ExternalVendorCode/genode
1
0
Fork 0
mirror of https://github.com/genodelabs/genode.git synced 2025-06-20 08:03:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Linux: Robustness of socket life-time management

Browse Source 
This patch improves the life-time management of socket descriptors and
addresses several corner cases exposed by the 'bomb' test.

The lookup and association of file descriptors with global IDs have been
turned into an atomic operation. Otherwise, multiple threads interacting
with the singleton 'ep_sd_registry' may override each other's
associations.

Closing the socket pair used for the reply channel has been implemented
via the RAII pattern to capture all corner cases, in particular
exceptions.

If blocking operations are interrupted by signals, we throw a
'Blocking_canceled' exception.

We preserve core's socket descriptor at 'PARENT_SOCKET_HANDLE' to avoid
a corner case where the parent capability is going to dup2'ed to the
same handle.

Support for 'Thread_base::join' within core to enable leaving Genode via
Control-C.
This commit is contained in:
Norman Feske
2012-11-26 20:30:35 +01:00
parent 5c8373bec3
commit 91e6ab2baf
5 changed files with 140 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
base-linux/src/base/ipc/socket_descriptor_registry.h
View File

@ -86,65 +86,65 @@ class Genode::Socket_descriptor_registry
throw Limit_reached();
}
bool _is_registered(int global_id) const
{
for (unsigned i = 0; i < MAX_FDS; i++)
if (_entries[i].global_id == global_id)
return true;
return false;
}
public:
/**
* Register association of socket descriptor and its corresponding ID
*
* \throw Limit_reached
* \throw Aliased_global_id if global ID is already registered
*/
void associate(int sd, int global_id)
{
Genode::Lock::Guard guard(_lock);
/* ignore invalid capabilities */
if (sd == -1 || global_id == -1)
return;
/*
* Check for potential aliasing
*
* We allow any global ID to be present in the registry only once.
*/
if (_is_registered(global_id))
throw Aliased_global_id();
Entry &entry = _find_free_entry();
entry = Entry(sd, global_id);
}
void disassociate(int sd)
{
Genode::Lock::Guard guard(_lock);
_find_entry_by_fd(sd).mark_as_free();
}
/**
* Lookup file descriptor that belongs to specified global ID
*
* \return file descriptor or -1 if lookup failed
*/
int lookup_fd_by_global_id(int global_id) const
int _lookup_fd_by_global_id(int global_id) const
{
Genode::Lock::Guard guard(_lock);
for (unsigned i = 0; i < MAX_FDS; i++)
if (_entries[i].global_id == global_id)
return _entries[i].fd;
return -1;
}
public:
void disassociate(int sd)
{
Genode::Lock::Guard guard(_lock);
for (unsigned i = 0; i < MAX_FDS; i++)
if (_entries[i].fd == sd) {
_entries[i].mark_as_free();
return;
}
}
/**
* Try to associate socket descriptor with corresponding ID
*
* \return socket descriptor associated with the ID
* \throw Limit_reached
*
* If the ID was already associated, the return value is the originally
* registered socket descriptor. In this case, the caller should drop
* the new socket descriptor and use the one returned by this function.
*/
int try_associate(int sd, int global_id)
{
/* ignore invalid capabilities */
if (sd == -1)
return sd;
/* ignore invalid capabilities */
if (sd == -1 || global_id == -1)
return sd;
Genode::Lock::Guard guard(_lock);
int const existing_sd = _lookup_fd_by_global_id(global_id);
if (existing_sd < 0) {
Entry &entry = _find_free_entry();
entry = Entry(sd, global_id);
return sd;
} else {
return existing_sd;
}
}
};
#endif /* _BASE__IPC__SOCKET_DESCRIPTOR_REGISTRY_H_ */