sched: enforce ref-counting on current task/thread pointers
This commit is contained in:
+32
-6
@@ -7,18 +7,21 @@
|
||||
|
||||
kern_status_t sys_vm_controller_create(kern_handle_t *out)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
if (!validate_access_w(self, out, sizeof *out)) {
|
||||
put_current_task(self);
|
||||
return KERN_MEMORY_FAULT;
|
||||
}
|
||||
|
||||
struct vm_controller *ctrl = vm_controller_create();
|
||||
if (!ctrl) {
|
||||
put_current_task(self);
|
||||
return KERN_NO_MEMORY;
|
||||
}
|
||||
|
||||
kern_status_t status = task_open_handle(self, &ctrl->vc_base, 0, out);
|
||||
put_current_task(self);
|
||||
if (status != KERN_OK) {
|
||||
object_unref(&ctrl->vc_base);
|
||||
return status;
|
||||
@@ -31,9 +34,10 @@ kern_status_t sys_vm_controller_recv(
|
||||
kern_handle_t ctrl_handle,
|
||||
equeue_packet_page_request_t *out)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
if (!validate_access_w(self, out, sizeof *out)) {
|
||||
put_current_task(self);
|
||||
return KERN_MEMORY_FAULT;
|
||||
}
|
||||
|
||||
@@ -50,6 +54,7 @@ kern_status_t sys_vm_controller_recv(
|
||||
&handle_flags);
|
||||
if (status != KERN_OK) {
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -57,6 +62,7 @@ kern_status_t sys_vm_controller_recv(
|
||||
task_unlock_irqrestore(self, flags);
|
||||
if (!ctrl) {
|
||||
object_unref(ctrl_obj);
|
||||
put_current_task(self);
|
||||
return KERN_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@@ -65,6 +71,7 @@ kern_status_t sys_vm_controller_recv(
|
||||
vm_controller_unlock_irqrestore(ctrl, flags);
|
||||
|
||||
object_unref(ctrl_obj);
|
||||
put_current_task(self);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -74,7 +81,7 @@ kern_status_t sys_vm_controller_recv_async(
|
||||
kern_handle_t eq_handle,
|
||||
equeue_key_t key)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
kern_status_t status = KERN_OK;
|
||||
unsigned long flags;
|
||||
@@ -85,6 +92,7 @@ kern_status_t sys_vm_controller_recv_async(
|
||||
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
|
||||
if (status != KERN_OK) {
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -92,6 +100,7 @@ kern_status_t sys_vm_controller_recv_async(
|
||||
if (status != KERN_OK) {
|
||||
object_unref(ctrl_obj);
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -102,6 +111,7 @@ kern_status_t sys_vm_controller_recv_async(
|
||||
if (!ctrl || !eq) {
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(eq_obj);
|
||||
put_current_task(self);
|
||||
return KERN_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@@ -111,6 +121,7 @@ kern_status_t sys_vm_controller_recv_async(
|
||||
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(eq_obj);
|
||||
put_current_task(self);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -124,13 +135,15 @@ kern_status_t sys_vm_controller_create_object(
|
||||
vm_prot_t prot,
|
||||
kern_handle_t *out)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
if (!validate_access_r(self, name, name_len)) {
|
||||
put_current_task(self);
|
||||
return KERN_MEMORY_FAULT;
|
||||
}
|
||||
|
||||
if (!validate_access_w(self, out, sizeof *out)) {
|
||||
put_current_task(self);
|
||||
return KERN_MEMORY_FAULT;
|
||||
}
|
||||
|
||||
@@ -147,6 +160,7 @@ kern_status_t sys_vm_controller_create_object(
|
||||
&handle_flags);
|
||||
if (status != KERN_OK) {
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -162,6 +176,7 @@ kern_status_t sys_vm_controller_create_object(
|
||||
task_unlock_irqrestore(self, flags);
|
||||
if (!ctrl) {
|
||||
object_unref(ctrl_obj);
|
||||
put_current_task(self);
|
||||
return KERN_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@@ -183,10 +198,12 @@ kern_status_t sys_vm_controller_create_object(
|
||||
task_lock_irqsave(self, &flags);
|
||||
handle_table_free_handle(self->t_handles, out_handle);
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
out_slot->h_object = &out_vmo->vo_base;
|
||||
put_current_task(self);
|
||||
|
||||
*out = out_handle;
|
||||
return KERN_OK;
|
||||
@@ -196,7 +213,7 @@ kern_status_t sys_vm_controller_detach_object(
|
||||
kern_handle_t ctrl_handle,
|
||||
kern_handle_t vmo_handle)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
kern_status_t status = KERN_OK;
|
||||
unsigned long flags;
|
||||
@@ -207,6 +224,7 @@ kern_status_t sys_vm_controller_detach_object(
|
||||
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
|
||||
if (status != KERN_OK) {
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -214,6 +232,7 @@ kern_status_t sys_vm_controller_detach_object(
|
||||
if (status != KERN_OK) {
|
||||
object_unref(ctrl_obj);
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -224,6 +243,7 @@ kern_status_t sys_vm_controller_detach_object(
|
||||
if (!ctrl || !vmo) {
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(vmo_obj);
|
||||
put_current_task(self);
|
||||
return KERN_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@@ -235,6 +255,7 @@ kern_status_t sys_vm_controller_detach_object(
|
||||
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(vmo_obj);
|
||||
put_current_task(self);
|
||||
|
||||
return status;
|
||||
}
|
||||
@@ -247,7 +268,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
off_t src_offset,
|
||||
size_t count)
|
||||
{
|
||||
struct task *self = current_task();
|
||||
struct task *self = get_current_task();
|
||||
|
||||
kern_status_t status = KERN_OK;
|
||||
unsigned long flags;
|
||||
@@ -258,6 +279,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
status = task_resolve_handle(self, ctrl_handle, &ctrl_obj, &ctrl_flags);
|
||||
if (status != KERN_OK) {
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -265,6 +287,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
if (status != KERN_OK) {
|
||||
object_unref(ctrl_obj);
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -273,6 +296,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(dst_obj);
|
||||
task_unlock_irqrestore(self, flags);
|
||||
put_current_task(self);
|
||||
return status;
|
||||
}
|
||||
|
||||
@@ -285,6 +309,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(dst_obj);
|
||||
object_unref(src_obj);
|
||||
put_current_task(self);
|
||||
return KERN_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
@@ -303,6 +328,7 @@ kern_status_t sys_vm_controller_supply_pages(
|
||||
object_unref(ctrl_obj);
|
||||
object_unref(dst_obj);
|
||||
object_unref(src_obj);
|
||||
put_current_task(self);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user