kernel: remove SuccessUsize in favor of SuccessPtr

Noting that SuccessPtr can return a `CapabilityPtr` with no authority
granted.

kernel/src/memop.rs

@@ -56,22 +56,22 @@ pub(crate) fn memop(process: &dyn Process, op_type: usize, r1: usize) -> Syscall
             .unwrap_or(SyscallReturn::Failure(ErrorCode::NOMEM)),
 
         // Op Type 2: Process memory start
-        2 => SyscallReturn::SuccessUsize(process.get_addresses().sram_start),
+        2 => SyscallReturn::SuccessPtr(process.get_addresses().sram_start.into()),
 
         // Op Type 3: Process memory end
-        3 => SyscallReturn::SuccessUsize(process.get_addresses().sram_end),
+        3 => SyscallReturn::SuccessPtr(process.get_addresses().sram_end.into()),
 
         // Op Type 4: Process flash start
-        4 => SyscallReturn::SuccessUsize(process.get_addresses().flash_start),
+        4 => SyscallReturn::SuccessPtr(process.get_addresses().flash_start.into()),
 
         // Op Type 5: Process flash end
-        5 => SyscallReturn::SuccessUsize(process.get_addresses().flash_end),
+        5 => SyscallReturn::SuccessPtr(process.get_addresses().flash_end.into()),
 
         // Op Type 6: Grant region begin
-        6 => SyscallReturn::SuccessUsize(process.get_addresses().sram_grant_start),
+        6 => SyscallReturn::SuccessPtr(process.get_addresses().sram_grant_start.into()),
 
         // Op Type 7: Number of defined writeable regions in the TBF header.
-        7 => SyscallReturn::SuccessUsize(process.number_writeable_flash_regions()),
+        7 => SyscallReturn::SuccessU32(process.number_writeable_flash_regions() as u32),
 
         // Op Type 8: The start address of the writeable region indexed by r1.
         8 => {
@@ -80,7 +80,7 @@ pub(crate) fn memop(process: &dyn Process, op_type: usize, r1: usize) -> Syscall
             if size == 0 {
                 SyscallReturn::Failure(ErrorCode::FAIL)
             } else {
-                SyscallReturn::SuccessUsize(flash_start + offset)
+                SyscallReturn::SuccessPtr((flash_start + offset).into())
             }
         }
 
@@ -93,7 +93,7 @@ pub(crate) fn memop(process: &dyn Process, op_type: usize, r1: usize) -> Syscall
             if size == 0 {
                 SyscallReturn::Failure(ErrorCode::FAIL)
             } else {
-                SyscallReturn::SuccessUsize(flash_start + offset + size)
+                SyscallReturn::SuccessPtr((flash_start + offset + size).into())
             }
         }
 

kernel/src/syscall.rs

@@ -407,12 +407,9 @@ pub enum SyscallReturn {
     /// Generic success case, with an additional 32-bit and 64-bit data field
     SuccessU32U64(u32, u64),
 
-    /// Generic success case, with an additional usize data field
-    SuccessUsize(usize),
-
-    /// Generic success case, with an additional pointer with metadata
-    /// On CHERI, this grants authority.
-    /// Access to this return is therefore privileged.
+    /// Generic success case, with an additional pointer.
+    /// This pointer may or may imply access permission to the
+    /// process.
     SuccessPtr(CapabilityPtr),
 
     // These following types are used by the scheduler so that it can return
@@ -504,7 +501,6 @@ impl SyscallReturn {
             SyscallReturn::AllowReadOnlyFailure(_, _, _) => false,
             SyscallReturn::SubscribeFailure(_, _, _) => false,
             SyscallReturn::YieldWaitFor(_, _, _) => true,
-            SyscallReturn::SuccessUsize(_) => true,
         }
     }
 }

kernel/src/utilities/arch_helpers.rs

@@ -116,7 +116,6 @@ impl TRD104SyscallReturn {
             SyscallReturn::YieldWaitFor(a, b, c) => TRD104SyscallReturn::YieldWaitFor(a, b, c),
 
             // Compatibility mapping:
-            SyscallReturn::SuccessUsize(a) => TRD104SyscallReturn::SuccessU32(a as u32),
             SyscallReturn::SuccessPtr(a) => {
                 TRD104SyscallReturn::SuccessU32(a.as_ptr::<()>() as u32)
             }

kernel/src/utilities/capability_ptr.rs

@@ -61,7 +61,8 @@ impl From<CapabilityPtr> for usize {
 }
 
 impl From<usize> for CapabilityPtr {
-    /// Constructs a [`CapabilityPtr`] with a given address.
+    /// Constructs a [`CapabilityPtr`] with a given address and no authority
+    ///
     /// Provenance note: may have null provenance.
     #[inline]
     fn from(from: usize) -> Self {