[Xenomai-git] Philippe Gerum : cobalt/posix/process: fix access to stale memory
Module: xenomai-forge
Branch: next
Commit: dafd7e7dfaf971842edf967c4177faf2a1708225
URL:
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=dafd7e7dfaf971842edf967c4177faf2a1708225
Author: Philippe Gerum
Date: Sun Sep 21 12:51:08 2014 +0200
cobalt/posix/process: fix access to stale memory
---
kernel/cobalt/posix/process.c | 44 -
1 file changed, 13 insertions(+), 31 deletions(-)
diff --git a/kernel/cobalt/posix/process.c b/kernel/cobalt/posix/process.c
index c79c8d7..3c72db8 100644
--- a/kernel/cobalt/posix/process.c
+++ b/kernel/cobalt/posix/process.c
@@ -172,28 +172,6 @@ static void *lookup_context(int xid)
return priv;
}
-static int enter_personality(struct cobalt_process *process,
-struct xnthread_personality *personality)
-{
- if (personality->module && !try_module_get(personality->module))
- return -EAGAIN;
-
- __set_bit(personality->xid, &process->permap);
- atomic_inc(&personality->refcnt);
-
- return 0;
-}
-
-static void leave_personality(struct cobalt_process *process,
- struct xnthread_personality *personality)
-{
- __clear_bit(personality->xid, &process->permap);
- atomic_dec(&personality->refcnt);
- XENO_ASSERT(COBALT, atomic_read(&personality->refcnt) >= 0);
- if (personality->module)
- module_put(personality->module);
-}
-
static void remove_process(struct cobalt_process *process)
{
struct xnthread_personality *personality;
@@ -207,16 +185,20 @@ static void remove_process(struct cobalt_process *process)
continue;
personality = cobalt_personalities[xid];
priv = process->priv[xid];
+ if (priv == NULL)
+ continue;
/*
* CAUTION: process potentially refers to stale memory
* upon return from detach_process() for the Cobalt
* personality, so don't dereference it afterwards.
*/
- if (priv) {
- process->priv[xid] = NULL;
- personality->ops.detach_process(priv);
- leave_personality(process, personality);
- }
+ process->priv[xid] = NULL;
+ __clear_bit(personality->xid, &process->permap);
+ personality->ops.detach_process(priv);
+ atomic_dec(&personality->refcnt);
+ XENO_ASSERT(COBALT, atomic_read(&personality->refcnt) >= 0);
+ if (personality->module)
+ module_put(personality->module);
}
cobalt_set_process(NULL);
@@ -295,7 +277,6 @@ static int bind_personality(struct xnthread_personality
*personality)
{
struct cobalt_process *process;
void *priv;
- int ret;
/*
* We also check capabilities for stacking a Cobalt extension,
@@ -323,12 +304,13 @@ static int bind_personality(struct xnthread_personality
*personality)
* safely bump the module refcount after the attach handler
* has returned.
*/
- ret = enter_personality(process, personality);
- if (ret) {
+ if (personality->module && !try_module_get(personality->module)) {
personality->ops.detach_process(priv);
- return ret;
+ return -EAGAIN;
}
+ __set_bit(personality->xid, &process->permap);
+ atomic_inc(&personality->refcnt);
process->priv[personality->xid] = priv;
raise_cap(CAP_SYS_NICE);
___
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git
[Xenomai-git] Philippe Gerum : cobalt/posix/process: fix access to stale memory
Module: xenomai-forge
Branch: next
Commit: 48fc79b57d4a40fffdd474325a24c3122913737b
URL:
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=48fc79b57d4a40fffdd474325a24c3122913737b
Author: Philippe Gerum
Date: Sun Sep 21 12:51:08 2014 +0200
cobalt/posix/process: fix access to stale memory
---
kernel/cobalt/posix/process.c | 44 -
1 file changed, 13 insertions(+), 31 deletions(-)
diff --git a/kernel/cobalt/posix/process.c b/kernel/cobalt/posix/process.c
index c79c8d7..3c72db8 100644
--- a/kernel/cobalt/posix/process.c
+++ b/kernel/cobalt/posix/process.c
@@ -172,28 +172,6 @@ static void *lookup_context(int xid)
return priv;
}
-static int enter_personality(struct cobalt_process *process,
-struct xnthread_personality *personality)
-{
- if (personality->module && !try_module_get(personality->module))
- return -EAGAIN;
-
- __set_bit(personality->xid, &process->permap);
- atomic_inc(&personality->refcnt);
-
- return 0;
-}
-
-static void leave_personality(struct cobalt_process *process,
- struct xnthread_personality *personality)
-{
- __clear_bit(personality->xid, &process->permap);
- atomic_dec(&personality->refcnt);
- XENO_ASSERT(COBALT, atomic_read(&personality->refcnt) >= 0);
- if (personality->module)
- module_put(personality->module);
-}
-
static void remove_process(struct cobalt_process *process)
{
struct xnthread_personality *personality;
@@ -207,16 +185,20 @@ static void remove_process(struct cobalt_process *process)
continue;
personality = cobalt_personalities[xid];
priv = process->priv[xid];
+ if (priv == NULL)
+ continue;
/*
* CAUTION: process potentially refers to stale memory
* upon return from detach_process() for the Cobalt
* personality, so don't dereference it afterwards.
*/
- if (priv) {
- process->priv[xid] = NULL;
- personality->ops.detach_process(priv);
- leave_personality(process, personality);
- }
+ process->priv[xid] = NULL;
+ __clear_bit(personality->xid, &process->permap);
+ personality->ops.detach_process(priv);
+ atomic_dec(&personality->refcnt);
+ XENO_ASSERT(COBALT, atomic_read(&personality->refcnt) >= 0);
+ if (personality->module)
+ module_put(personality->module);
}
cobalt_set_process(NULL);
@@ -295,7 +277,6 @@ static int bind_personality(struct xnthread_personality
*personality)
{
struct cobalt_process *process;
void *priv;
- int ret;
/*
* We also check capabilities for stacking a Cobalt extension,
@@ -323,12 +304,13 @@ static int bind_personality(struct xnthread_personality
*personality)
* safely bump the module refcount after the attach handler
* has returned.
*/
- ret = enter_personality(process, personality);
- if (ret) {
+ if (personality->module && !try_module_get(personality->module)) {
personality->ops.detach_process(priv);
- return ret;
+ return -EAGAIN;
}
+ __set_bit(personality->xid, &process->permap);
+ atomic_inc(&personality->refcnt);
process->priv[personality->xid] = priv;
raise_cap(CAP_SYS_NICE);
___
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git
