From 0edae64afb69a8fbf3ed7e04e6f6ad68abc527ce Mon Sep 17 00:00:00 2001
From: whitequark <whitequark@whitequark.org>
Date: Mon, 12 Nov 2018 15:28:27 +0000
Subject: [PATCH] firmware: fix TOCTTOU race in sync/async RPC code.

Before this commit, the main loop in session code was laid like:

  1. process_kern_queued_rpc
  2. process_host_message
  3. process_kern_message

If a host message (such as an RPC reply) caused the kernel to exit,
then any async RPCs would not complete, since RunFinished immediately
shuts down the kernel.

Fix this by reordering 1 and 2.
---
 artiq/firmware/runtime/session.rs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/artiq/firmware/runtime/session.rs b/artiq/firmware/runtime/session.rs
index ae23c3410..0ed5a3b62 100644
--- a/artiq/firmware/runtime/session.rs
+++ b/artiq/firmware/runtime/session.rs
@@ -502,16 +502,16 @@ fn host_kernel_worker(io: &Io, aux_mutex: &Mutex,
     let mut session = Session::new(congress);
 
     loop {
-        while !rpc_queue::empty() {
-            process_kern_queued_rpc(stream, &mut session)?
-        }
-
         if stream.can_recv() {
             process_host_message(io, stream, &mut session)?
         } else if !stream.may_recv() {
             return Ok(())
         }
 
+        while !rpc_queue::empty() {
+            process_kern_queued_rpc(stream, &mut session)?
+        }
+
         if mailbox::receive() != 0 {
             process_kern_message(io, aux_mutex,
                 routing_table, up_destinations,