From 803f226e749138713b5c767b1a108544ce5e0baf Mon Sep 17 00:00:00 2001
From: Justus Winter <4winter@informatik.uni-hamburg.de>
Date: Tue, 18 Aug 2015 11:32:15 +0200
Subject: ipc: fix locking issues

* ipc/ipc_port.h (struct ipc_port): Document locking exception.
* ipc/ipc_port.c (ipc_port_destroy): Avoid accessing `port's fields
without the lock.
(ipc_port_alloc_special): Lock `port'.
* ipc/mach_msg.c (mach_msg_trap): Avoid using
`ipc_port_flag_protected_payload' on unlocked port.
* ipc/ipc_kmsg.c (ipc_kmsg_copyout_header): Likewise.
---
 ipc/ipc_port.c | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

(limited to 'ipc/ipc_port.c')

diff --git a/ipc/ipc_port.c b/ipc/ipc_port.c
index 86a4ee2..4e4ad59 100644
--- a/ipc/ipc_port.c
+++ b/ipc/ipc_port.c
@@ -694,11 +694,13 @@ ipc_port_destroy(
 
 	port->ip_object.io_bits &= ~IO_BITS_ACTIVE;
 	port->ip_timestamp = ipc_port_timestamp();
+
+	nsrequest = port->ip_nsrequest;
+	dnrequests = port->ip_dnrequests;
+
 	ip_unlock(port);
 
 	/* throw away no-senders request */
-
-	nsrequest = port->ip_nsrequest;
 	if (nsrequest != IP_NULL)
 		ipc_notify_send_once(nsrequest); /* consumes ref */
 
@@ -725,8 +727,6 @@ ipc_port_destroy(
 	imq_unlock(mqueue);
 
 	/* generate dead-name notifications */
-
-	dnrequests = port->ip_dnrequests;
 	if (dnrequests != IPR_NULL) {
 		ipc_table_size_t its = dnrequests->ipr_size;
 		ipc_table_elems_t size = its->its_size;
@@ -1183,6 +1183,7 @@ ipc_port_alloc_special(ipc_space_t space)
 		return IP_NULL;
 
 	ip_lock_init(port);
+	ip_lock(port);
 	port->ip_references = 1;
 	port->ip_object.io_bits = io_makebits(TRUE, IOT_PORT, 0);
 
@@ -1198,7 +1199,7 @@ ipc_port_alloc_special(ipc_space_t space)
 	 */
 
 	ipc_port_init(port, space, (mach_port_t)port);
-
+	ip_unlock(port);
 	return port;
 }
 
-- 
cgit v1.2.3