Mostly due to the fact that clang-format allows aligned comments via
AlignTrailingComments.
We could also use raw string literals in inline asm, which clang-format
deals with properly (and would be nicer in a lot of places).
calloc() was internally calling malloc_impl() which would scrub out
all the allocated memory with the scrub byte (0xdc). We would then
immediately zero-fill the memory.
This was obviously a waste of time, and our hash tables were doing
it all the time. :^)
Instead of having a special case in the dynamic loader where we ignore
TM-related GCC symbols, just stub them out in LibC like we already do
for various other things we don't support.
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
This removes some hard references to the toolchain, some unnecessary
uses of an external install command, and disables a -Werror flag (for
the time being) - only if run inside serenity.
With this, we can build and link the kernel :^)
This required a bit of rearchitecture, as pthread_atfork() required a
mutex, and duplicating a mutex impl for it was silly.
As such, this patch moves some standalone bits of pthread into LibC and
uses those to implement atfork().
It should be noted that for programs that don't use atfork(), this
mechanism only costs two atomic loads (as opposed to the normal mutex
lock+unlock) :^)
This implementation is pretty damn dumb, and probably has more bugs than
features.
But for the time being, it seems to work. however, we should definitely
replace it with a good implementation sometime very soon :^)
Now that we no longer depend on the textual IPC format, we can pass IP addresses
in the format most code actually has and needs it: in binary. The only places we
actually have to deal with textual address representation is:
* When reading /etc/hosts, we have to parse textual addresses & convert them to
binary;
* When doing reverse lookups, we have to form a pseudo-hostname of the form
x.x.x.x.in-addr.arpa.
So we do the conversion in those two cases.
This also increases uniformity between how we handle A (IPv4 address) and other
resource record types. Namely, we now store the raw binary data as received from
a DNS server.
The ad-hoc IPC we were doing with LookupServer was kinda gross. With this,
LookupServer is a regular IPC server. In the future, we want to add more APIs
for LookupServer to talk to its clients (such as DHCPClient telling LookupServer
about the DNS server discovered via DHCP, and DNS-SD client browsing for
services), which calls for a more expressive IPC format; this is what LibIPC is
perfect for.
While the LookupServer side is using the regular LibIPC mechanics and patterns,
the LibC side has to hand-roll LibIPC format serialization without actually
using LibIPC. We might be able to get rid of this in the future, but for now it
has to be like that. The good news is the format is not that bad at all.
This achieves two things:
- Programs can now intentionally perform arbitrary syscalls by calling
syscall(). This allows us to work on things like syscall fuzzing.
- It restricts the ability of userspace to make syscalls to a single
4KB page of code. In order to call the kernel directly, an attacker
must now locate this page and call through it.
Just ignore all these environment flags if the AT_SECURE flag is set in
the program's auxiliary vector.
This prevents a user from tricking set-uid programs into dumping debug
information via environment flags.
load_from_image() becomes map() and link(). This allows us to map
an object before mapping its dependencies.
This solves an issue where fixed-position executables (like GCC)
would clash with the ASLR placement of their own shared libraries.
Refactor DynamicLoader construction with a try_create() helper so that
we can call mmap() before making a loader. This way the loader doesn't
need to have an "mmap failed" state.
This patch also takes care of determining the ELF file size in
try_create() instead of expecting callers to provide it.
