Commit graph

22 commits

Author SHA1 Message Date
Ben Wiederhake
33079c8ab9 Kernel+UE+LibC: Remove unused dbgputch syscall
Everything uses the dbgputstr syscall anyway, so there is no need to
keep supporting it.
2021-11-24 22:56:39 +01:00
Andreas Kling
79fa9765ca Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.

Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
2021-11-08 01:10:53 +01:00
Andreas Kling
cf2c04eb13 Kernel: Use TRY() in sys$dbgputstr() 2021-09-05 18:15:05 +02:00
Andreas Kling
48a0b31c47 Kernel: Make copy_{from,to}_user() return KResult and use TRY()
This makes EFAULT propagation flow much more naturally. :^)
2021-09-05 17:38:37 +02:00
Brian Gianforcaro
ed6d842f85 Kernel: Fix OOB read in sys$dbgputstr(..) during fuzzing
The implementation uses try_copy_kstring_from_user to allocate a kernel
string using, but does not use the length of the resulting string.
The size parameter to the syscall is untrusted, as try copy kstring will
attempt to perform a `safe_strlen(..)` on the user mode string and use
that value for the allocated length of the KString instead. The bug is
that we are printing the kstring, but with the usermode size argument.

During fuzzing this resulted in us walking off the end of the allocated
KString buffer printing garbage (or any kernel data!), until we stumbled
in to the KSym region and hit a fatal page fault.

This is technically a kernel information disclosure, but (un)fortunately
the disclosure only happens to the Bochs debug port, and or the serial
port if serial debugging is enabled. As far as I can tell it's not
actually possible for an untrusted attacker to use this to do something
nefarious, as they would need access to the host. If they have host
access then they can already do much worse things :^).
2021-08-13 11:08:11 +02:00
Brian Gianforcaro
5121e58d4a Kernel: Fix sys$dbgputstr(...) to take a char* instead of u8*
We always attempt to print this as a string, and it's defined as such in
LibC, so fix the signature to match.
2021-08-13 11:08:11 +02:00
Idan Horowitz
b1f4f6ee15 Kernel: Disable big process lock for sys$dbgputch
This syscall doesn't touch any intra-process shared resources and
already holds the global logging lock so there's no reason to hold
the big lock.
2021-08-06 23:36:12 +02:00
Idan Horowitz
c7ad4c6c32 Kernel: Disable big process lock for sys$dbgputstr
This syscall doesn't touch any intra-process shared resources and
already holds the global logging lock so there's no reason to hold
the big lock.
2021-08-06 23:36:12 +02:00
Idan Horowitz
00818b8447 Kernel: Disable big process lock for sys$dump_backtrace()
This syscall only dumps the current thread's backtrace and as such
doesn't touch any shared intra-process resources.
2021-08-06 23:36:12 +02:00
Brian Gianforcaro
9201a06027 Kernel: Annotate all syscalls with VERIFY_PROCESS_BIG_LOCK_ACQUIRED
Before we start disabling acquisition of the big process lock for
specific syscalls, make sure to document and assert that all the
lock is held during all syscalls.
2021-07-20 03:21:14 +02:00
Gunnar Beutner
2a78bf8596 Kernel: Fix the return type for syscalls
The Process::Handler type has KResultOr<FlatPtr> as its return type.
Using a different return type with an equally-sized template parameter
sort of works but breaks once that condition is no longer true, e.g.
for KResultOr<int> on x86_64.

Ideally the syscall handlers would also take FlatPtrs as their args
so we can get rid of the reinterpret_cast for the function pointer
but I didn't quite feel like cleaning that up as well.
2021-06-28 22:29:28 +02:00
Andreas Kling
f4090d46de Kernel: Don't kmalloc() for small (<=1024) dbgputstr() syscalls 2021-06-27 10:50:24 +02:00
Max Wipfli
84c0f98fb2 Kernel: Reimplement the dbgputch and dbgputstr syscalls
This rewrites the dbgputch and dbgputstr system calls as wrappers of
kstdio.h.

This fixes a bug where only the Kernel's debug output was also sent to
a serial debugger, while the userspace's debug output was only sent to
the Bochs debugger.

This also fixes a bug where debug output from one process would
sometimes "interrupt" the debug output from another process in the
middle of a line.
2021-06-24 10:29:09 +02:00
Gunnar Beutner
bc3076f894 Kernel: Remove various other uses of ssize_t 2021-06-16 21:29:36 +02:00
Nick Miller
10ba6f254c Kernel: Rename instances of IO port 0xe9 to BOCHS_DEBUG_PORT 2021-05-31 19:06:13 +01:00
Andreas Kling
e46343bf9a Kernel: Make UserOrKernelBuffer R/W helpers return KResultOr<size_t>
This makes error propagation less cumbersome (and also exposed some
places where we were not doing it.)
2021-05-13 23:28:40 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Andreas Kling
ac71775de5 Kernel: Make all syscall functions return KResultOr<T>
This makes it a lot easier to return errors since we no longer have to
worry about negating EFOO errors and can just return them flat.
2021-03-01 13:54:32 +01:00
Andreas Kling
1730c23775 Kernel: Remove a bunch of no-longer-necessary SmapDisablers
We forgot to remove the automatic SMAP disablers after fixing up all
this code to not access userspace memory directly. Let's lock things
down at last. :^)
2021-01-17 15:03:07 +01:00
Tom
c8d9f1b9c9 Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
2020-09-13 21:19:15 +02:00
Andreas Kling
8d4d1c7457 Kernel: Use Userspace<T> in more syscalls 2020-08-01 11:37:40 +02:00
Andreas Kling
949aef4aef Kernel: Move syscall implementations out of Process.cpp
This is something I've been meaning to do for a long time, and here we
finally go. This patch moves all sys$foo functions out of Process.cpp
and into files in Kernel/Syscalls/.

It's not exactly one syscall per file (although it could be, but I got
a bit tired of the repetitive work here..)

This makes hacking on individual syscalls a lot less painful since you
don't have to rebuild nearly as much code every time. I'm also hopeful
that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:40:57 +02:00