nova: remove nova_die from receive window calc.

Issue genodelabs#5443
alex-ab · Feb 5, 2025 · c5243e9 · c5243e9
1 parent d4e96d7
commit c5243e9
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/repos/base-nova/include/nova/receive_window.h b/repos/base-nova/include/nova/receive_window.h
@@ -135,6 +135,12 @@ struct Genode::Receive_window
 
 		unsigned num_received_caps() const { return _rcv_pt_sel_max; }
 
+		enum Receive_cleanup_result {
+			SELECTORS_KEPT  = 0,
+			REINIT_REQUIRED = 1,
+			OUT_OF_BOUNDS   = 2
+		};
+
 		/**
 		 * Return true if receive window must be re-initialized
 		 *
@@ -152,10 +158,12 @@ struct Genode::Receive_window
 		 *                        because object is freed
 		 *                        afterwards.
 		 *
-		 * \result 'true'  -  receive window must be re-initialized
-		 *         'false' -  portal selectors has been kept
+		 * \result Receive_cleanup_result:
+		 *         REINIT_REQUIRED  - receive window must be re-initialized
+		 *         SELECTORS_KEPT   - portal selectors has been kept
+		 *         OUT_OF_BOUNDS    - invalid internal state which would lead to out of bounds access
 		 */
-		bool rcv_cleanup(bool keep, unsigned short const new_max = MAX_CAP_ARGS);
+		Receive_cleanup_result rcv_cleanup(bool keep, uint16_t new_max = MAX_CAP_ARGS);
 
 		/**
 		 * Initialize receive window for portal capability

diff --git a/repos/base-nova/src/lib/base/ipc.cc b/repos/base-nova/src/lib/base/ipc.cc
@@ -116,7 +116,8 @@ bool Receive_window::rcv_invalid() const
 }
 
 
-bool Receive_window::rcv_cleanup(bool keep, unsigned short const new_max)
+Receive_window::Receive_cleanup_result Receive_window::rcv_cleanup(bool     const keep,
+                                                                   uint16_t const new_max)
 {
 	/* mark used mapped capabilities as used to prevent freeing */
 	bool reinit = false;
@@ -127,7 +128,7 @@ bool Receive_window::rcv_cleanup(bool keep, unsigned short const new_max)
 		/* should never happen */
 		if (_rcv_pt_sel[i].sel < _rcv_pt_base ||
 			(_rcv_pt_sel[i].sel >= _rcv_pt_base + MAX_CAP_ARGS))
-				nova_die();
+				return Receive_cleanup_result::OUT_OF_BOUNDS;
 
 		_rcv_pt_cap_free [_rcv_pt_sel[i].sel - _rcv_pt_base] = USED_CAP;
 
@@ -154,7 +155,7 @@ bool Receive_window::rcv_cleanup(bool keep, unsigned short const new_max)
 				cap_map().remove(_rcv_pt_base + i, 0, false);
 		}
 
-		return false;
+		return Receive_cleanup_result::SELECTORS_KEPT;
 	}
 
 	/* decrease ref count if valid selector */
@@ -164,7 +165,7 @@ bool Receive_window::rcv_cleanup(bool keep, unsigned short const new_max)
 		cap_map().remove(_rcv_pt_base + i, 0, _rcv_pt_cap_free[i] != FREE_SEL);
 	}
 
-	return true;
+	return Receive_cleanup_result::REINIT_REQUIRED;
 }