From df1d7dd4809f13b8da4b92a65040402d1a9df510 Mon Sep 17 00:00:00 2001
From: Ville Juven <ville.juven@unikie.com>
Date: Thu, 16 Feb 2023 16:57:24 +0200
Subject: [PATCH] libc/exit: Purge calls to userspace API exit() from kernel

Remove calls to the userspace API exit() from the kernel. The problem
with doing such calls is that the exit functions are called with kernel
mode privileges which is a big security no-no.
---
 libs/libc/stdlib/lib_exit.c      | 4 ++++
 sched/pthread/pthread_exit.c     | 2 +-
 sched/signal/sig_default.c       | 4 ++--
 sched/task/task_cancelpt.c       | 4 ++--
 sched/task/task_delete.c         | 2 +-
 sched/task/task_execve.c         | 2 +-
 sched/task/task_setcancelstate.c | 2 +-
 sched/task/task_setcanceltype.c  | 2 +-
 sched/task/task_start.c          | 6 +++---
 9 files changed, 16 insertions(+), 12 deletions(-)

diff --git a/libs/libc/stdlib/lib_exit.c b/libs/libc/stdlib/lib_exit.c
index 7d82ffdc21..b9fa15b861 100644
--- a/libs/libc/stdlib/lib_exit.c
+++ b/libs/libc/stdlib/lib_exit.c
@@ -31,6 +31,8 @@
 #include <stdlib.h>
 #include <unistd.h>
 
+#ifndef __KERNEL__
+
 /****************************************************************************
  * Private Data
  ****************************************************************************/
@@ -148,3 +150,5 @@ void _Exit(int status)
 {
   _exit(status);
 }
+
+#endif /* __KERNEL__ */
diff --git a/sched/pthread/pthread_exit.c b/sched/pthread/pthread_exit.c
index dd3b072c0c..2290cabcfe 100644
--- a/sched/pthread/pthread_exit.c
+++ b/sched/pthread/pthread_exit.c
@@ -86,7 +86,7 @@ void nx_pthread_exit(FAR void *exit_value)
        * not really a pthread.  Exit by calling exit().
        */
 
-      exit(EXIT_FAILURE);
+      _exit(EXIT_FAILURE);
     }
 
   /* Perform common task termination logic.  This will get called again later
diff --git a/sched/signal/sig_default.c b/sched/signal/sig_default.c
index 904f8161aa..ec62b912f3 100644
--- a/sched/signal/sig_default.c
+++ b/sched/signal/sig_default.c
@@ -224,9 +224,9 @@ static void nxsig_abnormal_termination(int signo)
     {
       UNUSED(rtcb);
 
-      /* Exit to terminate the task (note that exit() vs. _exit() is used. */
+      /* Exit to terminate the task. */
 
-      exit(EXIT_FAILURE);
+      _exit(EXIT_FAILURE);
     }
 }
 #endif
diff --git a/sched/task/task_cancelpt.c b/sched/task/task_cancelpt.c
index 2a1ab912f8..815d356cc6 100644
--- a/sched/task/task_cancelpt.c
+++ b/sched/task/task_cancelpt.c
@@ -145,7 +145,7 @@ bool enter_cancellation_point(void)
               else
 #endif
                 {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                 }
             }
         }
@@ -232,7 +232,7 @@ void leave_cancellation_point(void)
               else
 #endif
                 {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                 }
             }
         }
diff --git a/sched/task/task_delete.c b/sched/task/task_delete.c
index 2d4f314c73..6c2330e5dd 100644
--- a/sched/task/task_delete.c
+++ b/sched/task/task_delete.c
@@ -118,7 +118,7 @@ int nxtask_delete(pid_t pid)
        * don't bother to unlock the TCB since it will be going away.
        */
 
-      exit(EXIT_SUCCESS);
+      _exit(EXIT_SUCCESS);
     }
 
   /* Notify the target if the non-cancelable or deferred cancellation set */
diff --git a/sched/task/task_execve.c b/sched/task/task_execve.c
index 555271effe..0ab84e0464 100644
--- a/sched/task/task_execve.c
+++ b/sched/task/task_execve.c
@@ -132,7 +132,7 @@ int execve(FAR const char *path, FAR char * const argv[],
 
   /* Then exit */
 
-  exit(0);
+  _exit(0);
 
   /* We should not get here, but might be needed by some compilers.  Other,
    * smarter compilers might complain that this code is unreachable.  You
diff --git a/sched/task/task_setcancelstate.c b/sched/task/task_setcancelstate.c
index bb08b542c3..2d384eac14 100644
--- a/sched/task/task_setcancelstate.c
+++ b/sched/task/task_setcancelstate.c
@@ -117,7 +117,7 @@ int task_setcancelstate(int state, FAR int *oldstate)
               else
 #endif
                 {
-                  exit(EXIT_FAILURE);
+                  _exit(EXIT_FAILURE);
                 }
             }
         }
diff --git a/sched/task/task_setcanceltype.c b/sched/task/task_setcanceltype.c
index b14fec53e0..cf4f7bcd38 100644
--- a/sched/task/task_setcanceltype.c
+++ b/sched/task/task_setcanceltype.c
@@ -105,7 +105,7 @@ int task_setcanceltype(int type, FAR int *oldtype)
           else
 #endif
             {
-              exit(EXIT_FAILURE);
+              _exit(EXIT_FAILURE);
             }
         }
 #endif
diff --git a/sched/task/task_start.c b/sched/task/task_start.c
index 745531ab9b..42ac5f0b27 100644
--- a/sched/task/task_start.c
+++ b/sched/task/task_start.c
@@ -115,7 +115,7 @@ void nxtask_start(void)
 
       if (++argc > MAX_START_ARGS)
         {
-          exit(EXIT_FAILURE);
+          _exit(EXIT_FAILURE);
         }
     }
 
@@ -139,7 +139,7 @@ void nxtask_start(void)
 #endif
     }
 
-  /* Call exit() if/when the task returns */
+  /* Call _exit() if/when the task returns */
 
-  exit(exitcode);
+  _exit(exitcode);
 }