base: make Ram_allocator noncopyable

Prevent erratic runtime behavior stemming from accidentally passing a
copy to a `Ram_allocator` by making the interface noncopyable.

In consequence, we had to provide an explicit copy constructor for
`Session_env` in server/nic_router, which will be reconsidered in
issue #5405.

Issue #5221
This commit is contained in:
Benjamin Lamowski 2024-12-10 11:30:23 +01:00 committed by Christian Helmuth
parent dd64164ed6
commit f94f461f8f
2 changed files with 14 additions and 1 deletions

View File

@ -19,6 +19,7 @@
#include <base/quota_guard.h>
#include <base/cache.h>
#include <dataspace/dataspace.h>
#include <util/noncopyable.h>
namespace Genode {
@ -32,7 +33,7 @@ namespace Genode {
}
struct Genode::Ram_allocator : Interface
struct Genode::Ram_allocator : Interface, Noncopyable
{
enum class Alloc_error { OUT_OF_RAM, OUT_OF_CAPS, DENIED };

View File

@ -104,6 +104,18 @@ class Genode::Session_env : public Ram_allocator,
_cap_guard { cap_quota }
{ }
/*
* The Ram_allocator interface is Noncopyable, but this
* implementation is safe to copy.
*/
Session_env(Session_env const &session)
:
_env { session._env },
_shared_quota { session._shared_quota },
_ram_guard { session._ram_guard },
_cap_guard { session._cap_guard }
{ }
Entrypoint &ep() { return _env.ep(); }