Skip to content

Commit

Permalink
sem_holder.c: Replace addrenv_select with kmm_map for holder sem access
Browse files Browse the repository at this point in the history
The holder list can be modified via interrupt so using addrenv_select is
not safe. Access the semaphore by mapping it into kernel virtual memory
instead.
  • Loading branch information
pussuw committed Dec 18, 2024
1 parent 4a27521 commit bd5afce
Showing 1 changed file with 9 additions and 17 deletions.
26 changes: 9 additions & 17 deletions sched/semaphore/sem_holder.c
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@
#include <assert.h>
#include <debug.h>

#include <nuttx/addrenv.h>
#include <nuttx/arch.h>
#include <nuttx/mm/kmap.h>

#include "sched/sched.h"
#include "semaphore/semaphore.h"
Expand Down Expand Up @@ -98,6 +98,10 @@ nxsem_allocholder(FAR sem_t *sem, FAR struct tcb_s *htcb)
PANIC();
}

#ifdef CONFIG_MM_KMAP
sem = kmm_map_user(this_task(), sem, sizeof(*sem));
#endif

pholder->sem = sem;
pholder->htcb = htcb;
pholder->counts = 0;
Expand Down Expand Up @@ -194,6 +198,10 @@ static inline void nxsem_freeholder(FAR sem_t *sem,
}
}

#ifdef CONFIG_MM_KMAP
kmm_unmap(pholder->sem);
#endif

/* Release the holder and counts */

pholder->tlink = NULL;
Expand Down Expand Up @@ -398,15 +406,6 @@ static void nxsem_restore_priority(FAR struct tcb_s *htcb)
{
FAR struct semholder_s *pholder;

#ifdef CONFIG_ARCH_ADDRENV
FAR struct addrenv_s *oldenv;

if (htcb->addrenv_own)
{
addrenv_select(htcb->addrenv_own, &oldenv);
}
#endif

/* Try to find the highest priority across all the threads that are
* waiting for any semaphore held by htcb.
*/
Expand All @@ -424,13 +423,6 @@ static void nxsem_restore_priority(FAR struct tcb_s *htcb)
}
}

#ifdef CONFIG_ARCH_ADDRENV
if (htcb->addrenv_own)
{
addrenv_restore(oldenv);
}
#endif

/* Apply the selected priority to the thread (hopefully back to the
* threads base_priority).
*/
Expand Down

0 comments on commit bd5afce

Please sign in to comment.