Commit graph

16852 commits

Author SHA1 Message Date
Ben Wiederhake
b3f0a5c917 LibC: Fix typo in comment 2021-02-15 22:09:01 +01:00
Ben Wiederhake
cf0d4994c2 LibC+LibPthread: Permit partial pthread_atfork
POSIX explicitly allows providing nullptr's, and our __pthread_*() implementation
stores and calls the provided functions as-is, without checking for nullptr.
2021-02-15 22:09:01 +01:00
Ben Wiederhake
fbb85f9b2f Kernel: Refuse excessively long iovec list, also in readv
This bug is a good example why copy-paste code should eventually be eliminated
from the code base: Apparently the code was copied from read.cpp before
c6027ed7cc, so the same bug got introduced here.

To recap: A malicious program can ask the Kernel to prepare sys-ing to
a huge amount of iovecs. The Kernel must first copy all the vector locations
into 'vecs', and before that allocates an arbitrary amount of memory:
    vecs.resize(iov_count);
This can cause Kernel memory exhaustion, triggered by any malicious userland
program.
2021-02-15 22:09:01 +01:00
Andreas Kling
fc2a4511ec LibVT: Clean up TerminalWidget a bit, removing unused cruft 2021-02-15 19:58:47 +01:00
Jean-Baptiste Boric
d9aaa8afe9 LibGUI: Open context menu on 'Menu' key down 2021-02-15 19:37:14 +01:00
Jean-Baptiste Boric
0d22ec9d32 Kernel: Handle 'Menu' key on PS/2 keyboard 2021-02-15 19:37:14 +01:00
Jean-Baptiste Boric
e616cb35ba WindowManager: Fix default menu item on key down
This fixes the key down behavior on Terminal's Edit menu, which tried
to hover the disabled menu item Copy if there was nothing selected.
2021-02-15 19:37:14 +01:00
Jean-Baptiste Boric
f8cb068354 WindowManager: Select top-level menus with left/right keys 2021-02-15 19:37:14 +01:00
Jean-Baptiste Boric
7ee6c66ee9 WindowManager: Make the Logo key open the system menu 2021-02-15 19:37:14 +01:00
Andreas Kling
c51209a06a LibWeb: Move cursor along when drag-selecting in editable content 2021-02-15 18:12:14 +01:00
Andreas Kling
7f616449ec LibGUI: Make TextEditor write a trailing newline to non-empty files
Fixes #4801.
2021-02-15 18:02:33 +01:00
Andreas Kling
a048f46be5 LibGUI: Use a ScopeGuard to close the fd in TextEditor::write_to_file() 2021-02-15 17:48:38 +01:00
Andreas Kling
015c5e61a8 LibGUI: Fix bogus TextEditor selection when cursor dragged outside view
If the cursor Y position is < 0 in content coordinate space, we should
always map that to the first line of the file.

This fixes unexpected cursor behavior when dragging the selection above
the top of the document.
2021-02-15 17:34:40 +01:00
AnotherTest
8bc1bcb34b LibC: Reimplement scanf from the ground up
This adds support for some previously unsupported features
(e.g. length modifiers) and fixes at least one FIXME.
Fixes #90.
2021-02-15 17:32:56 +01:00
AnotherTest
0bf496f864 LibC: Make strtoull accept the '0x' prefix when base 16 is specified
Dr.POSIX says it should be.
2021-02-15 17:32:56 +01:00
AnotherTest
5729e76c7d Meta: Make it possible to (somewhat) build the system inside Serenity
This removes some hard references to the toolchain, some unnecessary
uses of an external install command, and disables a -Werror flag (for
the time being) - only if run inside serenity.

With this, we can build and link the kernel :^)
2021-02-15 17:32:56 +01:00
AnotherTest
80d6f46d4e Ports: Add a cmake port
Yes, you build this *inside* serenity.
2021-02-15 17:32:56 +01:00
AnotherTest
bb777459a0 LibC+LibPthread: Implement pthread_atfork()
This required a bit of rearchitecture, as pthread_atfork() required a
mutex, and duplicating a mutex impl for it was silly.
As such, this patch moves some standalone bits of pthread into LibC and
uses those to implement atfork().
It should be noted that for programs that don't use atfork(), this
mechanism only costs two atomic loads (as opposed to the normal mutex
lock+unlock) :^)
2021-02-15 17:32:56 +01:00
AnotherTest
8e074f8665 LibC+LibPthread: Implement pthread_rwlock_*
This implementation is pretty damn dumb, and probably has more bugs than
features.
But for the time being, it seems to work. however, we should definitely
replace it with a good implementation sometime very soon :^)
2021-02-15 17:32:56 +01:00
AnotherTest
2e50c232f7 LibPthread: Stub out pthread_atfork() 2021-02-15 17:32:56 +01:00
AnotherTest
26a8a84ded LibC+LibPthread: Stub out pthread_rwlock_* functions 2021-02-15 17:32:56 +01:00
AnotherTest
9e2c37a8b2 LibC: Add 'cfmakeraw()' 2021-02-15 17:32:56 +01:00
AnotherTest
0c07c005b5 LibC: Stub out some addrinfo things 2021-02-15 17:32:56 +01:00
AnotherTest
4519950266 Kernel+LibC: Add the _SC_GETPW_R_SIZE_MAX sysconf enum
It just returns 4096 :P
2021-02-15 17:32:56 +01:00
AnotherTest
71054c4c06 LibC: Add reentrant versions of getpw{uid,nam}
Pretty hacky, but it should be fine.
2021-02-15 17:32:56 +01:00
AnotherTest
a3a7ab83c4 Kernel+LibC: Implement readv
We already had writev, so let's just add readv too.
2021-02-15 17:32:56 +01:00
AnotherTest
1e79c04616 Kernel+LibC: Stub out SO_{SND_RCV}BUF 2021-02-15 17:32:56 +01:00
AnotherTest
2db4ab80a2 LibC: Pull fd_set.h into unistd.h 2021-02-15 17:32:56 +01:00
AnotherTest
6f9e6e63b6 grep: Exit with 1 if nothing matches 2021-02-15 17:32:56 +01:00
AnotherTest
9b69c73dfe LibC: Stub out semaphore.h 2021-02-15 17:32:56 +01:00
Brian Gianforcaro
7482cb6531 Kernel: Avoid some un-necessary copies coming from range based for loops
- The irq_controller was getting add_ref/released needlessly during enumeration.

- Used ranges were also getting needlessly copied.
2021-02-15 15:25:23 +01:00
Brian Gianforcaro
a5f879ea8c Base: Add a man page documenting security mitigations
Since so much work is being put into mitigations, I thought
it would be nice to track them all in one place. This is the
start of that document.
2021-02-15 15:25:01 +01:00
Andreas Kling
9efd80f100 LibJS: Use fabs() instead of abs() in JS::Value
abs() takes an int, so this would only work correctly for numbers
smaller than INT_MAX.
2021-02-15 13:58:24 +01:00
Brian Gianforcaro
566b916364 CMake: Add 'setup-and-run' target to perform all prereqs and run the image
Running 'ninja install && ninja image && ninja run` is kind of
annoying. I got tired, and came up with this instead, which does the
right thing and I don't have to type out the incantation.
2021-02-15 12:25:31 +01:00
Linus Groh
e8ff61e64b Ports: Document build_{all,installed}.sh 2021-02-15 11:46:36 +01:00
Brian Gianforcaro
96943ab07c Kernel: Initial integration of Kernel Address Sanitizer (KASAN)
KASAN is a dynamic analysis tool that finds memory errors. It focuses
mostly on finding use-after-free and out-of-bound read/writes bugs.

KASAN works by allocating a "shadow memory" region which is used to store
whether each byte of memory is safe to access. The compiler then instruments
the kernel code and a check is inserted which validates the state of the
shadow memory region on every memory access (load or store).

To fully integrate KASAN into the SerenityOS kernel we need to:

 a) Implement the KASAN interface to intercept the injected loads/stores.

      void __asan_load*(address);
      void __asan_store(address);

 b) Setup KASAN region and determine the shadow memory offset + translation.
    This might be challenging since Serenity is only 32bit at this time.

    Ex: Linux implements kernel address -> shadow address translation like:

      static inline void *kasan_mem_to_shadow(const void *addr)
      {
          return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
                  + KASAN_SHADOW_OFFSET;
      }

 c) Integrating KASAN with Kernel allocators.
    The kernel allocators need to be taught how to record allocation state
    in the shadow memory region.

This commit only implements the initial steps of this long process:
- A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER`
- Stubs out enough of the KASAN interface to allow the Kernel to link clean.

Currently the KASAN kernel crashes on boot (triple fault because of the crash
in strlen other sanitizer are seeing) but the goal here is to just get started,
and this should help others jump in and continue making progress on KASAN.

References:
* ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf
* KASAN Docs: https://github.com/google/kasan
* NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3
* LWN KASAN Article: https://lwn.net/Articles/612153/
* Tracking Issue #5351
2021-02-15 11:41:53 +01:00
Tom
be48a89b35 WindowServer: Fix double click handling while using cursor tracking
We need to first deliver the mouse event and possibly the double click
event and record these facts. Then, we need to iterate all global
tracking listeners and deliver the mouse event (but not the double
click event) to any such listener, unless they already had these
events delivered.

Fixes #4703
2021-02-15 11:03:49 +01:00
Brian Gianforcaro
69df3cfae7 Kernel: Mark KBuffer and its getters as [[nodiscard]]
There is no reason to call a getter without observing the result, doing
so indicates an error in the code. Mark these methods as [[nodiscard]]
to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
0cbede91b8 Kernel: Mark Lock getters as [[nodiscard]]
There is no reason to call a getter without observing the result, doing
so indicates an error in the code. Mark these methods as [[nodiscard]]
to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
a75d7958cc Kernel: Mark UserOrKernelBuffer and it's getters as [[nodicard]]
`UserOrKernelBuffer` objects should always be observed when created, in
turn there is no reason to call a getter without observing the result.
Doing either of these indicates an error in the code. Mark these methods
as [[nodiscard]] to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
01a66efe9d Kernel: Mark KResult getters as [[nodiscard]]
There is no reason to call a getter without observing the result, doing
so indicates an error in the code. Mark these methods as [[nodiscard]]
to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
3356f438ca AK: Mark Optional getters as [[nodiscard]]
There is no reason to call a getter without observing the result, doing
so indicates an error in the code. Mark these methods as [[nodiscard]]
to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
8752a27519 Kernel: Mark PhysicalAddress/VirtualAddress getters as [[nodiscard]]
There is no reason to call a getter without observing the result, doing
so indicates an error in the code. Mark these methods as [[nodiscard]]
to find these cases.
2021-02-15 09:34:52 +01:00
Brian Gianforcaro
d71e235894 Kernel: Mark more StdLib functions as [[nodiscard]]
In the never ending journey to catch bugs, mark more functions
as [[nodiscard]] to find incorrect call sites.
2021-02-15 09:34:52 +01:00
Sergey Bugaev
373d135e74 LookupServer: Implement a DNS server :^)
LookupServer can now itself server as a DNS server! To service DNS clients, it
uses the exact same lookup logic as it does for LibIPC clients. Namely, it will
synthesize records for data from /etc/hosts on its own (you can use this to
configure host names for your domain!), and forward other questions to
configured upstream DNS servers. On top of that, it implements its own caching,
so once a DNS resource record has been obtained from an upstream server,
LookupServer will cache it locally for faster future lookups.

The DNS server part of LookupServer is disabled by default, because it requires
you to run it as root (for it to bind to the port 53) and on boot, and we don't
want either by default. If you want to try it, modify SystemServer.ini like so:

[LookupServer]
Socket=/tmp/portal/lookup
SocketPermissions=666
Priority=low
KeepAlive=1
User=root
BootModes=text,graphical

and enable server mode in LookupServer.ini like so:

[DNS]
Nameservers=...
EnableServer=1

If in the future we implement socket takeover for IP sockets, these limitations
may be lifted.
2021-02-15 09:14:42 +01:00
Sergey Bugaev
bc05ab47de LibCore: Expose UDPServer::fd() and make the constructor protected 2021-02-15 09:14:42 +01:00
Sergey Bugaev
56831ed81f LookupServer: Misc tweaks 2021-02-15 09:14:42 +01:00
Sergey Bugaev
19cfed329e LookupServer: Make lookup() return DNSAnswer's instead of strings
This way, we propagate proper TTL. None of the callers currently care, though.
2021-02-15 09:14:42 +01:00
Sergey Bugaev
3fba6bfb5e LookupServer: Move cache check into the outer lookup() method
Where it belongs, alongside the /etc/hosts check. The inner lookup() method is
really about talking to a specific DNS server.

Also, don't bail out on a empty name. An empty DNSName is actually '.' — a
single dot — aka the DNS root.
2021-02-15 09:14:42 +01:00
Sergey Bugaev
af6aac8c55 LookupServer: Store /etc/hosts as Vector<DNSAnswer>
...just like we store m_lookup_cache, in other words.

This immediately lets us match on types: for instance we will now only resolve
1.0.0.127.in-addr.arpa to localhost if asked for type PTR, not for type A. In
the future, this could also let us have the same /etc/hosts name resolve
to *multiple* addresses.
2021-02-15 09:14:42 +01:00