[kernel] Only accept invalid handles for optional syscall args

The syscall helpers.h get_handle functions should be returing j6_err_invalid_arg if the handle they're given is j6_handle_invalid, unless explicitly set to optional.
2025-12-10 00:14:32 -08:00 · 2023-02-06 01:13:55 -08:00
parent 8966380ef9
commit 359ee035d8
4 changed files with 29 additions and 16 deletions
--- a/src/kernel/syscall_verify.cpp.cog
+++ b/src/kernel/syscall_verify.cpp.cog
@@ -90,7 +90,7 @@ for id, scope, method in syscalls.methods:
    args = []        # The function call args to call the impl
    argdefs = []     # The user-facing syscall args signature
    cxxargdefs = []  # The kernel syscall impl args signature
-    refparams = []   # The list of params which are kobjects
+    refparams = []   # The list of params which are pointers

    handles = []
    objparams = []
@@ -111,7 +111,11 @@ for id, scope, method in syscalls.methods:
            cxxargdefs.append(f"obj::{scope.cname} *self")
            objparams.append((f"obj::{scope.cname} *", "self"))

-        handles.append((scope.cname, "self", get_caps(method.options, scope)))
+        handles.append((
+            scope.cname,
+            "self",
+            get_caps(method.options, scope),
+            False))

    for param in method.params:
        needs_obj = param.type.needs_object(param.options)
@@ -125,7 +129,12 @@ for id, scope, method in syscalls.methods:
            arg = f"{param.name}{suffix}"

            if needs_handle:
-                handles.append((param.type.object.cname, arg, get_caps(param.options, param.type.object)))
+                handles.append((
+                    param.type.object.cname,
+                    arg,
+                    get_caps(param.options, param.type.object),
+                    param.optional))
+
                if needs_obj:
                    objparams.append((type, arg))
                    args.append(f"{arg}_obj")
@@ -138,7 +147,9 @@ for id, scope, method in syscalls.methods:
        if not needs_handle and param.caps:
            handles.append((
                f"obj::{param.type.object.cname}",
-                arg, get_caps(param.options, param.type.object)))
+                arg,
+                get_caps(param.options, param.type.object,
+                param.optional)))

        if param.refparam:
            subs = param.type.c_names(param.options)
@@ -173,13 +184,15 @@ for id, scope, method in syscalls.methods:
    if handles:
        cog.outl(f"    j6_status_t res;")

-    for type, arg, caps in handles:
+    for type, arg, caps, optional in handles:
        capsval = "0"
        if caps:
            capsval = " | ".join(caps)

+        optstr = (optional and "true") or "false"
+
        cog.outl(f"    obj::{type} *{arg}_obj = nullptr;")
-        cog.outl(f"    res = get_handle<typename obj::{type}>({arg}, {capsval}, {arg}_obj);")
+        cog.outl(f"    res = get_handle<typename obj::{type}>({arg}, {capsval}, {arg}_obj, {optstr});")
        cog.outl(f"    if (res != j6_status_ok) return res;")
        cog.outl()

@@ -195,7 +208,7 @@ for id, scope, method in syscalls.methods:
        cog.outl(f"""        _retval = {name}({", ".join(args)});""")
        cog.outl("    }\n")

-        for type, arg, caps in handles:
+        for type, arg, caps, optional in handles:
            cog.outl(f"    release_handle({arg});")

        cog.outl(f"""    return _retval;""")
--- a/src/kernel/syscalls/helpers.h
+++ b/src/kernel/syscalls/helpers.h
@@ -23,11 +23,11 @@ T * construct_handle(j6_handle_t *id, Args... args)
 }

 template <typename T>
-j6_status_t get_handle(j6_handle_t id, j6_cap_t caps, T *&object)
+j6_status_t get_handle(j6_handle_t id, j6_cap_t caps, T *&object, bool optional = false)
 {
    if (id == j6_handle_invalid) {
        object = nullptr;
-        return j6_status_ok;
+        return optional ? j6_status_ok : j6_err_invalid_arg;
    }

    capability *capdata = g_cap_table.retain(id);
@@ -43,17 +43,17 @@ j6_status_t get_handle(j6_handle_t id, j6_cap_t caps, T *&object)
 }

 template <typename T>
-inline j6_status_t get_handle(j6_handle_t *id, j6_cap_t caps, T *&object)
+inline j6_status_t get_handle(j6_handle_t *id, j6_cap_t caps, T *&object, bool optional = false)
 {
-    return get_handle<T>(*id, caps, object);
+    return get_handle<T>(*id, caps, object, optional);
 }

 template <>
-inline j6_status_t get_handle<obj::kobject>(j6_handle_t id, j6_cap_t caps, obj::kobject *&object)
+inline j6_status_t get_handle<obj::kobject>(j6_handle_t id, j6_cap_t caps, obj::kobject *&object, bool optional)
 {
    if (id == j6_handle_invalid) {
        object = nullptr;
-        return j6_status_ok;
+        return optional ? j6_status_ok : j6_err_invalid_arg;
    }

    capability *capdata = g_cap_table.retain(id);