sched: enforce ref-counting on current task/thread pointers

syscall/vm-object.c

@@ -11,13 +11,15 @@ kern_status_t sys_vm_object_create(
 	vm_prot_t prot,
 	kern_handle_t *out_handle)
 {
-	struct task *self = current_task();
+	struct task *self = get_current_task();
 
 	if ((name || name_len) && !validate_access_r(self, name, name_len)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
 	if (!validate_access_w(self, out_handle, sizeof *out_handle)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -30,6 +32,7 @@ kern_status_t sys_vm_object_create(
 	kern_status_t status
 		= task_open_handle(self, &obj->vo_base, 0, out_handle);
 	object_unref(&obj->vo_base);
+	put_current_task(self);
 
 	return status;
 }
@@ -41,13 +44,15 @@ kern_status_t sys_vm_object_read(
 	size_t count,
 	size_t *nr_read)
 {
-	struct task *self = current_task();
+	struct task *self = get_current_task();
 
 	if (!validate_access_w(self, dst, count)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
 	if (nr_read && !validate_access_w(self, nr_read, sizeof *nr_read)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -55,15 +60,19 @@ kern_status_t sys_vm_object_read(
 	handle_flags_t flags = 0;
 	kern_status_t status = task_resolve_handle(self, object, &obj, &flags);
 	if (status != KERN_OK) {
+		put_current_task(self);
 		return status;
 	}
 
 	struct vm_object *vmo = vm_object_cast(obj);
 	if (!vmo) {
+		put_current_task(self);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	return vm_object_read(vmo, dst, offset, count, nr_read);
+	status = vm_object_read(vmo, dst, offset, count, nr_read);
+	put_current_task(self);
+	return status;
 }
 
 kern_status_t sys_vm_object_write(
@@ -73,14 +82,16 @@ kern_status_t sys_vm_object_write(
 	size_t count,
 	size_t *nr_written)
 {
-	struct task *self = current_task();
+	struct task *self = get_current_task();
 
 	if (!validate_access_r(self, src, count)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
 	if (nr_written
 	    && !validate_access_w(self, nr_written, sizeof *nr_written)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -88,15 +99,19 @@ kern_status_t sys_vm_object_write(
 	handle_flags_t flags = 0;
 	kern_status_t status = task_resolve_handle(self, object, &obj, &flags);
 	if (status != KERN_OK) {
+		put_current_task(self);
 		return status;
 	}
 
 	struct vm_object *vmo = vm_object_cast(obj);
 	if (!vmo) {
+		put_current_task(self);
 		return KERN_INVALID_ARGUMENT;
 	}
 
-	return vm_object_write(vmo, src, offset, count, nr_written);
+	status = vm_object_write(vmo, src, offset, count, nr_written);
+	put_current_task(self);
+	return status;
 }
 
 kern_status_t sys_vm_object_copy(
@@ -114,10 +129,11 @@ kern_status_t sys_vm_object_copy(
 	       src_offset,
 	       count,
 	       nr_copied);
-	struct task *self = current_task();
+	struct task *self = get_current_task();
 
 	if (nr_copied
 	    && !validate_access_w(self, nr_copied, sizeof *nr_copied)) {
+		put_current_task(self);
 		return KERN_MEMORY_FAULT;
 	}
 
@@ -131,16 +147,19 @@ kern_status_t sys_vm_object_copy(
 	status = task_resolve_handle(self, dst, &dst_obj, &dst_flags);
 	if (status != KERN_OK) {
 		task_unlock_irqrestore(self, flags);
+		put_current_task(self);
 		return status;
 	}
 
 	status = task_resolve_handle(self, src, &src_obj, &src_flags);
 	if (status != KERN_OK) {
 		task_unlock_irqrestore(self, flags);
+		put_current_task(self);
 		return status;
 	}
 
 	task_unlock_irqrestore(self, flags);
+	put_current_task(self);
 
 	struct vm_object *dst_vmo = vm_object_cast(dst_obj);
 	struct vm_object *src_vmo = vm_object_cast(src_obj);