base: make Ram_allocator noncopyable

Prevent erratic runtime behavior stemming from accidentally passing a copy to a `Ram_allocator` by making the interface noncopyable. In consequence, we had to provide an explicit copy constructor for `Session_env` in server/nic_router, which will be reconsidered in issue #5405. Issue #5221
2025-03-14 00:06:40 +00:00 · 2024-12-10 11:30:23 +01:00 · 2024-12-10 11:30:23 +01:00 · f94f461f8f
commit f94f461f8f
parent dd64164ed6
2 changed files with 14 additions and 1 deletions
--- a/repos/base/include/base/ram_allocator.h
+++ b/repos/base/include/base/ram_allocator.h
@ -19,6 +19,7 @@
 #include <base/quota_guard.h>
 #include <base/cache.h>
 #include <dataspace/dataspace.h>
+#include <util/noncopyable.h>

 namespace Genode {

@ -32,7 +33,7 @@ namespace Genode {
 }


-struct Genode::Ram_allocator : Interface
+struct Genode::Ram_allocator : Interface, Noncopyable
 {
 	enum class Alloc_error { OUT_OF_RAM, OUT_OF_CAPS, DENIED };

--- a/repos/os/src/server/nic_router/session_env.h
+++ b/repos/os/src/server/nic_router/session_env.h
@ -104,6 +104,18 @@ class Genode::Session_env : public Ram_allocator,
 			_cap_guard    { cap_quota }
 		{ }

+                /*
+                 * The Ram_allocator interface is Noncopyable, but this
+                 * implementation is safe to copy.
+                 */
+                Session_env(Session_env const &session)
+		:
+			_env          { session._env },
+			_shared_quota { session._shared_quota },
+			_ram_guard    { session._ram_guard },
+			_cap_guard    { session._cap_guard }
+		{ }
+
 		Entrypoint &ep() { return _env.ep(); }