From cbfd4dc1f99fdf4344c031aa2da9923bdc219165 Mon Sep 17 00:00:00 2001 From: Ville Juven Date: Wed, 15 Nov 2023 10:49:14 +0200 Subject: [PATCH] sched/sem_holder.c: When accessing SEM_WAITLIST, use holder's addrenv If the semaphore is shared, the holder has put its own mmapped address to pholder->sem. This means we must switch to the holder's address environment when going through the held semaphores list. A better option would be to get the kernel mapped address for the semaphore's physical page, but that mechanism is not functional yet. This fixes a full system crash when CONFIG_PRIORITY_INHERITANCE=y and CONFIG_BUILD_KERNEL=y and user makes shared semaphore via: int semfd = shm_open("sem", O_CREAT | O_RDWR, 0666); sem_t *sem = mmap(0, sizeof(sem_t), PROT_READ | PROT_WRITE, MAP_SHARED, semfd, 0); --- sched/semaphore/sem_holder.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/sched/semaphore/sem_holder.c b/sched/semaphore/sem_holder.c index 157e9e86d182f..e16ed27e4e20a 100644 --- a/sched/semaphore/sem_holder.c +++ b/sched/semaphore/sem_holder.c @@ -27,6 +27,8 @@ #include #include #include + +#include #include #include "sched/sched.h" @@ -400,6 +402,15 @@ static void nxsem_restore_priority(FAR struct tcb_s *htcb) { FAR struct semholder_s *pholder; +#ifdef CONFIG_ARCH_ADDRENV + FAR struct addrenv_s *oldenv; + + if (htcb->addrenv_own) + { + addrenv_select(htcb->addrenv_own, &oldenv); + } +#endif + /* Try to find the highest priority across all the threads that are * waiting for any semaphore held by htcb. */ @@ -417,6 +428,13 @@ static void nxsem_restore_priority(FAR struct tcb_s *htcb) } } +#ifdef CONFIG_ARCH_ADDRENV + if (htcb->addrenv_own) + { + addrenv_restore(oldenv); + } +#endif + /* Apply the selected priority to the thread (hopefully back to the * threads base_priority). */