Commit graph

115 commits

Author SHA1 Message Date
Nicholas-Baron
c4ede38542 Everything: Add -Wnon-virtual-dtor flag
This flag warns on classes which have `virtual` functions but do not
have a `virtual` destructor.

This patch adds both the flag and missing destructors. The access level
of the destructors was determined by a two rules of thumb:
1. A destructor should have a similar or lower access level to that of a
   constructor.
2. Having a `private` destructor implicitly deletes the default
   constructor, which is probably undesirable for "interface" types
   (classes with only virtual functions and no data).

In short, most of the added destructors are `protected`, unless the
compiler complained about access.
2021-04-15 20:57:13 +02:00
Nicholas-Baron
7b502d113b Everywhere: Add "free" warnings
The following warnings do not occur anywhere in the codebase and so
enabling them is effectivly free:
 * `-Wcast-align`
 * `-Wduplicated-cond`
 * `-Wformat=2`
 * `-Wlogical-op`
 * `-Wmisleading-indentation`
 * `-Wunused`

These are taken as a strict subset of the list in #5487.
2021-04-15 10:21:45 +02:00
Peter Elliott
938924f36d Meta: Add install-ports CMake target
install-ports copys the necessary files from Ports/ to /usr/Ports. Also
refactor the compiler and destiation variables from .port_include.sh
into .hosted_defs.sh. .hosted_defs.sh does not exists when ports are
built in serenity
2021-04-12 14:06:24 +02:00
Andreas Kling
d454926e0f cmake: Hotfix the broken build
This regressed in #6000 and started complaining about bad literal
suffixes, so here's a quick and dirty partial revert to make things
build again.
2021-03-28 21:32:28 +02:00
Michel Hermier
d927b69082 cmake: Tidy compiler options.
Prior to this patch there was some long line of unreadable compiler
options. Now the long lines are deduplicated and there is only one
option per line to ease reading/maintenance.
2021-03-28 20:40:12 +02:00
Michel Hermier
a208cc3169 cmake: Group compile options together. 2021-03-28 20:40:12 +02:00
Brendan Coles
215375f2a5 Build: Enable --noexecstack
Build ELF executables with a zero length `GNU_STACK`
program header flagged non-executable.

The stack is never executable on SerenityOS regardless
of whether the `GNU_STACK` header is specified.

Specifically defining this header is more explicit,
as absence of this header implies an executable stack
on other systems (Linux).
2021-03-19 09:16:53 +01:00
Linus Groh
3775507613 Build: Download and uncompress gzipped version of pci.ids
Partially addresses #5611.
2021-03-04 11:21:55 +01:00
Linus Groh
15ae22f7cc Build: Add ENABLE_PCI_IDS_DOWNLOAD CMake option
This allows disabling the download of the pci.ids database at build
time.

Addresses concerns raised in #5410.
2021-03-04 11:21:55 +01:00
Andrew Kaster
e787738c24 Meta: Build AK and LibRegex tests in Lagom and for Serenity
These tests were never built for the serenity target. Move their Lagom
build steps to the Lagom CMakeLists.txt, and add serenity build steps
for them. Also, fix the build errors when building them with the
serenity cross-compiler :^)
2021-02-28 18:19:37 +01:00
Brian Gianforcaro
31e1b08e15 AK: Add support for AK::StringView literals with operator""sv
A new operator, operator""sv was added as of C++17 to support
string_view literals. This allows string_views to be constructed
from string literals and with no runtime cost to find the string
length.

See: https://en.cppreference.com/w/cpp/string/basic_string_view/operator%22%22sv

This change implements that functionality in AK::StringView.
We do have to suppress some warnings about implementing reserved
operators as we are essentially implementing STL functions in AK
as we have no STL :).
2021-02-24 14:38:31 +01:00
Linus Groh
6ad3454bfb AK: Rename {DBGLN_NO => ENABLE}_COMPILETIME_FORMAT_CHECK
This is no longer limited to dbgln(). Also invert it to match all the
other ENABLE_FOO options.
2021-02-24 13:07:57 +01:00
Andreas Kling
f27eb315fc Build: Build Userland with -O2, Kernel with -Os
For some reason I don't yet understand, building the kernel with -O2
produces a way-too-large kernel on some people's systems.

Since there are some really nice performance benefits from -O2 in
userspace, let's do a compromise and build Userland with -O2 but
put Kernel back into the -Os box for now.
2021-02-24 11:38:52 +01:00
Andreas Kling
84996c6567 Everywhere: Okay let's try that -O2 build again :^)
Now that the issue with the kernel outgrowing its slot is patched,
we should be able to boot a slightly larger kernel without trouble.
2021-02-23 21:52:26 +01:00
Andreas Kling
4ba36c6a49 Build: Revert back to building with -Os
-O2 kernels are failing to boot on other people's machines for some
reason that we need to investigate. In the meantime, let's revert.
2021-02-23 21:22:20 +01:00
Andreas Kling
bc029a6314 Everywhere: Build with -O2 :^)
Let's try going faster instead of smaller.
2021-02-23 19:43:44 +01:00
Andreas Kling
87bb00f6ab Build: Only use -fstack-clash-protection with GCC
This is not yet supported by Clang, so let's disable it for non-GCC
compilers for now. (CLion was whining about it.)
2021-02-23 17:41:03 +01:00
Itamar
7df61e2c9b Toolchain: Use -ftls-model=initial-exec by default
Our TLS implementation relies on the TLS model being "initial-exec".
We previously enforced this by adding the '-ftls-model=initial-exec'
flag in the root CmakeLists file, but that did not affect ports - So
now we put that flag in the gcc spec files.

Closes #5366
2021-02-19 15:21:24 +01:00
Andreas Kling
7142562310 Everywhere: Build with -fstack-clash-protection
This option causes GCC to generate code to prevent "stack clash" style
attacks where a very large stack allocation is used in to jump over the
stack guard page and into whatever's next to it.
2021-02-19 09:12:30 +01:00
Andreas Kling
713b3b36be DynamicLoader+Userland: Enable RELRO for shared libraries as well :^)
To support this, I had to reorganize the "load_elf" function into two
passes. First we map all the dynamic objects, to get their symbols
into the global lookup table. Then we link all the dynamic objects.

So many read-only GOT's! :^)
2021-02-19 00:03:03 +01:00
Andreas Kling
fa4c249425 LibELF+Userland: Enable RELRO for all userland executables :^)
The dynamic loader will now mark RELRO segments read-only after
performing relocations. This is pretty cool!

Note that this only applies to main executables so far,.
RELRO support for shared libraries will require some reorganizing
of the dynamic loader.
2021-02-18 18:55:19 +01:00
AnotherTest
5729e76c7d Meta: Make it possible to (somewhat) build the system inside Serenity
This removes some hard references to the toolchain, some unnecessary
uses of an external install command, and disables a -Werror flag (for
the time being) - only if run inside serenity.

With this, we can build and link the kernel :^)
2021-02-15 17:32:56 +01:00
Brian Gianforcaro
566b916364 CMake: Add 'setup-and-run' target to perform all prereqs and run the image
Running 'ninja install && ninja image && ninja run` is kind of
annoying. I got tired, and came up with this instead, which does the
right thing and I don't have to type out the incantation.
2021-02-15 12:25:31 +01:00
Brian Gianforcaro
96943ab07c Kernel: Initial integration of Kernel Address Sanitizer (KASAN)
KASAN is a dynamic analysis tool that finds memory errors. It focuses
mostly on finding use-after-free and out-of-bound read/writes bugs.

KASAN works by allocating a "shadow memory" region which is used to store
whether each byte of memory is safe to access. The compiler then instruments
the kernel code and a check is inserted which validates the state of the
shadow memory region on every memory access (load or store).

To fully integrate KASAN into the SerenityOS kernel we need to:

 a) Implement the KASAN interface to intercept the injected loads/stores.

      void __asan_load*(address);
      void __asan_store(address);

 b) Setup KASAN region and determine the shadow memory offset + translation.
    This might be challenging since Serenity is only 32bit at this time.

    Ex: Linux implements kernel address -> shadow address translation like:

      static inline void *kasan_mem_to_shadow(const void *addr)
      {
          return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
                  + KASAN_SHADOW_OFFSET;
      }

 c) Integrating KASAN with Kernel allocators.
    The kernel allocators need to be taught how to record allocation state
    in the shadow memory region.

This commit only implements the initial steps of this long process:
- A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER`
- Stubs out enough of the KASAN interface to allow the Kernel to link clean.

Currently the KASAN kernel crashes on boot (triple fault because of the crash
in strlen other sanitizer are seeing) but the goal here is to just get started,
and this should help others jump in and continue making progress on KASAN.

References:
* ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf
* KASAN Docs: https://github.com/google/kasan
* NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3
* LWN KASAN Article: https://lwn.net/Articles/612153/
* Tracking Issue #5351
2021-02-15 11:41:53 +01:00
Andreas Kling
1cec5f3d4c Build: Allow setting DBGLN_NO_COMPILETIME_FORMAT_CHECK via CMake flag 2021-02-08 18:27:28 +01:00
Linus Groh
dff808d087 Base: Remove /res/pci.ids and download at build time instead
This is an external file from https://pci-ids.ucw.cz that's being updated
daily, which was imported a while ago but probably shouldn't live in the
SerenityOS repository in the first place (or else would need manual
maintenance). The legal aspects of redistributing this file as we
currently do are not quite clear to me, they require either GPL (version
2 or later) or 3-clause BSD - Serenity is 2-clause BSD...

The current version we use is 2019.08.08, so quite outdated - and while
most of these devices are obviously not supported, we're still capable
of *listing* them, so having an up-to-date version with recent additions
and fixes would be nice.

This updates the root CMakeLists.txt to check for existence of the file
and download it if not found - effectively on every fresh build. Do note
that this is not a critical file, and the system runs just fine should
this ever fail. :^)
2021-02-07 01:14:36 +01:00
Andreas Kling
e87eac9273 Userland: Add LibSystem and funnel all syscalls through it
This achieves two things:

- Programs can now intentionally perform arbitrary syscalls by calling
  syscall(). This allows us to work on things like syscall fuzzing.

- It restricts the ability of userspace to make syscalls to a single
  4KB page of code. In order to call the kernel directly, an attacker
  must now locate this page and call through it.
2021-02-05 12:23:39 +01:00
asynts
7cf0c7cc0d Meta: Split debug defines into multiple headers.
The following script was used to make these changes:

    #!/bin/bash
    set -e

    tmp=$(mktemp -d)

    echo "tmp=$tmp"

    find Kernel \( -name '*.cpp' -o -name '*.h' \) | sort > $tmp/Kernel.files
    find . \( -path ./Toolchain -prune -o -path ./Build -prune -o -path ./Kernel -prune \) -o \( -name '*.cpp' -o -name '*.h' \) -print | sort > $tmp/EverythingExceptKernel.files

    cat $tmp/Kernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/Kernel.macros
    cat $tmp/EverythingExceptKernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/EverythingExceptKernel.macros

    comm -23 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/Kernel.unique
    comm -1 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/EverythingExceptKernel.unique

    cat $tmp/Kernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/Kernel.header
    cat $tmp/EverythingExceptKernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/EverythingExceptKernel.header

    for macro in $(cat $tmp/Kernel.unique)
    do
        cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.new-includes ||:
    done
    cat $tmp/Kernel.new-includes | sort > $tmp/Kernel.new-includes.sorted

    for macro in $(cat $tmp/EverythingExceptKernel.unique)
    do
        cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.old-includes ||:
    done
    cat $tmp/Kernel.old-includes | sort > $tmp/Kernel.old-includes.sorted

    comm -23 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.new
    comm -13 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.old
    comm -12 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.mixed

    for file in $(cat $tmp/Kernel.includes.new)
    do
        sed -i -E 's/#include <AK\/Debug\.h>/#include <Kernel\/Debug\.h>/' $file
    done

    for file in $(cat $tmp/Kernel.includes.mixed)
    do
        echo "mixed include in $file, requires manual editing."
    done
2021-01-26 21:20:00 +01:00
asynts
1a3a0836c0 Everywhere: Use CMake to generate AK/Debug.h.
This was done with the help of several scripts, I dump them here to
easily find them later:

    awk '/#ifdef/ { print "#cmakedefine01 "$2 }' AK/Debug.h.in

    for debug_macro in $(awk '/#ifdef/ { print $2 }' AK/Debug.h.in)
    do
        find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/#ifdef '$debug_macro'/#if '$debug_macro'/' {} \;
    done

    # Remember to remove WRAPPER_GERNERATOR_DEBUG from the list.
    awk '/#cmake/ { print "set("$2" ON)" }' AK/Debug.h.in
2021-01-25 09:47:36 +01:00
Andreas Kling
c7ac7e6eaf Services: Move to Userland/Services/ 2021-01-12 12:23:01 +01:00
Andreas Kling
4055b03291 DevTools: Move to Userland/DevTools/ 2021-01-12 12:18:55 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
Andreas Kling
dc28c07fa5 Applications: Move to Userland/Applications/ 2021-01-12 12:05:23 +01:00
Andreas Kling
aa939c4b4b Games: Move to Userland/Games/ 2021-01-12 12:04:23 +01:00
Andreas Kling
b8d6a56fa3 MenuApplets: Move to Userland/MenuApplets/ 2021-01-12 12:04:20 +01:00
Andreas Kling
7fc079bd86 Demos: Move to Userland/Demos/ 2021-01-12 12:04:17 +01:00
Andreas Kling
c4e2fd8123 Shell: Move to Userland/Shell/ 2021-01-12 12:04:07 +01:00
Andreas Kling
5a97e8bb23 CMake: Only enable "MacOS workaround" on MacOS
This was preventing ports from building on Linux.
2021-01-07 11:41:05 +01:00
Nico Weber
6ab81c32be CMake: set CMAKE_SKIP_RPATH everywhere
Else, there's tons of "-- Set runtime path of" spam at build time,
with apparently no way of disabling the build noise other than turning
of rpaths. If the dynamic loader uses them at some point, we probably
want to set them through cflags/ldflags instead of through cmake's
built-in thing anyways, for that reason.
2021-01-07 11:26:05 +01:00
Sahan Fernando
edeec2974f Everywhere: Force linker hash style to be gnu 2021-01-06 09:42:08 +01:00
Brian Gianforcaro
06da50afc7 Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions.

The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.

Details:

    -fstack-protector enables stack protection for vulnerable functions that contain:

    * A character array larger than 8 bytes.
    * An 8-bit integer array larger than 8 bytes.
    * A call to alloca() with either a variable size or a constant size bigger than 8 bytes.

    -fstack-protector-strong enables stack protection for vulnerable functions that contain:

    * An array of any size and type.
    * A call to alloca().
    * A local variable that has its address taken.

Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
2021-01-02 11:34:55 +01:00
Andrew Kaster
350d4d3543 Meta: Enable RTTI for Userspace programs
RTTI is still disabled for the Kernel, and for the Dynamic Loader. This
allows for much less awkward navigation of class heirarchies in LibCore,
LibGUI, LibWeb, and LibJS (eventually). Measured RootFS size increase
was < 1%, and libgui.so binary size was ~3.3%. The small binary size
increase here seems worth it :^)
2021-01-01 14:45:09 +01:00
Brian Gianforcaro
43908db594 CMake: Add public cmake option to document BUILD_LAGOM
- Making this an option makes this option visible to users and tooling.
2021-01-01 14:37:04 +01:00
Brian Gianforcaro
40f671ac67 CMake: Add public cmake option to document ENABLE_ALL_THE_DEBUG_MACROS
- Making this an option makes this option visible to users and tooling.
- Rename `ALL_THE_DEBUG_MACROS` -> `ENABLE_ALL_THE_DEBUG_MACROS`.
2021-01-01 14:37:04 +01:00
Brian Gianforcaro
ab6ee9f7b2 CMake: Remove some trailing whitespace from a few CMakeLists.txt files 2021-01-01 14:37:04 +01:00
Brian Gianforcaro
6d67c4cafc CMake: Consolidate all options to the root of the project 2021-01-01 14:37:04 +01:00
meme
23b23cee5a Build: Support non-i686 toolchains
* Add SERENITY_ARCH option to CMake for selecting the target toolchain
* Port all build scripts but continue to use i686
* Update GitHub Actions cache to include BuildIt.sh
2020-12-29 17:42:04 +01:00
Andrew Kaster
42323d769a Meta: Disable rpath generation for MacOS 2020-12-28 19:35:32 +01:00
Itamar
ec33e57f32 CMake: Generate SONAME attribute for shared objects
Previosuly, generation of the SONAME attribute was disabled.
This caused libraries to have relative paths in DT_NEEDED attributes
(e.g "Libraries/libcore.so" instead of just "libcore.so"),
which caused build errors when the working directory during build was
not $SERENITY_ROOT/Build.

This caused the build of ports that use libraries other than libc.so
to fail (e.g the nesalizer port).

Closes #4457
2020-12-26 17:38:39 +01:00
Sahan Fernando
e665ad92af Everywhere: Add -Wformat=2 to build 2020-12-26 10:05:50 +01:00