For stuff like testing PASLR, *hax2x, khc3ds, etc.
Also fix a corner-case bug when changing the 3dsx app from itself to
itself, if its TID corresponds to the default.
This is mostly a libctru bug (well, sort of).
This can only happen to built-in sysmodules, and to
processes waiting for err:f, that fail to obtain
handles through svcConnectToPort first try; and only
prior to 11.0.
Prior to fw 11.0, kernel didn't zero-initialize output
handles, and thus the output handle gets filled with
junk (leaked kernel stack data) in case of failure.
Libctru does not account for this, and closes such
handles anyway (in srvInit, errfInit, and possibly
more).
The problem is that, in our case, that garbage was
equal to 0x8000, actually a valid handle, in fact
the first handle to be created (and not closed) in
a process... a handle to KAddressArbiter.
Accidentally closing this handle resulted in one or
more KIPs spin-waiting and starving core1, resulting
in an inability to boot.
We fix this simply by replicating what recent k11 does,
in kext (for svcConnectToPort). For srvGetServiceHandle,
add two layers of safety.
Based off the conditions, this is a potential null pointer dereference
that can occur. We need to check for null before accessing
nbPendingNotifications.
This is unlikely to occur in common usage, however it's a fairly
straightforward amendment.
In this case pm+sm were supposed to automatically unregister ro's services (the kernel can close a dying process's handle automatically). Not doing this apparently induced a reference leak of DevMenu's as a process, preventing it to be destroyed and the memory allocation reslimit counter to be updated by KProcess's destructor accordingly.
