summaryrefslogtreecommitdiff
path: root/Kernel/Process.cpp
AgeCommit message (Collapse)Author
2021-03-21Kernel::CPU: Move headers into common directoryHendiadyoin1
Alot of code is shared between i386/i686/x86 and x86_64 and a lot probably will be used for compatability modes. So we start by moving the headers into one Directory. We will probalby be able to move some cpp files aswell.
2021-03-11Kernel: Always protect process data immediately after constructionAndreas Kling
2021-03-11Kernel: Move process termination status/signal into protected dataAndreas Kling
2021-03-11Kernel: Move process thread lists into protected dataAndreas Kling
2021-03-11Kernel: Don't keep protected Process data in a separate allocationAndreas Kling
The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-10Kernel: Move process "dumpable" flag into protected dataAndreas Kling
2021-03-10Kernel: Move process parent PID into protected data :^)Andreas Kling
2021-03-10Kernel: Move process extra_gids into protected data :^)Andreas Kling
2021-03-10Kernel: Move select Process members into protected memoryAndreas Kling
Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-04Kernel: Make the kernel compile & link for x86_64Andreas Kling
It's now possible to build the whole kernel with an x86_64 toolchain. There's no bootstrap code so it doesn't work yet (obviously.)
2021-03-02Kernel+Profiler: Capture metadata about all profiled processesAndreas Kling
The perfcore file format was previously limited to a single process since the pid/executable/regions data was top-level in the JSON. This patch moves the process-specific data into a top-level array named "processes" and we now add entries for each process that has been sampled during the profile run. This makes it possible to see samples from multiple threads when viewing a perfcore file with Profiler. This is extremely cool! :^)
2021-03-02Kernel: Better handling of allocation failure in profilingAndreas Kling
If we can't allocate a PerformanceEventBuffer to store the profiling events, we now fail sys$profiling_enable() and sys$perf_event() with ENOMEM instead of carrying on with a broken buffer.
2021-03-02Kernel: Make kgettimeofday use AK::TimeBen Wiederhake
2021-03-02Kernel: Remove duplicative kgettimeofday(timeval&) functionBen Wiederhake
2021-03-02Kernel: Make TimeManagement use AK::Time internallyBen Wiederhake
I don't dare touch the multi-threading logic and locking mechanism, so it stays timespec for now. However, this could and should be changed to AK::Time, and I bet it will simplify the "increment_time_since_boot()" code.
2021-02-26Kernel: Detach the traced process on process exitcbsirb
Currently, when a process which has a tracee exits, nothing will happen, leaving the tracee unable to be attached again. This will call the stop_tracing function on any process which is traced by the exiting process and sending the SIGSTOP signal making the traced process wait for a SIGCONT (just as Linux does)
2021-02-25Kernel: Don't disable interrupts while dealing with a process crashAndreas Kling
This was necessary in the past when crash handling would modify various global things, but all that stuff is long gone so we can simplify crashes by leaving the interrupt flag alone.
2021-02-25Kernel: Take some baby steps towards x86_64Andreas Kling
Make more of the kernel compile in 64-bit mode, and make some things pointer-size-agnostic (by using FlatPtr.) There's a lot of work to do here before the kernel will even compile.
2021-02-23Everywhere: Rename ASSERT => VERIFYAndreas Kling
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-21Kernel: Use uniform initialization instead of memset for a few stack buffer.Brian Gianforcaro
Raw memset is relatively easy to mess up, avoid it when there are better alternatives provided by the compiler in modern C++.
2021-02-19Kernel: Slap UNMAP_AFTER_INIT on a whole bunch of functionsAndreas Kling
There's no real system here, I just added it to various functions that I don't believe we ever want to call after initialization has finished. With these changes, we're able to unmap 60 KiB of kernel text after init. :^)
2021-02-14Kernel: Mark a handful of things in Process.cpp READONLY_AFTER_INITAndreas Kling
2021-02-14Kernel: Remove user/kernel flags from RegionAndreas Kling
Now that we no longer need to support the signal trampolines being user-accessible inside the kernel memory range, we can get rid of the "kernel" and "user-accessible" flags on Region and simply use the address of the region to determine whether it's kernel or user. This also tightens the page table mapping code, since it can now set user-accessibility based solely on the virtual address of a page.
2021-02-14Kernel: Map signal trampoline into each process's address spaceAndreas Kling
The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-11Kernel: Remove an unnecessary InterruptDisabler in early initializationAndreas Kling
2021-02-09Kernel: Remove unused root directory computation in Process creationAndreas Kling
sys$fork() already takes care of children inheriting the parent's root directory, so there was no need to do the same thing when creating a new user process.
2021-02-08Kernel: Move memory statistics helpers from Process to SpaceAndreas Kling
2021-02-08Kernel: Factor address space management out of the Process classAndreas Kling
This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08Everywhere: Replace dbgln<flag>(...) with dbgln_if(flag, ...)AnotherTest
Replacement made by `find Kernel Userland -name '*.h' -o -name '*.cpp' | sed -i -Ee 's/dbgln\b<(\w+)>\(/dbgln_if(\1, /g'`
2021-02-07Kernel: Use KResultOr::release_value in Process::create_kernel_threadTom
This should avoid an unneccessary reference bump.
2021-02-07Kernel: Make sure we can allocate kernel stack before creating threadAndreas Kling
Wrap thread creation in a Thread::try_create() helper that first allocates a kernel stack region. If that allocation fails, we propagate an ENOMEM error to the caller. This avoids the situation where a thread is half-constructed, without a valid kernel stack, and avoids having to do messy cleanup in that case.
2021-02-07Kernel: Remove unused function Process::backtrace()Andreas Kling
2021-02-02Kernel: Add a way to specify which memory regions can make syscallsAndreas Kling
This patch adds sys$msyscall() which is loosely based on an OpenBSD mechanism for preventing syscalls from non-blessed memory regions. It works similarly to pledge and unveil, you can call it as many times as you like, and when you're finished, you call it with a null pointer and it will stop accepting new regions from then on. If a syscall later happens and doesn't originate from one of the previously blessed regions, the kernel will simply crash the process.
2021-01-28Kernel: Generate coredump backtraces from "threads for coredump" listAndreas Kling
This broke with the change that gave each process a list of its own threads. Since threads are removed slightly earlier from that list during process teardown, we're not able to use it for generating coredump backtraces. Fortunately we have the "threads for coredump" list for just this purpose. :^)
2021-01-27Kernel: Keep a list of threads per ProcessTom
This allow us to iterate only the threads of the process.
2021-01-27Kernel: Remove Range "valid" state and use Optional<Range> insteadAndreas Kling
It's easier to understand VM ranges if they are always valid. We can simply use an empty Optional<Range> to encode absence when needed.
2021-01-26Meta: Split debug defines into multiple headers.asynts
The following script was used to make these changes: #!/bin/bash set -e tmp=$(mktemp -d) echo "tmp=$tmp" find Kernel \( -name '*.cpp' -o -name '*.h' \) | sort > $tmp/Kernel.files find . \( -path ./Toolchain -prune -o -path ./Build -prune -o -path ./Kernel -prune \) -o \( -name '*.cpp' -o -name '*.h' \) -print | sort > $tmp/EverythingExceptKernel.files cat $tmp/Kernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/Kernel.macros cat $tmp/EverythingExceptKernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/EverythingExceptKernel.macros comm -23 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/Kernel.unique comm -1 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/EverythingExceptKernel.unique cat $tmp/Kernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/Kernel.header cat $tmp/EverythingExceptKernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/EverythingExceptKernel.header for macro in $(cat $tmp/Kernel.unique) do cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.new-includes ||: done cat $tmp/Kernel.new-includes | sort > $tmp/Kernel.new-includes.sorted for macro in $(cat $tmp/EverythingExceptKernel.unique) do cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.old-includes ||: done cat $tmp/Kernel.old-includes | sort > $tmp/Kernel.old-includes.sorted comm -23 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.new comm -13 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.old comm -12 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.mixed for file in $(cat $tmp/Kernel.includes.new) do sed -i -E 's/#include <AK\/Debug\.h>/#include <Kernel\/Debug\.h>/' $file done for file in $(cat $tmp/Kernel.includes.mixed) do echo "mixed include in $file, requires manual editing." done
2021-01-26Kernel: sys$munmap() region splitting did not preserve "shared" flagAndreas Kling
This was exploitable since the shared flag determines whether inode permission checks are applied in sys$mprotect(). The bug was pretty hard to spot due to default arguments being used instead. This patch removes the default arguments to make explicit at each call site what's being done.
2021-01-26Kernel: Remove allocate_region() functions that don't take a RangeAndreas Kling
Let's force callers to provide a VM range when allocating a region. This makes ENOMEM error handling more visible and removes implicit VM allocation which felt a bit magical.
2021-01-25Everywhere: Debug macros instead of constexpr.asynts
This was done with the following script: find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/dbgln<debug_([a-z_]+)>/dbgln<\U\1_DEBUG>/' {} \; find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/if constexpr \(debug_([a-z0-9_]+)/if constexpr \(\U\1_DEBUG/' {} \;
2021-01-25Everywhere: Remove unnecessary debug comments.asynts
It would be tempting to uncomment these statements, but that won't work with the new changes. This was done with the following commands: find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/#define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/#define/ { toggle = 1 }' {} \; find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/ #define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/ #define/ { toggle = 1 }' {} \;
2021-01-20Kernel+LibC: Turn errno codes into a strongly typed enumAndreas Kling
..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-17Kernel+Userland: Remove shared buffers (shbufs)Andreas Kling
All users of this mechanism have been switched to anonymous files and passing file descriptors with sendfd()/recvfd(). Shbufs got us where we are today, but it's time we say good-bye to them and welcome a much more idiomatic replacement. :^)
2021-01-16Everywhere: Replace a bundle of dbg with dbgln.asynts
These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect. This commit touches some dbg() calls which are enclosed in macros. This should be fine because with the new constexpr stuff, we ensure that the stuff actually compiles.
2021-01-15Kernel: Store process arguments and environment in coredumpsLinus Groh
Currently they're only pushed onto the stack but not easily accessible from the Process class, so this adds a Vector<String> for both.
2021-01-15Kernel: Prevent threads from being destructed between die() and finalize()Linus Groh
Killing remaining threads already happens in Process::die(), but coredumps are only written in Process::finalize(). We need to keep a reference to each of those threads to prevent them from being destructed between those two functions, otherwise coredumps will only ever contain information about the last remaining thread. Fixes the underlying problem of #4778, though the UI will need refinements to not show every thread's backtrace mashed together.
2021-01-15Kernel: Make Process::allocate_region*() return KResultOr<Region*>Andreas Kling
This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-11Kernel: Remove MM_DEBUG debug spam codeAndreas Kling
This was too spammy to ever actually be used anyway.
2021-01-11Everywhere: Fix incorrect uses of String::format and StringBuilder::appendfSahan Fernando
These changes are arbitrarily divided into multiple commits to make it easier to find potentially introduced bugs with git bisect.
2021-01-11Kernel: Don't dump perfcore for non-dumpable processesAndreas Kling
Fixes #4904