The various macros to do checks in system call handlers all
implictly would generate a kernel oops if a check failed.
This is undesirable for a few reasons:
* System call handlers that acquire resources in the handler
have no good recourse for cleanup if a check fails.
* In some cases we may want to propagate a return value back
to the caller instead of just killing the calling thread,
even though the base API doesn't do these checks.
These macros now all return a value, if nonzero is returned
the check failed. K_OOPS() now wraps these calls to generate
a kernel oops.
At the moment, the policy for all APIs has not changed. They
still all oops upon a failed check/
The macros now use the Z_ notation for private APIs.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
Driver APIs might not implement all operations, making it possible for
a user thread to get the kernel to execute a function at 0x00000000.
Perform runtime checks in all the driver handlers, checking if they're
capable of performing the requested operation.
Fixes#6907.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
All the mesages are checked with _SYSCALL_MEMORY() prior to calling the
actual implementation function. However, a race condition might happen
between the check and the call to _impl_i2c_transfer() itself.
Copy the msgs vector to a locally allocated array and pass it to the
transfer implementation.
Signed-off-by: Leandro Pereira <leandro.pereira@intel.com>
i2c actually only has two entry points into the driver,
i2c_configure and i2c_transfer. All the other APIs are derived
from these.
All derived APIs now just call i2c_transfer() with appropriate args.
The handler for i2c_transfer() needs to examine the message array
and validate all the buffers involved depending on whether we are
reading or writing to them.
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>