Commit graph

95 commits

Author SHA1 Message Date
Andreas Kling
fa4c249425 LibELF+Userland: Enable RELRO for all userland executables :^)
The dynamic loader will now mark RELRO segments read-only after
performing relocations. This is pretty cool!

Note that this only applies to main executables so far,.
RELRO support for shared libraries will require some reorganizing
of the dynamic loader.
2021-02-18 18:55:19 +01:00
AnotherTest
5729e76c7d Meta: Make it possible to (somewhat) build the system inside Serenity
This removes some hard references to the toolchain, some unnecessary
uses of an external install command, and disables a -Werror flag (for
the time being) - only if run inside serenity.

With this, we can build and link the kernel :^)
2021-02-15 17:32:56 +01:00
Brian Gianforcaro
566b916364 CMake: Add 'setup-and-run' target to perform all prereqs and run the image
Running 'ninja install && ninja image && ninja run` is kind of
annoying. I got tired, and came up with this instead, which does the
right thing and I don't have to type out the incantation.
2021-02-15 12:25:31 +01:00
Brian Gianforcaro
96943ab07c Kernel: Initial integration of Kernel Address Sanitizer (KASAN)
KASAN is a dynamic analysis tool that finds memory errors. It focuses
mostly on finding use-after-free and out-of-bound read/writes bugs.

KASAN works by allocating a "shadow memory" region which is used to store
whether each byte of memory is safe to access. The compiler then instruments
the kernel code and a check is inserted which validates the state of the
shadow memory region on every memory access (load or store).

To fully integrate KASAN into the SerenityOS kernel we need to:

 a) Implement the KASAN interface to intercept the injected loads/stores.

      void __asan_load*(address);
      void __asan_store(address);

 b) Setup KASAN region and determine the shadow memory offset + translation.
    This might be challenging since Serenity is only 32bit at this time.

    Ex: Linux implements kernel address -> shadow address translation like:

      static inline void *kasan_mem_to_shadow(const void *addr)
      {
          return ((unsigned long)addr >> KASAN_SHADOW_SCALE_SHIFT)
                  + KASAN_SHADOW_OFFSET;
      }

 c) Integrating KASAN with Kernel allocators.
    The kernel allocators need to be taught how to record allocation state
    in the shadow memory region.

This commit only implements the initial steps of this long process:
- A new (default OFF) CMake build flag `ENABLE_KERNEL_ADDRESS_SANITIZER`
- Stubs out enough of the KASAN interface to allow the Kernel to link clean.

Currently the KASAN kernel crashes on boot (triple fault because of the crash
in strlen other sanitizer are seeing) but the goal here is to just get started,
and this should help others jump in and continue making progress on KASAN.

References:
* ASAN Paper: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/37752.pdf
* KASAN Docs: https://github.com/google/kasan
* NetBSD KASAN Blog: https://blog.netbsd.org/tnf/entry/kernel_address_sanitizer_part_3
* LWN KASAN Article: https://lwn.net/Articles/612153/
* Tracking Issue #5351
2021-02-15 11:41:53 +01:00
Andreas Kling
1cec5f3d4c Build: Allow setting DBGLN_NO_COMPILETIME_FORMAT_CHECK via CMake flag 2021-02-08 18:27:28 +01:00
Linus Groh
dff808d087 Base: Remove /res/pci.ids and download at build time instead
This is an external file from https://pci-ids.ucw.cz that's being updated
daily, which was imported a while ago but probably shouldn't live in the
SerenityOS repository in the first place (or else would need manual
maintenance). The legal aspects of redistributing this file as we
currently do are not quite clear to me, they require either GPL (version
2 or later) or 3-clause BSD - Serenity is 2-clause BSD...

The current version we use is 2019.08.08, so quite outdated - and while
most of these devices are obviously not supported, we're still capable
of *listing* them, so having an up-to-date version with recent additions
and fixes would be nice.

This updates the root CMakeLists.txt to check for existence of the file
and download it if not found - effectively on every fresh build. Do note
that this is not a critical file, and the system runs just fine should
this ever fail. :^)
2021-02-07 01:14:36 +01:00
Andreas Kling
e87eac9273 Userland: Add LibSystem and funnel all syscalls through it
This achieves two things:

- Programs can now intentionally perform arbitrary syscalls by calling
  syscall(). This allows us to work on things like syscall fuzzing.

- It restricts the ability of userspace to make syscalls to a single
  4KB page of code. In order to call the kernel directly, an attacker
  must now locate this page and call through it.
2021-02-05 12:23:39 +01:00
asynts
7cf0c7cc0d Meta: Split debug defines into multiple headers.
The following script was used to make these changes:

    #!/bin/bash
    set -e

    tmp=$(mktemp -d)

    echo "tmp=$tmp"

    find Kernel \( -name '*.cpp' -o -name '*.h' \) | sort > $tmp/Kernel.files
    find . \( -path ./Toolchain -prune -o -path ./Build -prune -o -path ./Kernel -prune \) -o \( -name '*.cpp' -o -name '*.h' \) -print | sort > $tmp/EverythingExceptKernel.files

    cat $tmp/Kernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/Kernel.macros
    cat $tmp/EverythingExceptKernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/EverythingExceptKernel.macros

    comm -23 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/Kernel.unique
    comm -1 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/EverythingExceptKernel.unique

    cat $tmp/Kernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/Kernel.header
    cat $tmp/EverythingExceptKernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/EverythingExceptKernel.header

    for macro in $(cat $tmp/Kernel.unique)
    do
        cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.new-includes ||:
    done
    cat $tmp/Kernel.new-includes | sort > $tmp/Kernel.new-includes.sorted

    for macro in $(cat $tmp/EverythingExceptKernel.unique)
    do
        cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.old-includes ||:
    done
    cat $tmp/Kernel.old-includes | sort > $tmp/Kernel.old-includes.sorted

    comm -23 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.new
    comm -13 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.old
    comm -12 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.mixed

    for file in $(cat $tmp/Kernel.includes.new)
    do
        sed -i -E 's/#include <AK\/Debug\.h>/#include <Kernel\/Debug\.h>/' $file
    done

    for file in $(cat $tmp/Kernel.includes.mixed)
    do
        echo "mixed include in $file, requires manual editing."
    done
2021-01-26 21:20:00 +01:00
asynts
1a3a0836c0 Everywhere: Use CMake to generate AK/Debug.h.
This was done with the help of several scripts, I dump them here to
easily find them later:

    awk '/#ifdef/ { print "#cmakedefine01 "$2 }' AK/Debug.h.in

    for debug_macro in $(awk '/#ifdef/ { print $2 }' AK/Debug.h.in)
    do
        find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/#ifdef '$debug_macro'/#if '$debug_macro'/' {} \;
    done

    # Remember to remove WRAPPER_GERNERATOR_DEBUG from the list.
    awk '/#cmake/ { print "set("$2" ON)" }' AK/Debug.h.in
2021-01-25 09:47:36 +01:00
Andreas Kling
c7ac7e6eaf Services: Move to Userland/Services/ 2021-01-12 12:23:01 +01:00
Andreas Kling
4055b03291 DevTools: Move to Userland/DevTools/ 2021-01-12 12:18:55 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
Andreas Kling
dc28c07fa5 Applications: Move to Userland/Applications/ 2021-01-12 12:05:23 +01:00
Andreas Kling
aa939c4b4b Games: Move to Userland/Games/ 2021-01-12 12:04:23 +01:00
Andreas Kling
b8d6a56fa3 MenuApplets: Move to Userland/MenuApplets/ 2021-01-12 12:04:20 +01:00
Andreas Kling
7fc079bd86 Demos: Move to Userland/Demos/ 2021-01-12 12:04:17 +01:00
Andreas Kling
c4e2fd8123 Shell: Move to Userland/Shell/ 2021-01-12 12:04:07 +01:00
Andreas Kling
5a97e8bb23 CMake: Only enable "MacOS workaround" on MacOS
This was preventing ports from building on Linux.
2021-01-07 11:41:05 +01:00
Nico Weber
6ab81c32be CMake: set CMAKE_SKIP_RPATH everywhere
Else, there's tons of "-- Set runtime path of" spam at build time,
with apparently no way of disabling the build noise other than turning
of rpaths. If the dynamic loader uses them at some point, we probably
want to set them through cflags/ldflags instead of through cmake's
built-in thing anyways, for that reason.
2021-01-07 11:26:05 +01:00
Sahan Fernando
edeec2974f Everywhere: Force linker hash style to be gnu 2021-01-06 09:42:08 +01:00
Brian Gianforcaro
06da50afc7 Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions.

The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.

Details:

    -fstack-protector enables stack protection for vulnerable functions that contain:

    * A character array larger than 8 bytes.
    * An 8-bit integer array larger than 8 bytes.
    * A call to alloca() with either a variable size or a constant size bigger than 8 bytes.

    -fstack-protector-strong enables stack protection for vulnerable functions that contain:

    * An array of any size and type.
    * A call to alloca().
    * A local variable that has its address taken.

Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
2021-01-02 11:34:55 +01:00
Andrew Kaster
350d4d3543 Meta: Enable RTTI for Userspace programs
RTTI is still disabled for the Kernel, and for the Dynamic Loader. This
allows for much less awkward navigation of class heirarchies in LibCore,
LibGUI, LibWeb, and LibJS (eventually). Measured RootFS size increase
was < 1%, and libgui.so binary size was ~3.3%. The small binary size
increase here seems worth it :^)
2021-01-01 14:45:09 +01:00
Brian Gianforcaro
43908db594 CMake: Add public cmake option to document BUILD_LAGOM
- Making this an option makes this option visible to users and tooling.
2021-01-01 14:37:04 +01:00
Brian Gianforcaro
40f671ac67 CMake: Add public cmake option to document ENABLE_ALL_THE_DEBUG_MACROS
- Making this an option makes this option visible to users and tooling.
- Rename `ALL_THE_DEBUG_MACROS` -> `ENABLE_ALL_THE_DEBUG_MACROS`.
2021-01-01 14:37:04 +01:00
Brian Gianforcaro
ab6ee9f7b2 CMake: Remove some trailing whitespace from a few CMakeLists.txt files 2021-01-01 14:37:04 +01:00
Brian Gianforcaro
6d67c4cafc CMake: Consolidate all options to the root of the project 2021-01-01 14:37:04 +01:00
meme
23b23cee5a Build: Support non-i686 toolchains
* Add SERENITY_ARCH option to CMake for selecting the target toolchain
* Port all build scripts but continue to use i686
* Update GitHub Actions cache to include BuildIt.sh
2020-12-29 17:42:04 +01:00
Andrew Kaster
42323d769a Meta: Disable rpath generation for MacOS 2020-12-28 19:35:32 +01:00
Itamar
ec33e57f32 CMake: Generate SONAME attribute for shared objects
Previosuly, generation of the SONAME attribute was disabled.
This caused libraries to have relative paths in DT_NEEDED attributes
(e.g "Libraries/libcore.so" instead of just "libcore.so"),
which caused build errors when the working directory during build was
not $SERENITY_ROOT/Build.

This caused the build of ports that use libraries other than libc.so
to fail (e.g the nesalizer port).

Closes #4457
2020-12-26 17:38:39 +01:00
Sahan Fernando
e665ad92af Everywhere: Add -Wformat=2 to build 2020-12-26 10:05:50 +01:00
Itamar
bbedd320b5 Toolchain+LibC: Fix usage of crt files
We now configure the gcc spec files to use a different crt files for
static & PIE binaries.

This relieves us from the need to explicitly specify the desired crt0
file in cmake scripts.
2020-12-24 21:46:35 +01:00
Lenny Maiorani
e4ce485309 CMake: Decouple cmake utility functions from top-level CMakeLists.txt
Problem:
- These utility functions are only used in `AK`, but are being defined
  in the top-level. This clutters the top-level.

Solution:
- Move the utility functions to `Meta/CMake/utils.cmake` and include
  where needed.
- Also, move `all_the_debug_macros.cmake` into `Meta/CMake` directory
  to consolidate the location of `*.cmake` script files.
2020-12-24 11:02:04 +01:00
Lenny Maiorani
cef6b7b2e4 CMake: Use built-in add_compile_definitions for *_DEBUG macros
Problem:
- Modifying CXXFLAGS directly is an old CMake style.
- The giant and ever-growing list of `*_DEBUG` macros clutters the
  top-level CMakeLists.txt.

Solution:
- Use the more current `add_compile_definitions` function.
- Sort all the debug options so that they are easy to view.
- Move the `*_DEBUG` macros to their own file which can be included
  directly.
2020-12-22 21:01:51 +01:00
Lenny Maiorani
a95d230a3e LibGfx: Commonize functions in P*MLoader class implementations
Problem:
- Functions are duplicated in [PBM,PGM,PPM]Loader class
  implementations. They are functionally equivalent. This does not
  follow the DRY (Don't Repeat Yourself) principle.

Solution:
- Factor out the common functions into a separate file.
- Refactor common code to generic functions.
- Change `PPM_DEBUG` macro to be `PORTABLE_IMAGE_LOADER_DEBUG` to work
  with all the supported types. This requires adding the image type to
  the debug log messages for easier debugging.
2020-12-22 09:24:12 +01:00
Lenny Maiorani
6fac1abac4 CMake: Use add_compile_options instead of appending to CMAKE_CXX_FLAGS
Problem:
- Appending to CMAKE_CXX_FLAGS for everything is cumbersome.

Solution:
- Use the `add_compile_options` built-in function to handle adding
  compiler options (and even de-duplicating).
2020-12-22 09:22:04 +01:00
Lenny Maiorani
ded0b5a93c CMake: Set C++20 mode in canonical cmake
Problem:
- Setting `CMAKE_CXX_FLAGS` directly to effect the version of the C++
  standard being used is no longer the recommended best practice.

Solution:
- Set C++20 mode in the compiler by setting `CMAKE_CXX_STANDARD`.
- Force the build system generator not to fallback to the latest
  standard supported by the compiler by enabling
  `CMAKE_CXX_STANDARD_REQUIRED`. This shouldn't ever be a problem
  though since the toolchain is tightly controlled.
- Disable GNU compiler extensions by disabling `CMAKE_CXX_EXTENSIONS`
  to preserve the previous flags.
2020-12-22 09:22:04 +01:00
Liav A
0a2b00a1bf Kernel: Introduce the new Storage subsystem
This new subsystem is somewhat replacing the IDE disk code we had with a
new flexible design.

StorageDevice is a generic class that represent a generic storage
device. It is meant that specific storage hardware will override the
interface. StorageController is a generic class that represent
a storage controller that can be found in a machine.

The IDEController class governs two IDEChannels. An IDEChannel is
responsible to manage the master & slave devices of the channel,
therefore an IDEChannel is an IRQHandler.
2020-12-21 00:19:21 +01:00
William Marlow
39364bdda4 Build: Embed application icons directly in the executables.
New serenity_app() targets can be defined which allows application
icons to be emedded directly into the executable. The embedded
icons will then be used when creating an icon for that file in
LibGUI.
2020-12-21 00:12:59 +01:00
Andreas Kling
822dc56ef3 LibGUI: Introduce GML - a simple GUI Markup Language :^)
This patch replaces the UI-from-JSON mechanism with a more
human-friendly DSL.

The current implementation simply converts the GML into a JSON object
that can be consumed by GUI::Widget::load_from_json(). The parser is
not very helpful if you make a mistake.

The language offers a very simple way to instantiate any registered
Core::Object class by simply saying @ClassName

@GUI::Label {
    text: "Hello friends!"
    tooltip: ":^)"
}

Layouts are Core::Objects and can be assigned to the "layout" property:

@GUI::Widget {
    layout: @GUI::VerticalBoxLayout {
        spacing: 2
        margins: [8, 8, 8, 8]
    }
}

And finally, child objects are simply nested within their parent:

@GUI::Widget {
    layout: @GUI::HorizontalBoxLayout {
    }
    @GUI::Button {
        text: "OK"
    }
    @GUI::Button {
        text: "Cancel"
    }
}

This feels a *lot* more pleasant to write than the JSON we had. The fact
that no new code was being written with the JSON mechanism was pretty
telling, so let's approach this with developer convenience in mind. :^)
2020-12-20 11:59:40 +01:00
Tom
c4176b0da1 Kernel: Fix Lock race causing infinite spinning between two threads
We need to account for how many shared lock instances the current
thread owns, so that we can properly release such references when
yielding execution.

We also need to release the process lock when donating.
2020-12-16 23:38:17 +01:00
Itamar
758fc8c063 Toolchain: Fix usage of libgcc_s & build PIE executables by default
We can now build the porst with the shared libraries toolchain.
2020-12-14 23:05:53 +01:00
Itamar
0220b5361e LibC: Also build a static version of libc 2020-12-14 23:05:53 +01:00
Itamar
efe4da57df Loader: Stabilize loader & Use shared libraries everywhere :^)
The dynamic loader is now stable enough to be used everywhere in the
system - so this commit does just that.
No More .a Files, Long Live .so's!
2020-12-14 23:05:53 +01:00
Itamar
58c583f584 LibC: Add libc.so
We now compile everything with -static flag so libc.a would be use
2020-12-14 23:05:53 +01:00
Itamar
07b4957361 Loader: Add dynamic loader program
The dynamic loader exists as /usr/lib/Loader.so and is loaded by the
kernel when ET_DYN programs are executed.

The dynamic loader is responsible for loading the dependencies of the
main program, allocating TLS storage, preparing all loaded objects for
execution and finally jumping to the entry of the main program.
2020-12-14 23:05:53 +01:00
Tom
c455fc2030 Kernel: Change wait blocking to Process-only blocking
This prevents zombies created by multi-threaded applications and brings
our model back to closer to what other OSs do.

This also means that SIGSTOP needs to halt all threads, and SIGCONT needs
to resume those threads.
2020-12-12 21:28:12 +01:00
Linus Groh
28552f3f36 LibJS: Remove unused {INTERPRETER,VM}_DEBUG 2020-12-06 18:52:43 +01:00
Andreas Kling
484134d818 LookupServer: Put debug spam behind a macro 2020-12-06 01:16:39 +01:00
Ben Wiederhake
e1baf9ec92 Meta: Refresh ALL_THE_DEBUG_MACROS set 2020-12-01 11:06:53 +01:00
Ben Wiederhake
f82b2948cf Meta: Fix BMP_DEBUG, and always build on CI 2020-12-01 11:06:53 +01:00