diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2015-04-23 01:42:49 +0200 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2015-04-23 01:42:49 +0200 |
| commit | bdd46d40d96c4da6f2b98d4e1b2aa04ba5f5848e (patch) | |
| tree | ab5973113ef1780564b47cf443a22adbf18060e1 /ipc/mach_msg.c | |
| parent | c9aae1b6dadccfe81f919a2cc1eb393b1fda9b03 (diff) | |
Avoid accessing ip_protected_payload without the lock.
* ipc/ipc_kmsg.c (ipc_kmsg_copyout_header): Avoid accessing
dest->ip_protected_payload without the lock.
* ipc/mach_msg.c (ipc/mach_msg.c): Avoid accessing
dest_port->ip_protected_payload without the lock.
Diffstat (limited to 'ipc/mach_msg.c')
| -rw-r--r-- | ipc/mach_msg.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/ipc/mach_msg.c b/ipc/mach_msg.c index 1e122c76..aecfcd4b 100644 --- a/ipc/mach_msg.c +++ b/ipc/mach_msg.c @@ -1041,6 +1041,7 @@ mach_msg_trap( ipc_port_t reply_port = (ipc_port_t) kmsg->ikm_header.msgh_local_port; mach_port_t dest_name, reply_name; + unsigned long payload; /* receiving a request message */ @@ -1115,6 +1116,7 @@ mach_msg_trap( dest_name = dest_port->ip_receiver_name; else dest_name = MACH_PORT_NULL; + payload = dest_port->ip_protected_payload; if ((--dest_port->ip_srights == 0) && (dest_port->ip_nsrequest != IP_NULL)) { @@ -1142,7 +1144,7 @@ mach_msg_trap( MACH_MSG_TYPE_PORT_SEND_ONCE, MACH_MSG_TYPE_PROTECTED_PAYLOAD); kmsg->ikm_header.msgh_protected_payload = - dest_port->ip_protected_payload; + payload; } kmsg->ikm_header.msgh_remote_port = reply_name; goto fast_put; @@ -1155,6 +1157,7 @@ mach_msg_trap( case MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND_ONCE, 0): { mach_port_t dest_name; + unsigned long payload; /* receiving a reply message */ @@ -1166,6 +1169,8 @@ mach_msg_trap( assert(dest_port->ip_sorights > 0); + payload = dest_port->ip_protected_payload; + if (dest_port->ip_receiver == space) { ip_release(dest_port); dest_port->ip_sorights--; @@ -1188,7 +1193,7 @@ mach_msg_trap( 0, MACH_MSG_TYPE_PROTECTED_PAYLOAD); kmsg->ikm_header.msgh_protected_payload = - dest_port->ip_protected_payload; + payload; } kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL; goto fast_put; @@ -1197,6 +1202,7 @@ mach_msg_trap( case MACH_MSGH_BITS_COMPLEX| MACH_MSGH_BITS(MACH_MSG_TYPE_PORT_SEND_ONCE, 0): { mach_port_t dest_name; + unsigned long payload; /* receiving a complex reply message */ @@ -1208,6 +1214,8 @@ mach_msg_trap( assert(dest_port->ip_sorights > 0); + payload = dest_port->ip_protected_payload; + if (dest_port->ip_receiver == space) { ip_release(dest_port); dest_port->ip_sorights--; @@ -1234,7 +1242,7 @@ mach_msg_trap( 0, MACH_MSG_TYPE_PROTECTED_PAYLOAD); kmsg->ikm_header.msgh_protected_payload = - dest_port->ip_protected_payload; + payload; } kmsg->ikm_header.msgh_remote_port = MACH_PORT_NULL; |