| commit | 931afbc21fb7256372512b67f529ef39acfc8ac8 | |
| author | Jakub Jermar <jakub@jermar.eu> | |
| Sat, 9 Jun 2018 08:41:53 +0000 (9 10:41 +0200) | ||
| committer | Jakub Jermar <jakub@jermar.eu> | |
| Sat, 9 Jun 2018 08:41:53 +0000 (9 10:41 +0200) | ||
| tree | f67b50a184087b8d333856c8d0a850d6d28c806a | treesnapshot (tar.gz zip) |
| parent | 75701004b4fe1a0a5f2b92aef205e5bfbf9a69e3 | commitdiff |
Don't republish call capability on forward failure
When forwarding of a call fails for some reason, the kernel
automatically answers the forwarded call with EFORWARD. It must not
republish the capability because only unanswered calls are associated
with a capability (so that they can be forwarded or answered).
Republishing the capability makes it possible for userspace to attempt
to answer such a call again, which results in kernel panic due to a
failed assertion. As an interesting fact, uspace functions
async_data_read_forward_fast and async_data_write_forward_fast do this.
Also, the motivation behind republishing the capability as explained
by the removed comment turns out to be invalid because such a call
ends up among the original caller's answers.
When forwarding of a call fails for some reason, the kernel
automatically answers the forwarded call with EFORWARD. It must not
republish the capability because only unanswered calls are associated
with a capability (so that they can be forwarded or answered).
Republishing the capability makes it possible for userspace to attempt
to answer such a call again, which results in kernel panic due to a
failed assertion. As an interesting fact, uspace functions
async_data_read_forward_fast and async_data_write_forward_fast do this.
Also, the motivation behind republishing the capability as explained
by the removed comment turns out to be invalid because such a call
ends up among the original caller's answers.
| kernel/generic/src/ipc/sysipc.c | diffblobblamehistory |