nova: fix pager cleanup handling

The cleanup call must be performed already during the _dissolve function shortly after the object at the cap_session is freed up. Otherwise there is the chance that an in-flight IPC will find the to be dissolved function again. Bomb test triggered the case, that a already dissolved rpc_object was found by a in-flight IPC. If the rpc_object was already freed up by alloc->destroy the thread using this stale rpc_object pointer cause page-faults in core. Fixes partly #549
2025-06-16 06:08:16 +00:00 · 2012-12-04 09:49:01 +01:00
parent 28f7cf5dc2
commit edd30b56a2
2 changed files with 51 additions and 39 deletions
--- a/base-nova/include/base/pager.h
+++ b/base-nova/include/base/pager.h
@ -186,6 +186,15 @@ namespace Genode {
 			 */
 			Thread_capability thread_cap() { return _thread_cap; } const
 			void thread_cap(Thread_capability cap) { _thread_cap = cap; }
+
+			/**
+			 * Make sure nobody is in the handler anymore by doing an IPC to a
+			 * local cap pointing to same serving thread (if not running in the
+			 * context of the serving thread). When the call returns
+			 * we know that nobody is handled by this object anymore, because
+			 * all remotely available portals had been revoked beforehand.
+			 */
+			void cleanup_call();
 	};