Commit graph

31867 commits

Author SHA1 Message Date
Brian Gianforcaro
54b9a4ec1e Kernel: Handle promise violations in the syscall handler
Previously we would crash the process immediately when a promise
violation was found during a syscall. This is error prone, as we
don't unwind the stack. This means that in certain cases we can
leak resources, like an OwnPtr / RefPtr tracked on the stack. Or
even leak a lock acquired in a ScopeLockLocker.

To remedy this situation we move the promise violation handling to
the syscall handler, right before we return to user space. This
allows the code to follow the normal unwind path, and grantees
there is no longer any cleanup that needs to occur.

The Process::require_promise() and Process::require_no_promises()
functions were modified to return ErrorOr<void> so we enforce that
the errors are always propagated by the caller.
2021-12-29 18:08:15 +01:00
Brian Gianforcaro
c444a3fc9e Kernel: Add EPROMISEVIOLATION as a kernel ErrnoCode 2021-12-29 18:08:15 +01:00
Brian Gianforcaro
89783d7843 Kernel: Remove now unused REQUIRE_PROMISE and REQUIRE_NO_PROMISES macros 2021-12-29 18:08:15 +01:00
Brian Gianforcaro
0f7fe1eb08 Kernel: Use Process::require_no_promises instead of REQUIRE_NO_PROMISES
This change lays the foundation for making the require_promise return
an error hand handling the process abort outside of the syscall
implementations, to avoid cases where we would leak resources.

It also has the advantage that it makes removes a gs pointer read
to look up the current thread, then process for every syscall. We
can instead go through the Process this pointer in most cases.
2021-12-29 18:08:15 +01:00
Brian Gianforcaro
bad6d50b86 Kernel: Use Process::require_promise() instead of REQUIRE_PROMISE()
This change lays the foundation for making the require_promise return
an error hand handling the process abort outside of the syscall
implementations, to avoid cases where we would leak resources.

It also has the advantage that it makes removes a gs pointer read
to look up the current thread, then process for every syscall. We
can instead go through the Process this pointer in most cases.
2021-12-29 18:08:15 +01:00
Luke Wilde
c4f60844c5 Kernel: Print KUBSAN backtrace to screen if KUBSAN is deadly 2021-12-29 17:58:44 +01:00
Luke Wilde
8eb01c0b11 ImageViewer: Allow choice between nearest neighbor and bilinear scaling
Currently, ImageViewer always uses nearest neighbor scaling.
This allows the user to choose whether to use nearest neighbor
or bilinear scaling. It current defaults to nearest neighbor.
2021-12-29 17:58:32 +01:00
davidot
e179cf2540 LibJS: Don't VERIFY that the token after 'import' is one of '.' and '('
Although those are the only valid options parse_primary_expression is
sometimes called when only an expression is valid which means it did not
check match_expression and might fail the now removed VERIFY.
2021-12-29 16:57:23 +01:00
davidot
56c425eec1 LibJS: Detect invalid unicode and stop lexing at that point
Previously we might swallow invalid unicode point which would skip valid
ascii characters. This could be dangerous as we might skip a '"' thus
not closing a string where we should.
This might have been exploitable as it would not have been clear what
code gets executed when looking at a script.

Another approach to this would be simply replacing all invalid
characters with the replacement character (this is what v8 does). But
our lexer and parser are currently not set up for such a change.
2021-12-29 16:57:23 +01:00
davidot
b1e022908d LibJS: Remove unused declaration copy_data_properties
The method was moved to Object but this declaration was not removed.
2021-12-29 16:57:23 +01:00
Linus Groh
87a89e7126 LibJS: Convert create_global_function_binding() to ThrowCompletionOr 2021-12-29 16:02:44 +01:00
Linus Groh
4767be1459 LibJS: Convert create_global_var_binding() to ThrowCompletionOr 2021-12-29 16:00:36 +01:00
Linus Groh
8296d3fbd2 LibJS: Convert can_declare_global_function() to ThrowCompletionOr 2021-12-29 15:56:53 +01:00
Linus Groh
215a56b0e4 LibJS: Convert can_declare_global_var() to ThrowCompletionOr 2021-12-29 15:54:44 +01:00
Linus Groh
1817c1f83c LibJS: Convert has_restricted_global_property() to ThrowCompletionOr 2021-12-29 15:50:50 +01:00
Linus Groh
9571631b58 LibJS: Add spec comments to remaining GlobalEnvironment methods 2021-12-29 15:48:11 +01:00
Brian Gianforcaro
b5367bbf31 Kernel: Clarify why ftruncate() & pread() are passed off_t const*
I fell into this trap and tried to switch the syscalls to pass by
the `off_t` by register. I think it makes sense to add a clarifying
comment for future readers of the code, so they don't fall into the
same trap. :^)
2021-12-29 05:54:04 -08:00
Idan Horowitz
9d034785de Kernel: Make File::unref virtual
This is required for SlavePTY's custom unref handler to function
correctly, as otherwise a SlavePTY held in a File RefPtr would call
the base's (RefCounted<>) unref method instead of SlavePTY's version.
2021-12-29 15:46:14 +02:00
tuftedocelot
6dee1e91be Meta+Documentation: Don't rebuild disk image for every run on OpenBSD 2021-12-29 03:46:56 -08:00
tuftedocelot
68e4e7923a Meta: Add egcc as a GCC candidate
egcc is the alias for the GCC compiler (since OpenBSD uses Clang by
default). Toolchain/BuildIt.sh has the necessary adjustments, but the
compiler check occurs before BuildIt.sh is called.
2021-12-29 03:46:56 -08:00
tuftedocelot
5810467c97 Build: Remove gzip -k usage in PCI/USB ID files and crypt for OpenBSD
OpenBSD gzip does not have the -k flag to keep the original after
extraction. Work around this by copying the original gzip to the dest
and then extracting. A bit of a hack, but only needs to be done for the
first-time or rebuilds

OpenBSD provides crypt in libc, not libcrypt. Adjust if/else to check
for either and proceed accordingly

Remove outdated OpenBSD checks when building the toolchain
2021-12-29 03:46:56 -08:00
tuftedocelot
ea0a002468 LibCore: Add OpenBSD headers to System and LocalSocket
Add the correct header to System.h and add OpenBSD-specific handling of
signals and socket process id
2021-12-29 03:46:56 -08:00
kleines Filmröllchen
f650efc76f Documentation: Elaborate on GRUB image flashing and video-less debugging
This should help others to not run into the same roadblocks with
bare-metal that I ran into.
2021-12-29 03:45:59 -08:00
Daniel Bertalan
a34c657eb3 Base: Add DEC Special Graphics characters to Csilla Regular 10
The following codepoints are included:
U+2518, U+2510, U+250C, U+2514, U+253C, U+2500, U+251C, U+2524, U+2534,
U+252C, U+2502
2021-12-29 03:42:45 -08:00
Daniel Bertalan
fcc8bd6f8e Base: Add support for the default XTerm color scheme
Finally, the "Color Scheme" combo box gets an option besides "Default".
2021-12-29 03:42:45 -08:00
Daniel Bertalan
d8e383edd0 LibVT: Always clear "stomp" state when changing the cursor position
This fixes a bug, where we mistakenly put a character in the next row if
the cursor was told to move to the rightmost column when it was already
there.
2021-12-29 03:42:45 -08:00
Daniel Bertalan
2329c52ad9 Base: Add some box drawing characters to font Csilla Regular 10
This commit adds the characters used by vim's popup window feature to
draw window borders. Namely:
- U+2550 BOX DRAWINGS DOUBLE HORIZONTAL
- U+2551 BOX DRAWINGS DOUBLE VERTICAL
- U+2554 BOX DRAWINGS DOUBLE DOWN AND RIGHT
- U+2557 BOX DRAWINGS DOUBLE DOWN AND LEFT
- U+255A BOX DRAWINGS DOUBLE UP AND RIGHT
- U+255D BOX DRAWINGS DOUBLE UP AND LEFT
2021-12-29 03:42:45 -08:00
Daniel Bertalan
e37dbee017 Kernel+LibC: Add ECANCELED errno value
This is needed for clangd to compile.
2021-12-29 03:42:45 -08:00
Brian Gianforcaro
dee0c004e0 Kernel: Zero initialize winsize in TIOCGWINSZ
It looks like type types are small enough that there is no padding.
So there didn't happen to be an info leak here, but lets zero initialize
just to be on the safe side, and make auditing easier.
2021-12-29 03:41:32 -08:00
Brian Gianforcaro
737a11389c Kernel: Fix info leak from sockaddr_un in socket syscalls
In `sys$accept4()` and `get_sock_or_peer_name()` we were not
initializing the padding of the `sockaddr_un` struct, leading to
an kernel information leak if the
caller looked back at it's contents.

Before Fix:

    37.766 Clipboard(11:11): accept4 Bytes:
    2f746d702f706f7274616c2f636c6970626f61726440eac130e7fbc1e8abbfc
    19c10ffc18440eac15485bcc130e7fbc1549feaca6c9deaca549feaca1bb0bc
    03efdf62c0e056eac1b402d7acd010ffc14602000001b0bc030100000050bf0
    5c24602000001e7fbc1b402d7ac6bdc

After Fix:

    0.603 Clipboard(11:11): accept4 Bytes:
    2f746d702f706f7274616c2f636c6970626f617264000000000000000000000
    000000000000000000000000000000000000000000000000000000000000000
    000000000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000
2021-12-29 03:41:32 -08:00
Brian Gianforcaro
98990dce53 Kernel: Fix info leak from padding in GenericFramebufferDevice::ioctl
In FB_IOCTL_GET_PROPERTIES we were not initializing the padding of the
struct, leading to the potential of an kernel information leak if the
caller looked back at it's contents.

Lets just be extra paranoid and zero initialize all these structs
in we store on the stack while handling ioctls(..).
2021-12-29 03:41:32 -08:00
Brian Gianforcaro
e308536005 Ports/gdb: Add basic ptrace based native target for SerenityOS/i386
This patch adds a ptrace based gdb backend, which is then enlightended
to known how to read the serenity i386 registers via ptrace.

This is just a basic implementation to get the port bootstrapped.
2021-12-29 03:17:41 -08:00
Brian Gianforcaro
6137b9f272 Ports/gdb: Fix compiler -fpermissive warnings from using latest GCC
These are compilation errors coming form upstream gdb.
2021-12-29 03:17:41 -08:00
Brian Gianforcaro
1210ee9ba9 LibC: Make regs.h work with compilers without concepts
This allows the gdb port to compile with our `regs.h`.
2021-12-29 03:17:41 -08:00
Daniel Bertalan
9f2e8683de Ports/gdb: Use mmap instead of malloc for sigaltstack()
Stack regions can't be made volatile, which makes it impossible for
malloc to manage memory that's used for `sigaltstack()`. Let's use mmap
instead.

Co-authored-by: Idan Horowitz <idan.horowitz@gmail.com>
2021-12-29 03:17:41 -08:00
Brian Gianforcaro
bd3bbd0329 Ports: Add initial GDB 11.1 port
This builds and runs, but crashes when you attempt to try to debug
something at the moment.
2021-12-29 03:17:41 -08:00
Daniel Bertalan
fcdd202741 Kernel: Return the actual number of CPU cores that we have
... instead of returning the maximum number of Processor objects that we
can allocate.

Some ports (e.g. gdb) rely on this information to determine the number
of worker threads to spawn. When gdb spawned 64 threads, the kernel
could not cope with generating backtraces for it, which prevented us
from debugging it properly.

This commit also removes the confusingly named
`Processor::processor_count` function so that this mistake can't happen
again.
2021-12-29 03:17:41 -08:00
Brian Gianforcaro
7828d4254e LibC: Stub out tcsendbreak(..) and tcdrain(..)
They are required for gdb to build.
2021-12-29 03:17:41 -08:00
Idan Horowitz
6e2a82df13 Kernel: Port File to RefCounted
Since RefCounted automatically calls a method named `will_be_destoyed`
on classes that have one, so there's no need to have a custom
implementation of unref in File.
2021-12-29 12:04:15 +01:00
Idan Horowitz
4a3a947df3 Kernel: Rename File::{before_removing => will_be_destroyed}
This will allow File and it's descendants to use RefCounted instead of
having a custom implementation of unref. (Since RefCounted calls
will_be_destroyed automatically)

This commit also removes an erroneous call to `before_removing` in
AHCIPort, this is a duplicate call, as the only reference to the device
is immediately dropped following the call, which in turns calls
`before_removing` via File::unref.
2021-12-29 12:04:15 +01:00
Idan Horowitz
d7ec5d042f Kernel: Port Process to ListedRefCounted 2021-12-29 12:04:15 +01:00
Idan Horowitz
3d0b5efcfc Kernel: Remove Process::all_processes()
This was only used in ProcFS, which can use the `processes()` list just
as well, so let's remove it.
2021-12-29 12:04:15 +01:00
Idan Horowitz
81e23617d6 Kernel: Port Custody to ListedRefCounted
Custody's unref is one of many implementions of ListedRefCounted's
behaviour in the Kernel, which results in avoidable bugs caused by
the fragmentation of the implementations. This commit starts the work
of replacing all custom implementations with ListedRefCounted by
porting Custody to it.
2021-12-29 12:04:15 +01:00
Idan Horowitz
be91b4fe3e Kernel: Support Mutex Protected lists in ListedRefCounted
This will allow us to support Mutex Protected lists like the custodies
list as well.
2021-12-29 12:04:15 +01:00
Linus Groh
7204b292c5 LibJS: Implement and use the MakeMethod AO
Two direct uses of the set_home_object() setter remain, we should fix
those up and remove it eventually.
2021-12-29 10:34:34 +01:00
Linus Groh
df931e6a83 LibJS: Implement and use the InitializeBoundName AO 2021-12-29 10:34:28 +01:00
Linus Groh
ca48151147 LibJS: Add spec comments to VM::binding_initialization() 2021-12-29 10:34:23 +01:00
Linus Groh
3626a7fd6d LibJS: Remove unused FunctionEnvironment this value getter/setter
The this value is only supposed to be set via the BindThisValue and
accessed via the GetThisBinding AOs, so exposing a direct getter/setter
would only lead to potentially non-spec-compliant behavior down the
line.
2021-12-29 00:16:51 +01:00
Linus Groh
451149df0b LibJS: Ensure get_new_target() never returns an empty value
Also add spec comments and remove a redundant exception check while
we're here :^)
2021-12-29 00:16:51 +01:00
Linus Groh
8d70a50aed LibJS: Remove unused MemberExpression::computed_property_name() 2021-12-29 00:16:51 +01:00