| Age | Commit message (Collapse) | Author |
|---|
|
This adds just enough scaffolding to make cmake succeed.
The build falls over immediately.
|
|
GCC implements `fputc`, `fputs` and `fwrite` as builtin functions, whose
`FILE*` argument is implicitly marked `__attribute__((nonnull))`. This
causes our `VERIFY(stream)` statements to be removed. This does not
happen with Clang, as they do not use the `nonnull` attribute in this
way.
|
|
This bug was reintroduced by the removal of -fbuilding-gcc.
|
|
|
|
|
|
|
|
We have had these for quite a while, but we didn't compile them, and
used GCC's version instead. Clang does not come with these, so we have
to provide our own implementation.
Our implementation follows what `musl` and `FreeBSD` do, so this should
work fine, even if documentation can hardly be found for them.
|
|
GCC doesn't seem to rely on those to work, but Clang does.
|
|
|
|
The System V ABI for both x86 and x86_64 requires that the stack pointer
is 16-byte aligned on entry. Previously we did not align the stack
pointer properly.
As far as "main" was concerned the stack alignment was correct even
without this patch due to how the C++ _start function and the kernel
interacted, i.e. the kernel misaligned the stack as far as the ABI
was concerned but that misalignment (read: it was properly aligned for
a regular function call - but misaligned in terms of what the ABI
dictates) was actually expected by our _start function.
|
|
Using LibELF to do the initial relocations doesn't work when building
SerenityOS with Clang. We seem to be accessing a global symbol that
hasn't been relocated yet somewhere along the path to
ELF::DynamicObject::create().
|
|
This won't be necessary anymore after a toolchain rebuild.
|
|
The ""sv operator switches a const char* to String conversion into
just a StringView literal.
|
|
|
|
|
|
|
|
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.
We can use LibSanitizer to hold other sanitizers as people implement
them :^).
To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in
Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).
Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
|
|
This links the dynamic linker against libgcc.a instead of having
our own copy of the math functions.
For now we need to specify -fbuilding-libgcc as a hack to work
around a bug with the -nodefaultlibs flag. Once everyone is on
the latest toolchain version this can be removed.
|
|
math.cpp: In function 'int64_t __moddi3(int64_t, int64_t)':
math.cpp:168:13: error: 'r' may be used uninitialized
[-Werror=maybe-uninitialized]
168 | return ((int64_t)r ^ s) - s; // negate if s == -1
| ^~~~~~~~~~
|
|
In a1720eed2a8e744f2cd6d99adae4dff1fbab309e I added this new test,
but missed that there were already some "unit tests" for LibC over
in Userland/Tests/LibC. So lets unify these two locations.
|
|
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
|
|
LibC is no different than any other code, it should be unit tested where
appropriate / possible.
|
|
GCC will insert various calls to pthread functions when compiling
C++ code with static initializers, even when the user doesn't link
their program against libpthread explicitly.
This is used to make static initializers thread-safe, e.g. when
building a library that does not itself use thread functionality
and thus does not link against libpthread - but is intended to
be used with other code that does use libpthread explicitly.
This makes these symbols available in libc.
|
|
This helper is used by libgcc_s to figure out where the .eh_frame sections
are located for all loaded shared objects.
|
|
|
|
Good-bye LogStream. Long live AK::Format!
|
|
|
|
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
|
|
|
|
This reverts commit b1f1f5afcf8f3b8a3ca10bcb6aefa05fbb2b35be.
Unfortunately this broke dbgln() in the dynamic loader. We need to
figure out how to link libgcc into it properly.
|
|
These are provided by libgcc.
|
|
This achieves two things:
- Programs can now intentionally perform arbitrary syscalls by calling
syscall(). This allows us to work on things like syscall fuzzing.
- It restricts the ability of userspace to make syscalls to a single
4KB page of code. In order to call the kernel directly, an attacker
must now locate this page and call through it.
|
|
|
|
|
|
It would be tempting to uncomment these statements, but that won't work
with the new changes.
This was done with the following commands:
find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/#define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/#define/ { toggle = 1 }' {} \;
find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/ #define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/ #define/ { toggle = 1 }' {} \;
|
|
|
|
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
|
|
AT_SECURE is set in the auxiliary vector when we execute setuid/setgid
programs.
In those cases, we do not want to read environment variables that
influence the logic of the dynamic loader, as they can be controlled
by the user.
|
|
Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header
from Loader.so which cleaned up some kernel code in execve. Unfortunately
it prevents Loader.so from being run as an executable
|
|
Loader.so now just performs the initial self relocations and static
LibC initialisation before handing over to ELF::DynamicLinker::linker_main
to handle the rest of the process.
As a trade-off, ELF::DynamicLinker needs to be explicitly excluded from
Lagom unless we really want to try writing a cross platform dynamic loader
|
|
Modify the user mode runtime to insert stack canaries to find stack corruptions.
The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.
Details:
-fstack-protector enables stack protection for vulnerable functions that contain:
* A character array larger than 8 bytes.
* An 8-bit integer array larger than 8 bytes.
* A call to alloca() with either a variable size or a constant size bigger than 8 bytes.
-fstack-protector-strong enables stack protection for vulnerable functions that contain:
* An array of any size and type.
* A call to alloca().
* A local variable that has its address taken.
Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
|
|
RTTI is still disabled for the Kernel, and for the Dynamic Loader. This
allows for much less awkward navigation of class heirarchies in LibCore,
LibGUI, LibWeb, and LibJS (eventually). Measured RootFS size increase
was < 1%, and libgui.so binary size was ~3.3%. The small binary size
increase here seems worth it :^)
|
|
Use the GNU LD option --no-dynamic-linker. This allows uncommenting some
code in the Kernel that gets upset if your ELF interpreter has its own
interpreter.
|
|
Loader.so is an actual executable, as well as the interpreter for dynamic
libraries. Currently launching Loader.so as a standalone executable results
in an obsucre crash as it tries to load itself over itself.
Now we at least print a helpful message saying that you're doing the wrong
thing and exit gracefully. In future we may wish to allow users to specify
additional options to learn more about what's going on during dynamic
linking, such as ld-linux.so.2 on Linux.
|
|
|
|
|
|
This commit gets rid of ELF::Loader entirely since its very ambiguous
purpose was actually to load executables for the kernel, and that is
now handled by the kernel itself.
This patch includes some drive-by cleanup in LibDebug and CrashDaemon
enabled by the fact that we no longer need to keep the ref-counted
ELF::Loader around.
|
|
|
|
|
|
Problem:
- `(void)` simply casts the expression to void. This is understood to
indicate that it is ignored, but this is really a compiler trick to
get the compiler to not generate a warning.
Solution:
- Use the `[[maybe_unused]]` attribute to indicate the value is unused.
Note:
- Functions taking a `(void)` argument list have also been changed to
`()` because this is not needed and shows up in the same grep
command.
|
