firmware: fix TOCTTOU race in sync/async RPC code.

Before this commit, the main loop in session code was laid like:

  1. process_kern_queued_rpc
  2. process_host_message
  3. process_kern_message

If a host message (such as an RPC reply) caused the kernel to exit,
then any async RPCs would not complete, since RunFinished immediately
shuts down the kernel.

Fix this by reordering 1 and 2.
This commit is contained in:
whitequark 2018-11-12 15:28:27 +00:00
parent 59033d2588
commit 0edae64afb

View File

@ -502,16 +502,16 @@ fn host_kernel_worker(io: &Io, aux_mutex: &Mutex,
let mut session = Session::new(congress);
loop {
while !rpc_queue::empty() {
process_kern_queued_rpc(stream, &mut session)?
}
if stream.can_recv() {
process_host_message(io, stream, &mut session)?
} else if !stream.may_recv() {
return Ok(())
}
while !rpc_queue::empty() {
process_kern_queued_rpc(stream, &mut session)?
}
if mailbox::receive() != 0 {
process_kern_message(io, aux_mutex,
routing_table, up_destinations,