From ebcca179edae19712e5aaeae28b844ed7b5d37a3 Mon Sep 17 00:00:00 2001 From: Martin Stein Date: Tue, 15 Oct 2019 12:57:21 +0200 Subject: [PATCH] nic_router: fix 'catch' paths in session creation The handling of exceptions during session creation implies freeing and detaching the RAM DS behind the session env and session component. But this was done using the session env located in the same RAM DS, which must lead to problems. Now, the session env from the RAM DS is copied to the stack and the operations are done on this temporary instance instead. Ref #3525 --- repos/os/src/server/nic_router/component.cc | 37 +++++++++++---------- 1 file changed, 20 insertions(+), 17 deletions(-) diff --git a/repos/os/src/server/nic_router/component.cc b/repos/os/src/server/nic_router/component.cc index c1ac984d5..58172d745 100644 --- a/repos/os/src/server/nic_router/component.cc +++ b/repos/os/src/server/nic_router/component.cc @@ -147,66 +147,69 @@ Session_component *Net::Root::_create_session(char const *args) { try { /* create session environment temporarily on the stack */ - Session_env session_env_tmp { _env, _shared_quota, + Session_env session_env_stack { _env, _shared_quota, Ram_quota { Arg_string::find_arg(args, "ram_quota").ulong_value(0) }, Cap_quota { Arg_string::find_arg(args, "cap_quota").ulong_value(0) } }; - Reference session_env { session_env_tmp }; /* alloc/attach RAM block and move session env to base of the block */ Ram_dataspace_capability ram_ds { - session_env().alloc(sizeof(Session_env) + - sizeof(Session_component), CACHED) }; + session_env_stack.alloc(sizeof(Session_env) + + sizeof(Session_component), CACHED) }; try { - void * const ram_ptr { session_env().attach(ram_ds) }; - session_env = *construct_at(ram_ptr, session_env()); + void * const ram_ptr { session_env_stack.attach(ram_ds) }; + Session_env &session_env { + *construct_at(ram_ptr, session_env_stack) }; /* create new session object behind session env in the RAM block */ try { Session_label const label { label_from_args(args) }; return construct_at( (void*)((addr_t)ram_ptr + sizeof(Session_env)), - session_env(), + session_env, Arg_string::find_arg(args, "tx_buf_size").ulong_value(0), Arg_string::find_arg(args, "rx_buf_size").ulong_value(0), _timer, _mac_alloc.alloc(), _router_mac, label, _interfaces, _config(), ram_ds); } catch (Mac_allocator::Alloc_failed) { - session_env().detach(ram_ptr); - session_env().free(ram_ds); + Session_env session_env_stack { session_env }; + session_env_stack.detach(ram_ptr); + session_env_stack.free(ram_ds); _invalid_downlink("failed to allocate MAC address"); throw Service_denied(); } catch (Out_of_ram) { - session_env().detach(ram_ptr); - session_env().free(ram_ds); + Session_env session_env_stack { session_env }; + session_env_stack.detach(ram_ptr); + session_env_stack.free(ram_ds); _invalid_downlink("NIC session RAM quota"); throw Insufficient_ram_quota(); } catch (Out_of_caps) { - session_env().detach(ram_ptr); - session_env().free(ram_ds); + Session_env session_env_stack { session_env }; + session_env_stack.detach(ram_ptr); + session_env_stack.free(ram_ds); _invalid_downlink("NIC session CAP quota"); throw Insufficient_cap_quota(); } } catch (Region_map::Invalid_dataspace) { - session_env().free(ram_ds); + session_env_stack.free(ram_ds); _invalid_downlink("Failed to attach RAM"); throw Service_denied(); } catch (Region_map::Region_conflict) { - session_env().free(ram_ds); + session_env_stack.free(ram_ds); _invalid_downlink("Failed to attach RAM"); throw Service_denied(); } catch (Out_of_ram) { - session_env().free(ram_ds); + session_env_stack.free(ram_ds); _invalid_downlink("NIC session RAM quota"); throw Insufficient_ram_quota(); } catch (Out_of_caps) { - session_env().free(ram_ds); + session_env_stack.free(ram_ds); _invalid_downlink("NIC session CAP quota"); throw Insufficient_cap_quota(); }