| Age | Commit message (Collapse) | Author |
|---|
|
implementation.
Allow file system implementation to return meaningful error codes to
callers of the FileDescription::read_entire_file(). This allows both
Process::sys$readlink() and Process::sys$module_load() to return more
detailed errors to the user.
|
|
Since FlatPtr is register width agnostic. :^)
|
|
It's tedious to write (and look at) [[gnu::always_inline]] etc. :^)
|
|
This is for consistency with other namespace changes that were made
a while back to the other libraries :)
|
|
|
|
Also, duplicate data in dbg() and klog() calls were removed.
In addition, leakage of virtual address to kernel log is prevented.
This is done by replacing kprintf() calls to dbg() calls with the
leaked data instead.
Also, other kprintf() calls were replaced with klog().
|
|
Previously we would map the entire executable of a program in its own
address space (but make it unavailable to userspace code.)
This patch removes that and changes the symbolication code to remap
the executable on demand (and into the kernel's own address space
instead of the process address space.)
This opens up a couple of further simplifications that will follow.
|
|
|
|
|
|
Suggested by Sergey. The currently running Thread and Process are now
Thread::current and Process::current respectively. :^)
|
|
|
|
VirtualAddress is constructible from uintptr_t and const void*.
PhysicalAddress is constructible from uintptr_t but not const void*.
|
|
uintptr_t is 32-bit or 64-bit depending on the target platform.
This will help us write pointer size agnostic code so that when the day
comes that we want to do a 64-bit port, we'll be in better shape.
|
|
Right now, permission flags passed to VFS::open() are effectively ignored, but
that is going to change.
* O_RDONLY is 0, but it's still nicer to pass it explicitly
* POSIX says that binding a Unix socket to a symlink shall fail with EADDRINUSE
|
|
As suggested by Joshua, this commit adds the 2-clause BSD license as a
comment block to the top of every source file.
For the first pass, I've just added myself for simplicity. I encourage
everyone to add themselves as copyright holders of any file they've
added or modified in some significant way. If I've added myself in
error somewhere, feel free to replace it with the appropriate copyright
holder instead.
Going forward, all new source files should include a license header.
|
|
It was possible to craft a custom ELF executable that when symbolicated
would cause the kernel to read from user-controlled addresses anywhere
in memory. You could then fetch this memory via /proc/PID/stack
We fix this by making ELFImage hand out StringView rather than raw
const char* for symbol names. In case a symbol offset is outside the
ELF image, you get a null StringView. :^)
Test: Kernel/elf-symbolication-kernel-read-exploit.cpp
|
|
Supervisor Mode Access Prevention (SMAP) is an x86 CPU feature that
prevents the kernel from accessing userspace memory. With SMAP enabled,
trying to read/write a userspace memory address while in the kernel
will now generate a page fault.
Since it's sometimes necessary to read/write userspace memory, there
are two new instructions that quickly switch the protection on/off:
STAC (disables protection) and CLAC (enables protection.)
These are exposed in kernel code via the stac() and clac() helpers.
There's also a SmapDisabler RAII object that can be used to ensure
that you don't forget to re-enable protection before returning to
userspace code.
THis patch also adds copy_to_user(), copy_from_user() and memset_user()
which are the "correct" way of doing things. These functions allow us
to briefly disable protection for a specific purpose, and then turn it
back on immediately after it's done. Going forward all kernel code
should be moved to using these and all uses of SmapDisabler are to be
considered FIXME's.
Note that we're not realizing the full potential of this feature since
I've used SmapDisabler quite liberally in this initial bring-up patch.
|
|
Let's lock down access to the kernel symbol table, since it trivializes
learning where the kernel functions are.
Of course, you can just build the same revision yourself locally and
learn the information, but we're taking one step at a time here. :^)
|
|
|
|
I broke this while implementing module linking. Also move the actual
demangling work to AK, in AK::demangle(const char*)
|
|
We now use the symbols from kernel.map to link modules as they are
loaded into the kernel. This is pretty fricken cool!
|
|
This was too noisy and important-sounding, when it doesn't really
matter that much. It's not the end of the world if symbolication fails
for one reason or another.
|
|
Let's arrange things like this instead. It didn't feel right for all of
the ELF handling code to live in AK.
|
|
|
|
We had two ways to get the data inside a ByteBuffer. That was silly.
|
|
If kmalloc backtraces are enabled during backtracing, things don't go
super well when the backtrace code calls kmalloc()..
With this fixed, it's basically possible to get all kmalloc backtraces
on the debugger by running (as root):
sysctl kmalloc_stacks=1
|
|
This adds a bounds check to the loop that writes to the buffer
'recognized_symbols'. This prevents buffer overflows in the
case when a programs backtrace is particularly large.
Fixes #371.
|
|
These types can be picked up by including <AK/Types.h>:
* u8, u16, u32, u64 (unsigned)
* i8, i16, i32, i64 (signed)
|
|
Now that FileDescription is called that, variables of that type should not
be called "descriptor". This is kinda wordy but we'll get used to it.
|
|
|
|
|
|
After reading a bunch of POSIX specs, I've learned that a file descriptor
is the number that refers to a file description, not the description itself.
So this patch renames FileDescriptor to FileDescription, and Process now has
FileDescription* file_description(int fd).
|
|
The current working directory is now stored as a custody. Likewise for a
process executable file. This unbreaks /proc/PID/fd which has not been
working since we made the filesystem bigger.
This still needs a bunch of work, for instance when renaming or removing
a file somewhere, we have to update the relevant custody links.
|
|
This is in preparation for eventually using it in userspace.
LinearAddress.h has not been moved for the time being (as it seems to be
only used by a very small part of the code).
|
|
That was not a very graceful looking loop to be stuck in.
|
|
|
|
Stash away the ELFLoader used to load an executable in Process so we can use
it for symbolicating userspace addresses later on. This will make debugging
userspace programs a lot nicer. :^)
|
|
It makes no sense that clients had to worry about whether or not KSyms
were loaded.
|
|
|
|
This will allow us to implement different behaviors depending on the role
of the descriptor a File is being accessed through.
|
|
|
|
It wasn't possible to symbolicate from kmalloc(), since symbolication would
call kmalloc(). :^)
|
|
The scheduler now operates on threads, rather than on processes.
Each process has a main thread, and can have any number of additional
threads. The process exits when the main thread exits.
This patch doesn't actually spawn any additional threads, it merely
does all the plumbing needed to make it possible. :^)
|
|
|
|
|
|
This is quite nice, although I wish [[gnu::always_inline]] implied inline.
Also "gnu::" is kind of a wart, but whatcha gonna do.
|
|
|
|
|
|
|
|
|
