Fix race when removing Cap_index (fix #163)

Removing a Cap_index from Capability_map in core can happen twice, via Cap_session_component or destructor of a Cap_mapping. That it's checked whether the index is part of the map before removing it. This patch puts the check into the remove method, so both operations are within the same lock context, to remove a race condition. This is a follow up fix for commit d287b9d893
2012-03-23 17:19:22 +01:00 · 2012-03-23 17:19:22 +01:00 · 89db981280
parent c1e6657f49
commit 89db981280
2 changed files with 7 additions and 3 deletions
--- a/base-foc/src/base/env/cap_map.cc
+++ b/base-foc/src/base/env/cap_map.cc
@ -89,8 +89,12 @@ void Genode::Capability_map::remove(Genode::Cap_index* i)
 	Lock_guard<Spin_lock> guard(_lock);

 	if (i) {
-		_tree.remove(i);
-		cap_idx_alloc()->free(i,1);
+		if (_tree.first())
+			i = _tree.first()->find_by_id(i->id());
+		if (i) {
+			_tree.remove(i);
+			cap_idx_alloc()->free(i,1);
+		}
 	}
 }

--- a/base-foc/src/core/cap_session_component.cc
+++ b/base-foc/src/core/cap_session_component.cc
@ -92,7 +92,7 @@ Cap_mapping::Cap_mapping(Core_cap_index* i, Native_thread_id r)
 Cap_mapping::~Cap_mapping()
 {
 	unmap();
-	cap_map()->remove(cap_map()->find(local->id()));
+	cap_map()->remove(local);
 }