From 19a8ab41d41feee9138fb25dcedc65733fd82921 Mon Sep 17 00:00:00 2001
From: Drew Galbraith <dgalbraith33@gmail.com>
Date: Sat, 17 Aug 2024 17:14:30 -0700
Subject: [PATCH] [Zion] Make sure result of ValidateCapability is used.

---
 rust/lib/mammoth/src/elf.rs  | 2 +-
 zion/capability/capability.h | 6 +++++-
 zion/syscall/ipc.cpp         | 8 ++++----
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/rust/lib/mammoth/src/elf.rs b/rust/lib/mammoth/src/elf.rs
index af7bd74..aa4daf9 100644
--- a/rust/lib/mammoth/src/elf.rs
+++ b/rust/lib/mammoth/src/elf.rs
@@ -331,7 +331,7 @@ pub fn spawn_process_from_elf(elf_file: &[u8]) -> Result<z_cap_t, ZError> {
     port.write_u64_and_cap(crate::init::Z_INIT_SELF_VMAS, new_as_cap)?;
     port.write_u64_and_cap(
         crate::init::Z_INIT_ENDPOINT,
-        syscall::cap_duplicate(unsafe { crate::init::INIT_ENDPOINT }, u64::MAX)?,
+        self_cap.duplicate(Capability::PERMS_ALL)?,
     )?;
 
     let thread_cap = syscall::thread_create(new_proc_cap)?;
diff --git a/zion/capability/capability.h b/zion/capability/capability.h
index 6a20183..96911c7 100644
--- a/zion/capability/capability.h
+++ b/zion/capability/capability.h
@@ -5,6 +5,7 @@
 #include <glacier/status/error.h>
 #include <stdint.h>
 
+#include "debug/debug.h"
 #include "include/ztypes.h"
 #include "object/kernel_object.h"
 
@@ -42,7 +43,10 @@ class Capability : public glcr::RefCounted<Capability> {
 template <typename T>
 glcr::RefPtr<T> Capability::obj() {
   if (obj_->TypeTag() != KernelObjectTag<T>::type) {
-    return nullptr;
+    uint64_t type = KernelObjectTag<T>::type;
+    dbgln("Mismatched type tag returning nullptr.");
+    dbgln("Expected {x} got {x}", type, obj_->TypeTag());
+    panic("Unhandled obj type mismatch");
   }
   return StaticCastRefPtr<T>(obj_);
 }
diff --git a/zion/syscall/ipc.cpp b/zion/syscall/ipc.cpp
index ab1051a..98e6a49 100644
--- a/zion/syscall/ipc.cpp
+++ b/zion/syscall/ipc.cpp
@@ -175,7 +175,7 @@ glcr::ErrorCode EndpointSend(ZEndpointSendReq* req) {
   auto& proc = gScheduler->CurrentProcess();
 
   auto endpoint_cap = proc.GetCapability(req->endpoint_cap);
-  ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Write);
+  RET_ERR(ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Write));
   auto endpoint = endpoint_cap->obj<Endpoint>();
 
   auto reply_port = ReplyPort::Create();
@@ -191,7 +191,7 @@ glcr::ErrorCode EndpointRecv(ZEndpointRecvReq* req) {
   auto& proc = gScheduler->CurrentProcess();
 
   auto endpoint_cap = proc.GetCapability(req->endpoint_cap);
-  ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Read);
+  RET_ERR(ValidateCapability<Endpoint>(endpoint_cap, kZionPerm_Read));
   auto endpoint = endpoint_cap->obj<Endpoint>();
 
   ASSIGN_OR_RETURN(IpcMessage msg,
@@ -202,7 +202,7 @@ glcr::ErrorCode EndpointRecv(ZEndpointRecvReq* req) {
 glcr::ErrorCode ReplyPortSend(ZReplyPortSendReq* req) {
   auto& proc = gScheduler->CurrentProcess();
   auto reply_port_cap = proc.GetCapability(req->reply_port_cap);
-  ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read);
+  RET_ERR(ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read));
   auto reply_port = reply_port_cap->obj<ReplyPort>();
 
   ASSIGN_OR_RETURN(IpcMessage message, TranslateRequestToIpcMessage(*req));
@@ -212,7 +212,7 @@ glcr::ErrorCode ReplyPortRecv(ZReplyPortRecvReq* req) {
   auto& proc = gScheduler->CurrentProcess();
 
   auto reply_port_cap = proc.GetCapability(req->reply_port_cap);
-  ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read);
+  RET_ERR(ValidateCapability<ReplyPort>(reply_port_cap, kZionPerm_Read));
   auto reply_port = reply_port_cap->obj<ReplyPort>();
 
   ASSIGN_OR_RETURN(IpcMessage msg,