| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
This ensures that we can properly take the address of these symbols in
other code.
|
|
|
|
When building the kernel from within SerenityOS we would link it against
default libs which doesn't really make sense to me.
|
|
|
|
This is unnecessary because the prekernel is always loaded at a known
base address.
|
|
|
|
This ensures no potential allocation as in some cases the pledge char*
could be promoted to AK::String by the compiler to execute the
comparison.
|
|
|
|
This bug manifests it self when the caller to sys$pledge() passes valid
promises, but invalid execpromises. The code would apply the promises
and then return an error for the execpromises. This leaves the user in
a confusing state, as the promises were silently applied, but we return
an error suggesting the operation has failed.
Avoid this situation by tweaking the implementation to only apply the
promises / execpromises after all validation has occurred.
|
|
This avoids potential unhandled OOM that's possible with the old
copy_string_from_user API.
|
|
We don't want kernel_base to be modifiable by an attacker or a stray
memory scribbler bug, so lets mark it as READONLY_AFTER_INIT.
|
|
|
|
This avoids potential unhandled OOM that's possible with the old
copy_string_from_user API.
|
|
|
|
|
|
If TextEditor is started with an argument for a file that doesn't
exist, we now allow editing it.
The file will be created once it is saved.
|
|
|
|
ECMA262 requires that the capture groups only contain the values from
the last iteration, e.g. `((c)(a)?(b))` should _not_ contain 'a' in the
second capture group when matching "cabcb".
|
|
|
|
SignedBigInteger::export() generates sign-magnitude, but the native i64
type uses 2's comp, make this work by exporting it as unsigned and
tweaking the sign later.
|
|
A wasm value containing an F64 does not contain a float, etc.
|
|
We're copying the inode contents from a stack buffer into a page that
we just quick-mapped, so there's no reason for this memcpy() to fail.
|
|
|
|
GCC-11 added a new option `-fzero-call-used-regs` which causes the
compiler to zero function arguments before return of a function. The
goal being to reduce the possible attack surface by disarming ROP
gadgets that might be potentially useful to attackers, and reducing
the risk of information leaks via stale register data. You can find
the GCC commit below[0].
This is a mitigation I noticed on the Linux KSPP issue tracker[1] and
thought it would be useful mitigation for the SerenityOS Kernel.
The reduction in ROP gadgets is observable using the ropgadget utility:
$ ROPgadget --nosys --nojop --binary Kernel | tail -n1
Unique gadgets found: 42754
$ ROPgadget --nosys --nojop --binary Kernel.RegZeroing | tail -n1
Unique gadgets found: 41238
The size difference for the i686 Kernel binary is negligible:
$ size Kernel Kernel.RegZerogin
text data bss dec hex filename
13253648 7729637 6302360 27285645 1a0588d Kernel
13277504 7729637 6302360 27309501 1a0b5bd Kernel.RegZeroing
We don't have any great workloads to measure regressions in Kernel
performance, but Kees Cook mentioned he measured only around %1
performance regression with this enabled on his Linux kernel build.[2]
References:
[0] https://github.com/gcc-mirror/gcc/commit/d10f3e900b0377b4760a090b0f90371bcef01686
[1] https://github.com/KSPP/linux/issues/84
[2] https://lore.kernel.org/lkml/20210714220129.844345-1-keescook@chromium.org/
|
|
|
|
|
|
|
|
|
|
This patch greatly simplifies VMObject locking by doing two things:
1. Giving VMObject an IntrusiveList of all its mapping Region objects.
2. Removing VMObject::m_paging_lock in favor of VMObject::m_lock
Before (1), VMObject::for_each_region() was forced to acquire the
global MM lock (since it worked by walking MemoryManager's list of
all regions and checking for regions that pointed to itself.)
With each VMObject having its own list of Regions, VMObject's own
m_lock is all we need.
Before (2), page fault handlers used a separate mutex for preventing
overlapping work. This design required multiple temporary unlocks
and was generally extremely hard to reason about.
Instead, page fault handlers now use VMObject's own m_lock as well.
|
|
|
|
|
|
This thing seems to work fine, no need to hang on to old debug code.
|
|
|
|
|
|
I found myself accidentally opening two assistants at once with the
Window+Space shortcut. Since only one assistant window is usable at the
same time, I made assistant only spawn 1 instance at most.
|
|
This API wraps flock(2) and also handles the file creation and deletion
when the LockFile goes out of scope.
|
|
|
|
This implements almost all instructions related to the FPU, including
all MMX instructions as well.
A lot of these were copied and adjusted from the SoftCPU implementation.
The next big milestone would be QNan detection and ShadowValue handling.
|
|
|
|
These are used in intrinsics, which do not recognize any signed version
of the char type
|
|
These are placeholders for now
|
|
This gets rid of a lot of magic number shifts and ands.
|
|
This detects and resolves these in the text-decoration property, in any
order:
- text-decoration-color
- text-decoration-line
- text-decoration-style
Only the solid underline renders, but all three sub-properties are
assigned correctly.
|
|
As before, there are several sub-properties that we do not support, and
we ignore anything after the first comma.
|
|
Later we will want to make a distinction between URL and Image values,
but this works for now.
|
|
The font property now resolves into its various parts:
- font-family
- font-weight
- font-size
- font-style
- line-height
The font-variant and font-stretch parts are left unparsed since LibWeb
doesn't know how to render those.
Added `fonts.html` as a test for various forms of `font` declarations,
based on the examples in the spec.
|
|
This resolves the three sub-properties, appearing in any order:
- list-style-image
- list-style-position
- list-style-type
Added `list-style-position` values to support this, though they are not
yet used in rendering.
|
|
Also moved the 'flex' code in StyleResolver to be next to
the 'flex-flow' code, because that seemed more reasonable.
|
