firmware: fix TOCTTOU race in sync/async RPC code.

Before this commit, the main loop in session code was laid like:

  1. process_kern_queued_rpc
  2. process_host_message
  3. process_kern_message

If a host message (such as an RPC reply) caused the kernel to exit,
then any async RPCs would not complete, since RunFinished immediately
shuts down the kernel.

Fix this by reordering 1 and 2.
This commit is contained in:
whitequark 2018-11-12 15:28:27 +00:00 committed by Sebastien Bourdeauducq
parent a4997c56cf
commit 68aad3e482

View File

@ -497,16 +497,16 @@ fn host_kernel_worker(io: &Io,
let mut session = Session::new(congress);
loop {
while !rpc_queue::empty() {
process_kern_queued_rpc(stream, &mut session)?
}
if stream.can_recv() {
process_host_message(io, stream, &mut session)?
} else if !stream.may_recv() {
return Ok(())
}
while !rpc_queue::empty() {
process_kern_queued_rpc(stream, &mut session)?
}
if mailbox::receive() != 0 {
process_kern_message(io, Some(stream), &mut session)?;
}