ladybird/Kernel/CMakeLists.txt

529 lines
16 KiB
Text
Raw Normal View History

if (ENABLE_EXTRA_KERNEL_DEBUG_SYMBOLS)
add_compile_options(-Og)
add_compile_options(-ggdb3)
else()
add_compile_options(-Os)
endif()
if ("${SERENITY_ARCH}" STREQUAL "aarch64")
set(KERNEL_ARCH aarch64)
elseif ("${SERENITY_ARCH}" STREQUAL "i686")
set(KERNEL_ARCH i386)
elseif("${SERENITY_ARCH}" STREQUAL "x86_64")
set(KERNEL_ARCH x86_64)
endif()
set(KERNEL_HEAP_SOURCES
Heap/SlabAllocator.cpp
Heap/kmalloc.cpp
)
set(KERNEL_SOURCES
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load*(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void *kasan_mem_to_shadow(const void *addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: * ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351
2021-02-14 20:47:10 +00:00
AddressSanitizer.cpp
Bus/PCI/Access.cpp
Kernel/PCI: Simplify the entire subsystem A couple of things were changed: 1. Semantic changes - PCI segments are now called PCI domains, to better match what they are really. It's also the name that Linux gave, and it seems that Wikipedia also uses this name. We also remove PCI::ChangeableAddress, because it was used in the past but now it's no longer being used. 2. There are no WindowedMMIOAccess or MMIOAccess classes anymore, as they made a bunch of unnecessary complexity. Instead, Windowed access is removed entirely (this was tested, but never was benchmarked), so we are left with IO access and memory access options. The memory access option is essentially mapping the PCI bus (from the chosen PCI domain), to virtual memory as-is. This means that unless needed, at any time, there is only one PCI bus being mapped, and this is changed if access to another PCI bus in the same PCI domain is needed. For now, we don't support mapping of different PCI buses from different PCI domains at the same time, because basically it's still a non-issue for most machines out there. 2. OOM-safety is increased, especially when constructing the Access object. It means that we pre-allocating any needed resources, and we try to find PCI domains (if requested to initialize memory access) after we attempt to construct the Access object, so it's possible to fail at this point "gracefully". 3. All PCI API functions are now separated into a different header file, which means only "clients" of the PCI subsystem API will need to include that header file. 4. Functional changes - we only allow now to enumerate the bus after a hardware scan. This means that the old method "enumerate_hardware" is removed, so, when initializing an Access object, the initializing function must call rescan on it to force it to find devices. This makes it possible to fail rescan, and also to defer it after construction from both OOM-safety terms and hotplug capabilities.
2021-09-07 09:08:38 +00:00
Bus/PCI/API.cpp
Bus/PCI/Device.cpp
Bus/PCI/Initializer.cpp
Kernel/PCI: Simplify the entire subsystem A couple of things were changed: 1. Semantic changes - PCI segments are now called PCI domains, to better match what they are really. It's also the name that Linux gave, and it seems that Wikipedia also uses this name. We also remove PCI::ChangeableAddress, because it was used in the past but now it's no longer being used. 2. There are no WindowedMMIOAccess or MMIOAccess classes anymore, as they made a bunch of unnecessary complexity. Instead, Windowed access is removed entirely (this was tested, but never was benchmarked), so we are left with IO access and memory access options. The memory access option is essentially mapping the PCI bus (from the chosen PCI domain), to virtual memory as-is. This means that unless needed, at any time, there is only one PCI bus being mapped, and this is changed if access to another PCI bus in the same PCI domain is needed. For now, we don't support mapping of different PCI buses from different PCI domains at the same time, because basically it's still a non-issue for most machines out there. 2. OOM-safety is increased, especially when constructing the Access object. It means that we pre-allocating any needed resources, and we try to find PCI domains (if requested to initialize memory access) after we attempt to construct the Access object, so it's possible to fail at this point "gracefully". 3. All PCI API functions are now separated into a different header file, which means only "clients" of the PCI subsystem API will need to include that header file. 4. Functional changes - we only allow now to enumerate the bus after a hardware scan. This means that the old method "enumerate_hardware" is removed, so, when initializing an Access object, the initializing function must call rescan on it to force it to find devices. This makes it possible to fail rescan, and also to defer it after construction from both OOM-safety terms and hotplug capabilities.
2021-09-07 09:08:38 +00:00
Bus/PCI/SysFSPCI.cpp
Bus/USB/SysFSUSB.cpp
Bus/USB/UHCI/UHCIController.cpp
Bus/USB/UHCI/UHCIRootHub.cpp
Bus/USB/USBController.cpp
Bus/USB/USBDevice.cpp
Bus/USB/USBHub.cpp
Bus/USB/USBManagement.cpp
Bus/USB/USBPipe.cpp
Bus/USB/USBTransfer.cpp
Bus/VirtIO/Console.cpp
Bus/VirtIO/ConsolePort.cpp
Bus/VirtIO/Device.cpp
Bus/VirtIO/Queue.cpp
Bus/VirtIO/RNG.cpp
CMOS.cpp
CommandLine.cpp
Coredump.cpp
Devices/AsyncDeviceRequest.cpp
Devices/BlockDevice.cpp
Devices/CharacterDevice.cpp
Devices/ConsoleDevice.cpp
Devices/Device.cpp
Devices/DeviceManagement.cpp
Devices/FullDevice.cpp
Devices/KCOVDevice.cpp
Devices/KCOVInstance.cpp
Devices/MemoryDevice.cpp
Devices/NullDevice.cpp
Devices/PCISerialDevice.cpp
Devices/PCSpeaker.cpp
Devices/RandomDevice.cpp
Devices/SB16.cpp
Devices/SerialDevice.cpp
Devices/VMWareBackdoor.cpp
Devices/ZeroDevice.cpp
Devices/HID/I8042Controller.cpp
Devices/HID/HIDManagement.cpp
Devices/HID/KeyboardDevice.cpp
Devices/HID/MouseDevice.cpp
Devices/HID/PS2KeyboardDevice.cpp
Devices/HID/PS2MouseDevice.cpp
Devices/HID/VMWareMouseDevice.cpp
GlobalProcessExposed.cpp
Graphics/Bochs/GraphicsAdapter.cpp
Graphics/Console/GenericFramebufferConsole.cpp
Graphics/Console/ContiguousFramebufferConsole.cpp
Graphics/Console/TextModeConsole.cpp
Graphics/Console/VGAConsole.cpp
Graphics/FramebufferDevice.cpp
Graphics/GraphicsManagement.cpp
Graphics/Intel/NativeGraphicsAdapter.cpp
Graphics/VirtIOGPU/FramebufferDevice.cpp
Graphics/VirtIOGPU/Console.cpp
Graphics/VirtIOGPU/GraphicsAdapter.cpp
Graphics/VGACompatibleAdapter.cpp
SanCov.cpp
Storage/Partition/DiskPartition.cpp
Storage/Partition/DiskPartitionMetadata.cpp
Storage/Partition/EBRPartitionTable.cpp
Storage/Partition/GUIDPartitionTable.cpp
Storage/Partition/MBRPartitionTable.cpp
Storage/Partition/PartitionTable.cpp
Storage/StorageDevice.cpp
Storage/AHCIController.cpp
Storage/AHCIPort.cpp
Storage/AHCIPortHandler.cpp
Storage/ATADevice.cpp
Storage/ATADiskDevice.cpp
Storage/ATAPIDiscDevice.cpp
Storage/BMIDEChannel.cpp
Storage/IDEController.cpp
Storage/IDEChannel.cpp
2021-01-19 21:33:00 +00:00
Storage/RamdiskController.cpp
Storage/RamdiskDevice.cpp
Storage/StorageManagement.cpp
DoubleBuffer.cpp
FileSystem/AnonymousFile.cpp
FileSystem/BlockBasedFileSystem.cpp
FileSystem/Custody.cpp
FileSystem/DevPtsFS.cpp
FileSystem/DevTmpFS.cpp
FileSystem/Ext2FileSystem.cpp
FileSystem/FIFO.cpp
FileSystem/File.cpp
FileSystem/FileBackedFileSystem.cpp
FileSystem/FileSystem.cpp
FileSystem/Inode.cpp
FileSystem/InodeFile.cpp
FileSystem/InodeWatcher.cpp
FileSystem/ISO9660FileSystem.cpp
FileSystem/Mount.cpp
FileSystem/OpenFileDescription.cpp
FileSystem/Plan9FileSystem.cpp
FileSystem/ProcFS.cpp
FileSystem/SysFS.cpp
FileSystem/SysFSComponent.cpp
FileSystem/TmpFS.cpp
FileSystem/VirtualFileSystem.cpp
Firmware/ACPI/Initialize.cpp
Firmware/ACPI/MultiProcessorParser.cpp
Firmware/ACPI/Parser.cpp
Firmware/BIOS.cpp
Firmware/PowerStateSwitch.cpp
Firmware/SysFSFirmware.cpp
FutexQueue.cpp
Interrupts/APIC.cpp
Interrupts/GenericInterruptHandler.cpp
Interrupts/IOAPIC.cpp
Interrupts/IRQHandler.cpp
Interrupts/InterruptManagement.cpp
Interrupts/PIC.cpp
Interrupts/SharedIRQHandler.cpp
Interrupts/SpuriousInterruptHandler.cpp
Interrupts/UnhandledInterruptHandler.cpp
KBufferBuilder.cpp
KLexicalPath.cpp
KString.cpp
KSyms.cpp
Memory/AddressSpace.cpp
Memory/AnonymousVMObject.cpp
Memory/InodeVMObject.cpp
Memory/MemoryManager.cpp
Memory/PageDirectory.cpp
Memory/PhysicalPage.cpp
Memory/PhysicalRegion.cpp
Memory/PhysicalZone.cpp
Memory/PrivateInodeVMObject.cpp
Memory/ScopedAddressSpaceSwitcher.cpp
Memory/Region.cpp
Memory/RingBuffer.cpp
Memory/ScatterGatherList.cpp
Memory/SharedInodeVMObject.cpp
Memory/VMObject.cpp
Memory/VirtualRange.cpp
Memory/VirtualRangeAllocator.cpp
MiniStdLib.cpp
Locking/LockRank.cpp
2021-07-18 07:10:27 +00:00
Locking/Mutex.cpp
Net/E1000ENetworkAdapter.cpp
Net/E1000NetworkAdapter.cpp
Net/IPv4Socket.cpp
Net/LocalSocket.cpp
Net/LoopbackAdapter.cpp
Net/NE2000NetworkAdapter.cpp
Net/NetworkAdapter.cpp
Net/NetworkTask.cpp
Net/NetworkingManagement.cpp
Net/RTL8139NetworkAdapter.cpp
Net/RTL8168NetworkAdapter.cpp
Net/Routing.cpp
Net/Socket.cpp
Net/TCPSocket.cpp
Net/UDPSocket.cpp
Panic.cpp
PerformanceEventBuffer.cpp
Process.cpp
Kernel: Introduce the new ProcFS design The new ProcFS design consists of two main parts: 1. The representative ProcFS class, which is derived from the FS class. The ProcFS and its inodes are much more lean - merely 3 classes to represent the common type of inodes - regular files, symbolic links and directories. They're backed by a ProcFSExposedComponent object, which is responsible for the functional operation behind the scenes. 2. The backend of the ProcFS - the ProcFSComponentsRegistrar class and all derived classes from the ProcFSExposedComponent class. These together form the entire backend and handle all the functions you can expect from the ProcFS. The ProcFSExposedComponent derived classes split to 3 types in the manner of lifetime in the kernel: 1. Persistent objects - this category includes all basic objects, like the root folder, /proc/bus folder, main blob files in the root folders, etc. These objects are persistent and cannot die ever. 2. Semi-persistent objects - this category includes all PID folders, and subdirectories to the PID folders. It also includes exposed objects like the unveil JSON'ed blob. These object are persistent as long as the the responsible process they represent is still alive. 3. Dynamic objects - this category includes files in the subdirectories of a PID folder, like /proc/PID/fd/* or /proc/PID/stacks/*. Essentially, these objects are always created dynamically and when no longer in need after being used, they're deallocated. Nevertheless, the new allocated backend objects and inodes try to use the same InodeIndex if possible - this might change only when a thread dies and a new thread is born with a new thread stack, or when a file descriptor is closed and a new one within the same file descriptor number is opened. This is needed to actually be able to do something useful with these objects. The new design assures that many ProcFS instances can be used at once, with one backend for usage for all instances.
2021-06-12 01:23:58 +00:00
ProcessExposed.cpp
ProcessSpecificExposed.cpp
ProcessGroup.cpp
ProcessProcFSTraits.cpp
RTC.cpp
Random.cpp
Scheduler.cpp
StdLib.cpp
Syscall.cpp
Syscalls/anon_create.cpp
Syscalls/access.cpp
Syscalls/alarm.cpp
Syscalls/beep.cpp
Syscalls/chdir.cpp
Syscalls/chmod.cpp
Syscalls/chown.cpp
Syscalls/clock.cpp
Syscalls/debug.cpp
Syscalls/disown.cpp
Syscalls/dup2.cpp
Syscalls/emuctl.cpp
Syscalls/execve.cpp
Syscalls/exit.cpp
Syscalls/fcntl.cpp
Syscalls/fork.cpp
2021-09-12 03:28:59 +00:00
Syscalls/fsync.cpp
Syscalls/ftruncate.cpp
Syscalls/futex.cpp
Syscalls/get_dir_entries.cpp
Syscalls/get_stack_bounds.cpp
Syscalls/getrandom.cpp
Syscalls/getuid.cpp
Syscalls/hostname.cpp
Syscalls/ioctl.cpp
Syscalls/keymap.cpp
Syscalls/kill.cpp
Syscalls/link.cpp
Syscalls/lseek.cpp
Syscalls/mkdir.cpp
Syscalls/mknod.cpp
Syscalls/mmap.cpp
Syscalls/mount.cpp
Syscalls/open.cpp
Syscalls/perf_event.cpp
Syscalls/pipe.cpp
Syscalls/pledge.cpp
Syscalls/prctl.cpp
Syscalls/process.cpp
Syscalls/profiling.cpp
Syscalls/ptrace.cpp
Syscalls/purge.cpp
Syscalls/read.cpp
Syscalls/readlink.cpp
Syscalls/realpath.cpp
Syscalls/rename.cpp
Syscalls/rmdir.cpp
Syscalls/sched.cpp
Syscalls/select.cpp
Syscalls/sendfd.cpp
Syscalls/setpgid.cpp
Syscalls/setuid.cpp
Syscalls/sigaction.cpp
Syscalls/socket.cpp
Syscalls/stat.cpp
Syscalls/statvfs.cpp
Syscalls/sync.cpp
Syscalls/sysconf.cpp
Syscalls/thread.cpp
Syscalls/times.cpp
Syscalls/ttyname.cpp
Syscalls/umask.cpp
Syscalls/uname.cpp
Syscalls/unlink.cpp
Syscalls/unveil.cpp
Syscalls/utime.cpp
Syscalls/waitid.cpp
Syscalls/inode_watcher.cpp
Syscalls/write.cpp
TTY/ConsoleManagement.cpp
TTY/MasterPTY.cpp
TTY/PTYMultiplexer.cpp
TTY/SlavePTY.cpp
TTY/TTY.cpp
TTY/VirtualConsole.cpp
Tasks/FinalizerTask.cpp
Tasks/SyncTask.cpp
Thread.cpp
ThreadBlockers.cpp
ThreadTracer.cpp
Time/APICTimer.cpp
Time/HPET.cpp
Time/HPETComparator.cpp
Time/PIT.cpp
Time/RTC.cpp
Time/TimeManagement.cpp
TimerQueue.cpp
UBSanitizer.cpp
UserOrKernelBuffer.cpp
WaitQueue.cpp
WorkQueue.cpp
init.cpp
kprintf.cpp
)
if ("${SERENITY_ARCH}" STREQUAL "i686" OR "${SERENITY_ARCH}" STREQUAL "x86_64")
set(KERNEL_SOURCES
${KERNEL_SOURCES}
Arch/x86/common/ScopedCritical.cpp
Arch/x86/common/SmapDisabler.cpp
)
set(KERNEL_SOURCES
${KERNEL_SOURCES}
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/${KERNEL_ARCH}/ASM_wrapper.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/${KERNEL_ARCH}/Boot/ap_setup.S
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/${KERNEL_ARCH}/InterruptEntry.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/${KERNEL_ARCH}/Processor.cpp
)
set(KERNEL_SOURCES
${KERNEL_SOURCES}
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/ASM_wrapper.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/CPU.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/Interrupts.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/Processor.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/ProcessorInfo.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/SafeMem.cpp
${CMAKE_CURRENT_SOURCE_DIR}/Arch/x86/common/TrapFrame.cpp
)
endif()
set(AK_SOURCES
../AK/FlyString.cpp
../AK/GenericLexer.cpp
../AK/Hex.cpp
../AK/String.cpp
../AK/StringBuilder.cpp
../AK/StringImpl.cpp
../AK/StringUtils.cpp
../AK/StringView.cpp
../AK/Time.cpp
../AK/Format.cpp
../AK/UUID.cpp
../AK/Utf8View.cpp
../AK/Utf16View.cpp
)
set(ELF_SOURCES
2021-01-12 11:17:30 +00:00
../Userland/Libraries/LibELF/Image.cpp
../Userland/Libraries/LibELF/Validation.cpp
)
generate_state_machine(../Userland/Libraries/LibVT/StateMachine.txt ../Userland/Libraries/LibVT/EscapeSequenceStateMachine.h)
set(VT_SOURCES
2021-01-12 11:17:30 +00:00
../Userland/Libraries/LibVT/Terminal.cpp
../Userland/Libraries/LibVT/Line.cpp
../Userland/Libraries/LibVT/EscapeSequenceParser.cpp
)
set(KEYBOARD_SOURCES
2021-01-12 11:17:30 +00:00
../Userland/Libraries/LibKeyboard/CharacterMap.cpp
)
set(CRYPTO_SOURCES
2021-01-12 11:17:30 +00:00
../Userland/Libraries/LibCrypto/Cipher/AES.cpp
../Userland/Libraries/LibCrypto/Hash/SHA2.cpp
)
2021-10-15 13:57:42 +00:00
set(SOURCES
${AK_SOURCES}
)
if (NOT "${SERENITY_ARCH}" STREQUAL "aarch64")
set(SOURCES
${KERNEL_SOURCES}
${SOURCES}
${ELF_SOURCES}
${VT_SOURCES}
${KEYBOARD_SOURCES}
${CRYPTO_SOURCES}
)
else()
set(SOURCES
2021-10-15 13:57:42 +00:00
${SOURCES}
${AK_SOURCES}
Arch/aarch64/dummy.cpp
Arch/aarch64/SmapDisabler.cpp
Arch/aarch64/ScopedCritical.cpp
StdLib.cpp
MiniStdLib.cpp
UBSanitizer.cpp
)
# Otherwise linker errors e.g undefined reference to `__aarch64_cas8_acq_rel'
add_compile_options(-mno-outline-atomics -latomic)
endif()
add_compile_options(-fsigned-char)
add_compile_options(-Wno-unknown-warning-option -Wvla -Wnull-dereference)
add_compile_options(-fno-rtti -ffreestanding -fbuiltin)
if ("${SERENITY_ARCH}" STREQUAL "i686" OR "${SERENITY_ARCH}" STREQUAL "x86_64")
add_compile_options(-mno-80387 -mno-mmx -mno-sse -mno-sse2)
endif()
add_compile_options(-fno-asynchronous-unwind-tables)
add_compile_options(-fstack-protector-strong)
add_compile_options(-fno-exceptions)
# FIXME: remove -nodefaultlibs after the next toolchain update
add_compile_options(-nodefaultlibs -nostdlib)
if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
# Apply any flags that are only available on >= GCC 11.1
if (CMAKE_CXX_COMPILER_VERSION VERSION_GREATER_EQUAL "11.1")
# Zero any registers used within a function on return (to reduce data lifetime and ROP gadgets).
add_compile_options(-fzero-call-used-regs=used-gpr)
endif()
link_directories(${TOOLCHAIN_ROOT}/${SERENITY_ARCH}-pc-serenity/lib)
link_directories(${TOOLCHAIN_ROOT}/lib/gcc/${SERENITY_ARCH}-pc-serenity/${GCC_VERSION}/)
set(TARGET_STRING "")
else() # Assume Clang
add_compile_options(-Waddress-of-packed-member)
add_compile_options(-faligned-allocation)
# We need this in order to pick up the #define __serenity__, otherwise we end up including unistd.h into the linker script
set(TARGET_STRING "--target=${CMAKE_CXX_COMPILER_TARGET}")
add_link_options(LINKER:--build-id=none)
endif()
macro (set_new_alignment alignment)
if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
add_compile_options(-faligned-new=${alignment})
elseif (CMAKE_CXX_COMPILER_ID MATCHES "Clang$")
add_compile_options(-fnew-alignment=${alignment})
endif()
endmacro()
if ("${SERENITY_ARCH}" STREQUAL "x86_64")
add_compile_options(-mcmodel=large -mno-red-zone)
set_new_alignment(8)
else()
set_new_alignment(4)
endif()
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -static-pie")
2021-07-23 10:56:35 +00:00
# Kernel Coverage (KCOV) is an API to collect and expose program counters of
# kernel code that has been run to user space. It's rather slow and likely not
# secure to run in production builds. Useful for coverage guided fuzzing.
if (ENABLE_KERNEL_COVERAGE_COLLECTION)
add_definitions(-DENABLE_KERNEL_COVERAGE_COLLECTION)
add_compile_options(-fsanitize-coverage=trace-pc)
set(KCOV_EXCLUDED_SOURCES
# Make sure we don't instrument any code called from __sanitizer_cov_trace_pc
# otherwise we'll end up with recursive calls to that function.
../AK/Format.cpp
../AK/StringBuilder.cpp
../Kernel/Arch/x86/${KERNEL_ARCH}/Processor.cpp
../Kernel/Devices/KCOVDevice.cpp
../Kernel/Devices/KCOVInstance.cpp
../Kernel/FileSystem/File.cpp
../Kernel/FileSystem/OpenFileDescription.cpp
../Kernel/Heap/SlabAllocator.cpp
../Kernel/init.cpp
../Kernel/SanCov.cpp
# GCC assumes that the caller saves registers for functions according
# to the System V ABI and happily inserts coverage calls into the
# function prologue for all functions. This assumption is not true for
# interrupt handlers because their calling convention is not compatible
# with the System V ABI.
../Kernel/Arch/x86/common/Interrupts.cpp
../Kernel/Syscall.cpp
)
set_source_files_properties(${KCOV_EXCLUDED_SOURCES} PROPERTIES COMPILE_FLAGS "-fno-sanitize-coverage=trace-pc")
endif()
# Kernel Undefined Behavior Sanitizer (KUBSAN)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined")
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load*(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void *kasan_mem_to_shadow(const void *addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: * ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351
2021-02-14 20:47:10 +00:00
# Kernel Address Sanitize (KASAN) implementation is still a work in progress, this option
# is not currently meant to be used, besides when developing Kernel ASAN support.
#
if (ENABLE_KERNEL_ADDRESS_SANITIZER)
add_compile_options(-fsanitize=kernel-address)
add_link_options(-fsanitize=kernel-address)
Kernel: Initial integration of Kernel Address Sanitizer (KASAN) KASAN is a dynamic analysis tool that finds memory errors. It focuses mostly on finding use-after-free and out-of-bound read/writes bugs. KASAN works by allocating a "shadow memory" region which is used to store whether each byte of memory is safe to access. The compiler then instruments the kernel code and a check is inserted which validates the state of the shadow memory region on every memory access (load or store). To fully integrate KASAN into the SerenityOS kernel we need to: a) Implement the KASAN interface to intercept the injected loads/stores. void __asan_load*(address); void __asan_store(address); b) Setup KASAN region and determine the shadow memory offset + translation. This might be challenging since Serenity is only 32bit at this time. Ex: Linux implements kernel address -> shadow address translation like: static inline void *kasan_mem_to_shadow(const void *addr) { return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT) + KASAN_SHADOW_OFFSET; } c) Integrating KASAN with Kernel allocators. The kernel allocators need to be taught how to record allocation state in the shadow memory region. This commit only implements the initial steps of this long process: - A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER` - Stubs out enough of the KASAN interface to allow the Kernel to link clean. Currently the KASAN kernel crashes on boot (triple fault because of the crash in strlen other sanitizer are seeing) but the goal here is to just get started, and this should help others jump in and continue making progress on KASAN. References: * ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf * KASAN Docs: https://github.com/google/kasan * NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3 * LWN KASAN Article: https://lwn.net/Articles/612153/ * Tracking Issue #5351
2021-02-14 20:47:10 +00:00
endif()
add_compile_definitions(KERNEL)
add_link_options(LINKER:-z,notext)
if (NOT "${SERENITY_ARCH}" STREQUAL "aarch64")
add_library(kernel_heap STATIC ${KERNEL_HEAP_SOURCES})
endif()
add_executable(Kernel ${SOURCES})
add_dependencies(Kernel generate_EscapeSequenceStateMachine.h)
add_custom_command(
OUTPUT linker.ld
COMMAND "${CMAKE_CXX_COMPILER}" ${TARGET_STRING} -E -P -x c -I${CMAKE_CURRENT_SOURCE_DIR}/.. "${CMAKE_CURRENT_SOURCE_DIR}/linker.ld" -o "${CMAKE_CURRENT_BINARY_DIR}/linker.ld"
MAIN_DEPENDENCY "${CMAKE_CURRENT_SOURCE_DIR}/linker.ld"
COMMENT "Preprocessing linker.ld"
VERBATIM
)
add_custom_target(generate_kernel_linker_script DEPENDS linker.ld)
target_link_options(Kernel PRIVATE LINKER:-T ${CMAKE_CURRENT_BINARY_DIR}/linker.ld -nostdlib -nodefaultlibs)
set_target_properties(Kernel PROPERTIES LINK_DEPENDS "${CMAKE_CURRENT_BINARY_DIR}/linker.ld")
if (ENABLE_KERNEL_LTO)
include(CheckIPOSupported)
check_ipo_supported()
add_definitions(-DENABLE_KERNEL_LTO)
set_property(TARGET Kernel PROPERTY INTERPROCEDURAL_OPTIMIZATION TRUE)
if (NOT "${SERENITY_ARCH}" STREQUAL "aarch64")
set_property(TARGET kernel_heap PROPERTY INTERPROCEDURAL_OPTIMIZATION TRUE)
endif()
endif()
if (NOT "${SERENITY_ARCH}" STREQUAL "aarch64")
if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
target_link_libraries(Kernel PRIVATE kernel_heap gcc)
elseif(CMAKE_CXX_COMPILER_ID MATCHES "Clang$")
target_link_libraries(Kernel PRIVATE kernel_heap clang_rt.builtins)
endif()
endif()
add_custom_command(
TARGET Kernel POST_BUILD
COMMAND ${CMAKE_COMMAND} -E env CXXFILT=${SERENITY_CXXFILT} sh ${CMAKE_CURRENT_SOURCE_DIR}/mkmap.sh
COMMAND ${CMAKE_COMMAND} -E env OBJCOPY=${CMAKE_OBJCOPY} sh ${CMAKE_CURRENT_SOURCE_DIR}/embedmap.sh
COMMAND ${CMAKE_OBJCOPY} --only-keep-debug Kernel Kernel.debug
COMMAND ${CMAKE_OBJCOPY} --strip-debug Kernel
COMMAND ${CMAKE_OBJCOPY} --add-gnu-debuglink=Kernel.debug Kernel
BYPRODUCTS ${CMAKE_CURRENT_BINARY_DIR}/kernel.map
)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/Kernel" DESTINATION boot)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/Kernel.debug" DESTINATION boot)
install(FILES "${CMAKE_CURRENT_BINARY_DIR}/kernel.map" DESTINATION res)
serenity_install_headers(Kernel)
serenity_install_sources(Kernel)
add_subdirectory(Prekernel)