diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-11-18 21:36:44 +0100 |
|---|---|---|
| committer | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2023-11-18 21:41:52 +0100 |
| commit | 383379ae770fd6a74c592006f46986320df9fa30 (patch) | |
| tree | f4d228438e4f350a21b39cb153eb60b048a8690e /ipc | |
| parent | 2f899c323e850ec9cab35f24315f28ef62021957 (diff) | |
ipc_entry_lookup: Generalize warnings about bogus port names
Looking up a bogus port name is generally a sign of a real bug, such as a
spurious mach port deallocation.
Diffstat (limited to 'ipc')
| -rw-r--r-- | ipc/ipc_kmsg.c | 31 | ||||
| -rw-r--r-- | ipc/ipc_space.h | 13 | ||||
| -rw-r--r-- | ipc/mach_msg.c | 12 | ||||
| -rw-r--r-- | ipc/mach_port.c | 2 |
4 files changed, 54 insertions, 4 deletions
diff --git a/ipc/ipc_kmsg.c b/ipc/ipc_kmsg.c index fb8de249..096769f2 100644 --- a/ipc/ipc_kmsg.c +++ b/ipc/ipc_kmsg.c @@ -686,7 +686,10 @@ ipc_kmsg_copyin_header( entry = ipc_entry_lookup (space, dest_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (dest_name); goto abort_async; + } bits = entry->ie_bits; /* check type bits */ @@ -738,7 +741,10 @@ ipc_kmsg_copyin_header( entry = ipc_entry_lookup (space, dest_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (dest_name); goto abort_request; + } bits = entry->ie_bits; /* check type bits */ @@ -752,7 +758,10 @@ ipc_kmsg_copyin_header( entry = ipc_entry_lookup (space, reply_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (reply_name); goto abort_request; + } bits = entry->ie_bits; /* check type bits */ @@ -819,7 +828,10 @@ ipc_kmsg_copyin_header( entry = ipc_entry_lookup (space, dest_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (dest_name); goto abort_reply; + } bits = entry->ie_bits; /* check and type bits */ @@ -892,6 +904,8 @@ ipc_kmsg_copyin_header( if (((entry = ipc_entry_lookup(space, notify)) == IE_NULL) || ((entry->ie_bits & MACH_PORT_TYPE_RECEIVE) == 0)) { + if (entry == IE_NULL) + ipc_entry_lookup_failed (notify); is_write_unlock(space); return MACH_SEND_INVALID_NOTIFY; } @@ -916,8 +930,10 @@ ipc_kmsg_copyin_header( */ entry = ipc_entry_lookup(space, name); - if (entry == IE_NULL) + if (entry == IE_NULL) { + ipc_entry_lookup_failed (name); goto invalid_dest; + } assert(reply_type != 0); /* because name not null */ @@ -1067,8 +1083,10 @@ ipc_kmsg_copyin_header( */ entry = ipc_entry_lookup(space, dest_name); - if (entry == IE_NULL) + if (entry == IE_NULL) { + ipc_entry_lookup_failed (dest_name); goto invalid_dest; + } kr = ipc_right_copyin(space, dest_name, entry, dest_type, FALSE, @@ -1123,12 +1141,17 @@ ipc_kmsg_copyin_header( */ dest_entry = ipc_entry_lookup(space, dest_name); - if (dest_entry == IE_NULL) + if (dest_entry == IE_NULL) { + ipc_entry_lookup_failed (dest_name); goto invalid_dest; + } reply_entry = ipc_entry_lookup(space, reply_name); if (reply_entry == IE_NULL) + { + ipc_entry_lookup_failed (reply_name); goto invalid_reply; + } assert(dest_entry != reply_entry); /* names are not equal */ assert(reply_type != 0); /* because reply_name not null */ @@ -2093,6 +2116,8 @@ ipc_kmsg_copyout_header( if (((entry = ipc_entry_lookup(space, notify)) == IE_NULL) || ((entry->ie_bits & MACH_PORT_TYPE_RECEIVE) == 0)) { + if (entry == IE_NULL) + ipc_entry_lookup_failed (notify); is_read_unlock(space); return MACH_RCV_INVALID_NOTIFY; } diff --git a/ipc/ipc_space.h b/ipc/ipc_space.h index b4eb5ba6..22460877 100644 --- a/ipc/ipc_space.h +++ b/ipc/ipc_space.h @@ -47,6 +47,7 @@ #include <kern/lock.h> #include <kern/rdxtree.h> #include <kern/slab.h> +#include <kern/printf.h> #include <ipc/ipc_entry.h> #include <ipc/ipc_types.h> @@ -155,6 +156,18 @@ ipc_entry_lookup( return entry; } +extern volatile boolean_t mach_port_deallocate_debug; + +static inline void +ipc_entry_lookup_failed(mach_port_name_t name) +{ + if (name == MACH_PORT_NULL || name == MACH_PORT_DEAD) + return; + printf("task %.*s looked up a bogus port %lu, most probably a bug.\n", (int) sizeof current_task()->name, current_task()->name, (unsigned long) name); + if (mach_port_deallocate_debug) + SoftDebugger("ipc_entry_lookup"); +} + /* * Routine: ipc_entry_get * Purpose: diff --git a/ipc/mach_msg.c b/ipc/mach_msg.c index 118ce4b3..abeeb643 100644 --- a/ipc/mach_msg.c +++ b/ipc/mach_msg.c @@ -495,7 +495,10 @@ mach_msg_trap( ipc_entry_t entry; entry = ipc_entry_lookup (space, reply_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (reply_name); goto abort_request_copyin; + } reply_port = (ipc_port_t) entry->ie_object; assert(reply_port != IP_NULL); } @@ -508,7 +511,10 @@ mach_msg_trap( ipc_entry_bits_t bits; entry = ipc_entry_lookup (space, dest_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (dest_name); goto abort_request_copyin; + } bits = entry->ie_bits; /* check type bits */ @@ -620,7 +626,10 @@ mach_msg_trap( entry = ipc_entry_lookup (space, dest_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (dest_name); goto abort_reply_dest_copyin; + } /* check type bits */ if (IE_BITS_TYPE (entry->ie_bits) != @@ -668,7 +677,10 @@ mach_msg_trap( ipc_entry_bits_t bits; entry = ipc_entry_lookup (space, rcv_name); if (entry == IE_NULL) + { + ipc_entry_lookup_failed (rcv_name); goto abort_reply_rcv_copyin; + } bits = entry->ie_bits; /* check type bits; looking for receive or set */ diff --git a/ipc/mach_port.c b/ipc/mach_port.c index a07b4fe9..d8696e23 100644 --- a/ipc/mach_port.c +++ b/ipc/mach_port.c @@ -534,7 +534,7 @@ mach_port_allocate( * KERN_INVALID_NAME The name doesn't denote a right. */ -static volatile boolean_t mach_port_deallocate_debug = FALSE; +volatile boolean_t mach_port_deallocate_debug = FALSE; kern_return_t mach_port_destroy( |