2017-10-04 21:25:50 +02:00
|
|
|
/*
|
|
|
|
* Copyright (c) 2017 Intel Corporation
|
|
|
|
*
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
*/
|
|
|
|
|
2022-05-06 11:04:23 +02:00
|
|
|
#include <zephyr/kernel.h>
|
2023-09-27 00:46:01 +02:00
|
|
|
#include <zephyr/internal/syscall_handler.h>
|
2022-05-06 11:04:23 +02:00
|
|
|
#include <zephyr/kernel_structs.h>
|
2023-09-27 22:06:16 +02:00
|
|
|
#include <zephyr/toolchain.h>
|
2017-10-04 21:25:50 +02:00
|
|
|
|
2023-09-26 23:37:25 +02:00
|
|
|
static struct k_object *validate_kernel_object(const void *obj,
|
2023-09-27 22:06:16 +02:00
|
|
|
enum k_objects otype,
|
|
|
|
enum _obj_init_check init)
|
2017-10-10 18:31:32 +02:00
|
|
|
{
|
2023-09-26 23:37:25 +02:00
|
|
|
struct k_object *ko;
|
2017-10-10 18:31:32 +02:00
|
|
|
int ret;
|
|
|
|
|
2023-09-27 12:49:28 +02:00
|
|
|
ko = k_object_find(obj);
|
2017-10-10 18:31:32 +02:00
|
|
|
|
|
|
|
/* This can be any kernel object and it doesn't have to be
|
|
|
|
* initialized
|
|
|
|
*/
|
2023-09-27 12:50:26 +02:00
|
|
|
ret = k_object_validate(ko, K_OBJ_ANY, _OBJ_INIT_ANY);
|
2018-12-16 21:48:29 +01:00
|
|
|
if (ret != 0) {
|
2019-10-01 19:28:32 +02:00
|
|
|
#ifdef CONFIG_LOG
|
2023-09-27 12:51:23 +02:00
|
|
|
k_object_dump_error(ret, obj, ko, otype);
|
2017-10-10 18:31:32 +02:00
|
|
|
#endif
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return ko;
|
|
|
|
}
|
|
|
|
|
2023-09-27 12:44:21 +02:00
|
|
|
static ALWAYS_INLINE struct k_object *validate_any_object(const void *obj)
|
2023-09-27 22:06:16 +02:00
|
|
|
{
|
|
|
|
return validate_kernel_object(obj, K_OBJ_ANY, _OBJ_INIT_ANY);
|
|
|
|
}
|
|
|
|
|
|
|
|
bool k_object_is_valid(const void *obj, enum k_objects otype)
|
|
|
|
{
|
2023-09-27 12:44:21 +02:00
|
|
|
struct k_object *ko;
|
2023-09-27 22:06:16 +02:00
|
|
|
|
|
|
|
ko = validate_kernel_object(obj, otype, _OBJ_INIT_TRUE);
|
|
|
|
|
|
|
|
return (ko != NULL);
|
|
|
|
}
|
|
|
|
|
2017-10-04 21:25:50 +02:00
|
|
|
/* Normally these would be included in userspace.c, but the way
|
|
|
|
* syscall_dispatch.c declares weak handlers results in build errors if these
|
|
|
|
* are located in userspace.c. Just put in a separate file.
|
2017-10-10 18:31:32 +02:00
|
|
|
*
|
2023-09-27 12:49:28 +02:00
|
|
|
* To avoid double k_object_find() lookups, we don't call the implementation
|
2017-10-10 18:31:32 +02:00
|
|
|
* function, but call a level deeper.
|
2017-10-04 21:25:50 +02:00
|
|
|
*/
|
2020-05-14 12:06:08 +02:00
|
|
|
static inline void z_vrfy_k_object_access_grant(const void *object,
|
2019-08-13 21:58:38 +02:00
|
|
|
struct k_thread *thread)
|
2017-10-04 21:25:50 +02:00
|
|
|
{
|
2023-09-26 23:37:25 +02:00
|
|
|
struct k_object *ko;
|
2017-10-04 21:25:50 +02:00
|
|
|
|
2023-09-27 13:20:28 +02:00
|
|
|
K_OOPS(K_SYSCALL_OBJ_INIT(thread, K_OBJ_THREAD));
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
ko = validate_any_object(object);
|
2023-09-27 13:20:28 +02:00
|
|
|
K_OOPS(K_SYSCALL_VERIFY_MSG(ko != NULL, "object %p access denied",
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
object));
|
2023-09-27 12:47:01 +02:00
|
|
|
k_thread_perms_set(ko, thread);
|
2017-10-04 21:25:50 +02:00
|
|
|
}
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
#include <syscalls/k_object_access_grant_mrsh.c>
|
2017-10-04 21:25:50 +02:00
|
|
|
|
2020-05-14 12:06:08 +02:00
|
|
|
static inline void z_vrfy_k_object_release(const void *object)
|
2017-10-09 23:47:55 +02:00
|
|
|
{
|
2023-09-26 23:37:25 +02:00
|
|
|
struct k_object *ko;
|
2017-10-09 23:47:55 +02:00
|
|
|
|
|
|
|
ko = validate_any_object((void *)object);
|
2023-09-27 13:20:28 +02:00
|
|
|
K_OOPS(K_SYSCALL_VERIFY_MSG(ko != NULL, "object %p access denied",
|
2018-05-05 00:57:57 +02:00
|
|
|
(void *)object));
|
2023-09-27 12:46:26 +02:00
|
|
|
k_thread_perms_clear(ko, _current);
|
2017-10-09 23:47:55 +02:00
|
|
|
}
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
#include <syscalls/k_object_release_mrsh.c>
|
2018-04-25 02:01:37 +02:00
|
|
|
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
static inline void *z_vrfy_k_object_alloc(enum k_objects otype)
|
2018-04-25 02:01:37 +02:00
|
|
|
{
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
return z_impl_k_object_alloc(otype);
|
2018-04-25 02:01:37 +02:00
|
|
|
}
|
userspace: Support for split 64 bit arguments
System call arguments, at the arch layer, are single words. So
passing wider values requires splitting them into two registers at
call time. This gets even more complicated for values (e.g
k_timeout_t) that may have different sizes depending on configuration.
This patch adds a feature to gen_syscalls.py to detect functions with
wide arguments and automatically generates code to split/unsplit them.
Unfortunately the current scheme of Z_SYSCALL_DECLARE_* macros won't
work with functions like this, because for N arguments (our current
maximum N is 10) there are 2^N possible configurations of argument
widths. So this generates the complete functions for each handler and
wrapper, effectively doing in python what was originally done in the
preprocessor.
Another complexity is that traditional the z_hdlr_*() function for a
system call has taken the raw list of word arguments, which does not
work when some of those arguments must be 64 bit types. So instead of
using a single Z_SYSCALL_HANDLER macro, this splits the job of
z_hdlr_*() into two steps: An automatically-generated unmarshalling
function, z_mrsh_*(), which then calls a user-supplied verification
function z_vrfy_*(). The verification function is typesafe, and is a
simple C function with exactly the same argument and return signature
as the syscall impl function. It is also not responsible for
validating the pointers to the extra parameter array or a wide return
value, that code gets automatically generated.
This commit includes new vrfy/msrh handling for all syscalls invoked
during CI runs. Future commits will port the less testable code.
Signed-off-by: Andy Ross <andrew.j.ross@intel.com>
2019-08-06 22:34:31 +02:00
|
|
|
#include <syscalls/k_object_alloc_mrsh.c>
|
2023-06-22 08:27:28 +02:00
|
|
|
|
|
|
|
static inline void *z_vrfy_k_object_alloc_size(enum k_objects otype, size_t size)
|
|
|
|
{
|
|
|
|
return z_impl_k_object_alloc_size(otype, size);
|
|
|
|
}
|
|
|
|
#include <syscalls/k_object_alloc_size_mrsh.c>
|