summaryrefslogtreecommitdiff
path: root/Kernel/StdLib.cpp
AgeCommit message (Collapse)Author
2021-09-05Kernel: Make copy_{from,to}_user() return KResult and use TRY()Andreas Kling
This makes EFAULT propagation flow much more naturally. :^)
2021-08-15Kernel: Remove copy_string_from_user() as it's no longer usedAndreas Kling
2021-08-13Kernel: Remove char* versions of path argument / kstring copy methodsBrian Gianforcaro
The only two paths for copying strings in the kernel should be going through the existing Userspace<char const*>, or StringArgument methods. Lets enforce this by removing the option for using the raw cstring APIs that were previously available.
2021-08-06Kernel: Move Kernel/Memory/ code into Kernel::Memory namespaceAndreas Kling
2021-08-06Kernel: Rename Kernel/VM/ to Kernel/Memory/Andreas Kling
This directory isn't just about virtual memory, it's about all kinds of memory management.
2021-07-18Kernel: Introduce basic pre-kernel environmentGunnar Beutner
This implements a simple bootloader that is capable of loading ELF64 kernel images. It does this by using QEMU/GRUB to load the kernel image from disk and pass it to our bootloader as a Multiboot module. The bootloader then parses the ELF image and sets it up appropriately. The kernel's entry point is a C++ function with architecture-native code. Co-authored-by: Liav A <liavalb@gmail.com>
2021-07-11Kernel: Remove some no-longer-needed C library functionsAndreas Kling
Now that we no longer demangle symbols in the kernel, we don't need to provide stuff like malloc(), memchr(), free(), etc to the demangler.
2021-07-08Kernel: Add `memchr` and `malloc` to StdLib.cppDaniel Bertalan
These are needed by `libcxxabi`'s demangle support. `memchr` is taken straight-up from the `LibC/string.cpp` source code.
2021-06-26Kernel: Fix memcpy and memset for x86_64Gunnar Beutner
Those size_ts sure are growing up fast.
2021-06-24Kernel: Remove unused CPU.h includesHendiadyoin1
In most cases we did not need it at all, in other, we only needed one header from it
2021-05-28Kernel: Add try_copy_kstring_from_user()Andreas Kling
This is a convenience function that works the same as our old copy_string_from_user(), but this returns a KString (and can fail!)
2021-04-29Kernel: Enable building the kernel with -fltoGunnar Beutner
GCC with -flto is more aggressive when it comes to inlining and discarding functions which is why we must mark some of the functions as NEVER_INLINE (because they contain asm labels which would be duplicated in the object files if the compiler decides to inline the function elsewhere) and __attribute__((used)) for others so that GCC doesn't discard them.
2021-04-22Everything: Move to SPDX license identifiers in all files.Brian Gianforcaro
SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-08Kernel/LibC: Make memset implementations the sameHendiadyoin1
I dont know why we do a fast path in the Kernel, but not in Userspace Also simplified the byte explosion in memset to "explode_byte" it even seemed so, that we missed the highest byte when memseting something
2021-03-21Kernel::CPU: Move headers into common directoryHendiadyoin1
Alot of code is shared between i386/i686/x86 and x86_64 and a lot probably will be used for compatability modes. So we start by moving the headers into one Directory. We will probalby be able to move some cpp files aswell.
2021-03-12Kernel: Convert klog() => AK::Format in StdLibAndreas Kling
2021-03-02Kernel: Implement 'copy_time_from_user' functions to sanitize argumentsBen Wiederhake
2021-02-25Kernel: Move SMAP disabler RAII helper to its own fileAndreas Kling
Added this in a new directory called Kernel/Arch/x86/ where stuff that applies to both i386 and x86_64 can live.
2021-02-23Everywhere: Rename ASSERT => VERIFYAndreas Kling
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-13Kernel: Do not try to print the string that cannot be readBen Wiederhake
What a silly bug :^) Found by fuzz-syscalls. Can be reproduced by running this in the Shell: $ syscall set_thread_name 14 14 14
2021-02-13Kernel: Don't crash on syscall with kernel-space argumentBen Wiederhake
Fixes #5198.
2021-01-17Kernel: Add safe atomic functionsTom
This allows us to perform atomic operations on potentially unsafe user space pointers.
2020-09-13Kernel: Make copy_to/from_user safe and remove unnecessary checksTom
Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-08-24Kernel: Remove strcpy()Ben Wiederhake
These are not called in the kernel or by libstdc++ anyway. Remove the tempting function, and prevent future overflows.
2020-08-21AK+LibC+Kernel: Move the implementation of memmem to AKAnotherTest
2020-08-17Kernel: Remove strncpy() and strrchr()Andreas Kling
These are not called anywhere in the kernel anyway.
2020-08-13Kernel: Remove strdup() since nothing uses itAndreas Kling
2020-08-12Kernel: Tell compiler about invisible callsBen Wiederhake
This makes the Kernel build cleanly with -Wmissing-declarations.
2020-08-12Kernel: Group C++ ABI functions togetherBen Wiederhake
As suggested in #3096.
2020-08-01Kernel+LibC: Implement 'memmem'AnotherTest
This commit adds an implementation of memmem, using the Bitap text search algorithm for needles smaller than 32 bytes, and a naive loop search for longer needles.
2020-05-16Kernel: Absorb LibBareMetal back into the kernelAndreas Kling
This was supposed to be the foundation for some kind of pre-kernel environment, but nobody is working on it right now, so let's move everything back into the kernel and remove all the confusion.
2020-02-09Kernel: Apply changes to use LibBareMetal definitionsLiav A
2020-01-19Kernel: Assert that copy_to/from_user() are called with user addressesAndreas Kling
This will panic the kernel immediately if these functions are misused so we can catch it and fix the misuse. This patch fixes a couple of misuses: - create_signal_trampolines() writes to a user-accessible page above the 3GB address mark. We should really get rid of this page but that's a whole other thing. - CoW faults need to use copy_from_user rather than copy_to_user since it's the *source* pointer that points to user memory. - Inode faults need to use memcpy rather than copy_to_user since we're copying a kernel stack buffer into a quickmapped page. This should make the copy_to/from_user() functions slightly less useful for exploitation. Before this, they were essentially just glorified memcpy() with SMAP disabled. :^)
2020-01-18Meta: Add license header to source filesAndreas Kling
As suggested by Joshua, this commit adds the 2-clause BSD license as a comment block to the top of every source file. For the first pass, I've just added myself for simplicity. I encourage everyone to add themselves as copyright holders of any file they've added or modified in some significant way. If I've added myself in error somewhere, feel free to replace it with the appropriate copyright holder instead. Going forward, all new source files should include a license header.
2020-01-06Kernel: Randomize the stack canary on startupAndreas Kling
2020-01-06Kernel: Build the kernel as a position-independent executableAndreas Kling
This is a prerequisite for KASLR, which we should eventually be doing.
2020-01-05Kernel: Remove SmapDisablers in open(), openat() and set_thread_name()Andreas Kling
This patch introduces a helpful copy_string_from_user() function that takes a bounded null-terminated string from userspace memory and copies it into a String object.
2020-01-05Kernel: Start implementing x86 SMAP supportAndreas Kling
Supervisor Mode Access Prevention (SMAP) is an x86 CPU feature that prevents the kernel from accessing userspace memory. With SMAP enabled, trying to read/write a userspace memory address while in the kernel will now generate a page fault. Since it's sometimes necessary to read/write userspace memory, there are two new instructions that quickly switch the protection on/off: STAC (disables protection) and CLAC (enables protection.) These are exposed in kernel code via the stac() and clac() helpers. There's also a SmapDisabler RAII object that can be used to ensure that you don't forget to re-enable protection before returning to userspace code. THis patch also adds copy_to_user(), copy_from_user() and memset_user() which are the "correct" way of doing things. These functions allow us to briefly disable protection for a specific purpose, and then turn it back on immediately after it's done. Going forward all kernel code should be moved to using these and all uses of SmapDisabler are to be considered FIXME's. Note that we're not realizing the full potential of this feature since I've used SmapDisabler quite liberally in this initial bring-up patch.
2019-12-20Kernel+LibC: Build with basic -fstack-protector supportAndreas Kling
Use simple stack cookies to try to provoke an assertion failure on stack overflow. This is far from perfect, since we use a constant cookie instead of generating a random one on startup, but it can still help us catch bugs, which is the primary concern right now. :^)
2019-11-27Kernel: Demangle userspace ELF symbols in backtracesAndreas Kling
Turns out we can use abi::__cxa_demangle() for this, and all we need to provide is sprintf(), realloc() and free(), so this patch exposes them. We now have fully demangled C++ backtraces :^)
2019-11-06Kernel: Link with libgccAndreas Kling
This allows us to get rid of all the custom 64-bit division helpers. I wanted to do this ages ago but couldn't get it working. Turns out it was unstable due to libgcc using the regular ABI and the kernel being built with -mregparm=3. Now that we build the kernel with regular calls, we can just link with libgcc and get this stuff for free. :^)
2019-10-28AK: Add String::contains(String)Andreas Kling
This is just a wrapper around strstr() for now. There are many better ways to search for a string within a string, but I'm just adding a nice API at the moment. :^)
2019-09-16Kernel: Move kmalloc() into a Kernel/Heap/ directoryAndreas Kling
2019-08-11Kernel: Add strncmp()Sergey Bugaev
2019-07-29Kernel+AK: Remove AK/StdLibExtras.cpp, moving kernel stuff to Kernel/.Andreas Kling
We had some kernel-specific gizmos in AK that should really just be in the Kernel subdirectory instead. The only thing remaining after moving those was mmx_memcpy() which I moved to the ARCH(i386)-specific section of LibC/string.cpp.
2019-07-03AK: Rename the common integer typedefs to make it obvious what they are.Andreas Kling
These types can be picked up by including <AK/Types.h>: * u8, u16, u32, u64 (unsigned) * i8, i16, i32, i64 (signed)
2019-06-07Kernel: The kernel will never call mmx_memcpy() so prune it.Andreas Kling
2019-06-07Kernel: Qualify a bunch of #include statements.Andreas Kling
2019-06-07Kernel: Run clang-format on everything.Andreas Kling
2019-04-22Kernel: Don't use MMX memcpy() in the kernel.Andreas Kling
I just discovered the hard way that clobbering FPU/MMX/SSE registers in the kernel makes things very confusing for userspace (and other kernel threads.) Let's banish all of those things from the kernel to keep things simple.