From ac68344811e88ebb1f23a3c874f141f0bc03d9eb Mon Sep 17 00:00:00 2001 From: Giovanni Di Sirio Date: Sat, 21 Mar 2020 10:36:11 +0000 Subject: [PATCH] Safer messages mechanism for sandboxes. git-svn-id: svn://svn.code.sf.net/p/chibios/svn/trunk@13467 27425a3e-05d8-49a3-a47f-9c15f0e5edd8 --- os/rt/include/chmsg.h | 6 ++++++ os/rt/src/chmsg.c | 8 +------- os/sb/host/sbhost.c | 47 +++++++++++++++++++++++++++++++++++++++++++ os/sb/host/sbhost.h | 8 ++++++-- 4 files changed, 60 insertions(+), 9 deletions(-) diff --git a/os/rt/include/chmsg.h b/os/rt/include/chmsg.h index 6bd110aeb..d67107513 100644 --- a/os/rt/include/chmsg.h +++ b/os/rt/include/chmsg.h @@ -50,6 +50,12 @@ /* Module macros. */ /*===========================================================================*/ +#if CH_CFG_USE_MESSAGES_PRIORITY == TRUE +#define __msg_insert(tp, qp) queue_prio_insert(tp, qp) +#else +#define __msg_insert(tp, qp) queue_insert(tp, qp) +#endif + /*===========================================================================*/ /* External declarations. */ /*===========================================================================*/ diff --git a/os/rt/src/chmsg.c b/os/rt/src/chmsg.c index 2003dd086..f8687d741 100644 --- a/os/rt/src/chmsg.c +++ b/os/rt/src/chmsg.c @@ -63,12 +63,6 @@ /* Module local functions. */ /*===========================================================================*/ -#if CH_CFG_USE_MESSAGES_PRIORITY == TRUE -#define msg_insert(tp, qp) queue_prio_insert(tp, qp) -#else -#define msg_insert(tp, qp) queue_insert(tp, qp) -#endif - /*===========================================================================*/ /* Module exported functions. */ /*===========================================================================*/ @@ -91,7 +85,7 @@ msg_t chMsgSend(thread_t *tp, msg_t msg) { chSysLock(); ctp->u.sentmsg = msg; - msg_insert(ctp, &tp->msgqueue); + __msg_insert(ctp, &tp->msgqueue); if (tp->state == CH_STATE_WTMSG) { (void) chSchReadyI(tp); } diff --git a/os/sb/host/sbhost.c b/os/sb/host/sbhost.c index 177a144c4..53eeebacc 100644 --- a/os/sb/host/sbhost.c +++ b/os/sb/host/sbhost.c @@ -143,4 +143,51 @@ void sbStart(sb_class_t *sbcp, const sb_config_t *config) { chSysHalt("returned"); } +#if (CH_CFG_USE_MESSAGES == TRUE) || defined(__DOXYGEN__) +/** + * @brief Sends a message to a sandboxed thread. + * + * @param[in] sbcp pointer to the sandbox object + * @param[in] msg message to be sent + * @param[in] timeout the number of ticks before the operation timeouts, + * the following special values are allowed: + * - @a TIME_INFINITE no timeout. + * . + * @return The returned message. + * @retval MSG_TIMEOUT if a timeout occurred. + * @retval MSG_RESET if the exchange aborted, sandboxed thread API usage + * error. + * + * @api + */ +msg_t sbSendMessageTimeout(sb_class_t *sbcp, + msg_t msg, + sysinterval_t timeout) { + thread_t *ctp = currp; + + chDbgCheck(sbcp != NULL); + + chSysLock(); + + /* Sending the message.*/ + ctp->u.sentmsg = msg; + __msg_insert(ctp, &sbcp->tp->msgqueue); + if (sbcp->tp->state == CH_STATE_WTMSG) { + (void) chSchReadyI(sbcp->tp); + } + msg = chSchGoSleepTimeoutS(CH_STATE_SNDMSGQ, timeout); + + /* If a timeout occurred while the boxed thread already received the message + then this thread needs to "unregister" as sender, the boxed error will + get SB_ERR_EBUSY when/if trying to reply.*/ + if (sbcp->msg_tp == ctp) { + sbcp->msg_tp = NULL; + } + + chSysUnlock(); + + return msg; +} +#endif /* CH_CFG_USE_MESSAGES == TRUE */ + /** @} */ diff --git a/os/sb/host/sbhost.h b/os/sb/host/sbhost.h index 5207af183..5ce4832ba 100644 --- a/os/sb/host/sbhost.h +++ b/os/sb/host/sbhost.h @@ -176,6 +176,9 @@ extern "C" { bool sb_is_valid_write_range(sb_class_t *sbcp, void *start, size_t size); void sbObjectInit(sb_class_t *sbcp); void sbStart(sb_class_t *sbcp, const sb_config_t *config); + msg_t sbSendMessageTimeout(sb_class_t *sbcp, + msg_t msg, + sysinterval_t timeout); #ifdef __cplusplus } #endif @@ -209,13 +212,14 @@ static inline msg_t sbWait(sb_class_t *sbcp) { * @param[in] sbcp pointer to the sandbox object * @param[in] msg message to be sent * @return The returned message. - * @retval MSG_RESET Sandboxed thread API usage error, exchange aborted. + * @retval MSG_RESET if the exchange aborted, sandboxed thread API usage + * error. * * @api */ static inline msg_t sbSendMessage(sb_class_t *sbcp, msg_t msg) { - return chMsgSend(sbcp->tp, msg); + return sbSendMessageTimeout(sbcp, msg, TIME_INFINITE); } #endif /* CH_CFG_USE_MESSAGES == TRUE */