mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-23 18:02:05 -05:00
Code Issues Projects Releases Packages Wiki Activity
serenity/Kernel/Syscall.cpp

139 lines
4.2 KiB
C++
Raw Normal View History

Kernel: Move i386.{cpp,h} => Arch/i386/CPU.{cpp,h} There's a ton of work that would need to be done before we could spin up on another architecture, but let's at least try to separate things out a bit.
2019-06-07 20:02:01 +02:00
#include <Kernel/Arch/i386/CPU.h>
Kernel: Only allow superuser to halt() the system (#342) Following the discussion in #334, shutdown must also have root-only run permissions.
2019-07-19 21:08:26 +10:00
#include <Kernel/Process.h>
Kernel: Add a systrace() syscall and implement /bin/strace using it. Calling systrace(pid) gives you a file descriptor with a stream of the syscalls made by a peer process. The process must be owned by the same UID who calls systrace(). :^)
2019-04-22 18:44:45 +02:00
#include <Kernel/ProcessTracer.h>
Kernel: Use get_fast_random() for the random syscall stack offset
2020-01-03 12:48:28 +01:00
#include <Kernel/Random.h>
Kernel: Run clang-format on everything.
2019-06-07 11:43:58 +02:00
#include <Kernel/Syscall.h>
Kernel: Implement some basic stack pointer validation VM regions can now be marked as stack regions, which is then validated on syscall, and on page fault. If a thread is caught with its stack pointer pointing into anything that's *not* a Region with its stack bit set, we'll crash the whole process with SIGSTKFLT. Userspace must now allocate custom stacks by using mmap() with the new MAP_STACK flag. This mechanism was first introduced in OpenBSD, and now we have it too, yay! :^)
2019-11-17 12:11:43 +01:00
#include <Kernel/VM/MemoryManager.h>
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
Kernel: Tidy up kernel entry points a little bit Now that we can see the kernel entry points all the time in profiles, let's tweak the names a little bit and switch to named exceptions.
2019-12-14 16:09:07 +01:00
extern "C" void syscall_handler(RegisterDump);
extern "C" void syscall_asm_entry();
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
Make kernel build with clang. It's a bit faster than g++ and seems to generate perfectly fine code. The kernel is also roughly 10% smaller(!)
2018-11-09 12:20:44 +01:00
asm(
Kernel: Tidy up kernel entry points a little bit Now that we can see the kernel entry points all the time in profiles, let's tweak the names a little bit and switch to named exceptions.
2019-12-14 16:09:07 +01:00
".globl syscall_asm_entry\n"
"syscall_asm_entry:\n"
Kernel: Add exception_code to RegisterDump. Added the exception_code field to RegisterDump, removing the need for RegisterDumpWithExceptionCode. To accomplish this, I had to push a dummy exception code during some interrupt entries to properly pad out the RegisterDump. Note that we also needed to change some code in sys$sigreturn to deal with the new RegisterDump layout.
2019-10-05 03:31:34 +13:00
" pushl $0x0\n"
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
" pusha\n"
Kernel: Make separate kernel entry points for each PIC IRQ Instead of having a common entry point and looking at the PIC ISR to figure out which IRQ we're servicing, just make a separate entryway for each IRQ that pushes the IRQ number and jumps to a common routine. This fixes a weird issue where incoming network packets would sometimes cause the mouse to stop working. I didn't track it down further than realizing we were sometimes EOI'ing the wrong IRQ.
2019-12-15 12:11:39 +01:00
" pushl %ds\n"
" pushl %es\n"
" pushl %fs\n"
" pushl %gs\n"
" pushl %ss\n"
" mov $0x10, %ax\n"
" mov %ax, %ds\n"
" mov %ax, %es\n"
Kernel: Clear the x86 DF flag when entering the kernel The SysV ABI says that the DF flag should be clear on function entry. That means we have to clear it when jumping into the kernel from some random userspace context.
2019-11-09 22:40:35 +01:00
" cld\n"
Kernel: Tidy up kernel entry points a little bit Now that we can see the kernel entry points all the time in profiles, let's tweak the names a little bit and switch to named exceptions.
2019-12-14 16:09:07 +01:00
" call syscall_handler\n"
Kernel: Make separate kernel entry points for each PIC IRQ Instead of having a common entry point and looking at the PIC ISR to figure out which IRQ we're servicing, just make a separate entryway for each IRQ that pushes the IRQ number and jumps to a common routine. This fixes a weird issue where incoming network packets would sometimes cause the mouse to stop working. I didn't track it down further than realizing we were sometimes EOI'ing the wrong IRQ.
2019-12-15 12:11:39 +01:00
" add $0x4, %esp\n"
" popl %gs\n"
" popl %fs\n"
" popl %es\n"
" popl %ds\n"
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
" popa\n"
Kernel: Add exception_code to RegisterDump. Added the exception_code field to RegisterDump, removing the need for RegisterDumpWithExceptionCode. To accomplish this, I had to push a dummy exception code during some interrupt entries to properly pad out the RegisterDump. Note that we also needed to change some code in sys$sigreturn to deal with the new RegisterDump layout.
2019-10-05 03:31:34 +13:00
" add $0x4, %esp\n"
Kernel: Run clang-format on everything.
2019-06-07 11:43:58 +02:00
" iret\n");
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
namespace Syscall {
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
static int handle(RegisterDump&, u32 function, u32 arg1, u32 arg2, u32 arg3);
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
void initialize()
{
Kernel: Tidy up kernel entry points a little bit Now that we can see the kernel entry points all the time in profiles, let's tweak the names a little bit and switch to named exceptions.
2019-12-14 16:09:07 +01:00
register_user_callable_interrupt_handler(0x82, syscall_asm_entry);
More compat work. Move syscall to int 0x82 since using int 0x80 was kinda prone to fork bombs when building things on Linux. :^)
2019-02-26 12:57:02 +01:00
kprintf("Syscall: int 0x82 handler installed\n");
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
}
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
#pragma GCC diagnostic ignored "-Wcast-function-type"
typedef int (Process::*Handler)(u32, u32, u32);
Kernel+LibC: Remove the isatty() syscall This can be implemented entirely in userspace by calling tcgetattr(). To avoid screwing up the syscall indexes, this patch also adds a mechanism for removing a syscall without shifting the index of other syscalls. Note that ports will still have to be rebuilt after this change, as their LibC code will try to make the isatty() syscall on startup.
2019-11-17 20:01:03 +01:00
#define __ENUMERATE_REMOVED_SYSCALL(x) nullptr,
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
#define __ENUMERATE_SYSCALL(x) reinterpret_cast<Handler>(&Process::sys$##x),
static Handler s_syscall_table[] = {
ENUMERATE_SYSCALLS
};
#undef __ENUMERATE_SYSCALL
Kernel+LibC: Remove the isatty() syscall This can be implemented entirely in userspace by calling tcgetattr(). To avoid screwing up the syscall indexes, this patch also adds a mechanism for removing a syscall without shifting the index of other syscalls. Note that ports will still have to be rebuilt after this change, as their LibC code will try to make the isatty() syscall on startup.
2019-11-17 20:01:03 +01:00
#undef __ENUMERATE_REMOVED_SYSCALL
Add sync() syscall and a /bin/sync. It walks all the live Inode objects and flushes pending metadata changes wherever needed. This could be optimized by keeping a separate list of dirty Inodes, but let's not get ahead of ourselves.
2018-12-20 00:39:29 +01:00
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
int handle(RegisterDump& regs, u32 function, u32 arg1, u32 arg2, u32 arg3)
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
{
Fix broken SpinLock. The SpinLock was all backwards and didn't actually work. Fixing it exposed how wrong most of the locking here is. I need to come up with a better granularity here.
2018-10-29 21:54:11 +01:00
ASSERT_INTERRUPTS_ENABLED();
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
auto& process = current->process();
Kernel: Make syscall counters and page fault counters per-thread Now that we show individual threads in SystemMonitor and "top", it's also very nice to have individual counters for the threads. :^)
2019-11-26 21:35:24 +01:00
current->did_syscall();
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
if (function == SC_exit || function == SC_exit_thread) {
// These syscalls need special handling since they never return to the caller.
Various things: - putch syscall now directly calls Console::putChar(). - /proc/summary includes some info about kmalloc stats. - Syscall entry is guarded by a simple spinlock. - Unmap regions for crashed tasks.
2018-10-23 15:19:02 +02:00
cli();
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
if (auto* tracer = process.tracer())
Kernel: Emit systrace events for exit, thread_exit and sigreturn. Since these syscalls don't return to caller, we have to emit the trace events manually.
2019-05-02 15:49:48 +02:00
tracer->did_syscall(function, arg1, arg2, arg3, 0);
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
if (function == SC_exit)
process.sys$exit((int)arg1);
else
LibPthread: Start working on a POSIX threading library This patch adds pthread_create() and pthread_exit(), which currently simply wrap our existing create_thread() and exit_thread() syscalls. LibThread is also ported to using LibPthread.
2019-11-13 21:49:24 +01:00
process.sys$exit_thread((void*)arg1);
Add a sys$exit and make init_stage2 call it when finished.
2018-10-22 11:43:55 +02:00
ASSERT_NOT_REACHED();
return 0;
Kernel+Userland: Addd reboot syscall (#334) Rolling with the theme of adding a dialog to shutdown the machine, it is probably nice to have a way to reboot the machine without performing a full system powerdown. A reboot program has been added to `/bin/` as well as a corresponding `syscall` (SC_reboot). This syscall works by attempting to pulse the 8042 keyboard controller. Note that this is NOT supported on new machines, and should only be a fallback until we have proper ACPI support. The implementation causes a triple fault in QEMU, which then restarts the system. The filesystems are locked and synchronized before this occurs, so there shouldn't be any corruption etctera.
2019-07-19 17:58:12 +10:00
}
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
if (function == SC_fork)
return process.sys$fork(regs);
if (function == SC_sigreturn)
return process.sys$sigreturn(regs);
if (function >= Function::__Count) {
dbg() << process << ": Unknown syscall %u requested (" << arg1 << ", " << arg2 << ", " << arg3 << ")";
Kernel: Return ENOSYS if an invalid syscall number is requested.
2019-05-23 17:02:58 +02:00
return -ENOSYS;
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
}
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
Kernel: When userspaces calls a removed syscall, fail with ENOSYS This is a bit gentler than jumping to 0x0, which always crashes the whole process. Also log a debug message about what happened, and let the user know that it's probably time to rebuild the program.
2019-11-18 12:35:14 +01:00
if (s_syscall_table[function] == nullptr) {
dbg() << process << ": Null syscall " << function << " requested: \"" << to_string((Function)function) << "\", you probably need to rebuild this program.";
return -ENOSYS;
}
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
return (process.*(s_syscall_table[function]))(arg1, arg2, arg3);
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
}
}
Kernel: Tidy up kernel entry points a little bit Now that we can see the kernel entry points all the time in profiles, let's tweak the names a little bit and switch to named exceptions.
2019-12-14 16:09:07 +01:00
void syscall_handler(RegisterDump regs)
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
{
Kernel: Start implementing x86 SMAP support Supervisor Mode Access Prevention (SMAP) is an x86 CPU feature that prevents the kernel from accessing userspace memory. With SMAP enabled, trying to read/write a userspace memory address while in the kernel will now generate a page fault. Since it's sometimes necessary to read/write userspace memory, there are two new instructions that quickly switch the protection on/off: STAC (disables protection) and CLAC (enables protection.) These are exposed in kernel code via the stac() and clac() helpers. There's also a SmapDisabler RAII object that can be used to ensure that you don't forget to re-enable protection before returning to userspace code. THis patch also adds copy_to_user(), copy_from_user() and memset_user() which are the "correct" way of doing things. These functions allow us to briefly disable protection for a specific purpose, and then turn it back on immediately after it's done. Going forward all kernel code should be moved to using these and all uses of SmapDisabler are to be considered FIXME's. Note that we're not realizing the full potential of this feature since I've used SmapDisabler quite liberally in this initial bring-up patch.
2020-01-05 18:00:15 +01:00
// Make sure SMAP protection is enabled on syscall entry.
clac();
Kernel: Add a random offset to kernel stacks upon syscall entry When entering the kernel from a syscall, we now insert a small bit of stack padding after the RegisterDump. This makes kernel stacks less deterministic across syscalls and may make some bugs harder to exploit. Inspired by Elena Reshetova's talk on kernel stack exploitation.
2020-01-01 23:10:25 +01:00
// Apply a random offset in the range 0-255 to the stack pointer,
// to make kernel stacks a bit less deterministic.
Kernel: Use get_fast_random() for the random syscall stack offset
2020-01-03 12:48:28 +01:00
auto* ptr = (char*)__builtin_alloca(get_fast_random<u8>());
Kernel: Add a random offset to kernel stacks upon syscall entry When entering the kernel from a syscall, we now insert a small bit of stack padding after the RegisterDump. This makes kernel stacks less deterministic across syscalls and may make some bugs harder to exploit. Inspired by Elena Reshetova's talk on kernel stack exploitation.
2020-01-01 23:10:25 +01:00
asm volatile(""
: "=m"(*ptr));
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
auto& process = current->process();
Kernel: Implement some basic stack pointer validation VM regions can now be marked as stack regions, which is then validated on syscall, and on page fault. If a thread is caught with its stack pointer pointing into anything that's *not* a Region with its stack bit set, we'll crash the whole process with SIGSTKFLT. Userspace must now allocate custom stacks by using mmap() with the new MAP_STACK flag. This mechanism was first introduced in OpenBSD, and now we have it too, yay! :^)
2019-11-17 12:11:43 +01:00
Kernel: Rename {ss,esp}_if_crossRing to userspace_{ss,esp} These were always so awkwardly named.
2020-01-09 18:02:01 +01:00
if (!MM.validate_user_stack(process, VirtualAddress(regs.userspace_esp))) {
dbgprintf("Invalid stack pointer: %p\n", regs.userspace_esp);
Kernel: Implement some basic stack pointer validation VM regions can now be marked as stack regions, which is then validated on syscall, and on page fault. If a thread is caught with its stack pointer pointing into anything that's *not* a Region with its stack bit set, we'll crash the whole process with SIGSTKFLT. Userspace must now allocate custom stacks by using mmap() with the new MAP_STACK flag. This mechanism was first introduced in OpenBSD, and now we have it too, yay! :^)
2019-11-17 12:11:43 +01:00
handle_crash(regs, "Bad stack on syscall entry", SIGSTKFLT);
ASSERT_NOT_REACHED();
}
Kernel: Disallow syscalls from writeable memory Processes will now crash with SIGSEGV if they attempt making a syscall from PROT_WRITE memory. This neat idea comes from OpenBSD. :^)
2019-11-29 16:15:30 +01:00
auto* calling_region = MM.region_from_vaddr(process, VirtualAddress(regs.eip));
if (!calling_region) {
dbgprintf("Syscall from %p which has no region\n", regs.eip);
handle_crash(regs, "Syscall from unknown region", SIGSEGV);
ASSERT_NOT_REACHED();
}
if (calling_region->is_writable()) {
dbgprintf("Syscall from writable memory at %p\n", regs.eip);
handle_crash(regs, "Syscall from writable memory", SIGSEGV);
ASSERT_NOT_REACHED();
}
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
process.big_lock().lock();
AK: Rename the common integer typedefs to make it obvious what they are. These types can be picked up by including <AK/Types.h>: * u8, u16, u32, u64 (unsigned) * i8, i16, i32, i64 (signed)
2019-07-03 21:17:35 +02:00
u32 function = regs.eax;
u32 arg1 = regs.edx;
u32 arg2 = regs.ecx;
u32 arg3 = regs.ebx;
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
regs.eax = (u32)Syscall::handle(regs, function, arg1, arg2, arg3);
if (auto* tracer = process.tracer())
Kernel: Add a systrace() syscall and implement /bin/strace using it. Calling systrace(pid) gives you a file descriptor with a stream of the syscalls made by a peer process. The process must be owned by the same UID who calls systrace(). :^)
2019-04-22 18:44:45 +02:00
tracer->did_syscall(function, arg1, arg2, arg3, regs.eax);
Kernel: Use a lookup table for syscalls Instead of the big ugly switch statement, build a lookup table using the syscall enumeration macro. This greatly simplifies the syscall implementation. :^)
2019-11-09 22:18:16 +01:00
process.big_lock().unlock();
Kernel: Unwind kernel stacks before dying While executing in the kernel, a thread can acquire various resources that need cleanup, such as locks and references to RefCounted objects. This cleanup normally happens on the exit path, such as in destructors for various RAII guards. But we weren't calling those exit paths when killing threads that have been executing in the kernel, such as threads blocked on reading or sleeping, thus causing leaks. This commit changes how killing threads works. Now, instead of killing a thread directly, one is supposed to call thread->set_should_die(), which will unblock it and make it unwind the stack if it is blocked in the kernel. Then, just before returning to the userspace, the thread will automatically die.
2019-11-14 18:46:01 +03:00
// Check if we're supposed to return to userspace or just die.
current->die_if_needed();
Import the "gerbert" kernel I worked on earlier this year. It's a lot crappier than I remembered it. It's gonna need a lot of work.
2018-10-16 11:01:38 +02:00
}
Reference in a new issue Copy permalink