Daniel Müller Daniel.Mueller at mailbox.tu-dresden.de
Fri Sep 6 07:20:40 CEST 2013


Please find attached a minimal example illustrating a bug in 
Factory_svr. When executing this example the output is something like:

Ned: loading file: 'rom/minimal.lua'
Ned: ERROR: ned.lua:199: could not create process: Insufficient memory 
(: -12)

The problem is in parsing the utcb_area parameter in the 
Factory_hndl::handle_task() method.
A patch could be the attached libkproxy.diff which will make the task 
creation succeed.

I would also like to point out that in my opinion there is no point in 
writing this functionality but never testing or using it (I have been 
unable to find a single client or test using it).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: minimal.tar.bz2
Type: application/x-bzip2
Size: 1737 bytes
Desc: not available
URL: <http://os.inf.tu-dresden.de/pipermail/l4-hackers/attachments/20130906/a9468efc/attachment.bz2>
-------------- next part --------------
diff --git a/l4/pkg/libkproxy/lib/src/factory_svr.cc b/l4/pkg/libkproxy/lib/src/factory_svr.cc
index 8faf423..126da8d 100644
--- a/l4/pkg/libkproxy/lib/src/factory_svr.cc
+++ b/l4/pkg/libkproxy/lib/src/factory_svr.cc
@@ -46,12 +46,14 @@ public:
   static int handle_task(Factory_svr *svr, Factory_interface *fi,
                          L4::Ipc::Iostream &ios)
-      l4_fpage_t utcb_area;
+      L4::Ipc::Varg utcb_area;
+      ios.get(&utcb_area);
+      if (!utcb_area.is_of<l4_fpage_t>())
+        return -L4_EINVAL;
       L4::Cap<L4::Task> t = svr->cap_alloc<L4::Task>();
       if (!t.is_valid())
         return -L4_ENOMEM;
-      ios >> utcb_area.raw;
-      int r = fi->create_task(t, utcb_area);
+      int r = fi->create_task(t, utcb_area.value<l4_fpage_t>());
       if (r == 0)
         ios << t;
       return r;

More information about the l4-hackers mailing list