From 89db9812809a51ccb5e30255ec8638e0dd831a10 Mon Sep 17 00:00:00 2001 From: Stefan Kalkowski Date: Fri, 23 Mar 2012 17:19:22 +0100 Subject: [PATCH] Fix race when removing Cap_index (fix #163) Removing a Cap_index from Capability_map in core can happen twice, via Cap_session_component or destructor of a Cap_mapping. That it's checked whether the index is part of the map before removing it. This patch puts the check into the remove method, so both operations are within the same lock context, to remove a race condition. This is a follow up fix for commit d287b9d89387d8d307c11594413d7ab47429827f --- base-foc/src/base/env/cap_map.cc | 8 ++++++-- base-foc/src/core/cap_session_component.cc | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/base-foc/src/base/env/cap_map.cc b/base-foc/src/base/env/cap_map.cc index c63d21c99..db31ab107 100644 --- a/base-foc/src/base/env/cap_map.cc +++ b/base-foc/src/base/env/cap_map.cc @@ -89,8 +89,12 @@ void Genode::Capability_map::remove(Genode::Cap_index* i) Lock_guard guard(_lock); if (i) { - _tree.remove(i); - cap_idx_alloc()->free(i,1); + if (_tree.first()) + i = _tree.first()->find_by_id(i->id()); + if (i) { + _tree.remove(i); + cap_idx_alloc()->free(i,1); + } } } diff --git a/base-foc/src/core/cap_session_component.cc b/base-foc/src/core/cap_session_component.cc index 4703bc768..8c188775a 100644 --- a/base-foc/src/core/cap_session_component.cc +++ b/base-foc/src/core/cap_session_component.cc @@ -92,7 +92,7 @@ Cap_mapping::Cap_mapping(Core_cap_index* i, Native_thread_id r) Cap_mapping::~Cap_mapping() { unmap(); - cap_map()->remove(cap_map()->find(local->id())); + cap_map()->remove(local); }