From 2fb00c7d85f2eee6caa0bc742afd496a6ef7f33c Mon Sep 17 00:00:00 2001
From: Jorge Aparicio <japaricious@gmail.com>
Date: Thu, 13 Apr 2017 22:57:06 -0500
Subject: [PATCH] fix memory safety hole around `borrow`

---
 src/lib.rs              |  9 +++++++--
 tests/cfail/borrow.rs   | 27 ++++++++++++++++++---------
 tests/cfail/lock_mut.rs | 16 ----------------
 3 files changed, 25 insertions(+), 27 deletions(-)
 delete mode 100644 tests/cfail/lock_mut.rs

diff --git a/src/lib.rs b/src/lib.rs
index d49ddf11f9..46a6bd794a 100644
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -64,12 +64,15 @@ where
     /// section
     ///
     /// This operation is zero cost and doesn't impose any additional blocking
-    pub fn borrow<'cs, SCEILING>(
+    pub fn borrow<'cs, PRIORITY, SCEILING>(
         &'static self,
+        _priority: &P<PRIORITY>,
         _system_ceiling: &'cs C<SCEILING>,
     ) -> &'cs T
     where
         SCEILING: GreaterThanOrEqual<CEILING>,
+        CEILING: GreaterThanOrEqual<PRIORITY>,
+        P<PRIORITY>: Priority,
     {
         unsafe { &*self.data.get() }
     }
@@ -216,12 +219,14 @@ where
     C<CEILING>: Ceiling,
 {
     /// See [Resource.borrow](./struct.Resource.html#method.borrow)
-    pub fn borrow<'cs, SCEILING>(
+    pub fn borrow<'cs, PRIORITY, SCEILING>(
         &'static self,
+        _priority: &P<PRIORITY>,
         _system_ceiling: &'cs C<SCEILING>,
     ) -> &'cs Periph
     where
         SCEILING: GreaterThanOrEqual<CEILING>,
+        CEILING: GreaterThanOrEqual<PRIORITY>,
     {
         unsafe { &*self.peripheral.get() }
     }
diff --git a/tests/cfail/borrow.rs b/tests/cfail/borrow.rs
index fc8638f54f..6d8ab2aa4d 100644
--- a/tests/cfail/borrow.rs
+++ b/tests/cfail/borrow.rs
@@ -1,22 +1,31 @@
 extern crate cortex_m_srp;
 
-use cortex_m_srp::{C2, C3, C4, P1, Resource};
+use cortex_m_srp::{C1, C2, C3, C4, C5, P2, Resource};
 
-static R1: Resource<i32, C3> = Resource::new(0);
-static R2: Resource<i32, C2> = Resource::new(0);
-static R3: Resource<i32, C3> = Resource::new(0);
-static R4: Resource<i32, C4> = Resource::new(0);
+static R1: Resource<i32, C4> = Resource::new(0);
+static R2: Resource<i32, C3> = Resource::new(0);
+static R3: Resource<i32, C4> = Resource::new(0);
+static R4: Resource<i32, C5> = Resource::new(0);
+static R5: Resource<i32, C1> = Resource::new(0);
+static R6: Resource<i32, C2> = Resource::new(0);
 
-fn j1(prio: P1) {
+fn j1(prio: P2) {
     R1.lock(&prio, |r1, c3| {
         // CAN borrow a resource with ceiling C when the system ceiling SC > C
-        let r2 = R2.borrow(&c3);
+        let r2 = R2.borrow(&prio, &c3);
 
         // CAN borrow a resource with ceiling C when the system ceiling SC == C
-        let r3 = R3.borrow(&c3);
+        let r3 = R3.borrow(&prio, &c3);
 
         // CAN'T borrow a resource with ceiling C when the system ceiling SC < C
-        let r4 = R4.borrow(&c3);
+        let r4 = R4.borrow(&prio, &c3);
         //~^ error
+
+        // CAN'T borrow a resource with ceiling C < P (task priority)
+        let r5 = R5.borrow(&prio, &c3);
+        //~^ error
+
+        // CAN borrow a resource with ceiling C == P (task priority)
+        let r6 = R6.borrow(&prio, &c3);
     });
 }
diff --git a/tests/cfail/lock_mut.rs b/tests/cfail/lock_mut.rs
deleted file mode 100644
index b5e1ae9403..0000000000
--- a/tests/cfail/lock_mut.rs
+++ /dev/null
@@ -1,16 +0,0 @@
-extern crate cortex_m_srp;
-
-use cortex_m_srp::{C3, C4, P2, Resource};
-
-static R1: Resource<i32, C4> = Resource::new(0);
-static R2: Resource<i32, C3> = Resource::new(0);
-
-fn j1(mut prio: P2) {
-    R1.lock_mut(
-        &mut prio, |r1: &mut i32, c3| {
-            let r2 = R2.borrow(&c3);
-            let another_r1: &i32 = R1.borrow(&c3);
-            //~^ error
-        }
-    );
-}