doom1

2026-04-21 10:40:00 +00:00 · 2026-04-20 21:53:28 +08:00
parent a4f2c8eb89
commit d7e1cb62ee
19 changed files with 2154 additions and 15 deletions
--- a/clks/include/clks/exec.h
+++ b/clks/include/clks/exec.h
@@ -74,5 +74,7 @@ u64 clks_exec_request_count(void);
 u64 clks_exec_success_count(void);
 clks_bool clks_exec_is_running(void);
 clks_bool clks_exec_current_path_is_user(void);
+clks_bool clks_exec_current_user_ptr_readable(u64 addr, u64 size);
+clks_bool clks_exec_current_user_ptr_writable(u64 addr, u64 size);

 #endif
--- a/clks/include/clks/syscall.h
+++ b/clks/include/clks/syscall.h
@@ -84,6 +84,9 @@
 #define CLKS_SYSCALL_DL_CLOSE 78ULL
 #define CLKS_SYSCALL_DL_SYM 79ULL
 #define CLKS_SYSCALL_EXEC_PATHV_IO 80ULL
+#define CLKS_SYSCALL_FB_INFO 81ULL
+#define CLKS_SYSCALL_FB_BLIT 82ULL
+#define CLKS_SYSCALL_FB_CLEAR 83ULL

 void clks_syscall_init(void);
 u64 clks_syscall_dispatch(void *frame_ptr);
--- a/clks/kernel/memory/heap.c
+++ b/clks/kernel/memory/heap.c
@@ -2,7 +2,11 @@
 #include <clks/string.h>
 #include <clks/types.h>

-#define CLKS_HEAP_ARENA_SIZE (1024ULL * 1024ULL)
+#ifndef CLKS_CFG_HEAP_ARENA_SIZE
+#define CLKS_CFG_HEAP_ARENA_SIZE (64ULL * 1024ULL * 1024ULL)
+#endif
+
+#define CLKS_HEAP_ARENA_SIZE CLKS_CFG_HEAP_ARENA_SIZE
 #define CLKS_HEAP_ALIGN 16ULL
 #define CLKS_HEAP_MAGIC 0x434C454F4E4F534FULL

@@ -173,4 +177,4 @@ struct clks_heap_stats clks_heap_get_stats(void) {
    stats.free_count = clks_heap_free_count;

    return stats;
-}
+}
--- a/clks/kernel/runtime/elf64.c
+++ b/clks/kernel/runtime/elf64.c
@@ -1,5 +1,6 @@
 #include <clks/elf64.h>
 #include <clks/heap.h>
+#include <clks/log.h>
 #include <clks/string.h>
 #include <clks/types.h>

@@ -230,6 +231,10 @@ clks_bool clks_elf64_load(const void *image, u64 size, struct clks_elf64_loaded_

    image_base = clks_kmalloc((usize)span);
    if (image_base == CLKS_NULL) {
+        clks_log(CLKS_LOG_WARN, "ELF", "LOAD ALLOC FAILED");
+        clks_log_hex(CLKS_LOG_WARN, "ELF", "SPAN", span);
+        clks_log_hex(CLKS_LOG_WARN, "ELF", "MIN_VADDR", min_vaddr);
+        clks_log_hex(CLKS_LOG_WARN, "ELF", "MAX_VADDR_END", max_vaddr_end);
        return CLKS_FALSE;
    }

--- a/clks/kernel/runtime/exec.c
+++ b/clks/kernel/runtime/exec.c
@@ -178,6 +178,8 @@ static u64 clks_exec_unwind_slot_stack[CLKS_EXEC_MAX_DEPTH];
 static clks_bool clks_exec_unwind_slot_valid_stack[CLKS_EXEC_MAX_DEPTH];
 static u64 clks_exec_image_begin_stack[CLKS_EXEC_MAX_DEPTH];
 static u64 clks_exec_image_end_stack[CLKS_EXEC_MAX_DEPTH];
+static u64 clks_exec_stack_begin_stack[CLKS_EXEC_MAX_DEPTH];
+static u64 clks_exec_stack_end_stack[CLKS_EXEC_MAX_DEPTH];
 static u32 clks_exec_pid_stack_depth = 0U;
 static struct clks_exec_dynlib_slot clks_exec_dynlib_table[CLKS_EXEC_DYNLIB_MAX];
 static u64 clks_exec_next_dynlib_handle = 1ULL;
@@ -362,6 +364,26 @@ static clks_bool clks_exec_range_ok(u64 off, u64 len, u64 total) {
    return CLKS_TRUE;
 }

+static clks_bool clks_exec_addr_range_in_window(u64 addr, u64 size, u64 begin, u64 end) {
+    if (begin == 0ULL || end <= begin) {
+        return CLKS_FALSE;
+    }
+
+    if (size == 0ULL) {
+        return CLKS_FALSE;
+    }
+
+    if (addr < begin || addr >= end) {
+        return CLKS_FALSE;
+    }
+
+    if (size > (end - addr)) {
+        return CLKS_FALSE;
+    }
+
+    return CLKS_TRUE;
+}
+
 static i32 clks_exec_dynlib_alloc_slot(void) {
    u32 i;

@@ -1179,6 +1201,8 @@ static clks_bool clks_exec_invoke_entry(void *entry_ptr, u32 depth_index, u64 *o
        }

        stack_top = (void *)((u8 *)stack_base + (usize)CLKS_EXEC_RUN_STACK_BYTES);
+        clks_exec_stack_begin_stack[depth_index] = (u64)stack_base;
+        clks_exec_stack_end_stack[depth_index] = (u64)stack_top;
        unwind_slot = (((u64)stack_top) & ~0xFULL) - CLKS_EXEC_UNWIND_CTX_BYTES;
        clks_exec_unwind_slot_stack[depth_index] = unwind_slot;
        clks_exec_unwind_slot_valid_stack[depth_index] = CLKS_TRUE;
@@ -1192,6 +1216,8 @@ static clks_bool clks_exec_invoke_entry(void *entry_ptr, u32 depth_index, u64 *o
        /* Close unwind window immediately after call returns to avoid IRQ race. */
        clks_exec_unwind_slot_valid_stack[depth_index] = CLKS_FALSE;
        clks_exec_unwind_slot_stack[depth_index] = 0ULL;
+        clks_exec_stack_begin_stack[depth_index] = 0ULL;
+        clks_exec_stack_end_stack[depth_index] = 0ULL;

        clks_exec_restore_interrupt_window(restore_irq_disable);
        *out_ret = call_ret;
@@ -1254,6 +1280,8 @@ static clks_bool clks_exec_run_proc_slot(i32 slot, u64 *out_status) {
    clks_exec_stop_requested_stack[(u32)depth_index] = CLKS_FALSE;
    clks_exec_image_begin_stack[(u32)depth_index] = 0ULL;
    clks_exec_image_end_stack[(u32)depth_index] = 0ULL;
+    clks_exec_stack_begin_stack[(u32)depth_index] = 0ULL;
+    clks_exec_stack_end_stack[(u32)depth_index] = 0ULL;
    clks_exec_pid_stack_depth++;
    depth_pushed = CLKS_TRUE;

@@ -1348,6 +1376,8 @@ static clks_bool clks_exec_run_proc_slot(i32 slot, u64 *out_status) {
        clks_exec_stop_requested_stack[(u32)depth_index] = CLKS_FALSE;
        clks_exec_image_begin_stack[(u32)depth_index] = 0ULL;
        clks_exec_image_end_stack[(u32)depth_index] = 0ULL;
+        clks_exec_stack_begin_stack[(u32)depth_index] = 0ULL;
+        clks_exec_stack_end_stack[(u32)depth_index] = 0ULL;
        clks_exec_pid_stack_depth--;
        depth_pushed = CLKS_FALSE;
    }
@@ -1374,6 +1404,8 @@ fail:
        clks_exec_stop_requested_stack[(u32)depth_index] = CLKS_FALSE;
        clks_exec_image_begin_stack[(u32)depth_index] = 0ULL;
        clks_exec_image_end_stack[(u32)depth_index] = 0ULL;
+        clks_exec_stack_begin_stack[(u32)depth_index] = 0ULL;
+        clks_exec_stack_end_stack[(u32)depth_index] = 0ULL;
        clks_exec_pid_stack_depth--;
    }

@@ -1484,6 +1516,8 @@ void clks_exec_init(void) {
    clks_memset(clks_exec_unwind_slot_valid_stack, 0, sizeof(clks_exec_unwind_slot_valid_stack));
    clks_memset(clks_exec_image_begin_stack, 0, sizeof(clks_exec_image_begin_stack));
    clks_memset(clks_exec_image_end_stack, 0, sizeof(clks_exec_image_end_stack));
+    clks_memset(clks_exec_stack_begin_stack, 0, sizeof(clks_exec_stack_begin_stack));
+    clks_memset(clks_exec_stack_end_stack, 0, sizeof(clks_exec_stack_end_stack));
    clks_memset(clks_exec_proc_table, 0, sizeof(clks_exec_proc_table));
    clks_memset(clks_exec_dynlib_table, 0, sizeof(clks_exec_dynlib_table));
    clks_exec_next_dynlib_handle = 1ULL;
@@ -2526,3 +2560,39 @@ clks_bool clks_exec_current_path_is_user(void) {
    proc = &clks_exec_proc_table[(u32)slot];
    return clks_exec_path_is_user_program(proc->path);
 }
+
+clks_bool clks_exec_current_user_ptr_readable(u64 addr, u64 size) {
+    i32 depth_index;
+    u64 image_begin;
+    u64 image_end;
+    u64 stack_begin;
+    u64 stack_end;
+
+    if (clks_exec_is_running() == CLKS_FALSE || clks_exec_current_path_is_user() == CLKS_FALSE) {
+        return CLKS_FALSE;
+    }
+
+    if (size == 0ULL || clks_exec_pid_stack_depth == 0U) {
+        return CLKS_FALSE;
+    }
+
+    depth_index = (i32)(clks_exec_pid_stack_depth - 1U);
+    image_begin = clks_exec_image_begin_stack[(u32)depth_index];
+    image_end = clks_exec_image_end_stack[(u32)depth_index];
+    stack_begin = clks_exec_stack_begin_stack[(u32)depth_index];
+    stack_end = clks_exec_stack_end_stack[(u32)depth_index];
+
+    if (clks_exec_addr_range_in_window(addr, size, image_begin, image_end) == CLKS_TRUE) {
+        return CLKS_TRUE;
+    }
+
+    if (clks_exec_addr_range_in_window(addr, size, stack_begin, stack_end) == CLKS_TRUE) {
+        return CLKS_TRUE;
+    }
+
+    return CLKS_FALSE;
+}
+
+clks_bool clks_exec_current_user_ptr_writable(u64 addr, u64 size) {
+    return clks_exec_current_user_ptr_readable(addr, size);
+}
--- a/clks/kernel/runtime/syscall.c
+++ b/clks/kernel/runtime/syscall.c
@@ -1,6 +1,7 @@
 #include <clks/cpu.h>
 #include <clks/audio.h>
 #include <clks/exec.h>
+#include <clks/framebuffer.h>
 #include <clks/fs.h>
 #include <clks/heap.h>
 #include <clks/interrupts.h>
@@ -32,7 +33,7 @@
 #define CLKS_SYSCALL_KDBG_STACK_WINDOW_BYTES (128ULL * 1024ULL)
 #define CLKS_SYSCALL_KERNEL_SYMBOL_FILE "/system/kernel.sym"
 #define CLKS_SYSCALL_KERNEL_ADDR_BASE 0xFFFF800000000000ULL
-#define CLKS_SYSCALL_STATS_MAX_ID CLKS_SYSCALL_EXEC_PATHV_IO
+#define CLKS_SYSCALL_STATS_MAX_ID CLKS_SYSCALL_FB_CLEAR
 #define CLKS_SYSCALL_STATS_RING_SIZE 256U
 #define CLKS_SYSCALL_USC_MAX_ALLOWED_APPS 64U

@@ -131,6 +132,23 @@ struct clks_syscall_exec_io_req {
    u64 stderr_fd;
 };

+struct clks_syscall_fb_info_user {
+    u64 width;
+    u64 height;
+    u64 pitch;
+    u64 bpp;
+};
+
+struct clks_syscall_fb_blit_req {
+    u64 pixels_ptr;
+    u64 src_width;
+    u64 src_height;
+    u64 src_pitch_bytes;
+    u64 dst_x;
+    u64 dst_y;
+    u64 scale;
+};
+
 static clks_bool clks_syscall_ready = CLKS_FALSE;
 static clks_bool clks_syscall_user_trace_active = CLKS_FALSE;
 static u64 clks_syscall_user_trace_budget = 0ULL;
@@ -160,16 +178,55 @@ static inline void clks_syscall_outw(u16 port, u16 value) {
 }
 #endif

+static clks_bool clks_syscall_in_user_exec_context(void) {
+    return (clks_exec_is_running() == CLKS_TRUE && clks_exec_current_path_is_user() == CLKS_TRUE) ? CLKS_TRUE
+                                                                                                    : CLKS_FALSE;
+}
+
+static clks_bool clks_syscall_user_ptr_readable(u64 addr, u64 size) {
+    if (addr == 0ULL || size == 0ULL) {
+        return CLKS_FALSE;
+    }
+
+    if (clks_syscall_in_user_exec_context() == CLKS_FALSE) {
+        return CLKS_TRUE;
+    }
+
+    return clks_exec_current_user_ptr_readable(addr, size);
+}
+
+static clks_bool clks_syscall_user_ptr_writable(u64 addr, u64 size) {
+    if (addr == 0ULL || size == 0ULL) {
+        return CLKS_FALSE;
+    }
+
+    if (clks_syscall_in_user_exec_context() == CLKS_FALSE) {
+        return CLKS_TRUE;
+    }
+
+    return clks_exec_current_user_ptr_writable(addr, size);
+}
+
 static clks_bool clks_syscall_copy_user_string(u64 src_addr, char *dst, usize dst_size) {
-    const char *src = (const char *)src_addr;
    usize i = 0U;

-    if (src == CLKS_NULL || dst == CLKS_NULL || dst_size == 0U) {
+    if (src_addr == 0ULL || dst == CLKS_NULL || dst_size == 0U) {
        return CLKS_FALSE;
    }

    while (i + 1U < dst_size) {
-        char ch = src[i];
+        u64 char_addr = src_addr + (u64)i;
+        char ch;
+
+        if (char_addr < src_addr) {
+            return CLKS_FALSE;
+        }
+
+        if (clks_syscall_user_ptr_readable(char_addr, 1ULL) == CLKS_FALSE) {
+            return CLKS_FALSE;
+        }
+
+        ch = *(const char *)(usize)char_addr;
        dst[i] = ch;

        if (ch == '\0') {
@@ -209,6 +266,10 @@ static u64 clks_syscall_copy_text_to_user(u64 dst_addr, u64 dst_size, const char
        copy_len = (usize)dst_size - 1U;
    }

+    if (clks_syscall_user_ptr_writable(dst_addr, (u64)copy_len + 1ULL) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    clks_memcpy((void *)dst_addr, src, copy_len);
    ((char *)dst_addr)[copy_len] = '\0';
    return (u64)copy_len;
@@ -228,6 +289,10 @@ static u64 clks_syscall_log_write(u64 arg0, u64 arg1) {
        len = CLKS_SYSCALL_LOG_MAX_LEN;
    }

+    if (clks_syscall_user_ptr_readable((u64)(usize)src, len) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    for (i = 0ULL; i < len; i++) {
        buf[i] = src[i];
    }
@@ -252,6 +317,10 @@ static u64 clks_syscall_tty_write(u64 arg0, u64 arg1) {
        len = CLKS_SYSCALL_TTY_MAX_LEN;
    }

+    if (clks_syscall_user_ptr_readable((u64)(usize)src, len) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    for (i = 0ULL; i < len; i++) {
        buf[i] = src[i];
    }
@@ -277,6 +346,127 @@ static u64 clks_syscall_kbd_get_char(void) {
    return (u64)(u8)ch;
 }

+static u64 clks_syscall_fb_info(u64 arg0) {
+    struct clks_syscall_fb_info_user *out_info = (struct clks_syscall_fb_info_user *)arg0;
+    struct clks_framebuffer_info fb_info;
+
+    if (arg0 == 0ULL || clks_fb_ready() == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    if (clks_syscall_user_ptr_writable(arg0, (u64)sizeof(*out_info)) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    fb_info = clks_fb_info();
+    out_info->width = (u64)fb_info.width;
+    out_info->height = (u64)fb_info.height;
+    out_info->pitch = (u64)fb_info.pitch;
+    out_info->bpp = (u64)fb_info.bpp;
+    return 1ULL;
+}
+
+static u64 clks_syscall_fb_clear(u64 arg0) {
+    if (clks_fb_ready() == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    clks_fb_clear((u32)(arg0 & 0xFFFFFFFFULL));
+    return 1ULL;
+}
+
+static u64 clks_syscall_fb_blit(u64 arg0) {
+    struct clks_syscall_fb_blit_req req;
+    const u8 *src_base;
+    struct clks_framebuffer_info fb_info;
+    u64 src_width;
+    u64 src_height;
+    u64 src_pitch_bytes;
+    u64 dst_x;
+    u64 dst_y;
+    u64 scale;
+    u64 y;
+    u64 x;
+
+    if (arg0 == 0ULL || clks_fb_ready() == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    if (clks_syscall_user_ptr_readable(arg0, (u64)sizeof(req)) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    clks_memcpy(&req, (const void *)(usize)arg0, sizeof(req));
+
+    if (req.pixels_ptr == 0ULL) {
+        return 0ULL;
+    }
+
+    src_width = req.src_width;
+    src_height = req.src_height;
+    src_pitch_bytes = req.src_pitch_bytes;
+    dst_x = req.dst_x;
+    dst_y = req.dst_y;
+    scale = req.scale;
+
+    if (src_width == 0ULL || src_height == 0ULL || scale == 0ULL) {
+        return 0ULL;
+    }
+
+    if (src_width > 4096ULL || src_height > 4096ULL || scale > 8ULL) {
+        return 0ULL;
+    }
+
+    if (src_pitch_bytes == 0ULL) {
+        src_pitch_bytes = src_width * 4ULL;
+    }
+
+    if (src_pitch_bytes < (src_width * 4ULL)) {
+        return 0ULL;
+    }
+
+    if (src_pitch_bytes != 0ULL && src_height > (((u64)-1) / src_pitch_bytes)) {
+        return 0ULL;
+    }
+
+    if (clks_syscall_user_ptr_readable(req.pixels_ptr, src_pitch_bytes * src_height) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
+    src_base = (const u8 *)(usize)req.pixels_ptr;
+    fb_info = clks_fb_info();
+
+    if (dst_x >= (u64)fb_info.width || dst_y >= (u64)fb_info.height) {
+        return 0ULL;
+    }
+
+    for (y = 0ULL; y < src_height; y++) {
+        const u32 *src_row = (const u32 *)(const void *)(src_base + (usize)(y * src_pitch_bytes));
+        u64 draw_y = dst_y + (y * scale);
+
+        if (draw_y >= (u64)fb_info.height) {
+            break;
+        }
+
+        for (x = 0ULL; x < src_width; x++) {
+            u32 color = src_row[x];
+            u64 draw_x = dst_x + (x * scale);
+
+            if (draw_x >= (u64)fb_info.width) {
+                break;
+            }
+
+            if (scale == 1ULL) {
+                clks_fb_draw_pixel((u32)draw_x, (u32)draw_y, color);
+            } else {
+                clks_fb_fill_rect((u32)draw_x, (u32)draw_y, (u32)scale, (u32)scale, color);
+            }
+        }
+    }
+
+    return 1ULL;
+}
+
 static u64 clks_syscall_fd_open(u64 arg0, u64 arg1, u64 arg2) {
    char path[CLKS_SYSCALL_PATH_MAX];

@@ -292,6 +482,10 @@ static u64 clks_syscall_fd_read(u64 arg0, u64 arg1, u64 arg2) {
        return (u64)-1;
    }

+    if (arg2 > 0ULL && clks_syscall_user_ptr_writable(arg1, arg2) == CLKS_FALSE) {
+        return (u64)-1;
+    }
+
    return clks_exec_fd_read(arg0, (void *)arg1, arg2);
 }

@@ -300,6 +494,10 @@ static u64 clks_syscall_fd_write(u64 arg0, u64 arg1, u64 arg2) {
        return (u64)-1;
    }

+    if (arg2 > 0ULL && clks_syscall_user_ptr_readable(arg1, arg2) == CLKS_FALSE) {
+        return (u64)-1;
+    }
+
    return clks_exec_fd_write(arg0, (const void *)arg1, arg2);
 }

@@ -878,6 +1076,10 @@ static u64 clks_syscall_kdbg_bt(u64 arg0) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_readable(arg0, (u64)sizeof(req)) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    clks_memcpy(&req, (const void *)arg0, sizeof(req));

    if (req.out_ptr == 0ULL || req.out_size == 0ULL) {
@@ -1144,6 +1346,10 @@ static u64 clks_syscall_fs_get_child_name(u64 arg0, u64 arg1, u64 arg2) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_writable(arg2, CLKS_SYSCALL_NAME_MAX) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    if (clks_syscall_copy_user_string(arg0, path, sizeof(path)) == CLKS_FALSE) {
        return 0ULL;
    }
@@ -1215,6 +1421,10 @@ static u64 clks_syscall_fs_read(u64 arg0, u64 arg1, u64 arg2) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_writable(arg1, arg2) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    if (clks_syscall_copy_user_string(arg0, path, sizeof(path)) == CLKS_FALSE) {
        return 0ULL;
    }
@@ -1309,6 +1519,10 @@ static u64 clks_syscall_exec_pathv_io(u64 arg0, u64 arg1, u64 arg2) {
        return (u64)-1;
    }

+    if (clks_syscall_user_ptr_readable(arg2, (u64)sizeof(req)) == CLKS_FALSE) {
+        return (u64)-1;
+    }
+
    clks_memcpy(&req, (const void *)arg2, sizeof(req));

    if (clks_syscall_copy_user_optional_string(req.env_line_ptr, env_line, sizeof(env_line)) == CLKS_FALSE) {
@@ -1372,6 +1586,9 @@ static u64 clks_syscall_waitpid(u64 arg0, u64 arg1) {
    u64 wait_ret = clks_exec_wait_pid(arg0, &status);

    if (wait_ret == 1ULL && arg1 != 0ULL) {
+        if (clks_syscall_user_ptr_writable(arg1, (u64)sizeof(status)) == CLKS_FALSE) {
+            return (u64)-1;
+        }
        clks_memcpy((void *)arg1, &status, sizeof(status));
    }

@@ -1391,6 +1608,10 @@ static u64 clks_syscall_proc_argv(u64 arg0, u64 arg1, u64 arg2) {
        arg2 = CLKS_SYSCALL_ITEM_MAX;
    }

+    if (clks_syscall_user_ptr_writable(arg1, arg2) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    return (clks_exec_copy_current_argv(arg0, (char *)arg1, (usize)arg2) == CLKS_TRUE) ? 1ULL : 0ULL;
 }

@@ -1407,6 +1628,10 @@ static u64 clks_syscall_proc_env(u64 arg0, u64 arg1, u64 arg2) {
        arg2 = CLKS_SYSCALL_ITEM_MAX;
    }

+    if (clks_syscall_user_ptr_writable(arg1, arg2) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    return (clks_exec_copy_current_env(arg0, (char *)arg1, (usize)arg2) == CLKS_TRUE) ? 1ULL : 0ULL;
 }

@@ -1437,6 +1662,10 @@ static u64 clks_syscall_proc_pid_at(u64 arg0, u64 arg1) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_writable(arg1, (u64)sizeof(pid)) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    if (clks_exec_proc_pid_at(arg0, &pid) == CLKS_FALSE) {
        return 0ULL;
    }
@@ -1452,6 +1681,10 @@ static u64 clks_syscall_proc_snapshot(u64 arg0, u64 arg1, u64 arg2) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_writable(arg1, (u64)sizeof(snap)) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    if (clks_exec_proc_snapshot(arg0, &snap) == CLKS_FALSE) {
        return 0ULL;
    }
@@ -1602,6 +1835,10 @@ static u64 clks_syscall_fs_write_common(u64 arg0, u64 arg1, u64 arg2, clks_bool
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_readable(arg1, arg2) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    while (remaining > 0ULL) {
        u64 chunk_len = remaining;
        void *heap_copy;
@@ -1668,6 +1905,10 @@ static u64 clks_syscall_log_journal_read(u64 arg0, u64 arg1, u64 arg2) {
        return 0ULL;
    }

+    if (clks_syscall_user_ptr_writable(arg1, arg2) == CLKS_FALSE) {
+        return 0ULL;
+    }
+
    if (clks_log_journal_read(arg0, line, sizeof(line)) == CLKS_FALSE) {
        return 0ULL;
    }
@@ -2266,6 +2507,12 @@ u64 clks_syscall_dispatch(void *frame_ptr) {
        return clks_syscall_dl_close(frame->rbx);
    case CLKS_SYSCALL_DL_SYM:
        return clks_syscall_dl_sym(frame->rbx, frame->rcx);
+    case CLKS_SYSCALL_FB_INFO:
+        return clks_syscall_fb_info(frame->rbx);
+    case CLKS_SYSCALL_FB_BLIT:
+        return clks_syscall_fb_blit(frame->rbx);
+    case CLKS_SYSCALL_FB_CLEAR:
+        return clks_syscall_fb_clear(frame->rbx);
    default:
        return (u64)-1;
    }