wash/magenta
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sched: enforce ref-counting on current task/thread pointers

Browse Source
This commit is contained in:
max 🍓
2026-04-01 18:17:05 +01:00
parent 15c2207ab9
commit 512356ac2d
28 changed files with 364 additions and 103 deletions
Download Patch File Download Diff File Expand all files Collapse all files
syscall/address-space.c
+32 -6
View File
@@ -11,13 +11,15 @@ kern_status_t sys_address_space_read(
size_t count,
size_t *nr_read)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, dst, count)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (nr_read && !validate_access_w(self, nr_read, sizeof *nr_read)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -30,12 +32,14 @@ kern_status_t sys_address_space_read(
= task_resolve_handle(self, region_handle, &obj, &handle_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -52,6 +56,7 @@ kern_status_t sys_address_space_read(
address_space_unlock_irqrestore(region, flags);
object_unref(obj);
put_current_task(self);
return status;
}
@@ -63,14 +68,16 @@ kern_status_t sys_address_space_write(
size_t count,
size_t *nr_written)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_r(self, src, count)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (nr_written
&& !validate_access_w(self, nr_written, sizeof *nr_written)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -83,12 +90,14 @@ kern_status_t sys_address_space_write(
= task_resolve_handle(self, region_handle, &obj, &handle_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -105,6 +114,7 @@ kern_status_t sys_address_space_write(
address_space_unlock_irqrestore(region, flags);
object_unref(obj);
put_current_task(self);
return status;
}
@@ -118,13 +128,14 @@ kern_status_t sys_address_space_map(
vm_prot_t prot,
virt_addr_t *out_base_address)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (out_base_address
&& !validate_access_r(
self,
out_base_address,
sizeof *out_base_address)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -141,24 +152,28 @@ kern_status_t sys_address_space_map(
&region_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
status = task_resolve_handle(self, object_handle, &vmo_obj, &vmo_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(region_obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
struct vm_object *vmo = vm_object_cast(vmo_obj);
if (!vmo) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -177,6 +192,7 @@ kern_status_t sys_address_space_map(
object_unref(vmo_obj);
object_unref(region_obj);
put_current_task(self);
return status;
}
@@ -186,7 +202,7 @@ kern_status_t sys_address_space_unmap(
virt_addr_t base,
size_t length)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
unsigned long flags;
@@ -201,12 +217,14 @@ kern_status_t sys_address_space_unmap(
&region_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(region_obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -215,6 +233,7 @@ kern_status_t sys_address_space_unmap(
status = address_space_unmap(region, base, length);
object_unref(region_obj);
put_current_task(self);
return status;
}
@@ -225,13 +244,14 @@ kern_status_t sys_address_space_reserve(
size_t length,
virt_addr_t *out_base_address)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (out_base_address
&& !validate_access_r(
self,
out_base_address,
sizeof *out_base_address)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -248,12 +268,14 @@ kern_status_t sys_address_space_reserve(
&region_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(region_obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -268,6 +290,7 @@ kern_status_t sys_address_space_reserve(
address_space_unlock_irqrestore(region, flags);
object_unref(region_obj);
put_current_task(self);
return status;
}
@@ -277,7 +300,7 @@ kern_status_t sys_address_space_release(
virt_addr_t base,
size_t length)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
unsigned long flags;
@@ -292,12 +315,14 @@ kern_status_t sys_address_space_release(
&region_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
struct address_space *region = address_space_cast(region_obj);
if (!region) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -308,6 +333,7 @@ kern_status_t sys_address_space_release(
address_space_unlock_irqrestore(region, flags);
object_unref(region_obj);
put_current_task(self);
return status;
}
syscall/config.c
+10 -5
View File
@@ -3,21 +3,26 @@
kern_status_t sys_kern_config_get(kern_config_key_t key, void *ptr, size_t len)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
switch (key) {
case KERN_CFG_PAGE_SIZE:
if (!validate_access_w(self, ptr, sizeof(uintptr_t))) {
return KERN_MEMORY_FAULT;
status = KERN_MEMORY_FAULT;
break;
}
*(uint32_t *)ptr = VM_PAGE_SIZE;
return KERN_OK;
status = KERN_OK;
break;
default:
return KERN_INVALID_ARGUMENT;
status = KERN_INVALID_ARGUMENT;
break;
}
return KERN_UNSUPPORTED;
put_current_task(self);
return status;
}
kern_status_t sys_kern_config_set(
syscall/futex.c
+6 -2
View File
@@ -8,18 +8,22 @@ kern_status_t sys_futex_wait(
kern_futex_t new_val,
unsigned int flags)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_r(self, futex, sizeof *futex)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
futex_key_t key;
kern_status_t status = futex_get(futex, &key, flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
return futex_wait(key, new_val, flags);
status = futex_wait(key, new_val, flags);
put_current_task(self);
return status;
}
kern_status_t sys_futex_wake(
syscall/handle.c
+12 -3
View File
@@ -3,9 +3,13 @@
kern_status_t sys_kern_handle_close(kern_handle_t handle)
{
struct task *self = current_task();
struct task *self = get_current_task();
return task_close_handle(self, handle);
kern_status_t status = task_close_handle(self, handle);
put_current_task(self);
return status;
}
kern_status_t sys_kern_handle_transfer(
@@ -24,10 +28,11 @@ kern_status_t sys_kern_handle_transfer(
return KERN_INVALID_ARGUMENT;
}
struct task *self = current_task();
struct task *self = get_current_task();
if (out_handle
&& !validate_access_w(self, out_handle, sizeof *out_handle)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -120,6 +125,8 @@ kern_status_t sys_kern_handle_transfer(
*out_handle = dest_handle;
}
put_current_task(self);
return KERN_OK;
cleanup:
@@ -135,5 +142,7 @@ cleanup:
object_unref(src_object);
}
put_current_task(self);
return status;
}
syscall/log.c
+4 -2
View File
@@ -6,9 +6,11 @@
kern_status_t sys_kern_log(const char *s)
{
#ifdef TRACE
struct task *task = current_task();
struct thread *thread = current_thread();
struct task *task = get_current_task();
struct thread *thread = get_current_thread();
printk("%s[%d.%d]: %s", task->t_name, task->t_id, thread->tr_id, s);
put_current_thread(thread);
put_current_task(task);
#else
printk("%s", s);
#endif
syscall/msg.c
+47 -9
View File
@@ -7,13 +7,15 @@
kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
struct channel *channel = channel_create();
if (!channel) {
put_current_task(self);
return KERN_NO_MEMORY;
}
@@ -22,6 +24,7 @@ kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
if (task_get_channel(self, id)) {
task_unlock_irqrestore(self, irq_flags);
put_current_task(self);
return KERN_NAME_EXISTS;
}
@@ -31,11 +34,13 @@ kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
if (status != KERN_OK) {
task_unlock_irqrestore(self, irq_flags);
object_unref(&channel->c_base);
put_current_task(self);
return status;
}
task_add_channel(self, channel, id);
task_unlock_irqrestore(self, irq_flags);
put_current_task(self);
*out = handle;
return KERN_OK;
@@ -43,13 +48,15 @@ kern_status_t sys_channel_create(unsigned int id, kern_handle_t *out)
kern_status_t sys_port_create(kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
struct port *port = port_create();
if (!port) {
put_current_task(self);
return KERN_NO_MEMORY;
}
@@ -61,6 +68,7 @@ kern_status_t sys_port_create(kern_handle_t *out)
= task_open_handle(self, &port->p_base, 0, &handle);
task_unlock_irqrestore(self, irq_flags);
object_unref(&port->p_base);
put_current_task(self);
if (status != KERN_OK) {
return status;
@@ -77,7 +85,7 @@ kern_status_t sys_port_connect(
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
task_lock_irqsave(self, &flags);
struct object *port_obj = NULL;
@@ -88,6 +96,7 @@ kern_status_t sys_port_connect(
&port_obj,
&port_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -96,6 +105,7 @@ kern_status_t sys_port_connect(
struct task *remote_task = task_from_tid(task_id);
if (!remote_task) {
put_current_task(self);
return KERN_NO_ENTRY;
}
@@ -104,6 +114,7 @@ kern_status_t sys_port_connect(
struct channel *remote = task_get_channel(remote_task, channel_id);
if (!remote) {
task_unlock_irqrestore(remote_task, flags);
put_current_task(self);
return KERN_NO_ENTRY;
}
@@ -115,6 +126,7 @@ kern_status_t sys_port_connect(
port_unlock_irqrestore(port, flags);
object_unref(&remote->c_base);
object_unref(port_obj);
put_current_task(self);
return KERN_OK;
}
@@ -123,7 +135,7 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
task_lock_irqsave(self, &flags);
struct object *port_obj = NULL;
@@ -134,6 +146,7 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
&port_obj,
&port_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -142,6 +155,7 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
struct port *port = port_cast(port_obj);
if (!port) {
object_unref(port_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -149,6 +163,7 @@ kern_status_t sys_port_disconnect(kern_handle_t port_handle)
port_lock_irqsave(port, &flags);
status = port_disconnect(port);
port_unlock_irqrestore(port, flags);
put_current_task(self);
return status;
}
@@ -219,13 +234,15 @@ kern_status_t sys_msg_send(
const kern_msg_t *msg,
kern_msg_t *out_reply)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_msg(self, msg, false)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_msg(self, out_reply, true)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -243,12 +260,14 @@ kern_status_t sys_msg_send(
task_unlock_irqrestore(self, flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
struct port *port = port_cast(port_obj);
if (!port) {
object_unref(port_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -256,15 +275,17 @@ kern_status_t sys_msg_send(
status = port_send_msg(port, msg, out_reply, &flags);
port_unlock_irqrestore(port, flags);
object_unref(port_obj);
put_current_task(self);
return status;
}
kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_msg(self, out_msg, true)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -280,6 +301,7 @@ kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
&channel_obj,
&channel_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -288,6 +310,7 @@ kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
struct channel *channel = channel_cast(channel_obj);
if (!channel) {
object_unref(channel_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -295,6 +318,7 @@ kern_status_t sys_msg_recv(kern_handle_t channel_handle, kern_msg_t *out_msg)
status = channel_recv_msg(channel, out_msg, &flags);
channel_unlock_irqrestore(channel, flags);
object_unref(channel_obj);
put_current_task(self);
return status;
}
@@ -304,9 +328,10 @@ kern_status_t sys_msg_reply(
msgid_t id,
const kern_msg_t *reply)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_msg(self, reply, true)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -322,6 +347,7 @@ kern_status_t sys_msg_reply(
&channel_obj,
&channel_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -330,6 +356,7 @@ kern_status_t sys_msg_reply(
struct channel *channel = channel_cast(channel_obj);
if (!channel) {
object_unref(channel_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -337,6 +364,7 @@ kern_status_t sys_msg_reply(
status = channel_reply_msg(channel, id, reply, &flags);
channel_unlock_irqrestore(channel, flags);
object_unref(channel_obj);
put_current_task(self);
return status;
}
@@ -349,13 +377,15 @@ kern_status_t sys_msg_read(
size_t iov_count,
size_t *nr_read)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (nr_read && !validate_access_w(self, nr_read, sizeof *nr_read)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_iovec(self, iov, iov_count, true)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -371,6 +401,7 @@ kern_status_t sys_msg_read(
&channel_obj,
&channel_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -379,6 +410,7 @@ kern_status_t sys_msg_read(
struct channel *channel = channel_cast(channel_obj);
if (!channel) {
object_unref(channel_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -393,6 +425,7 @@ kern_status_t sys_msg_read(
nr_read);
channel_unlock_irqrestore(channel, flags);
object_unref(channel_obj);
put_current_task(self);
return status;
}
@@ -405,14 +438,16 @@ kern_status_t sys_msg_write(
size_t iov_count,
size_t *nr_written)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (nr_written
&& !validate_access_w(self, nr_written, sizeof *nr_written)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_iovec(self, iov, iov_count, false)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -428,6 +463,7 @@ kern_status_t sys_msg_write(
&channel_obj,
&channel_handle_flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
@@ -436,6 +472,7 @@ kern_status_t sys_msg_write(
struct channel *channel = channel_cast(channel_obj);
if (!channel) {
object_unref(channel_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -450,6 +487,7 @@ kern_status_t sys_msg_write(
nr_written);
channel_unlock_irqrestore(channel, flags);
object_unref(channel_obj);
put_current_task(self);
return status;
}
syscall/object.c
+11 -3
View File
@@ -13,12 +13,13 @@ kern_status_t sys_kern_object_wait(kern_wait_item_t *items, size_t nr_items)
return KERN_INVALID_ARGUMENT;
}
struct task *self = current_task();
struct thread *self_thread = current_thread();
struct task *self = get_current_task();
if (!validate_access_rw(self, items, nr_items * sizeof *items)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
struct thread *self_thread = get_current_thread();
self_thread->tr_state = THREAD_SLEEPING;
kern_status_t status = KERN_OK;
@@ -78,6 +79,9 @@ cleanup:
}
self_thread->tr_state = THREAD_READY;
put_current_thread(self_thread);
put_current_task(self);
return status;
}
@@ -85,13 +89,15 @@ kern_status_t sys_kern_object_query(
kern_handle_t object_handle,
kern_object_info_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!out) {
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -100,12 +106,14 @@ kern_status_t sys_kern_object_query(
kern_status_t status
= task_resolve_handle(self, object_handle, &obj, &flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
out->obj_id = obj->ob_id;
object_unref(obj);
put_current_task(self);
return KERN_OK;
}
syscall/task.c
+45 -10
View File
@@ -9,8 +9,9 @@
extern kern_status_t sys_task_exit(int status)
{
#if defined(TRACE)
struct task *self = current_task();
struct task *self = get_current_task();
printk("%s[%d]: task_exit(%d)", self->t_name, self->t_id, status);
put_current_task(self);
#endif
task_exit(status);
return KERN_FATAL_ERROR;
@@ -18,8 +19,9 @@ extern kern_status_t sys_task_exit(int status)
kern_status_t sys_task_self(kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -36,11 +38,13 @@ kern_status_t sys_task_self(kern_handle_t *out)
task_unlock_irqrestore(self, flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
object_ref(&self->t_base);
handle_slot->h_object = &self->t_base;
put_current_task(self);
*out = handle;
return KERN_OK;
@@ -54,13 +58,15 @@ kern_status_t sys_task_create(
kern_handle_t *out_address_space)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
if (name_len && !validate_access_r(self, name, name_len)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_access_w(self, out_task, sizeof *out_task)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -68,6 +74,7 @@ kern_status_t sys_task_create(
self,
out_address_space,
sizeof *out_address_space)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -81,6 +88,7 @@ kern_status_t sys_task_create(
&parent_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -96,6 +104,7 @@ kern_status_t sys_task_create(
if (status != KERN_OK) {
object_unref(parent_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -108,6 +117,7 @@ kern_status_t sys_task_create(
object_unref(parent_obj);
handle_table_free_handle(self->t_handles, child_handle);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -121,6 +131,7 @@ kern_status_t sys_task_create(
handle_table_free_handle(self->t_handles, child_handle);
handle_table_free_handle(self->t_handles, space_handle);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_NO_MEMORY;
}
@@ -136,6 +147,7 @@ kern_status_t sys_task_create(
object_ref(&child->t_address_space->s_base);
object_unref(parent_obj);
put_current_task(self);
*out_task = child_handle;
*out_address_space = space_handle;
@@ -152,13 +164,15 @@ kern_status_t sys_task_create_thread(
kern_handle_t *out_thread)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_r(self, args, nr_args * sizeof(uintptr_t))) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_access_w(self, out_thread, sizeof *out_thread)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -169,6 +183,7 @@ kern_status_t sys_task_create_thread(
= task_resolve_handle(self, task, &target_obj, &target_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -184,6 +199,7 @@ kern_status_t sys_task_create_thread(
if (status != KERN_OK) {
object_unref(target_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -198,6 +214,7 @@ kern_status_t sys_task_create_thread(
task_lock_irqsave(self, &flags);
handle_table_free_handle(self->t_handles, out_handle);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_NO_MEMORY;
}
@@ -207,6 +224,7 @@ kern_status_t sys_task_create_thread(
task_unlock_irqrestore(target, flags);
object_unref(target_obj);
put_current_task(self);
*out_thread = out_handle;
return KERN_OK;
@@ -216,8 +234,9 @@ kern_status_t sys_task_get_address_space(
kern_handle_t task_handle,
kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -235,6 +254,7 @@ kern_status_t sys_task_get_address_space(
&handle_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -246,6 +266,7 @@ kern_status_t sys_task_get_address_space(
if (status != KERN_OK) {
object_unref(task_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -255,6 +276,7 @@ kern_status_t sys_task_get_address_space(
object_unref(task_obj);
handle_table_free_handle(self->t_handles, handle);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -262,6 +284,7 @@ kern_status_t sys_task_get_address_space(
object_ref(&task->t_address_space->s_base);
task_unlock_irqrestore(self, flags);
object_unref(task_obj);
put_current_task(self);
*out = handle;
return KERN_OK;
@@ -269,12 +292,13 @@ kern_status_t sys_task_get_address_space(
kern_status_t sys_thread_self(kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
struct thread *self_thread = current_thread();
struct thread *self_thread = get_current_thread();
unsigned long flags;
task_lock_irqsave(self, &flags);
@@ -289,11 +313,15 @@ kern_status_t sys_thread_self(kern_handle_t *out)
task_unlock_irqrestore(self, flags);
if (status != KERN_OK) {
put_current_thread(self_thread);
put_current_task(self);
return status;
}
object_ref(&self_thread->tr_base);
handle_slot->h_object = &self_thread->tr_base;
put_current_thread(self_thread);
put_current_task(self);
*out = handle;
return KERN_OK;
@@ -302,7 +330,7 @@ kern_status_t sys_thread_self(kern_handle_t *out)
kern_status_t sys_thread_start(kern_handle_t thread_handle)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
struct object *thread_obj;
handle_flags_t thread_flags;
@@ -314,6 +342,7 @@ kern_status_t sys_thread_start(kern_handle_t thread_handle)
&thread_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -322,6 +351,7 @@ kern_status_t sys_thread_start(kern_handle_t thread_handle)
schedule_thread_on_cpu(thread);
object_unref(thread_obj);
put_current_task(self);
return KERN_OK;
}
@@ -340,9 +370,10 @@ kern_status_t sys_thread_config_get(
size_t len)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, ptr, len)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -356,6 +387,7 @@ kern_status_t sys_thread_config_get(
&thread_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -365,6 +397,7 @@ kern_status_t sys_thread_config_get(
status = thread_config_get(thread, key, ptr, len);
object_unref(thread_obj);
put_current_task(self);
return status;
}
@@ -376,9 +409,10 @@ kern_status_t sys_thread_config_set(
size_t len)
{
unsigned long flags;
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, ptr, len)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -392,6 +426,7 @@ kern_status_t sys_thread_config_set(
&thread_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
syscall/vm-controller.c
+32 -6
View File
@@ -7,18 +7,21 @@
kern_status_t sys_vm_controller_create(kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
struct vm_controller *ctrl = vm_controller_create();
if (!ctrl) {
put_current_task(self);
return KERN_NO_MEMORY;
}
kern_status_t status = task_open_handle(self, &ctrl->vc_base, 0, out);
put_current_task(self);
if (status != KERN_OK) {
object_unref(&ctrl->vc_base);
return status;
@@ -31,9 +34,10 @@ kern_status_t sys_vm_controller_recv(
kern_handle_t ctrl_handle,
equeue_packet_page_request_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -50,6 +54,7 @@ kern_status_t sys_vm_controller_recv(
&handle_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -57,6 +62,7 @@ kern_status_t sys_vm_controller_recv(
task_unlock_irqrestore(self, flags);
if (!ctrl) {
object_unref(ctrl_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -65,6 +71,7 @@ kern_status_t sys_vm_controller_recv(
vm_controller_unlock_irqrestore(ctrl, flags);
object_unref(ctrl_obj);
put_current_task(self);
return status;
}
@@ -74,7 +81,7 @@ kern_status_t sys_vm_controller_recv_async(
kern_handle_t eq_handle,
equeue_key_t key)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
unsigned long flags;
@@ -85,6 +92,7 @@ kern_status_t sys_vm_controller_recv_async(
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -92,6 +100,7 @@ kern_status_t sys_vm_controller_recv_async(
if (status != KERN_OK) {
object_unref(ctrl_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -102,6 +111,7 @@ kern_status_t sys_vm_controller_recv_async(
if (!ctrl || !eq) {
object_unref(ctrl_obj);
object_unref(eq_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -111,6 +121,7 @@ kern_status_t sys_vm_controller_recv_async(
object_unref(ctrl_obj);
object_unref(eq_obj);
put_current_task(self);
return status;
}
@@ -124,13 +135,15 @@ kern_status_t sys_vm_controller_create_object(
vm_prot_t prot,
kern_handle_t *out)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_r(self, name, name_len)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_access_w(self, out, sizeof *out)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -147,6 +160,7 @@ kern_status_t sys_vm_controller_create_object(
&handle_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -162,6 +176,7 @@ kern_status_t sys_vm_controller_create_object(
task_unlock_irqrestore(self, flags);
if (!ctrl) {
object_unref(ctrl_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -183,10 +198,12 @@ kern_status_t sys_vm_controller_create_object(
task_lock_irqsave(self, &flags);
handle_table_free_handle(self->t_handles, out_handle);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
out_slot->h_object = &out_vmo->vo_base;
put_current_task(self);
*out = out_handle;
return KERN_OK;
@@ -196,7 +213,7 @@ kern_status_t sys_vm_controller_detach_object(
kern_handle_t ctrl_handle,
kern_handle_t vmo_handle)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
unsigned long flags;
@@ -207,6 +224,7 @@ kern_status_t sys_vm_controller_detach_object(
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -214,6 +232,7 @@ kern_status_t sys_vm_controller_detach_object(
if (status != KERN_OK) {
object_unref(ctrl_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -224,6 +243,7 @@ kern_status_t sys_vm_controller_detach_object(
if (!ctrl || !vmo) {
object_unref(ctrl_obj);
object_unref(vmo_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -235,6 +255,7 @@ kern_status_t sys_vm_controller_detach_object(
object_unref(ctrl_obj);
object_unref(vmo_obj);
put_current_task(self);
return status;
}
@@ -247,7 +268,7 @@ kern_status_t sys_vm_controller_supply_pages(
off_t src_offset,
size_t count)
{
struct task *self = current_task();
struct task *self = get_current_task();
kern_status_t status = KERN_OK;
unsigned long flags;
@@ -258,6 +279,7 @@ kern_status_t sys_vm_controller_supply_pages(
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -265,6 +287,7 @@ kern_status_t sys_vm_controller_supply_pages(
if (status != KERN_OK) {
object_unref(ctrl_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -273,6 +296,7 @@ kern_status_t sys_vm_controller_supply_pages(
object_unref(ctrl_obj);
object_unref(dst_obj);
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
@@ -285,6 +309,7 @@ kern_status_t sys_vm_controller_supply_pages(
object_unref(ctrl_obj);
object_unref(dst_obj);
object_unref(src_obj);
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
@@ -303,6 +328,7 @@ kern_status_t sys_vm_controller_supply_pages(
object_unref(ctrl_obj);
object_unref(dst_obj);
object_unref(src_obj);
put_current_task(self);
return status;
}
syscall/vm-object.c
+25 -6
View File
@@ -11,13 +11,15 @@ kern_status_t sys_vm_object_create(
vm_prot_t prot,
kern_handle_t *out_handle)
{
struct task *self = current_task();
struct task *self = get_current_task();
if ((name || name_len) && !validate_access_r(self, name, name_len)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (!validate_access_w(self, out_handle, sizeof *out_handle)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -30,6 +32,7 @@ kern_status_t sys_vm_object_create(
kern_status_t status
= task_open_handle(self, &obj->vo_base, 0, out_handle);
object_unref(&obj->vo_base);
put_current_task(self);
return status;
}
@@ -41,13 +44,15 @@ kern_status_t sys_vm_object_read(
size_t count,
size_t *nr_read)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_w(self, dst, count)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (nr_read && !validate_access_w(self, nr_read, sizeof *nr_read)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -55,15 +60,19 @@ kern_status_t sys_vm_object_read(
handle_flags_t flags = 0;
kern_status_t status = task_resolve_handle(self, object, &obj, &flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
struct vm_object *vmo = vm_object_cast(obj);
if (!vmo) {
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
return vm_object_read(vmo, dst, offset, count, nr_read);
status = vm_object_read(vmo, dst, offset, count, nr_read);
put_current_task(self);
return status;
}
kern_status_t sys_vm_object_write(
@@ -73,14 +82,16 @@ kern_status_t sys_vm_object_write(
size_t count,
size_t *nr_written)
{
struct task *self = current_task();
struct task *self = get_current_task();
if (!validate_access_r(self, src, count)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
if (nr_written
&& !validate_access_w(self, nr_written, sizeof *nr_written)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -88,15 +99,19 @@ kern_status_t sys_vm_object_write(
handle_flags_t flags = 0;
kern_status_t status = task_resolve_handle(self, object, &obj, &flags);
if (status != KERN_OK) {
put_current_task(self);
return status;
}
struct vm_object *vmo = vm_object_cast(obj);
if (!vmo) {
put_current_task(self);
return KERN_INVALID_ARGUMENT;
}
return vm_object_write(vmo, src, offset, count, nr_written);
status = vm_object_write(vmo, src, offset, count, nr_written);
put_current_task(self);
return status;
}
kern_status_t sys_vm_object_copy(
@@ -114,10 +129,11 @@ kern_status_t sys_vm_object_copy(
src_offset,
count,
nr_copied);
struct task *self = current_task();
struct task *self = get_current_task();
if (nr_copied
&& !validate_access_w(self, nr_copied, sizeof *nr_copied)) {
put_current_task(self);
return KERN_MEMORY_FAULT;
}
@@ -131,16 +147,19 @@ kern_status_t sys_vm_object_copy(
status = task_resolve_handle(self, dst, &dst_obj, &dst_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
status = task_resolve_handle(self, src, &src_obj, &src_flags);
if (status != KERN_OK) {
task_unlock_irqrestore(self, flags);
put_current_task(self);
return status;
}
task_unlock_irqrestore(self, flags);
put_current_task(self);
struct vm_object *dst_vmo = vm_object_cast(dst_obj);
struct vm_object *src_vmo = vm_object_cast(src_obj);