Truly independent web browser
96943ab07c
KASAN is a dynamic analysis tool that finds memory errors. It focuses
mostly on finding use-after-free and out-of-bound read/writes bugs.
KASAN works by allocating a "shadow memory" region which is used to store
whether each byte of memory is safe to access. The compiler then instruments
the kernel code and a check is inserted which validates the state of the
shadow memory region on every memory access (load or store).
To fully integrate KASAN into the SerenityOS kernel we need to:
a) Implement the KASAN interface to intercept the injected loads/stores.
void __asan_load*(address);
void __asan_store(address);
b) Setup KASAN region and determine the shadow memory offset + translation.
This might be challenging since Serenity is only 32bit at this time.
Ex: Linux implements kernel address -> shadow address translation like:
static inline void *kasan_mem_to_shadow(const void *addr)
{
return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
+ KASAN_SHADOW_OFFSET;
}
c) Integrating KASAN with Kernel allocators.
The kernel allocators need to be taught how to record allocation state
in the shadow memory region.
This commit only implements the initial steps of this long process:
- A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER`
- Stubs out enough of the KASAN interface to allow the Kernel to link clean.
Currently the KASAN kernel crashes on boot (triple fault because of the crash
in strlen other sanitizer are seeing) but the goal here is to just get started,
and this should help others jump in and continue making progress on KASAN.
References:
* ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf
* KASAN Docs: https://github.com/google/kasan
* NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3
* LWN KASAN Article: https://lwn.net/Articles/612153/
* Tracking Issue #5351
|
||
|---|---|---|
| .github | ||
| AK | ||
| Base | ||
| Documentation | ||
| Kernel | ||
| Meta | ||
| Ports | ||
| Toolchain | ||
| Userland | ||
| .clang-format | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| .prettierignore | ||
| .prettierrc | ||
| CMakeLists.txt | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| LICENSE | ||
| ReadMe.md | ||
SerenityOS
Graphical Unix-like operating system for x86 computers.
About
SerenityOS is a love letter to '90s user interfaces with a custom Unix-like core. It flatters with sincerity by stealing beautiful ideas from various other systems.
Roughly speaking, the goal is a marriage between the aesthetic of late-1990s productivity software and the power-user accessibility of late-2000s *nix. This is a system by us, for us, based on the things we like.
I (Andreas) regularly post raw hacking sessions and demos on my YouTube channel.
Sometimes I write about the system on my github.io blog.
I'm also on Patreon and GitHub Sponsors if you would like to show some support that way.
Screenshot
Kernel features
- x86 (32-bit) kernel with pre-emptive multi-threading
- Hardware protections (SMEP, SMAP, UMIP, NX, WP, TSD, ...)
- IPv4 stack with ARP, TCP, UDP and ICMP protocols
- ext2 filesystem
- POSIX signals
- Purgeable memory
- /proc filesystem
- Pseudoterminals (with /dev/pts filesystem)
- Filesystem notifications
- CPU and memory profiling
- SoundBlaster 16 driver
- VMWare/QEMU mouse integration
System services
- Launch/session daemon (SystemServer)
- Compositing window server (WindowServer)
- Text console manager (TTYServer)
- DNS client (LookupServer)
- Network protocols server (ProtocolServer)
- Software-mixing sound daemon (AudioServer)
- Desktop notifications (NotificationServer)
- HTTP server (WebServer)
- Telnet server (TelnetServer)
- DHCP client (DHCPClient)
Libraries
- C++ templates and containers (AK)
- Event loop and utilities (LibCore)
- 2D graphics library (LibGfx)
- GUI toolkit (LibGUI)
- Cross-process communication library (LibIPC)
- HTML/CSS engine (LibWeb)
- JavaScript engine (LibJS)
- Markdown (LibMarkdown)
- Audio (LibAudio)
- PCI database (LibPCIDB)
- Terminal emulation (LibVT)
- Out-of-process network protocol I/O (LibProtocol)
- Mathematical functions (LibM)
- ELF file handling (LibELF)
- POSIX threading (LibPthread)
- Higher-level threading (LibThread)
- Transport Layer Security (LibTLS)
- HTTP and HTTPS (LibHTTP)
Userland features
- Unix-like libc and userland
- Shell with pipes and I/O redirection
- On-line help system (both terminal and GUI variants)
- Web browser (Browser)
- C++ IDE (HackStudio)
- IRC client
- Desktop synthesizer (Piano)
- Various desktop apps & games
- Color themes
How do I read the documentation?
Man pages are browsable outside of SerenityOS under Base/usr/share/man.
When running SerenityOS you can use man for the terminal interface, or help for the GUI interface.
How do I build and run this?
See the SerenityOS build instructions
Before opening an issue
Please see the issue policy.
Communication hubs
The main hub is #serenityos on the Freenode IRC network.
We also have a project mailing list: serenityos-dev.
Author
- Andreas Kling - awesomekling
Contributors
- Robin Burchell - rburchell
- Conrad Pankoff - deoxxa
- Sergey Bugaev - bugaevc
- Liav A - supercomputer7
- Linus Groh - linusg
- Ali Mohammad Pur - alimpfard
- Shannon Booth - shannonbooth
- Hüseyin ASLITÜRK - asliturk
- Matthew Olsson - mattco98
- Nico Weber - nico
- Brian Gianforcaro - bgianfo
- Ben Wiederhake - BenWiederhake
- Tom - tomuta
- Paul Scharnofske - asynts
- Itamar Shenhar - itamar8910
- Luke Wilde - Lubrsi
- Brendan Coles - bcoles
- Andrew Kaster - ADKaster
(And many more!) The people listed above have landed more than 100 commits in the project. :^)
License
SerenityOS is licensed under a 2-clause BSD license.