lx_kit: sanitize that solely ep calls schedule()

with expected primary stack.

Issue #4540

repos/dde_linux/src/include/lx_kit/env.h

@@ -47,7 +47,7 @@ struct Lx_kit::Env
 	Timer::Connection    timer           { env };
 	Mem_allocator        memory          { env, heap, platform, CACHED   };
 	Mem_allocator        uncached_memory { env, heap, platform, UNCACHED };
-	Scheduler            scheduler       { };
+	Scheduler            scheduler       { env.ep() };
 	Device_list          devices         { env.ep(), heap, platform };
 	Lx_kit::Timeout      timeout         { timer, scheduler };
 	unsigned int         last_irq        { 0 };

repos/dde_linux/src/include/lx_kit/scheduler.h

@@ -32,6 +32,8 @@ class Lx_kit::Scheduler
 		List<Task> _present_list { };
 		Task     * _current      { nullptr };
 
+		Genode::Entrypoint &ep;
+
 	public:
 
 		Task & current();
@@ -51,6 +53,8 @@ class Lx_kit::Scheduler
 
 		template <typename FN>
 		void for_each_task(FN const & fn);
+
+		Scheduler(Genode::Entrypoint &ep) : ep(ep) { }
 };
 
 

repos/dde_linux/src/lib/lx_kit/scheduler.cc

@@ -15,8 +15,10 @@
  */
 
 /* Genode includes */
+#include <base/entrypoint.h>
 #include <base/log.h>
 #include <base/sleep.h>
+#include <base/thread.h>
 #include <os/backtrace.h>
 
 #include <lx_kit/scheduler.h>
@@ -91,6 +93,17 @@ Task & Scheduler::task(void * lx_task)
 
 void Scheduler::schedule()
 {
+	/* sanity check that right thread & stack is in use */
+	auto const thread = Genode::Thread::myself();
+	if (!ep.rpc_ep().myself(addr_t(&thread))) {
+		Genode::error("Lx_kit::Scheduler called by invalid thread/stack ",
+		              thread->name(), " ",
+		              Genode::Hex(thread->mystack().base), "-",
+		              Genode::Hex(thread->mystack().top));
+		Genode::backtrace();
+		Genode::sleep_forever();
+	}
+
 	/*
 	 * Iterate over all tasks and run first runnable.
 	 *