From f70dc04d8ad6d1d3b385d798eaa5736a701b73a9 Mon Sep 17 00:00:00 2001
From: dzwdz
Date: Tue, 3 May 2022 19:28:14 +0200
Subject: kernel/proc: fix double decrement of potential_handlers

---
 src/kernel/proc.c | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

(limited to 'src/kernel')

diff --git a/src/kernel/proc.c b/src/kernel/proc.c
index 4dfee15..ba19943 100644
--- a/src/kernel/proc.c
+++ b/src/kernel/proc.c
@@ -256,8 +256,7 @@ void process_kill(struct process *p, int ret) {
 		p->handled_req = NULL;
 	}
 	if (p->controlled) {
-		// code stink: i don't like how handling controlled backends is split
-		// between this if and the switch lower down
+		assert(p->controlled->potential_handlers > 0);
 		p->controlled->potential_handlers--;
 		if (p->controlled->potential_handlers == 0) {
 			// orphaned
@@ -268,6 +267,11 @@ void process_kill(struct process *p, int ret) {
 				q = q2;
 			}
 		}
+		if (p->controlled->handler == p) {
+			assert(p->state == PS_WAITS4REQUEST);
+			p->controlled->handler = NULL;
+		}
+		p->controlled = NULL;
 	}
 
 	// TODO VULN unbounded recursion
@@ -280,6 +284,7 @@ void process_kill(struct process *p, int ret) {
 	switch (p->state) {
 		case PS_RUNNING:
 		case PS_WAITS4CHILDDEATH:
+		case PS_WAITS4REQUEST:
 			break;
 
 		case PS_WAITS4FS:
@@ -300,12 +305,6 @@ void process_kill(struct process *p, int ret) {
 			process_deadparent->child  = p;
 			return;
 
-		case PS_WAITS4REQUEST:
-			assert(p->controlled);
-			if (p->controlled->handler == p)
-				p->controlled->handler = NULL;
-			break;
-
 		case PS_DEAD:
 		case PS_DEADER:
 		case PS_DUMMY:
-- 
cgit v1.2.3