Changeset 1b4196d in mainline


Ignore:
Timestamp:
2018-03-13T18:01:47Z (7 years ago)
Author:
Jakub Jermar <jakub@…>
Branches:
lfn, master, serial, ticket/834-toolchain-update, topic/msim-upgrade, topic/simplify-dev-export
Children:
50dd854
Parents:
0c509d0
git-author:
Jakub Jermar <jakub@…> (2018-03-04 19:36:57)
git-committer:
Jakub Jermar <jakub@…> (2018-03-13 18:01:47)
Message:

Allow only connecting phones to connect

If a phone is not in the IPC_PHONE_CONNECTING state, refuse to connect
it. An attempt to do so might be a result of a race between the kernel
expecting a connecting phone under a known handle and the user fiddling
with phone capabilites handles from userspace.

Location:
kernel/generic/src/ipc
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • kernel/generic/src/ipc/ipc.c

    r0c509d0 r1b4196d  
    161161bool ipc_phone_connect(phone_t *phone, answerbox_t *box)
    162162{
    163         bool active;
     163        bool connected;
    164164
    165165        mutex_lock(&phone->lock);
    166166        irq_spinlock_lock(&box->lock, true);
    167167
    168         active = box->active;
    169         if (active) {
     168        connected = box->active && (phone->state == IPC_PHONE_CONNECTING);
     169        if (connected) {
    170170                phone->state = IPC_PHONE_CONNECTED;
    171171                phone->callee = box;
     
    177177        mutex_unlock(&phone->lock);
    178178
    179         if (!active) {
     179        if (!connected) {
    180180                /* We still have phone->kobject's reference; drop it */
    181181                kobject_put(phone->kobject);
    182182        }
    183183
    184         return active;
     184        return connected;
    185185}
    186186
  • kernel/generic/src/ipc/ipcrsc.c

    r0c509d0 r1b4196d  
    216216                return false;
    217217
    218         if (phone_obj->phone->state != IPC_PHONE_CONNECTING) {
    219                 /*
    220                  * This looks like another phone. The one we were expecting
    221                  * under this handle must be in the IPC_PHONE_CONNECTING state.
    222                  */
    223                 kobject_put(phone_obj);
    224                 return false;
    225         }
    226 
    227218        /* Hand over phone_obj reference to the answerbox */
    228219        return ipc_phone_connect(phone_obj->phone, box);
Note: See TracChangeset for help on using the changeset viewer.