-- | ipc/ipc_object.c | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/ipc/ipc_object.c b/ipc/ipc_object.c index 2d84cf52..320fbcb2 100644 --- a/ipc/ipc_object.c +++ b/ipc/ipc_object.c @@ -155,11 +155,12 @@ ipc_object_alloc_dead( ipc_entry_t entry; kern_return_t kr; - + is_write_lock(space); kr = ipc_entry_alloc(space, namep, &entry); - if (kr != KERN_SUCCESS) + if (kr != KERN_SUCCESS) { + is_write_unlock(space); return kr; - /* space is write-locked */ + } /* null object, MACH_PORT_TYPE_DEAD_NAME, 1 uref */ @@ -191,11 +192,12 @@ ipc_object_alloc_dead_name( ipc_entry_t entry; kern_return_t kr; - + is_write_lock(space); kr = ipc_entry_alloc_name(space, name, &entry); - if (kr != KERN_SUCCESS) + if (kr != KERN_SUCCESS) { + is_write_unlock(space); return kr; - /* space is write-locked */ + } if (ipc_right_inuse(space, name, entry)) return KERN_NAME_EXISTS; @@ -254,12 +256,13 @@ ipc_object_alloc( memset(pset, 0, sizeof(*pset)); } + is_write_lock(space); kr = ipc_entry_alloc(space, namep, &entry); if (kr != KERN_SUCCESS) { + is_write_unlock(space); io_free(otype, object); return kr; } - /* space is write-locked */ entry->ie_bits |= type | urefs; entry->ie_object = object; @@ -321,12 +324,13 @@ ipc_object_alloc_name( memset(pset, 0, sizeof(*pset)); } + is_write_lock(space); kr = ipc_entry_alloc_name(space, name, &entry); if (kr != KERN_SUCCESS) { + is_write_unlock(space); io_free(otype, object); return kr; } - /* space is write-locked */ if (ipc_right_inuse(space, name, entry)) { io_free(otype, object); @@ -753,10 +757,12 @@ ipc_object_copyout_name( assert(IO_VALID(object)); assert(io_otype(object) == IOT_PORT); + is_write_lock(space); kr = ipc_entry_alloc_name(space, name, &entry); - if (kr != KERN_SUCCESS) + if (kr != KERN_SUCCESS) { + is_write_unlock(space); return kr; - /* space is write-locked and active */ + } if ((msgt_name != MACH_MSG_TYPE_PORT_SEND_ONCE) && ipc_right_reverse(space, object, &oname, &oentry)) { @@ -930,10 +936,12 @@ ipc_object_rename( ipc_entry_t oentry, nentry; kern_return_t kr; + is_write_lock(space); kr = ipc_entry_alloc_name(space, nname, &nentry); - if (kr != KERN_SUCCESS) + if (kr != KERN_SUCCESS) { + is_write_unlock(space); return kr; - /* space is write-locked and active */ + } if (ipc_right_inuse(space, nname, nentry)) { /* space is unlocked */ |