From 54b9a4ec1e7c08a99508d30d150fa17bfe1ee2dc Mon Sep 17 00:00:00 2001
From: Brian Gianforcaro <bgianf@serenityos.org>
Date: Wed, 29 Dec 2021 01:11:45 -0800
Subject: Kernel: Handle promise violations in the syscall handler

Previously we would crash the process immediately when a promise
violation was found during a syscall. This is error prone, as we
don't unwind the stack. This means that in certain cases we can
leak resources, like an OwnPtr / RefPtr tracked on the stack. Or
even leak a lock acquired in a ScopeLockLocker.

To remedy this situation we move the promise violation handling to
the syscall handler, right before we return to user space. This
allows the code to follow the normal unwind path, and grantees
there is no longer any cleanup that needs to occur.

The Process::require_promise() and Process::require_no_promises()
functions were modified to return ErrorOr<void> so we enforce that
the errors are always propagated by the caller.
---
 Kernel/Syscalls/getuid.cpp | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

(limited to 'Kernel/Syscalls/getuid.cpp')

diff --git a/Kernel/Syscalls/getuid.cpp b/Kernel/Syscalls/getuid.cpp
index 65ce3afb62..0b2d48aa8a 100644
--- a/Kernel/Syscalls/getuid.cpp
+++ b/Kernel/Syscalls/getuid.cpp
@@ -11,35 +11,35 @@ namespace Kernel {
 ErrorOr<FlatPtr> Process::sys$getuid()
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     return uid().value();
 }
 
 ErrorOr<FlatPtr> Process::sys$getgid()
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     return gid().value();
 }
 
 ErrorOr<FlatPtr> Process::sys$geteuid()
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     return euid().value();
 }
 
 ErrorOr<FlatPtr> Process::sys$getegid()
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     return egid().value();
 }
 
 ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> ruid, Userspace<UserID*> euid, Userspace<UserID*> suid)
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     TRY(copy_to_user(ruid, &m_protected_values.uid));
     TRY(copy_to_user(euid, &m_protected_values.euid));
     TRY(copy_to_user(suid, &m_protected_values.suid));
@@ -49,7 +49,7 @@ ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> ruid, Userspace<UserI
 ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> rgid, Userspace<GroupID*> egid, Userspace<GroupID*> sgid)
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     TRY(copy_to_user(rgid, &m_protected_values.gid));
     TRY(copy_to_user(egid, &m_protected_values.egid));
     TRY(copy_to_user(sgid, &m_protected_values.sgid));
@@ -59,7 +59,7 @@ ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> rgid, Userspace<Grou
 ErrorOr<FlatPtr> Process::sys$getgroups(size_t count, Userspace<gid_t*> user_gids)
 {
     VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
-    require_promise(Pledge::stdio);
+    TRY(require_promise(Pledge::stdio));
     if (!count)
         return extra_gids().size();
     if (count != extra_gids().size())
-- 
cgit v1.2.3