Check ownership when freeing RAM dataspaces
This commit is contained in:
parent
d6f956e37e
commit
3236395e6a
|
@ -27,6 +27,11 @@
|
||||||
|
|
||||||
namespace Genode {
|
namespace Genode {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deriving classes can own a dataspace to implement conditional behavior
|
||||||
|
*/
|
||||||
|
class Dataspace_owner { };
|
||||||
|
|
||||||
class Dataspace_component : public Rpc_object<Linux_dataspace>
|
class Dataspace_component : public Rpc_object<Linux_dataspace>
|
||||||
{
|
{
|
||||||
private:
|
private:
|
||||||
|
@ -36,18 +41,25 @@ namespace Genode {
|
||||||
Filename _fname; /* filename for mmap */
|
Filename _fname; /* filename for mmap */
|
||||||
bool _writable; /* false if read-only */
|
bool _writable; /* false if read-only */
|
||||||
|
|
||||||
|
/* Holds the dataspace owner if a distinction between owner and
|
||||||
|
* others is necessary on the dataspace, otherwise it is 0 */
|
||||||
|
Dataspace_owner * _owner;
|
||||||
|
|
||||||
public:
|
public:
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor
|
* Constructor
|
||||||
*/
|
*/
|
||||||
Dataspace_component(size_t size, addr_t addr, bool writable)
|
Dataspace_component(size_t size, addr_t addr, bool writable,
|
||||||
: _size(size), _addr(addr), _writable(writable) { }
|
Dataspace_owner * owner = 0)
|
||||||
|
: _size(size), _addr(addr), _writable(writable),
|
||||||
|
_owner(owner) { }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Default constructor returns invalid dataspace
|
* Default constructor returns invalid dataspace
|
||||||
*/
|
*/
|
||||||
Dataspace_component() : _size(0), _addr(0), _writable(false) { }
|
Dataspace_component() : _size(0), _addr(0), _writable(false),
|
||||||
|
_owner(0) { }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This constructor is only provided for compatibility
|
* This constructor is only provided for compatibility
|
||||||
|
@ -55,8 +67,8 @@ namespace Genode {
|
||||||
*/
|
*/
|
||||||
Dataspace_component(size_t size, addr_t core_local_addr,
|
Dataspace_component(size_t size, addr_t core_local_addr,
|
||||||
addr_t phys_addr, bool write_combined,
|
addr_t phys_addr, bool write_combined,
|
||||||
bool writable)
|
bool writable, Dataspace_owner * _owner = 0)
|
||||||
: _size(size), _addr(phys_addr)
|
: _size(size), _addr(phys_addr), _owner(_owner)
|
||||||
{
|
{
|
||||||
PWRN("Should only be used for IOMEM and not within Linux.");
|
PWRN("Should only be used for IOMEM and not within Linux.");
|
||||||
}
|
}
|
||||||
|
@ -70,6 +82,10 @@ namespace Genode {
|
||||||
*/
|
*/
|
||||||
void fname(const char *fname) { strncpy(_fname.buf, fname, sizeof(_fname.buf)); }
|
void fname(const char *fname) { strncpy(_fname.buf, fname, sizeof(_fname.buf)); }
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if dataspace is owned by a specified object
|
||||||
|
*/
|
||||||
|
bool owner(Dataspace_owner * const o) const { return _owner == o; }
|
||||||
|
|
||||||
/*************************
|
/*************************
|
||||||
** Dataspace interface **
|
** Dataspace interface **
|
||||||
|
|
|
@ -29,6 +29,11 @@ namespace Genode {
|
||||||
class Rm_region;
|
class Rm_region;
|
||||||
class Rm_session_component;
|
class Rm_session_component;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Deriving classes can own a dataspace to implement conditional behavior
|
||||||
|
*/
|
||||||
|
class Dataspace_owner { };
|
||||||
|
|
||||||
class Dataspace_component : public Rpc_object<Dataspace>
|
class Dataspace_component : public Rpc_object<Dataspace>
|
||||||
{
|
{
|
||||||
private:
|
private:
|
||||||
|
@ -43,6 +48,10 @@ namespace Genode {
|
||||||
List<Rm_region> _regions; /* regions this is attached to */
|
List<Rm_region> _regions; /* regions this is attached to */
|
||||||
Lock _lock;
|
Lock _lock;
|
||||||
|
|
||||||
|
/* Holds the dataspace owner if a distinction between owner and
|
||||||
|
* others is necessary on the dataspace, otherwise it is 0 */
|
||||||
|
Dataspace_owner * _owner;
|
||||||
|
|
||||||
protected:
|
protected:
|
||||||
|
|
||||||
bool _managed; /* true if this is a managed dataspace */
|
bool _managed; /* true if this is a managed dataspace */
|
||||||
|
@ -62,17 +71,19 @@ namespace Genode {
|
||||||
Dataspace_component()
|
Dataspace_component()
|
||||||
: _phys_addr(0), _core_local_addr(0), _size(0),
|
: _phys_addr(0), _core_local_addr(0), _size(0),
|
||||||
_is_io_mem(false), _write_combined(false), _writable(false),
|
_is_io_mem(false), _write_combined(false), _writable(false),
|
||||||
_managed(false) { }
|
_owner(0), _managed(false) { }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor for non-I/O dataspaces
|
* Constructor for non-I/O dataspaces
|
||||||
*
|
*
|
||||||
* This constructor is used by RAM and ROM dataspaces.
|
* This constructor is used by RAM and ROM dataspaces.
|
||||||
*/
|
*/
|
||||||
Dataspace_component(size_t size, addr_t core_local_addr, bool writable)
|
Dataspace_component(size_t size, addr_t core_local_addr,
|
||||||
|
bool writable,
|
||||||
|
Dataspace_owner * owner = 0)
|
||||||
: _phys_addr(core_local_addr), _core_local_addr(core_local_addr),
|
: _phys_addr(core_local_addr), _core_local_addr(core_local_addr),
|
||||||
_size(round_page(size)), _is_io_mem(false), _write_combined(false),
|
_size(round_page(size)), _is_io_mem(false), _write_combined(false),
|
||||||
_writable(writable), _managed(false) { }
|
_writable(writable), _owner(owner), _managed(false) { }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Constructor for dataspaces with different core-local and
|
* Constructor for dataspaces with different core-local and
|
||||||
|
@ -86,10 +97,11 @@ namespace Genode {
|
||||||
*/
|
*/
|
||||||
Dataspace_component(size_t size, addr_t core_local_addr,
|
Dataspace_component(size_t size, addr_t core_local_addr,
|
||||||
addr_t phys_addr, bool write_combined,
|
addr_t phys_addr, bool write_combined,
|
||||||
bool writable)
|
bool writable,
|
||||||
|
Dataspace_owner * owner = 0)
|
||||||
: _phys_addr(phys_addr), _core_local_addr(core_local_addr),
|
: _phys_addr(phys_addr), _core_local_addr(core_local_addr),
|
||||||
_size(size), _is_io_mem(true), _write_combined(write_combined),
|
_size(size), _is_io_mem(true), _write_combined(write_combined),
|
||||||
_writable(writable), _managed(false) { }
|
_writable(writable), _owner(owner), _managed(false) { }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Destructor
|
* Destructor
|
||||||
|
@ -123,6 +135,11 @@ namespace Genode {
|
||||||
void attached_to(Rm_region *region);
|
void attached_to(Rm_region *region);
|
||||||
void detached_from(Rm_region *region);
|
void detached_from(Rm_region *region);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check if dataspace is owned by a specific owner
|
||||||
|
*/
|
||||||
|
bool owner(Dataspace_owner * const o) const { return _owner == o; }
|
||||||
|
|
||||||
List<Rm_region> *regions() { return &_regions; }
|
List<Rm_region> *regions() { return &_regions; }
|
||||||
|
|
||||||
/*************************
|
/*************************
|
||||||
|
|
|
@ -29,7 +29,8 @@ namespace Genode {
|
||||||
typedef List<Ram_session_component> Ram_ref_account_members;
|
typedef List<Ram_session_component> Ram_ref_account_members;
|
||||||
|
|
||||||
class Ram_session_component : public Rpc_object<Ram_session>,
|
class Ram_session_component : public Rpc_object<Ram_session>,
|
||||||
public Ram_ref_account_members::Element
|
public Ram_ref_account_members::Element,
|
||||||
|
public Dataspace_owner
|
||||||
{
|
{
|
||||||
private:
|
private:
|
||||||
|
|
||||||
|
|
|
@ -27,6 +27,7 @@ static const bool verbose = false;
|
||||||
void Ram_session_component::_free_ds(Dataspace_component *ds)
|
void Ram_session_component::_free_ds(Dataspace_component *ds)
|
||||||
{
|
{
|
||||||
if (!ds) return;
|
if (!ds) return;
|
||||||
|
if (!ds->owner(this)) return;
|
||||||
|
|
||||||
size_t ds_size = ds->size();
|
size_t ds_size = ds->size();
|
||||||
|
|
||||||
|
@ -153,7 +154,7 @@ Ram_dataspace_capability Ram_session_component::alloc(size_t ds_size)
|
||||||
|
|
||||||
Dataspace_component *ds;
|
Dataspace_component *ds;
|
||||||
try {
|
try {
|
||||||
ds = new (&_ds_slab) Dataspace_component(ds_size, (addr_t)ds_addr, true);
|
ds = new (&_ds_slab) Dataspace_component(ds_size, (addr_t)ds_addr, true, this);
|
||||||
} catch (Allocator::Out_of_memory) {
|
} catch (Allocator::Out_of_memory) {
|
||||||
PWRN("Could not allocate metadata");
|
PWRN("Could not allocate metadata");
|
||||||
throw Out_of_metadata();
|
throw Out_of_metadata();
|
||||||
|
|
Loading…
Reference in New Issue