mika/libnx
1
0
Fork 0
mirror of https://github.com/switchbrew/libnx.git synced 2025-06-22 04:52:39 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix race condition in tmem

Browse Source
This commit is contained in:
plutoo 2018-03-10 21:03:31 +01:00
parent 1dfb1beafb
commit e162da18ff
1 changed files with 20 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nx/source/kernel/tmem.c
View File

@ -6,6 +6,7 @@
#include "kernel/svc.h" #include "kernel/svc.h"
#include "kernel/tmem.h" #include "kernel/tmem.h"
#include "kernel/virtmem.h" #include "kernel/virtmem.h"
#include "services/fatal.h"
Result tmemCreate(TransferMemory* t, size_t size, Permission perm) Result tmemCreate(TransferMemory* t, size_t size, Permission perm)
{ {
@ -91,7 +92,25 @@ Result tmemClose(TransferMemory* t)
rc = svcCloseHandle(t->handle); rc = svcCloseHandle(t->handle);
} }
if (t->src_addr != NULL) { if (t->src_addr != NULL)
{
// This fixes a race condition where a remote process that has transfer
// memory mapped, but has not yet had time to unmap it.
// It will still be non-readable in our process until the other process has
// unmapped it, and we cannot free() it without crashing.
while (1) {
MemoryInfo info;
u32 who_cares;
if (R_FAILED(svcQueryMemory(&info, &who_cares, (u64) t->src_addr)))
fatalSimple(MAKERESULT(Module_Libnx, LibnxError_BadQueryMemory));
if (!(info.attr & MemAttr_IsBorrowed))
break;
svcSleepThread(1000000);
}
free(t->src_addr); free(t->src_addr);
} }