base: safeguard entrypoint against double manage

This patch adds sanity checks to the RPC entrypoint that detect attempts to manage or dissolve the same RPC object twice. This is not always a bug. I.e., if RPC objects are implemented in the modern way where the object manages/dissolves itself. As the generic framework code (in particular root/component.h) cannot rely on this pattern, it has to call manage/dissolve for session objects anyway. For modern session objects, this double attempt would result in a serious error (double insertion into the object pool's AVL tree). Issue #2398
2026-01-21 12:32:56 +01:00 · 2017-05-08 12:52:23 +02:00
parent 843dd179d7
commit eea493a8ca
4 changed files with 26 additions and 1 deletions
--- a/repos/base/include/root/component.h
+++ b/repos/base/include/root/component.h
@@ -169,7 +169,12 @@ class Genode::Root_component : public Rpc_object<Typed_root<SESSION_TYPE> >,
 				throw Root::Unavailable();
 			}

-			_ep->manage(s);
+			/*
+			 * Consider that the session-object constructor may already have
+			 * called 'manage'.
+			 */
+			if (!s->cap().valid())
+				_ep->manage(s);

 			aquire_guard.ack = true;
 			return *s;