1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-25 18:12:33 +00:00
Commit graph

42 commits

Author SHA1 Message Date
Brian Gianforcaro
ed996fcced Kernel: Remove unused header includes 2021-08-01 08:10:16 +02:00
Brian Gianforcaro
ddc950ce42 Kernel: Avoid file descriptor leak in Process::sys$socketpair on error
Previously it was possible to leak the file descriptor if we error out
after allocating the first descriptor. Now we perform both fd
allocations back to back so we can handle the potential error when
processing the second fd allocation.
2021-07-28 19:07:00 +02:00
Brian Gianforcaro
4b2651ddab Kernel: Track allocated FileDescriptionAndFlag elements in each Process
The way the Process::FileDescriptions::allocate() API works today means
that two callers who allocate back to back without associating a
FileDescription with the allocated FD, will receive the same FD and thus
one will stomp over the other.

Naively tracking which FileDescriptions are allocated and moving onto
the next would introduce other bugs however, as now if you "allocate"
a fd and then return early further down the control flow of the syscall
you would leak that fd.

This change modifies this behavior by tracking which descriptions are
allocated and then having an RAII type to "deallocate" the fd if the
association is not setup the end of it's scope.
2021-07-28 19:07:00 +02:00
Brian Gianforcaro
ba03b6ad02 Kernel: Make Process::FileDescriptions::allocate return KResultOr<int>
Modernize more error checking by utilizing KResultOr.
2021-07-28 19:07:00 +02:00
Brian Gianforcaro
d2cee9cbf6 Kernel: Remove unused fd allocation from Process::sys$connect(..) 2021-07-28 19:07:00 +02:00
Brian Gianforcaro
9201a06027 Kernel: Annotate all syscalls with VERIFY_PROCESS_BIG_LOCK_ACQUIRED
Before we start disabling acquisition of the big process lock for
specific syscalls, make sure to document and assert that all the
lock is held during all syscalls.
2021-07-20 03:21:14 +02:00
Daniel Bertalan
b9f30c6f2a Everywhere: Fix some alignment issues
When creating uninitialized storage for variables, we need to make sure
that the alignment is correct. Fixes a KUBSAN failure when running
kernels compiled with Clang.

In `Syscalls/socket.cpp`, we can simply use local variables, as
`sockaddr_un` is a POD type.

Along with moving the `alignas` specifier to the correct member,
`AK::Optional`'s internal buffer has been made non-zeroed by default.
GCC emitted bogus uninitialized memory access warnings, so we now use
`__builtin_launder` to tell the compiler that we know what we are doing.
This might disable some optimizations, but judging by how GCC failed to
notice that the memory's initialization is dependent on `m_has_value`,
I'm not sure that's a bad thing.
2021-07-03 01:56:31 +04:30
Liav A
7c87891c06 Kernel: Don't copy a Vector<FileDescriptionAndFlags>
Instead of copying a Vector everytime we need to enumerate a Process'
file descriptions, we can just temporarily lock so it won't change.
2021-06-29 20:53:59 +02:00
Gunnar Beutner
2a78bf8596 Kernel: Fix the return type for syscalls
The Process::Handler type has KResultOr<FlatPtr> as its return type.
Using a different return type with an equally-sized template parameter
sort of works but breaks once that condition is no longer true, e.g.
for KResultOr<int> on x86_64.

Ideally the syscall handlers would also take FlatPtrs as their args
so we can get rid of the reinterpret_cast for the function pointer
but I didn't quite feel like cleaning that up as well.
2021-06-28 22:29:28 +02:00
Gunnar Beutner
bc3076f894 Kernel: Remove various other uses of ssize_t 2021-06-16 21:29:36 +02:00
Gunnar Beutner
89956cb0d6 Kernel+Userspace: Implement the accept4() system call
Unlike accept() the new accept4() system call lets the caller specify
flags for the newly accepted socket file descriptor, such as
SOCK_CLOEXEC and SOCK_NONBLOCK.
2021-05-17 13:32:19 +02:00
Gunnar Beutner
3c0355a398 Kernel: Accepted socket file descriptors should not inherit flags
For example Linux accepts an additional argument for flags in accept4()
that let the user specify what flags they want. However, by default
accept() should not inherit those flags from the listener socket.
2021-04-30 11:43:19 +02:00
Brian Gianforcaro
cd29eb7867 Kernel: Harden sys$sendmsg / sys$recvmsg Vector usage against OOM. 2021-04-29 20:31:15 +02:00
Gunnar Beutner
aa792062cb Kernel+LibC: Implement the socketpair() syscall 2021-04-28 14:19:45 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Ben Wiederhake
5c15ca7b84 Kernel: Make sockets use AK::Time 2021-03-02 08:36:08 +01:00
Andreas Kling
ac71775de5 Kernel: Make all syscall functions return KResultOr<T>
This makes it a lot easier to return errors since we no longer have to
worry about negating EFOO errors and can just return them flat.
2021-03-01 13:54:32 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
6e4e3a7612 Kernel: Remove pledge exception for sys$getsockopt() with SO_PEERCRED
We had an exception that allowed SOL_SOCKET + SO_PEERCRED on local
socket to support LibIPC's PID exchange mechanism. This is no longer
needed so let's just remove the exception.
2021-01-31 09:29:27 +01:00
Andreas Kling
1730c23775 Kernel: Remove a bunch of no-longer-necessary SmapDisablers
We forgot to remove the automatic SMAP disablers after fixing up all
this code to not access userspace memory directly. Let's lock things
down at last. :^)
2021-01-17 15:03:07 +01:00
Lenny Maiorani
e6f907a155 AK: Simplify constructors and conversions from nullptr_t
Problem:
- Many constructors are defined as `{}` rather than using the ` =
  default` compiler-provided constructor.
- Some types provide an implicit conversion operator from `nullptr_t`
  instead of requiring the caller to default construct. This violates
  the C++ Core Guidelines suggestion to declare single-argument
  constructors explicit
  (https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit).

Solution:
- Change default constructors to use the compiler-provided default
  constructor.
- Remove implicit conversion operators from `nullptr_t` and change
  usage to enforce type consistency without conversion.
2021-01-12 09:11:45 +01:00
Tom
f98ca35b83 Kernel: Improve ProcFS behavior in low memory conditions
When ProcFS could no longer allocate KBuffer objects to serve calls to
read, it would just return 0, indicating EOF. This then triggered
parsing errors because code assumed it read the file.

Because read isn't supposed to return ENOMEM, change ProcFS to populate
the file data upon file open or seek to the beginning. This also means
that calls to open can now return ENOMEM if needed. This allows the
caller to either be able to successfully open the file and read it, or
fail to open it in the first place.
2021-01-03 22:12:19 +01:00
Tom
046d6855f5 Kernel: Move block condition evaluation out of the Scheduler
This makes the Scheduler a lot leaner by not having to evaluate
block conditions every time it is invoked. Instead evaluate them as
the states change, and unblock threads at that point.

This also implements some more waitid/waitpid/wait features and
behavior. For example, WUNTRACED and WNOWAIT are now supported. And
wait will now not return EINTR when SIGCHLD is delivered at the
same time.
2020-11-30 13:17:02 +01:00
Nico Weber
47b3e98af8 Kernel+LibC+UserspaceEmulator: Add SO_TIMESTAMP, and cmsg definitions
When SO_TIMESTAMP is set as an option on a SOCK_DGRAM socket, then
recvmsg() will return a SCM_TIMESTAMP control message that
contains a struct timeval with the system time that was current
when the socket was received.
2020-09-17 17:23:01 +02:00
Nico Weber
416d470d07 Kernel: Plumb packet receive timestamp from NetworkAdapter to Socket::recvfrom
Since the receiving socket isn't yet known at packet receive time,
keep timestamps for all packets.

This is useful for keeping statistics about in-kernel queue latencies
in the future, and it can be used to implement SO_TIMESTAMP.
2020-09-17 17:23:01 +02:00
Nico Weber
b36a2d6686 Kernel+LibC+UserspaceEmulator: Mostly add recvmsg(), sendmsg()
The implementation only supports a single iovec for now.
Some might say having more than one iovec is the main point of
recvmsg() and sendmsg(), but I'm interested in the control message
bits.
2020-09-17 17:23:01 +02:00
Tom
c8d9f1b9c9 Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
2020-09-13 21:19:15 +02:00
Brian Gianforcaro
8e97de2df9 Kernel: Use Userspace<T> for the recvfrom syscall, and Socket implementation
This fixes a bunch of unchecked kernel reads and writes, seems like they
would might exploitable :). Write of sockaddr_in size to any address you
please...
2020-08-19 21:05:28 +02:00
Brian Gianforcaro
9f9b05ba0f Kernel: Use Userspace<T> for the sendto syscall, and Socket implementation
Note that the data member is of type ImmutableBufferArgument, which has
no Userspace<T> usage. I left it alone for now, to be fixed in a future
change holistically for all usages.
2020-08-19 21:05:28 +02:00
Brian Gianforcaro
0e20a6df0a Kernel: Use Userspace<T> for the connect syscall 2020-08-10 12:52:15 +02:00
Brian Gianforcaro
8bd9dbc220 Kernel: Use Userspace<T> for the accept syscall 2020-08-10 12:52:15 +02:00
Brian Gianforcaro
02660b5d60 Kernel: Use Userspace<T> for the bind syscall, and implementation 2020-08-10 12:52:15 +02:00
Brian Gianforcaro
30b2c0dc85 Kernel: Use Userspace<T> for the getsockopt syscall and Socket interface
The way getsockopt is implemented for socket types requires us to push
down Userspace<T> using into those interfaces. This change does so, and
utilizes proper copy implementations instead of the kind of haphazard
pointer dereferencing that was occurring there before.
2020-08-07 16:18:36 +02:00
Brian Gianforcaro
6920d5f423 Kernel: Use Userspace<T> for the setsockopt syscall 2020-08-07 16:18:36 +02:00
Brian Gianforcaro
8fa46bcb7d Kernel: Use Userspace<T> for the getsockname syscall 2020-08-07 16:18:36 +02:00
Brian Gianforcaro
dc75ea9fc2 Kernel: Use Userspace<T> for the getpeername syscall 2020-08-07 16:18:36 +02:00
Andreas Kling
7a3ab6c517 Kernel: Make File::write() and File::read() return KResultOr<size_t>
Instead of returning a ssize_t where negative values mean error,
we now return KResultOr<size_t> and use the error state to report
errors exclusively.
2020-08-04 18:17:16 +02:00
Tom
f4a5c9b6c2 Kernel: Consolidate timeout logic
Allow passing in an optional timeout to Thread::block and move
the timeout check out of Thread::Blocker. This way all Blockers
implicitly support timeouts and don't need to implement it
themselves. Do however allow them to override timeouts (e.g.
for sockets).
2020-08-03 18:23:00 +02:00
Andreas Kling
d19d6a63c6 Kernel: Add missing license headers to some syscall files 2020-07-31 01:01:41 +02:00
Andreas Kling
3023a89e9b Kernel: Remove SmapDisabler in sys$setsockopt() 2020-07-31 00:29:26 +02:00
Andreas Kling
2e2de125e5 Kernel: Turn Process::FileDescriptionAndFlags into a proper class 2020-07-30 23:50:31 +02:00
Andreas Kling
949aef4aef Kernel: Move syscall implementations out of Process.cpp
This is something I've been meaning to do for a long time, and here we
finally go. This patch moves all sys$foo functions out of Process.cpp
and into files in Kernel/Syscalls/.

It's not exactly one syscall per file (although it could be, but I got
a bit tired of the repetitive work here..)

This makes hacking on individual syscalls a lot less painful since you
don't have to rebuild nearly as much code every time. I'm also hopeful
that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:40:57 +02:00