From ccebaa38028f9b43f30baceae1dec49231eea109 Mon Sep 17 00:00:00 2001 From: Stefan Kalkowski Date: Tue, 27 Mar 2012 11:13:53 +0200 Subject: [PATCH] Fiasco.OC: fix race while pager_object destruction When the pager gets a pagefault, exception, pause, or wakeup request it's always possible, that the corresponding thread gets destroyed between receiving the message and looking up the thread's pager_object. This commit unifies the check for a valid pager_object for each kind of requests to the pager, thereby adds currently missing checks. --- base-foc/src/base/pager/pager.cc | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/base-foc/src/base/pager/pager.cc b/base-foc/src/base/pager/pager.cc index 3bf4bc91e..4cad69536 100644 --- a/base-foc/src/base/pager/pager.cc +++ b/base-foc/src/base/pager/pager.cc @@ -55,14 +55,18 @@ void Pager_activation_base::entry() continue; } + /* lookup referenced object */ + Pager_object *obj = _ep->obj_by_id(pager.badge()); + + /* the pager_object might be destroyed, while we got the message */ + if (!obj) + continue; + switch (pager.msg_type()) { case Ipc_pager::PAGEFAULT: case Ipc_pager::EXCEPTION: { - /* lookup referenced object */ - Pager_object *obj = _ep->obj_by_id(pager.badge()); - if (pager.is_exception()) { Lock::Guard guard(obj->state.lock); pager.copy_regs(&obj->state); @@ -94,11 +98,6 @@ void Pager_activation_base::entry() * have to send a reply to the specified thread and answer the * call. */ - Pager_object *obj = _ep->obj_by_id(pager.badge()); - if (!obj) { - PWRN("Got illegal wake-up message from %lx", pager.badge()); - continue; - } /* send reply to the caller */ pager.set_reply_dst(Native_thread()); @@ -122,8 +121,6 @@ void Pager_activation_base::entry() */ case Ipc_pager::PAUSE: { - Pager_object *obj = _ep->obj_by_id(pager.badge()); - Lock::Guard guard(obj->state.lock); pager.copy_regs(&obj->state);