04caa679c9
It's currently too easy to run out of thread IDs as they are never re-used on thread exit. Now the kernel maintains a bitfield of in-use thread IDs, updated on thread creation and termination. When a thread exits, the permission bitfield for all kernel objects is updated to revoke access for that retired thread ID, so that a new thread re-using that ID will not gain access to objects that it should not have. Because of these runtime updates, setting the permission bitmap for an object to all ones for a "public" object doesn't work properly any more; a flag is now set for this instead. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
71 lines
1.6 KiB
C
71 lines
1.6 KiB
C
/*
|
|
* Copyright (c) 2017 Intel Corporation
|
|
*
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
*/
|
|
|
|
#include <kernel.h>
|
|
#include <syscall_handler.h>
|
|
|
|
static struct _k_object *validate_any_object(void *obj)
|
|
{
|
|
struct _k_object *ko;
|
|
int ret;
|
|
|
|
ko = _k_object_find(obj);
|
|
|
|
/* This can be any kernel object and it doesn't have to be
|
|
* initialized
|
|
*/
|
|
ret = _k_object_validate(ko, K_OBJ_ANY, 1);
|
|
if (ret) {
|
|
#ifdef CONFIG_PRINTK
|
|
_dump_object_error(ret, obj, ko, K_OBJ_ANY);
|
|
#endif
|
|
return NULL;
|
|
}
|
|
|
|
return ko;
|
|
}
|
|
|
|
/* Normally these would be included in userspace.c, but the way
|
|
* syscall_dispatch.c declares weak handlers results in build errors if these
|
|
* are located in userspace.c. Just put in a separate file.
|
|
*
|
|
* To avoid double _k_object_find() lookups, we don't call the implementation
|
|
* function, but call a level deeper.
|
|
*/
|
|
_SYSCALL_HANDLER(k_object_access_grant, object, thread)
|
|
{
|
|
struct _k_object *ko;
|
|
|
|
_SYSCALL_OBJ(thread, K_OBJ_THREAD);
|
|
ko = validate_any_object((void *)object);
|
|
_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
|
|
_thread_perms_set(ko, (struct k_thread *)thread);
|
|
|
|
return 0;
|
|
}
|
|
|
|
_SYSCALL_HANDLER(k_object_access_revoke, object, thread)
|
|
{
|
|
struct _k_object *ko;
|
|
|
|
_SYSCALL_OBJ(thread, K_OBJ_THREAD);
|
|
ko = validate_any_object((void *)object);
|
|
_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
|
|
_thread_perms_clear(ko, (struct k_thread *)thread);
|
|
|
|
return 0;
|
|
}
|
|
|
|
_SYSCALL_HANDLER(k_object_access_all_grant, object)
|
|
{
|
|
struct _k_object *ko;
|
|
|
|
ko = validate_any_object((void *)object);
|
|
_SYSCALL_VERIFY_MSG(ko, "object %p access denied", (void *)object);
|
|
ko->flags |= K_OBJ_FLAG_PUBLIC;
|
|
|
|
return 0;
|
|
}
|