libc/exit: Purge calls to userspace API exit() from kernel

Remove calls to the userspace API exit() from the kernel. The problem with doing such calls is that the exit functions are called with kernel mode privileges which is a big security no-no.
2023-02-16 16:57:24 +02:00 · 2023-02-16 16:57:24 +02:00 · df1d7dd480
commit df1d7dd480
parent 0f5b66c335
9 changed files with 16 additions and 12 deletions
--- a/libs/libc/stdlib/lib_exit.c
+++ b/libs/libc/stdlib/lib_exit.c
@ -31,6 +31,8 @@
 #include <stdlib.h>
 #include <unistd.h>

+#ifndef __KERNEL__
+
 /****************************************************************************
 * Private Data
 ****************************************************************************/
@ -148,3 +150,5 @@ void _Exit(int status)
 {
  _exit(status);
 }
+
+#endif /* __KERNEL__ */
--- a/sched/pthread/pthread_exit.c
+++ b/sched/pthread/pthread_exit.c
@ -86,7 +86,7 @@ void nx_pthread_exit(FAR void *exit_value)
       * not really a pthread.  Exit by calling exit().
       */

-      exit(EXIT_FAILURE);
+      _exit(EXIT_FAILURE);
    }

  /* Perform common task termination logic.  This will get called again later
--- a/sched/signal/sig_default.c
+++ b/sched/signal/sig_default.c
@ -224,9 +224,9 @@ static void nxsig_abnormal_termination(int signo)
    {
      UNUSED(rtcb);

-      /* Exit to terminate the task (note that exit() vs. _exit() is used. */
+      /* Exit to terminate the task. */

-      exit(EXIT_FAILURE);
+      _exit(EXIT_FAILURE);
    }
 }
 #endif
--- a/sched/task/task_cancelpt.c
+++ b/sched/task/task_cancelpt.c
@ -145,7 +145,7 @@ bool enter_cancellation_point(void)
              else
 #endif
                {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                }
            }
        }
@ -232,7 +232,7 @@ void leave_cancellation_point(void)
              else
 #endif
                {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                }
            }
        }
--- a/sched/task/task_delete.c
+++ b/sched/task/task_delete.c
@ -118,7 +118,7 @@ int nxtask_delete(pid_t pid)
       * don't bother to unlock the TCB since it will be going away.
       */

-      exit(EXIT_SUCCESS);
+      _exit(EXIT_SUCCESS);
    }

  /* Notify the target if the non-cancelable or deferred cancellation set */
--- a/sched/task/task_execve.c
+++ b/sched/task/task_execve.c
@ -132,7 +132,7 @@ int execve(FAR const char *path, FAR char * const argv[],

  /* Then exit */

-  exit(0);
+  _exit(0);

  /* We should not get here, but might be needed by some compilers.  Other,
   * smarter compilers might complain that this code is unreachable.  You
--- a/sched/task/task_setcancelstate.c
+++ b/sched/task/task_setcancelstate.c
@ -117,7 +117,7 @@ int task_setcancelstate(int state, FAR int *oldstate)
              else
 #endif
                {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                }
            }
        }
--- a/sched/task/task_setcanceltype.c
+++ b/sched/task/task_setcanceltype.c
@ -105,7 +105,7 @@ int task_setcanceltype(int type, FAR int *oldtype)
          else
 #endif
            {
-              exit(EXIT_FAILURE);
+              _exit(EXIT_FAILURE);
            }
        }
 #endif
--- a/sched/task/task_start.c
+++ b/sched/task/task_start.c
@ -115,7 +115,7 @@ void nxtask_start(void)

      if (++argc > MAX_START_ARGS)
        {
-          exit(EXIT_FAILURE);
+          _exit(EXIT_FAILURE);
        }
    }

@ -139,7 +139,7 @@ void nxtask_start(void)
 #endif
    }

-  /* Call exit() if/when the task returns */
+  /* Call _exit() if/when the task returns */

-  exit(exitcode);
+  _exit(exitcode);
 }