summaryrefslogtreecommitdiff
path: root/Kernel/Syscalls/getuid.cpp
AgeCommit message (Collapse)Author
2022-08-20Kernel: Mark syscalls that get/set user/group ID as not needing big lockAndreas Kling
Now that these operate on the neatly atomic and immutable Credentials object, they should no longer require the process big lock for synchronization. :^)
2022-08-20Kernel: Add Credentials to hold a set of user and group IDsAndreas Kling
This patch adds a new object to hold a Process's user credentials: - UID, EUID, SUID - GID, EGID, SGID, extra GIDs Credentials are immutable and child processes initially inherit the Credentials object from their parent. Whenever a process changes one or more of its user/group IDs, a new Credentials object is constructed. Any code that wants to inspect and act on a set of credentials can now do so without worrying about data races.
2022-08-17Kernel: Require semicolon after VERIFY_{NO_,}PROCESS_BIG_LOCK_ACQUIREDLinus Groh
This matches out general macro use, and specifically other verification macros like VERIFY(), VERIFY_NOT_REACHED(), VERIFY_INTERRUPTS_ENABLED(), and VERIFY_INTERRUPTS_DISABLED().
2021-12-29Kernel: Handle promise violations in the syscall handlerBrian Gianforcaro
Previously we would crash the process immediately when a promise violation was found during a syscall. This is error prone, as we don't unwind the stack. This means that in certain cases we can leak resources, like an OwnPtr / RefPtr tracked on the stack. Or even leak a lock acquired in a ScopeLockLocker. To remedy this situation we move the promise violation handling to the syscall handler, right before we return to user space. This allows the code to follow the normal unwind path, and grantees there is no longer any cleanup that needs to occur. The Process::require_promise() and Process::require_no_promises() functions were modified to return ErrorOr<void> so we enforce that the errors are always propagated by the caller.
2021-12-29Kernel: Use Process::require_promise() instead of REQUIRE_PROMISE()Brian Gianforcaro
This change lays the foundation for making the require_promise return an error hand handling the process abort outside of the syscall implementations, to avoid cases where we would leak resources. It also has the advantage that it makes removes a gs pointer read to look up the current thread, then process for every syscall. We can instead go through the Process this pointer in most cases.
2021-11-08Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>Andreas Kling
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-09-05Kernel: Make copy_{from,to}_user() return KResult and use TRY()Andreas Kling
This makes EFAULT propagation flow much more naturally. :^)
2021-08-29Kernel: Strongly typed user & group ID'sAndreas Kling
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`. This made it easy to use them interchangeably. Let's not allow that. This patch adds UserID and GroupID using the AK::DistinctNumeric mechanism we've already been employing for pid_t/ProcessID.
2021-08-12Kernel/Process: Move protected values to the end of the objectLiav A
The compiler can re-order the structure (class) members if that's necessary, so if we make Process to inherit from ProcFSExposedComponent, even if the declaration is to inherit first from ProcessBase, then from ProcFSExposedComponent and last from Weakable<Process>, the members of class ProcFSExposedComponent (including the Ref-counted parts) are the first members of the Process class. This problem made it impossible to safely use the current toggling method with the write-protection bit on the ProcessBase members, so instead of inheriting from it, we make its members the last ones in the Process class so we can safely locate and modify the corresponding page write protection bit of these values. We make sure that the Process class doesn't expand beyond 8192 bytes and the protected values are always aligned on a page boundary.
2021-07-20Kernel: Annotate all syscalls with VERIFY_PROCESS_BIG_LOCK_ACQUIREDBrian Gianforcaro
Before we start disabling acquisition of the big process lock for specific syscalls, make sure to document and assert that all the lock is held during all syscalls.
2021-06-28Kernel: Fix the return type for syscallsGunnar Beutner
The Process::Handler type has KResultOr<FlatPtr> as its return type. Using a different return type with an equally-sized template parameter sort of works but breaks once that condition is no longer true, e.g. for KResultOr<int> on x86_64. Ideally the syscall handlers would also take FlatPtrs as their args so we can get rid of the reinterpret_cast for the function pointer but I didn't quite feel like cleaning that up as well.
2021-06-16Kernel: Remove various other uses of ssize_tGunnar Beutner
2021-04-22Everything: Move to SPDX license identifiers in all files.Brian Gianforcaro
SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-03-11Kernel: Don't keep protected Process data in a separate allocationAndreas Kling
The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-10Kernel: Move process extra_gids into protected data :^)Andreas Kling
2021-03-10Kernel: Move select Process members into protected memoryAndreas Kling
Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-01Kernel: Make all syscall functions return KResultOr<T>Andreas Kling
This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2020-09-13Kernel: Make copy_to/from_user safe and remove unnecessary checksTom
Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-08Refactor: Replace usages of FixedArray with Vector.asynts
2020-08-10Kernel: Use Userspace<T> for the getresgid syscallBrian Gianforcaro
2020-08-10Kernel: Use Userspace<T> for the getresuid syscallBrian Gianforcaro
2020-08-10Kernel: Use Userspace<T> for the getgroups syscallBrian Gianforcaro
2020-07-30Kernel: Move syscall implementations out of Process.cppAndreas Kling
This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)