add patch series

3 files changed, 279 insertions, 0 deletions

diff --git a/debian/patches/series b/debian/patches/series
index e532dda..20b742b 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -13,3 +13,5 @@ vm-cache-policy0001-VM-cache-policy-change.patch
 vm-cache-policy0002-vm-keep-track-of-clean-pages.patch
 vm-cache-policy0003-vm-evict-clean-pages-first.patch
 
+upstreamme0001-ipc-fix-the-locking-of-the-IPC-entry-allocation-func.patch
+upstreamme0002-ipc-use-a-general-lock-to-protect-IPC-spaces.patch
diff --git a/debian/patches/upstreamme0001-ipc-fix-the-locking-of-the-IPC-entry-allocation-func.patch b/debian/patches/upstreamme0001-ipc-fix-the-locking-of-the-IPC-entry-allocation-func.patch
new file mode 100644
index 0000000..e37e4be
--- /dev/null
+++ b/debian/patches/upstreamme0001-ipc-fix-the-locking-of-the-IPC-entry-allocation-func.patch
@@ -0,0 +1,224 @@
+From 8a68e0a6f3a62c3e382791774e5feb9506e1f7d8 Mon Sep 17 00:00:00 2001
+From: Justus Winter <4winter@informatik.uni-hamburg.de>
+Date: Wed, 15 Jul 2015 15:11:05 +0200
+Subject: [PATCH gnumach 1/2] ipc: fix the locking of the IPC entry allocation
+ functions
+
+* ipc/ipc_entry.c (ipc_entry_alloc): Assume the space is write-locked.
+(ipc_entry_alloc_name): Likewise.
+* ipc/ipc_object.c: Fix the locking around all call sites to the two
+functions where the space was not locked before.
+---
+ ipc/ipc_entry.c  | 21 ++-------------------
+ ipc/ipc_object.c | 32 ++++++++++++++++++++------------
+ 2 files changed, 22 insertions(+), 31 deletions(-)
+
+diff --git a/ipc/ipc_entry.c b/ipc/ipc_entry.c
+index a5fe319..0414ba5 100644
+--- a/ipc/ipc_entry.c
++++ b/ipc/ipc_entry.c
+@@ -56,8 +56,7 @@ struct kmem_cache ipc_entry_cache;
+  *	Purpose:
+  *		Allocate an entry out of the space.
+  *	Conditions:
+- *		The space is not locked before, but it is write-locked after
+- *		if the call is successful.  May allocate memory.
++ *		The space must be write-locked.  May allocate memory.
+  *	Returns:
+  *		KERN_SUCCESS		An entry was allocated.
+  *		KERN_INVALID_TASK	The space is dead.
+@@ -75,27 +74,21 @@ ipc_entry_alloc(
+ 	ipc_entry_t entry;
+ 	rdxtree_key_t key;
+ 
+-	is_write_lock(space);
+-
+ 	if (!space->is_active) {
+-		is_write_unlock(space);
+ 		return KERN_INVALID_TASK;
+ 	}
+ 
+ 	kr = ipc_entry_get(space, namep, entryp);
+ 	if (kr == KERN_SUCCESS)
+-		/* Success.  Space is write-locked.  */
+ 		return kr;
+ 
+ 	entry = ie_alloc();
+ 	if (entry == IE_NULL) {
+-		is_write_unlock(space);
+ 		return KERN_RESOURCE_SHORTAGE;
+ 	}
+ 
+ 	kr = rdxtree_insert_alloc(&space->is_map, entry, &key);
+ 	if (kr) {
+-		is_write_unlock(space);
+ 		ie_free(entry);
+ 		return kr;
+ 	}
+@@ -108,7 +101,6 @@ ipc_entry_alloc(
+ 
+ 	*entryp = entry;
+ 	*namep = (mach_port_t) key;
+-	/* Success.  Space is write-locked.  */
+ 	return KERN_SUCCESS;
+ }
+ 
+@@ -118,8 +110,7 @@ ipc_entry_alloc(
+  *		Allocates/finds an entry with a specific name.
+  *		If an existing entry is returned, its type will be nonzero.
+  *	Conditions:
+- *		The space is not locked before, but it is write-locked after
+- *		if the call is successful.  May allocate memory.
++ *		The space must be write-locked.  May allocate memory.
+  *	Returns:
+  *		KERN_SUCCESS		Found existing entry with same name.
+  *		KERN_SUCCESS		Allocated a new entry.
+@@ -138,10 +129,7 @@ ipc_entry_alloc_name(
+ 	void **slot;
+ 	assert(MACH_PORT_VALID(name));
+ 
+-	is_write_lock(space);
+-
+ 	if (!space->is_active) {
+-		is_write_unlock(space);
+ 		return KERN_INVALID_TASK;
+ 	}
+ 
+@@ -152,7 +140,6 @@ ipc_entry_alloc_name(
+ 	if (slot == NULL || entry == IE_NULL) {
+ 		entry = ie_alloc();
+ 		if (entry == IE_NULL) {
+-			is_write_unlock(space);
+ 			return KERN_RESOURCE_SHORTAGE;
+ 		}
+ 
+@@ -167,7 +154,6 @@ ipc_entry_alloc_name(
+ 			kr = rdxtree_insert(&space->is_map,
+ 					    (rdxtree_key_t) name, entry);
+ 			if (kr != KERN_SUCCESS) {
+-				is_write_unlock(space);
+ 				ie_free(entry);
+ 				return kr;
+ 			}
+@@ -175,14 +161,12 @@ ipc_entry_alloc_name(
+ 		space->is_size += 1;
+ 
+ 		*entryp = entry;
+-		/* Success.  Space is write-locked.  */
+ 		return KERN_SUCCESS;
+ 	}
+ 
+ 	if (IE_BITS_TYPE(entry->ie_bits)) {
+ 		/* Used entry.  */
+ 		*entryp = entry;
+-		/* Success.  Space is write-locked.  */
+ 		return KERN_SUCCESS;
+ 	}
+ 
+@@ -202,7 +186,6 @@ ipc_entry_alloc_name(
+ 
+ 	space->is_size += 1;
+ 	*entryp = entry;
+-	/* Success.  Space is write-locked.  */
+ 	return KERN_SUCCESS;
+ }
+ 
+diff --git a/ipc/ipc_object.c b/ipc/ipc_object.c
+index 2d84cf5..320fbcb 100644
+--- a/ipc/ipc_object.c
++++ b/ipc/ipc_object.c
+@@ -155,11 +155,12 @@ ipc_object_alloc_dead(
+ 	ipc_entry_t entry;
+ 	kern_return_t kr;
+ 
+-
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc(space, namep, &entry);
+-	if (kr != KERN_SUCCESS)
++	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		return kr;
+-	/* space is write-locked */
++	}
+ 
+ 	/* null object, MACH_PORT_TYPE_DEAD_NAME, 1 uref */
+ 
+@@ -191,11 +192,12 @@ ipc_object_alloc_dead_name(
+ 	ipc_entry_t entry;
+ 	kern_return_t kr;
+ 
+-
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc_name(space, name, &entry);
+-	if (kr != KERN_SUCCESS)
++	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		return kr;
+-	/* space is write-locked */
++	}
+ 
+ 	if (ipc_right_inuse(space, name, entry))
+ 		return KERN_NAME_EXISTS;
+@@ -254,12 +256,13 @@ ipc_object_alloc(
+ 
+ 		memset(pset, 0, sizeof(*pset));
+ 	}
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc(space, namep, &entry);
+ 	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		io_free(otype, object);
+ 		return kr;
+ 	}
+-	/* space is write-locked */
+ 
+ 	entry->ie_bits |= type | urefs;
+ 	entry->ie_object = object;
+@@ -321,12 +324,13 @@ ipc_object_alloc_name(
+ 		memset(pset, 0, sizeof(*pset));
+ 	}
+ 
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc_name(space, name, &entry);
+ 	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		io_free(otype, object);
+ 		return kr;
+ 	}
+-	/* space is write-locked */
+ 
+ 	if (ipc_right_inuse(space, name, entry)) {
+ 		io_free(otype, object);
+@@ -753,10 +757,12 @@ ipc_object_copyout_name(
+ 	assert(IO_VALID(object));
+ 	assert(io_otype(object) == IOT_PORT);
+ 
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc_name(space, name, &entry);
+-	if (kr != KERN_SUCCESS)
++	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		return kr;
+-	/* space is write-locked and active */
++	}
+ 
+ 	if ((msgt_name != MACH_MSG_TYPE_PORT_SEND_ONCE) &&
+ 	    ipc_right_reverse(space, object, &oname, &oentry)) {
+@@ -930,10 +936,12 @@ ipc_object_rename(
+ 	ipc_entry_t oentry, nentry;
+ 	kern_return_t kr;
+ 
++	is_write_lock(space);
+ 	kr = ipc_entry_alloc_name(space, nname, &nentry);
+-	if (kr != KERN_SUCCESS)
++	if (kr != KERN_SUCCESS) {
++		is_write_unlock(space);
+ 		return kr;
+-	/* space is write-locked and active */
++	}
+ 
+ 	if (ipc_right_inuse(space, nname, nentry)) {
+ 		/* space is unlocked */
+-- 
+2.1.4
+
diff --git a/debian/patches/upstreamme0002-ipc-use-a-general-lock-to-protect-IPC-spaces.patch b/debian/patches/upstreamme0002-ipc-use-a-general-lock-to-protect-IPC-spaces.patch
new file mode 100644
index 0000000..2c6b731
--- /dev/null
+++ b/debian/patches/upstreamme0002-ipc-use-a-general-lock-to-protect-IPC-spaces.patch
@@ -0,0 +1,53 @@
+From 7c9b83c90e2acc4f9eb74713c47796a3c0a08800 Mon Sep 17 00:00:00 2001
+From: Justus Winter <4winter@informatik.uni-hamburg.de>
+Date: Wed, 15 Jul 2015 12:40:50 +0200
+Subject: [PATCH gnumach 2/2] ipc: use a general lock to protect IPC spaces
+
+This fixes a corruption in the radix trees representing the IPC spaces
+when memory was tight.
+
+* ipc/ipc_space.h: Use a general lock to protect IPC spaces.
+---
+ ipc/ipc_space.h | 16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+diff --git a/ipc/ipc_space.h b/ipc/ipc_space.h
+index bbfee46..73c90ef 100644
+--- a/ipc/ipc_space.h
++++ b/ipc/ipc_space.h
+@@ -62,7 +62,7 @@ struct ipc_space {
+ 	decl_simple_lock_data(,is_ref_lock_data)
+ 	ipc_space_refs_t is_references;
+ 
+-	decl_simple_lock_data(,is_lock_data)
++	struct lock is_lock_data;
+ 	boolean_t is_active;		/* is the space alive? */
+ 	struct rdxtree is_map;		/* a map of entries */
+ 	size_t is_size;			/* number of entries */
+@@ -107,16 +107,16 @@ MACRO_BEGIN								\
+ 		is_free(is);						\
+ MACRO_END
+ 
+-#define	is_lock_init(is)	simple_lock_init(&(is)->is_lock_data)
++#define	is_lock_init(is)	lock_init(&(is)->is_lock_data, TRUE)
+ 
+-#define	is_read_lock(is)	simple_lock(&(is)->is_lock_data)
+-#define is_read_unlock(is)	simple_unlock(&(is)->is_lock_data)
++#define	is_read_lock(is)	lock_read(&(is)->is_lock_data)
++#define is_read_unlock(is)	lock_done(&(is)->is_lock_data)
+ 
+-#define	is_write_lock(is)	simple_lock(&(is)->is_lock_data)
+-#define	is_write_lock_try(is)	simple_lock_try(&(is)->is_lock_data)
+-#define is_write_unlock(is)	simple_unlock(&(is)->is_lock_data)
++#define	is_write_lock(is)	lock_write(&(is)->is_lock_data)
++#define	is_write_lock_try(is)	lock_try_write(&(is)->is_lock_data)
++#define is_write_unlock(is)	lock_done(&(is)->is_lock_data)
+ 
+-#define	is_write_to_read_lock(is)
++#define	is_write_to_read_lock(is) lock_write_to_read(&(is)->is_lock_data)
+ 
+ extern void ipc_space_reference(struct ipc_space *space);
+ extern void ipc_space_release(struct ipc_space *space);
+-- 
+2.1.4
+