Google Git
Sign in
pigweed/third_party/github/zephyrproject-rtos/zephyr/8345e5ebf0008074fb15a5cd4f6c592b9357b6b7^!/./kernel/userspace_handler.c
commit
8345e5ebf0008074fb15a5cd4f6c592b9357b6b7
[log]
author
Andrew Boie <andrew.p.boie@intel.com>
Fri May 04 15:57:57 2018 -0700
committer
Anas Nashif <nashif@linux.intel.com>
Thu May 17 23:34:03 2018 +0300
tree
b1984d37d61545d040a0ea392eb4e11ac1220639
parent
2b9b4b2cf71e5c7d3620a713cae2a92c248649d2 [diff] [blame]
syscalls: remove policy from handler checks

The various macros to do checks in system call handlers all
implictly would generate a kernel oops if a check failed.
This is undesirable for a few reasons:

* System call handlers that acquire resources in the handler
  have no good recourse for cleanup if a check fails.
* In some cases we may want to propagate a return value back
  to the caller instead of just killing the calling thread,
  even though the base API doesn't do these checks.

These macros now all return a value, if nonzero is returned
the check failed. K_OOPS() now wraps these calls to generate
a kernel oops.

At the moment, the policy for all APIs has not changed. They
still all oops upon a failed check/

The macros now use the Z_ notation for private APIs.

Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>

diff --git a/kernel/userspace_handler.c b/kernel/userspace_handler.c
index 0866d1f..358474e 100644
--- a/kernel/userspace_handler.c
+++ b/kernel/userspace_handler.c

@@ -36,34 +36,36 @@
  * To avoid double _k_object_find() lookups, we don't call the implementation
  * function, but call a level deeper.
  */
-_SYSCALL_HANDLER(k_object_access_grant, object, thread)
+Z_SYSCALL_HANDLER(k_object_access_grant, object, thread)
 {
 	struct _k_object *ko;
 
-	_SYSCALL_OBJ_INIT(thread, K_OBJ_THREAD);
+	Z_OOPS(Z_SYSCALL_OBJ_INIT(thread, K_OBJ_THREAD));
 	ko = validate_any_object((void *)object);
-	_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
+	Z_OOPS(Z_SYSCALL_VERIFY_MSG(ko, "object %p access denied",
+				    (void *)object));
 	_thread_perms_set(ko, (struct k_thread *)thread);
 
 	return 0;
 }
 
-_SYSCALL_HANDLER(k_object_release, object)
+Z_SYSCALL_HANDLER(k_object_release, object)
 {
 	struct _k_object *ko;
 
 	ko = validate_any_object((void *)object);
-	_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
+	Z_OOPS(Z_SYSCALL_VERIFY_MSG(ko, "object %p access denied",
+				    (void *)object));
 	_thread_perms_clear(ko, _current);
 
 	return 0;
 }
 
-_SYSCALL_HANDLER(k_object_alloc, otype)
+Z_SYSCALL_HANDLER(k_object_alloc, otype)
 {
-	_SYSCALL_VERIFY_MSG(otype > K_OBJ_ANY && otype < K_OBJ_LAST &&
-			    otype != K_OBJ__THREAD_STACK_ELEMENT,
-			    "bad object type %d requested", otype);
+	Z_OOPS(Z_SYSCALL_VERIFY_MSG(otype > K_OBJ_ANY && otype < K_OBJ_LAST &&
+				    otype != K_OBJ__THREAD_STACK_ELEMENT,
+				    "bad object type %d requested", otype));
 
 	return (u32_t)_impl_k_object_alloc(otype);
 }