8345e5ebf0
The various macros to do checks in system call handlers all implictly would generate a kernel oops if a check failed. This is undesirable for a few reasons: * System call handlers that acquire resources in the handler have no good recourse for cleanup if a check fails. * In some cases we may want to propagate a return value back to the caller instead of just killing the calling thread, even though the base API doesn't do these checks. These macros now all return a value, if nonzero is returned the check failed. K_OOPS() now wraps these calls to generate a kernel oops. At the moment, the policy for all APIs has not changed. They still all oops upon a failed check/ The macros now use the Z_ notation for private APIs. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
72 lines
1.7 KiB
C
72 lines
1.7 KiB
C
/*
|
|
* Copyright (c) 2017 Intel Corporation
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
#include <kernel.h>
|
|
#include <syscall_handler.h>
|
|
#include <kernel_structs.h>
|
|
|
|
static struct _k_object *validate_any_object(void *obj)
|
|
{
|
|
struct _k_object *ko;
|
|
int ret;
|
|
|
|
ko = _k_object_find(obj);
|
|
|
|
/* This can be any kernel object and it doesn't have to be
|
|
* initialized
|
|
*/
|
|
ret = _k_object_validate(ko, K_OBJ_ANY, _OBJ_INIT_ANY);
|
|
if (ret) {
|
|
#ifdef CONFIG_PRINTK
|
|
_dump_object_error(ret, obj, ko, K_OBJ_ANY);
|
|
#endif
|
|
return NULL;
|
|
}
|
|
|
|
return ko;
|
|
}
|
|
|
|
/* Normally these would be included in userspace.c, but the way
|
|
* syscall_dispatch.c declares weak handlers results in build errors if these
|
|
* are located in userspace.c. Just put in a separate file.
|
|
*
|
|
* To avoid double _k_object_find() lookups, we don't call the implementation
|
|
* function, but call a level deeper.
|
|
*/
|
|
Z_SYSCALL_HANDLER(k_object_access_grant, object, thread)
|
|
{
|
|
struct _k_object *ko;
|
|
|
|
Z_OOPS(Z_SYSCALL_OBJ_INIT(thread, K_OBJ_THREAD));
|
|
ko = validate_any_object((void *)object);
|
|
Z_OOPS(Z_SYSCALL_VERIFY_MSG(ko, "object %p access denied",
|
|
(void *)object));
|
|
_thread_perms_set(ko, (struct k_thread *)thread);
|
|
|
|
return 0;
|
|
}
|
|
|
|
Z_SYSCALL_HANDLER(k_object_release, object)
|
|
{
|
|
struct _k_object *ko;
|
|
|
|
ko = validate_any_object((void *)object);
|
|
Z_OOPS(Z_SYSCALL_VERIFY_MSG(ko, "object %p access denied",
|
|
(void *)object));
|
|
_thread_perms_clear(ko, _current);
|
|
|
|
return 0;
|
|
}
|
|
|
|
Z_SYSCALL_HANDLER(k_object_alloc, otype)
|
|
{
|
|
Z_OOPS(Z_SYSCALL_VERIFY_MSG(otype > K_OBJ_ANY && otype < K_OBJ_LAST &&
|
|
otype != K_OBJ__THREAD_STACK_ELEMENT,
|
|
"bad object type %d requested", otype));
|
|
|
|
return (u32_t)_impl_k_object_alloc(otype);
|
|
}
|