Module: xenomai-forge
Branch: master
Commit: 74e853742ce919df6e35c9919354465c3982f7bb
URL:
http://git.xenomai.org/?p=xenomai-forge.git;a=commit;h=74e853742ce919df6e35c9919354465c3982f7bb
Author: Philippe Gerum <r...@xenomai.org>
Date: Tue Jan 7 13:15:49 2014 +0100
cobalt/shadow: sanitize ppd retrieval
---
include/cobalt/kernel/assert.h | 2 +-
include/cobalt/kernel/ppd.h | 15 ++++++++++++++-
kernel/cobalt/debug.c | 3 ---
kernel/cobalt/posix/internal.h | 9 ++++++++-
kernel/cobalt/shadow.c | 17 +----------------
5 files changed, 24 insertions(+), 22 deletions(-)
diff --git a/include/cobalt/kernel/assert.h b/include/cobalt/kernel/assert.h
index 63886a1..775ae1f 100644
--- a/include/cobalt/kernel/assert.h
+++ b/include/cobalt/kernel/assert.h
@@ -83,7 +83,7 @@
#define primary_mode_only() XENO_BUGON(CONTEXT, ipipe_root_p)
#define secondary_mode_only() XENO_BUGON(CONTEXT, !ipipe_root_p)
#define interrupt_only() XENO_BUGON(CONTEXT, !xnsched_interrupt_p())
-#define atomic_only() XENO_BUGON(CONTEXT, (xnlock_is_owner(&nklock)
&& spltest()) == 0)
+#define atomic_only() XENO_BUGON(CONTEXT, (xnlock_is_owner(&nklock)
&& hard_irqs_disabled()) == 0)
#define realtime_cpu_only() XENO_BUGON(CONTEXT,
!xnsched_supported_cpu(ipipe_processor_id()))
void __xnsys_assert_failed(const char *file, int line, const char *msg);
diff --git a/include/cobalt/kernel/ppd.h b/include/cobalt/kernel/ppd.h
index 05e32b3..937f998 100644
--- a/include/cobalt/kernel/ppd.h
+++ b/include/cobalt/kernel/ppd.h
@@ -23,6 +23,7 @@
#include <cobalt/kernel/list.h>
#include <cobalt/kernel/shadow.h>
+#include <cobalt/kernel/lock.h>
#include <cobalt/kernel/heap.h>
struct mm_struct;
@@ -53,7 +54,7 @@ struct xnsys_ppd {
extern struct xnsys_ppd __xnsys_global_ppd;
-static inline struct xnsys_ppd *xnsys_ppd_get(int global)
+static inline struct xnsys_ppd *__xnsys_ppd_get(int global)
{
struct xnshadow_ppd *ppd;
@@ -63,4 +64,16 @@ static inline struct xnsys_ppd *xnsys_ppd_get(int global)
return container_of(ppd, struct xnsys_ppd, ppd);
}
+static inline struct xnsys_ppd *xnsys_ppd_get(int global)
+{
+ struct xnsys_ppd *ppd;
+ spl_t s;
+
+ xnlock_get_irqsave(&nklock, s);
+ ppd = __xnsys_ppd_get(global);
+ xnlock_put_irqrestore(&nklock, s);
+
+ return ppd;
+}
+
#endif /* _COBALT_KERNEL_PPD_H */
diff --git a/kernel/cobalt/debug.c b/kernel/cobalt/debug.c
index 226c5ee..10fbb53 100644
--- a/kernel/cobalt/debug.c
+++ b/kernel/cobalt/debug.c
@@ -618,11 +618,8 @@ void xndebug_shadow_init(struct xnthread *thread)
{
struct xnsys_ppd *sys_ppd;
size_t len;
- spl_t s;
- xnlock_get_irqsave(&nklock, s);
sys_ppd = xnsys_ppd_get(0);
- xnlock_put_irqrestore(&nklock, s);
/*
* The caller is current, so we know for sure that sys_ppd
* will still be valid after we dropped the lock.
diff --git a/kernel/cobalt/posix/internal.h b/kernel/cobalt/posix/internal.h
index bf73ea3..9102e27 100644
--- a/kernel/cobalt/posix/internal.h
+++ b/kernel/cobalt/posix/internal.h
@@ -67,9 +67,16 @@ static inline struct cobalt_process
*cobalt_process_context(void)
static inline struct cobalt_kqueues *cobalt_kqueues(int pshared)
{
struct xnshadow_ppd *ppd;
+ spl_t s;
+
+ xnlock_get_irqsave(&nklock, s);
- if (pshared || (ppd = xnshadow_ppd_get(cobalt_muxid)) == NULL)
+ if (pshared || (ppd = xnshadow_ppd_get(cobalt_muxid)) == NULL) {
+ xnlock_put_irqrestore(&nklock, s);
return &cobalt_global_kqueues;
+ }
+
+ xnlock_put_irqrestore(&nklock, s);
return &container_of(ppd, struct cobalt_process, ppd)->kqueues;
}
diff --git a/kernel/cobalt/shadow.c b/kernel/cobalt/shadow.c
index 4fc51ca..8f53474 100644
--- a/kernel/cobalt/shadow.c
+++ b/kernel/cobalt/shadow.c
@@ -919,7 +919,6 @@ int xnshadow_map_user(struct xnthread *thread,
struct xnthread_start_attr attr;
struct xnsys_ppd *sys_ppd;
struct xnheap *sem_heap;
- spl_t s;
int ret;
if (!xnthread_test_state(thread, XNUSER))
@@ -953,10 +952,7 @@ int xnshadow_map_user(struct xnthread *thread,
}
#endif /* CONFIG_MMU */
- xnlock_get_irqsave(&nklock, s);
sys_ppd = xnsys_ppd_get(0);
- xnlock_put_irqrestore(&nklock, s);
-
sem_heap = &sys_ppd->sem_heap;
u_window = xnheap_alloc(sem_heap, sizeof(*u_window));
if (u_window == NULL) {
@@ -1323,7 +1319,7 @@ static int handle_mayday_event(struct pt_regs *regs)
/* We enter the mayday handler with hw IRQs off. */
xnlock_get(&nklock);
- sys_ppd = xnsys_ppd_get(0);
+ sys_ppd = __xnsys_ppd_get(0);
xnlock_put(&nklock);
xnarch_handle_mayday(tcb, regs, sys_ppd->mayday_addr);
@@ -1551,9 +1547,6 @@ static int xnshadow_sys_heap_info(struct xnheap_desc
__user *u_hd,
{
struct xnheap_desc hd;
struct xnheap *heap;
- spl_t s;
-
- xnlock_get_irqsave(&nklock, s);
switch(heap_nr) {
case XNHEAP_PROC_PRIVATE_HEAP:
@@ -1564,7 +1557,6 @@ static int xnshadow_sys_heap_info(struct xnheap_desc
__user *u_hd,
heap = &kheap;
break;
default:
- xnlock_put_irqrestore(&nklock, s);
return -EINVAL;
}
@@ -1572,7 +1564,6 @@ static int xnshadow_sys_heap_info(struct xnheap_desc
__user *u_hd,
hd.size = xnheap_extentsize(heap);
hd.area = xnheap_base_memory(heap);
hd.used = xnheap_used_mem(heap);
- xnlock_put_irqrestore(&nklock, s);
return __xn_safe_copy_to_user(u_hd, &hd, sizeof(*u_hd));
}
@@ -2279,7 +2270,6 @@ static int handle_taskexit_event(struct task_struct *p)
/* p == current */
struct xnsys_ppd *sys_ppd;
struct xnthread *thread;
struct mm_struct *mm;
- spl_t s;
/*
* We are called for both kernel and user shadows over the
@@ -2302,9 +2292,7 @@ static int handle_taskexit_event(struct task_struct *p)
/* p == current */
xnsched_run();
if (xnthread_test_state(thread, XNUSER)) {
- xnlock_get_irqsave(&nklock, s);
sys_ppd = xnsys_ppd_get(0);
- xnlock_put_irqrestore(&nklock, s);
xnheap_free(&sys_ppd->sem_heap, thread->u_window);
thread->u_window = NULL;
mm = xnshadow_current_mm();
@@ -2486,15 +2474,12 @@ static int handle_cleanup_event(struct mm_struct *mm)
struct xnsys_ppd *sys_ppd;
struct xnthread *thread;
struct mm_struct *old;
- spl_t s;
/* We are NOT called for exiting kernel shadows. */
old = xnshadow_swap_mm(mm);
- xnlock_get_irqsave(&nklock, s);
sys_ppd = xnsys_ppd_get(0);
- xnlock_put_irqrestore(&nklock, s);
if (sys_ppd != &__xnsys_global_ppd) {
/*
* Detect a userland shadow running exec(), i.e. still
_______________________________________________
Xenomai-git mailing list
Xenomai-git@xenomai.org
http://www.xenomai.org/mailman/listinfo/xenomai-git
