summaryrefslogtreecommitdiff
path: root/Kernel/Syscalls
AgeCommit message (Collapse)Author
2021-08-19Kernel: Make Process::current() return a Process& instead of Process*Idan Horowitz
This has several benefits: 1) We no longer just blindly derefence a null pointer in various places 2) We will get nicer runtime error messages if the current process does turn out to be null in the call location 3) GCC no longer complains about possible nullptr dereferences when compiling without KUBSAN
2021-08-19Kernel: Consolidate a bunch of i386/x86_64 code pathsAndreas Kling
Add some arch-specific getters and setters that allow us to merge blocks that were previously specific to either ARCH(I386) or ARCH(X86_64).
2021-08-17Kernel+Userland: Remove global futexesAndreas Kling
We only ever use private futexes, so it doesn't make sense to carry around all the complexity required for global (cross-process) futexes.
2021-08-15Kernel: Make Memory::Region allocation functions return KResultOrsin-ack
This makes for some nicer handling of errors compared to checking an OwnPtr for null state.
2021-08-15Kernel: Make Kernel::VMObject allocation functions return KResultOrsin-ack
This makes for nicer handling of errors compared to checking whether a RefPtr is null. Additionally, this will give way to return different types of errors in the future.
2021-08-15Kernel+Userland: Remove chroot functionalityAndreas Kling
We are not using this for anything and it's just been sitting there gathering dust for well over a year, so let's stop carrying all this complexity around for no good reason.
2021-08-15Kernel: Convert remaining users of copy_string_from_user()Andreas Kling
This patch replaces the remaining users of this API with the new try_copy_kstring_from_user() instead. Note that we still convert to a String for continued processing, and I've added FIXME about continuing work on using KString all the way.
2021-08-15Kernel: Handle allocation failure in ProcFS and friendssin-ack
There were many places in which allocation failure was noticed but ignored.
2021-08-14Kernel: Stop allowing implicit conversion from KResult to intAndreas Kling
This patch removes KResult::operator int() and deals with the fallout. This forces a lot of code to be more explicit in its handling of errors, greatly improving readability.
2021-08-14Kernel: Make FileSystem::initialize() return KResultAndreas Kling
This forced me to also come up with error codes for a bunch of situations where we'd previously just panic the kernel.
2021-08-13Kernel: Make cloning of FileDescriptions OOM safeBrian Gianforcaro
2021-08-13Kernel: Fix OOB read in sys$dbgputstr(..) during fuzzingBrian Gianforcaro
The implementation uses try_copy_kstring_from_user to allocate a kernel string using, but does not use the length of the resulting string. The size parameter to the syscall is untrusted, as try copy kstring will attempt to perform a `safe_strlen(..)` on the user mode string and use that value for the allocated length of the KString instead. The bug is that we are printing the kstring, but with the usermode size argument. During fuzzing this resulted in us walking off the end of the allocated KString buffer printing garbage (or any kernel data!), until we stumbled in to the KSym region and hit a fatal page fault. This is technically a kernel information disclosure, but (un)fortunately the disclosure only happens to the Bochs debug port, and or the serial port if serial debugging is enabled. As far as I can tell it's not actually possible for an untrusted attacker to use this to do something nefarious, as they would need access to the host. If they have host access then they can already do much worse things :^).
2021-08-13Kernel: Remove char* versions of path argument / kstring copy methodsBrian Gianforcaro
The only two paths for copying strings in the kernel should be going through the existing Userspace<char const*>, or StringArgument methods. Lets enforce this by removing the option for using the raw cstring APIs that were previously available.
2021-08-13Kernel: Fix sys$dbgputstr(...) to take a char* instead of u8*Brian Gianforcaro
We always attempt to print this as a string, and it's defined as such in LibC, so fix the signature to match.
2021-08-12Kernel/Process: Move protected values to the end of the objectLiav A
The compiler can re-order the structure (class) members if that's necessary, so if we make Process to inherit from ProcFSExposedComponent, even if the declaration is to inherit first from ProcessBase, then from ProcFSExposedComponent and last from Weakable<Process>, the members of class ProcFSExposedComponent (including the Ref-counted parts) are the first members of the Process class. This problem made it impossible to safely use the current toggling method with the write-protection bit on the ProcessBase members, so instead of inheriting from it, we make its members the last ones in the Process class so we can safely locate and modify the corresponding page write protection bit of these values. We make sure that the Process class doesn't expand beyond 8192 bytes and the protected values are always aligned on a page boundary.
2021-08-12Kernel: Don't record sys$perf_event() if profiling is not enabledAndreas Kling
If you want to record perf events, just enable profiling. This allows us to add random perf events to programs without littering the file system with perfcore files.
2021-08-12Kernel: Make sys$perf_register_string() generate the string ID'sAndreas Kling
Making userspace provide a global string ID was silly, and made the API extremely difficult to use correctly in a global profiling context. Instead, simply make the kernel do the string ID allocation for us. This also allows us to convert the string storage to a Vector in the kernel (and an array in the JSON profile data.)
2021-08-12Kernel+LibC: Add sys$perf_register_string()Andreas Kling
This syscall allows userspace to register a keyed string that appears in a new "strings" JSON object in profile output. This will be used to add custom strings to profile signposts. :^)
2021-08-10Kernel: Fix kernel panic when blocking on the process' big lockGunnar Beutner
Another thread might end up marking the blocking thread as holding the lock before it gets a chance to finish invoking the scheduler.
2021-08-10Kernel+LibC: Allow clock_gettime() to run without syscallsAndreas Kling
This patch adds a vDSO-like mechanism for exposing the current time as an array of per-clock-source timestamps. LibC's clock_gettime() calls sys$map_time_page() to map the kernel's "time page" into the process address space (at a random address, ofc.) This is only done on first call, and from then on the timestamps are fetched from the time page. This first patch only adds support for CLOCK_REALTIME, but eventually we should be able to support all clock sources this way and get rid of sys$clock_gettime() in the kernel entirely. :^) Accesses are synchronized using two atomic integers that are incremented at the start and finish of the kernel's time page update cycle.
2021-08-10Kernel+UserspaceEmulator: Remove unused sys$gettimeofday()Andreas Kling
Now that LibC uses clock_gettime() to implement gettimeofday(), we can get rid of this entire syscall. :^)
2021-08-10Kernel/SMP: Change critical sections to not disable interruptsAndreas Kling
Leave interrupts enabled so that we can still process IRQs. Critical sections should only prevent preemption by another thread. Co-authored-by: Tom <tomut@yahoo.com>
2021-08-10Kernel/SMP: Make entering/leaving critical sections multi-processor safeAndreas Kling
By making these functions static we close a window where we could get preempted after calling Processor::current() and move to another processor. Co-authored-by: Tom <tomut@yahoo.com>
2021-08-08Everywhere: Replace AK::Singleton => SingletonAndreas Kling
2021-08-08Kernel: Remove unused Process pointer in Memory::AddressSpaceAndreas Kling
Nobody was using the back-pointer to the process, so let's lose it.
2021-08-07Kernel: Disable big process lock for sys$syncIdan Horowitz
This syscall doesn't touch any intra-process shared resources and only calls VirtualFileSystem::sync, which is self-locking.
2021-08-07Kernel: Implement a ISO 9660 filesystem reader :^)sin-ack
This commit implements the ISO 9660 filesystem as specified in ECMA 119. Currently, it only supports the base specification and Joliet or Rock Ridge support is not present. The filesystem will normalize all filenames to be lowercase (same as Linux). The filesystem can be mounted directly from a file. Loop devices are currently not supported by SerenityOS. Special thanks to Lubrsi for testing on real hardware and providing profiling help. Co-Authored-By: Luke <luke.wilde@live.co.uk>
2021-08-07Kernel: Remove outdated FIXME about ProcessHandleAndreas Kling
ProcessHandle hasn't been a thing since Process became ref-counted.
2021-08-07Kernel: Migrate process list locking to ProtectedValueJean-Baptiste Boric
The existing recursive spinlock is repurposed for profiling only, as it was shared with the process list.
2021-08-07Kernel: Make process list a singletonJean-Baptiste Boric
2021-08-07Kernel: Migrate hostname locking to ProtectedValueJean-Baptiste Boric
2021-08-07Kernel: Fix bad search-and-replace renamesAndreas Kling
Oops, I didn't mean to change every *Range* to *VirtualRange*!
2021-08-06Kernel: Disable big process lock for sys$sysconfIdan Horowitz
This syscall only reads constant kernel globals, and as such does not need to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$get_stack_boundsIdan Horowitz
This syscall only reads from the shared m_space field, but that field is only over written to by Process::attach_resources, before the process was initialized (aka, before syscalls can happen), by Process::finalize which is only called after all the process' threads have exited (aka, syscalls can not happen anymore), and by Process::do_exec which calls all other syscall-capable threads before doing so. Space's find_region_containing already holds its own lock, and as such there's no need to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$gettimeofdayIdan Horowitz
This syscall doesn't touch any intra-process shared resources and only accesses the time via the atomic TimeManagement::now so there's no need to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$clock_nanosleepIdan Horowitz
This syscall doesn't touch any intra-process shared resources and only accesses the time via the atomic TimeManagement::current_time so there's no need to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$clock_gettime()Idan Horowitz
This syscall doesn't touch any intra-process shared resources and reads the time via the atomic TimeManagement::current_time, so it doesn't need to hold any lock.
2021-08-06Kernel: Disable big process lock for sys$getkeymapIdan Horowitz
This syscall only reads non process-related global values, and as such doesn't need to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$getrandomIdan Horowitz
This syscall doesn't touch any intra-process shared resources and already holds the global kernel RNG lock so there's no reason to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$dbgputchIdan Horowitz
This syscall doesn't touch any intra-process shared resources and already holds the global logging lock so there's no reason to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$dbgputstrIdan Horowitz
This syscall doesn't touch any intra-process shared resources and already holds the global logging lock so there's no reason to hold the big lock.
2021-08-06Kernel: Disable big process lock for sys$dump_backtrace()Idan Horowitz
This syscall only dumps the current thread's backtrace and as such doesn't touch any shared intra-process resources.
2021-08-06Kernel: Disable big process lock for sys$beep()Idan Horowitz
The PCSpeaker is global and not locked anyways, so there's no need for mutual exclusion between threads in the same process.
2021-08-06Kernel: Make Process's m_promises & m_execpromises fields atomicIdan Horowitz
This is essentially free on x86 and allows us to not hold the big process lock just to check the required promises for a syscall.
2021-08-06Kernel: Add convenience values to the Memory::Region::Access enumAndreas Kling
Instead of `Memory::Region::Access::Read | Memory::Region::AccessWrite` you can now say `Memory::Region::Access::ReadWrite`.
2021-08-06Kernel: Rename a very long enum to ShouldDeallocateVirtualRangeAndreas Kling
ShouldDeallocateVirtualMemoryVirtualRange was a bit on the long side.
2021-08-06Kernel: Rename Process::space() => Process::address_space()Andreas Kling
We commonly talk about "a process's address space" so let's nudge the code towards matching how we talk about it. :^)
2021-08-06Kernel: Rename Memory::Space => Memory::AddressSpaceAndreas Kling
2021-08-06Kernel: Rename Range => VirtualRangeAndreas Kling
...and also RangeAllocator => VirtualRangeAllocator. This clarifies that the ranges we're dealing with are *virtual* memory ranges and not anything else.
2021-08-06Kernel: Move Kernel/Memory/ code into Kernel::Memory namespaceAndreas Kling