mirrors/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity.git synced 2025-01-25 19:02:07 -05:00
Code Issues Projects Releases Packages Wiki Activity
serenity/Kernel/Syscalls/execve.cpp

991 lines
38 KiB
C++
Raw Normal View History

Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
/*
Kernel+Profiler: Make profiling per-process and without core dumps This patch merges the profiling functionality in the kernel with the performance events mechanism. A profiler sample is now just another perf event, rather than a dedicated thing. Since perf events were already per-process, this now makes profiling per-process as well. Processes with perf events would already write out a perfcore.PID file to the current directory on death, but since we may want to profile a process and then let it continue running, recorded perf events can now be accessed at any time via /proc/PID/perf_events. This patch also adds information about process memory regions to the perfcore JSON format. This removes the need to supply a core dump to the Profiler app for symbolication, and so the "profiler coredump" mechanism is removed entirely. There's still a hard limit of 4MB worth of perf events per process, so this is by no means a perfect final design, but it's a nice step forward for both simplicity and stability. Fixes #4848 Fixes #4849
2021-01-11 09:52:18 +01:00
* Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
*
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 01:24:48 -07:00
* SPDX-License-Identifier: BSD-2-Clause
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
*/
#include <AK/ScopeGuard.h>
Everywhere: Add missing <AK/TemporaryChange.h> includes Don't rely on HashTable.h pulling this in.
2020-10-15 20:46:52 +02:00
#include <AK/TemporaryChange.h>
AK: Simplify constructors and conversions from nullptr_t Problem: - Many constructors are defined as `{}` rather than using the ` = default` compiler-provided constructor. - Some types provide an implicit conversion operator from `nullptr_t` instead of requiring the caller to default construct. This violates the C++ Core Guidelines suggestion to declare single-argument constructors explicit (https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit). Solution: - Change default constructors to use the compiler-provided default constructor. - Remove implicit conversion operators from `nullptr_t` and change usage to enforce type consistency without conversion.
2021-01-10 16:29:28 -07:00
#include <AK/WeakPtr.h>
Meta: Split debug defines into multiple headers. The following script was used to make these changes: #!/bin/bash set -e tmp=$(mktemp -d) echo "tmp=$tmp" find Kernel \( -name '*.cpp' -o -name '*.h' \) | sort > $tmp/Kernel.files find . \( -path ./Toolchain -prune -o -path ./Build -prune -o -path ./Kernel -prune \) -o \( -name '*.cpp' -o -name '*.h' \) -print | sort > $tmp/EverythingExceptKernel.files cat $tmp/Kernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/Kernel.macros cat $tmp/EverythingExceptKernel.files | xargs grep -Eho '[A-Z0-9_]+_DEBUG' | sort | uniq > $tmp/EverythingExceptKernel.macros comm -23 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/Kernel.unique comm -1 $tmp/Kernel.macros $tmp/EverythingExceptKernel.macros > $tmp/EverythingExceptKernel.unique cat $tmp/Kernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/Kernel.header cat $tmp/EverythingExceptKernel.unique | awk '{ print "#cmakedefine01 "$1 }' > $tmp/EverythingExceptKernel.header for macro in $(cat $tmp/Kernel.unique) do cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.new-includes ||: done cat $tmp/Kernel.new-includes | sort > $tmp/Kernel.new-includes.sorted for macro in $(cat $tmp/EverythingExceptKernel.unique) do cat $tmp/Kernel.files | xargs grep -l $macro >> $tmp/Kernel.old-includes ||: done cat $tmp/Kernel.old-includes | sort > $tmp/Kernel.old-includes.sorted comm -23 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.new comm -13 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.old comm -12 $tmp/Kernel.new-includes.sorted $tmp/Kernel.old-includes.sorted > $tmp/Kernel.includes.mixed for file in $(cat $tmp/Kernel.includes.new) do sed -i -E 's/#include <AK\/Debug\.h>/#include <Kernel\/Debug\.h>/' $file done for file in $(cat $tmp/Kernel.includes.mixed) do echo "mixed include in $file, requires manual editing." done
2021-01-25 16:07:10 +01:00
#include <Kernel/Debug.h>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
#include <Kernel/FileSystem/Custody.h>
#include <Kernel/FileSystem/FileDescription.h>
Kernel: Add stubs for missing x86_64 functionality This adds just enough stubs to make the kernel compile on x86_64. Obviously it won't do anything useful - in fact it won't even attempt to boot because Multiboot doesn't support ELF64 binaries - but it gets those compiler errors out of the way so more progress can be made getting all the missing functionality in place.
2021-06-23 21:54:41 +02:00
#include <Kernel/Panic.h>
Kernel: Move process creation perf events to PerformanceManager
2021-05-07 01:38:50 -07:00
#include <Kernel/PerformanceManager.h>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
#include <Kernel/Process.h>
#include <Kernel/Random.h>
#include <Kernel/Time/TimeManagement.h>
Kernel: Merge PurgeableVMObject into AnonymousVMObject This implements memory commitments and lazy-allocation of committed memory.
2020-09-05 15:52:14 -06:00
#include <Kernel/VM/AllocationStrategy.h>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
#include <Kernel/VM/MemoryManager.h>
#include <Kernel/VM/PageDirectory.h>
#include <Kernel/VM/Region.h>
#include <Kernel/VM/SharedInodeVMObject.h>
#include <LibC/limits.h>
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
#include <LibELF/AuxiliaryVector.h>
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
#include <LibELF/Image.h>
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
#include <LibELF/Validation.h>
namespace Kernel {
Kernel: Map signal trampoline into each process's address space The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-14 00:53:53 +01:00
extern Region* g_signal_trampoline_region;
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
struct LoadResult {
OwnPtr<Space> space;
FlatPtr load_base { 0 };
FlatPtr entry_eip { 0 };
size_t size { 0 };
WeakPtr<Region> tls_region;
size_t tls_size { 0 };
size_t tls_alignment { 0 };
WeakPtr<Region> stack_region;
};
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
static Vector<ELF::AuxiliaryValue> generate_auxiliary_vector(FlatPtr load_base, FlatPtr entry_eip, uid_t uid, uid_t euid, gid_t gid, gid_t egid, String executable_path, int main_program_fd);
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
static bool validate_stack_size(const Vector<String>& arguments, const Vector<String>& environment)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
Kernel: Limit exec arguments and environment to 1/8th of stack each This sort-of matches what some other systems do and seems like a generally sane thing to do instead of allowing programs to spawn a child with a nearly full stack.
2021-01-17 18:26:12 +01:00
size_t total_arguments_size = 0;
size_t total_environment_size = 0;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
for (auto& a : arguments)
Kernel: Limit exec arguments and environment to 1/8th of stack each This sort-of matches what some other systems do and seems like a generally sane thing to do instead of allowing programs to spawn a child with a nearly full stack.
2021-01-17 18:26:12 +01:00
total_arguments_size += a.length() + 1;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
for (auto& e : environment)
Kernel: Limit exec arguments and environment to 1/8th of stack each This sort-of matches what some other systems do and seems like a generally sane thing to do instead of allowing programs to spawn a child with a nearly full stack.
2021-01-17 18:26:12 +01:00
total_environment_size += e.length() + 1;
total_arguments_size += sizeof(char*) * (arguments.size() + 1);
total_environment_size += sizeof(char*) * (environment.size() + 1);
static constexpr size_t max_arguments_size = Thread::default_userspace_stack_size / 8;
static constexpr size_t max_environment_size = Thread::default_userspace_stack_size / 8;
if (total_arguments_size > max_arguments_size)
return false;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Limit exec arguments and environment to 1/8th of stack each This sort-of matches what some other systems do and seems like a generally sane thing to do instead of allowing programs to spawn a child with a nearly full stack.
2021-01-17 18:26:12 +01:00
if (total_environment_size > max_environment_size)
return false;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
// FIXME: This doesn't account for the size of the auxiliary vector
Kernel: Limit exec arguments and environment to 1/8th of stack each This sort-of matches what some other systems do and seems like a generally sane thing to do instead of allowing programs to spawn a child with a nearly full stack.
2021-01-17 18:26:12 +01:00
return true;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
static KResultOr<FlatPtr> make_userspace_context_for_main_thread([[maybe_unused]] ThreadRegisters& regs, Region& region, Vector<String> arguments,
Vector<String> environment, Vector<ELF::AuxiliaryValue> auxiliary_values)
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
{
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
FlatPtr new_sp = region.range().end().get();
Kernel: Add some bits of randomness to the userspace stack pointer This patch adds a random offset between 0 and 4096 to the initial stack pointer in new processes. Since the stack has to be 16-byte aligned, the bottom bits can't be randomized. Yet another thing to make things less predictable. :^)
2021-02-14 11:47:25 +01:00
// Add some bits of randomness to the user stack pointer.
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
new_sp -= round_up_to_power_of_two(get_fast_random<u32>() % 4096, 16);
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
auto push_on_new_stack = [&new_sp](FlatPtr value) {
new_sp -= sizeof(FlatPtr);
Userspace<FlatPtr*> stack_ptr = new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
return copy_to_user(stack_ptr, &value);
};
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
auto push_aux_value_on_new_stack = [&new_sp](auxv_t value) {
new_sp -= sizeof(auxv_t);
Userspace<auxv_t*> stack_ptr = new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
return copy_to_user(stack_ptr, &value);
};
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
auto push_string_on_new_stack = [&new_sp](const String& string) {
new_sp -= round_up_to_power_of_two(string.length() + 1, sizeof(FlatPtr));
Userspace<FlatPtr*> stack_ptr = new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
return copy_to_user(stack_ptr, string.characters(), string.length() + 1);
};
Vector<FlatPtr> argv_entries;
for (auto& argument : arguments) {
push_string_on_new_stack(argument);
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
if (!argv_entries.try_append(new_sp))
Kernel: Harden sys$execve Vector usage against OOM.
2021-04-29 01:40:19 -07:00
return ENOMEM;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
}
Vector<FlatPtr> env_entries;
for (auto& variable : environment) {
push_string_on_new_stack(variable);
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
if (!env_entries.try_append(new_sp))
Kernel: Harden sys$execve Vector usage against OOM.
2021-04-29 01:40:19 -07:00
return ENOMEM;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
}
for (auto& value : auxiliary_values) {
if (!value.optional_string.is_empty()) {
push_string_on_new_stack(value.optional_string);
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
value.auxv.a_un.a_ptr = (void*)new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
}
}
for (ssize_t i = auxiliary_values.size() - 1; i >= 0; --i) {
auto& value = auxiliary_values[i];
push_aux_value_on_new_stack(value.auxv);
}
push_on_new_stack(0);
for (ssize_t i = env_entries.size() - 1; i >= 0; --i)
push_on_new_stack(env_entries[i]);
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
FlatPtr envp = new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
push_on_new_stack(0);
for (ssize_t i = argv_entries.size() - 1; i >= 0; --i)
push_on_new_stack(argv_entries[i]);
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
FlatPtr argv = new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
// NOTE: The stack needs to be 16-byte aligned.
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
new_sp -= new_sp % 16;
#if ARCH(I386)
Kernel: Make processes start with a 16-byte-aligned stack
2021-05-02 03:22:00 +10:00
// GCC assumes that the return address has been pushed to the stack when it enters the function,
// so we need to reserve an extra pointer's worth of bytes below this to make GCC's stack alignment
// calculations work
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
new_sp -= sizeof(void*);
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
push_on_new_stack(envp);
push_on_new_stack(argv);
push_on_new_stack(argv_entries.size());
#else
Kernel: Fix correct argument order for userspace entry point
2021-06-29 11:02:43 +02:00
regs.rdi = argv_entries.size();
regs.rsi = argv;
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
regs.rdx = envp;
#endif
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
Kernel+Userland: Make the stack alignment comply with the System V ABI The System V ABI for both x86 and x86_64 requires that the stack pointer is 16-byte aligned on entry. Previously we did not align the stack pointer properly. As far as "main" was concerned the stack alignment was correct even without this patch due to how the C++ _start function and the kernel interacted, i.e. the kernel misaligned the stack as far as the ABI was concerned but that misalignment (read: it was properly aligned for a regular function call - but misaligned in terms of what the ABI dictates) was actually expected by our _start function.
2021-07-09 00:58:43 +02:00
VERIFY(new_sp % 16 == 0);
Kernel: Make processes start with a 16-byte-aligned stack
2021-05-02 03:22:00 +10:00
Kernel+Userland: Make the stack alignment comply with the System V ABI The System V ABI for both x86 and x86_64 requires that the stack pointer is 16-byte aligned on entry. Previously we did not align the stack pointer properly. As far as "main" was concerned the stack alignment was correct even without this patch due to how the C++ _start function and the kernel interacted, i.e. the kernel misaligned the stack as far as the ABI was concerned but that misalignment (read: it was properly aligned for a regular function call - but misaligned in terms of what the ABI dictates) was actually expected by our _start function.
2021-07-09 00:58:43 +02:00
// FIXME: The way we're setting up the stack and passing arguments to the entry point isn't ABI-compliant
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
return new_sp;
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
}
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
struct RequiredLoadRange {
FlatPtr start { 0 };
FlatPtr end { 0 };
};
static KResultOr<RequiredLoadRange> get_required_load_range(FileDescription& program_description)
{
auto& inode = *(program_description.inode());
Kernel: Make SharedInodeVMObject allocation OOM-safe
2021-07-11 17:52:07 +02:00
auto vmobject = SharedInodeVMObject::try_create_with_inode(inode);
if (!vmobject) {
dbgln("get_required_load_range: Unable to allocate SharedInodeVMObject");
return ENOMEM;
}
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
size_t executable_size = inode.size();
Kernel: Assert if rounding-up-to-page-size would wrap around to 0 If we try to align a number above 0xfffff000 to the next multiple of the page size (4 KiB), it would wrap around to 0. This is most likely never what we want, so let's assert if that happens.
2021-02-14 09:57:19 +01:00
auto region = MM.allocate_kernel_region_with_vmobject(*vmobject, page_round_up(executable_size), "ELF memory range calculation", Region::Access::Read);
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
if (!region) {
dbgln("Could not allocate memory for ELF");
return ENOMEM;
}
auto elf_image = ELF::Image(region->vaddr().as_ptr(), executable_size);
if (!elf_image.is_valid()) {
return EINVAL;
}
RequiredLoadRange range {};
elf_image.for_each_program_header([&range](const auto& pheader) {
if (pheader.type() != PT_LOAD)
AK+Kernel+LibELF: Remove the need for `IteratorDecision::Continue` By constraining two implementations, the compiler will select the best fitting one. All this will require is duplicating the implementation and simplifying for the `void` case. This constraining also informs both the caller and compiler by passing the callback parameter types as part of the constraint (e.g.: `IterationFunction<int>`). Some `for_each` functions in LibELF only take functions which return `void`. This is a minimal correctness check, as it removes one way for a function to incompletely do something. There seems to be a possible idiom where inside a lambda, a `return;` is the same as `continue;` in a for-loop.
2021-05-16 02:36:52 -07:00
return;
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
auto region_start = (FlatPtr)pheader.vaddr().as_ptr();
auto region_end = region_start + pheader.size_in_memory();
if (range.start == 0 || region_start < range.start)
range.start = region_start;
if (range.end == 0 || region_end > range.end)
range.end = region_end;
});
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(range.end > range.start);
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
return range;
};
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
static KResultOr<FlatPtr> get_load_offset(const ElfW(Ehdr) & main_program_header, FileDescription& main_program_description, FileDescription* interpreter_description)
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
{
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
constexpr FlatPtr load_range_start = 0x08000000;
constexpr FlatPtr load_range_size = 65536 * PAGE_SIZE; // 2**16 * PAGE_SIZE = 256MB
constexpr FlatPtr minimum_load_offset_randomization_size = 10 * MiB;
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
auto random_load_offset_in_range([](auto start, auto size) {
Kernel: Assert if rounding-up-to-page-size would wrap around to 0 If we try to align a number above 0xfffff000 to the next multiple of the page size (4 KiB), it would wrap around to 0. This is most likely never what we want, so let's assert if that happens.
2021-02-14 09:57:19 +01:00
return page_round_down(start + get_good_random<FlatPtr>() % size);
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
});
if (main_program_header.e_type == ET_DYN) {
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
return random_load_offset_in_range(load_range_start, load_range_size);
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
}
if (main_program_header.e_type != ET_EXEC)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EINVAL;
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
auto main_program_load_range_result = get_required_load_range(main_program_description);
if (main_program_load_range_result.is_error())
return main_program_load_range_result.error();
auto main_program_load_range = main_program_load_range_result.value();
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
RequiredLoadRange selected_range {};
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
if (interpreter_description) {
auto interpreter_load_range_result = get_required_load_range(*interpreter_description);
if (interpreter_load_range_result.is_error())
return interpreter_load_range_result.error();
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
auto interpreter_size_in_memory = interpreter_load_range_result.value().end - interpreter_load_range_result.value().start;
auto interpreter_load_range_end = load_range_start + load_range_size - interpreter_size_in_memory;
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
// No intersection
if (main_program_load_range.end < load_range_start || main_program_load_range.start > interpreter_load_range_end)
return random_load_offset_in_range(load_range_start, load_range_size);
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
RequiredLoadRange first_available_part = { load_range_start, main_program_load_range.start };
RequiredLoadRange second_available_part = { main_program_load_range.end, interpreter_load_range_end };
// Select larger part
if (first_available_part.end - first_available_part.start > second_available_part.end - second_available_part.start)
selected_range = first_available_part;
else
selected_range = second_available_part;
} else
selected_range = main_program_load_range;
// If main program is too big and leaves us without enough space for adequate loader randomization
if (selected_range.end - selected_range.start < minimum_load_offset_randomization_size)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return E2BIG;
Kernel: Move get_interpreter_load_offset() out of Process class This is only used inside the sys$execve() implementation so just make it a execve.cpp local function.
2021-02-12 16:30:29 +01:00
return random_load_offset_in_range(selected_range.start, selected_range.end - selected_range.start);
}
Kernel: Move ShouldAllocateTls enum from Process to execve.cpp
2021-02-08 22:24:37 +01:00
enum class ShouldAllocateTls {
No,
Yes,
};
Kernel: Allow system calls from the dynamic loader Previously the dynamic loader would become unused after it had invoked the program's entry function. However, in order to support exceptions and - at a later point - dlfcn functionality we need to call back into the dynamic loader at runtime. Because the dynamic loader has a static copy of LibC it'll attempt to invoke syscalls directly from its text segment. For this to work the executable region for the dynamic loader needs to have syscalls enabled.
2021-04-16 21:50:17 +02:00
enum class ShouldAllowSyscalls {
No,
Yes,
};
static KResultOr<LoadResult> load_elf_object(NonnullOwnPtr<Space> new_space, FileDescription& object_description,
FlatPtr load_offset, ShouldAllocateTls should_allocate_tls, ShouldAllowSyscalls should_allow_syscalls)
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
{
auto& inode = *(object_description.inode());
Kernel: Make SharedInodeVMObject allocation OOM-safe
2021-07-11 17:52:07 +02:00
auto vmobject = SharedInodeVMObject::try_create_with_inode(inode);
if (!vmobject) {
dbgln("load_elf_object: Unable to allocate SharedInodeVMObject");
return ENOMEM;
}
Kernel: Remove an unnecessary cast in sys$execve()
2020-12-25 14:16:35 +01:00
if (vmobject->writable_mappings()) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("Refusing to execute a write-mapped program");
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ETXTBSY;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Don't fetch full inode metadata in sys$execve() We only need the size, so let's not fetch all the metadata.
2020-12-25 14:15:33 +01:00
size_t executable_size = inode.size();
Kernel: Assert if rounding-up-to-page-size would wrap around to 0 If we try to align a number above 0xfffff000 to the next multiple of the page size (4 KiB), it would wrap around to 0. This is most likely never what we want, so let's assert if that happens.
2021-02-14 09:57:19 +01:00
auto executable_region = MM.allocate_kernel_region_with_vmobject(*vmobject, page_round_up(executable_size), "ELF loading", Region::Access::Read);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (!executable_region) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("Could not allocate memory for ELF loading");
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOMEM;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
auto elf_image = ELF::Image(executable_region->vaddr().as_ptr(), executable_size);
Kernel: Add back missing ELF::Image validity check If the image is not a valid ELF we should just fail ASAP.
2020-12-25 14:06:19 +01:00
if (!elf_image.is_valid())
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Add back missing ELF::Image validity check If the image is not a valid ELF we should just fail ASAP.
2020-12-25 14:06:19 +01:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
Region* master_tls_region { nullptr };
size_t master_tls_size = 0;
size_t master_tls_alignment = 0;
Loader: Stabilize loader & Use shared libraries everywhere :^) The dynamic loader is now stable enough to be used everywhere in the system - so this commit does just that. No More .a Files, Long Live .so's!
2020-10-17 14:39:36 +03:00
FlatPtr load_base_address = 0;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
String elf_name = object_description.absolute_path();
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(!Processor::current().in_critical());
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
MemoryManager::enter_space(*new_space);
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
KResult ph_load_result = KSuccess;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
elf_image.for_each_program_header([&](const ELF::Image::ProgramHeader& program_header) {
if (program_header.type() == PT_TLS) {
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(should_allocate_tls == ShouldAllocateTls::Yes);
VERIFY(program_header.size_in_memory());
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
if (!elf_image.is_within_image(program_header.raw_data(), program_header.size_in_image())) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("Shenanigans! ELF PT_TLS header sneaks outside of executable.");
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
ph_load_result = ENOEXEC;
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto range = new_space->allocate_range({}, program_header.size_in_memory());
Kernel: Remove Range "valid" state and use Optional<Range> instead It's easier to understand VM ranges if they are always valid. We can simply use an empty Optional<Range> to encode absence when needed.
2021-01-27 21:01:45 +01:00
if (!range.has_value()) {
Kernel: Remove allocate_region() functions that don't take a Range Let's force callers to provide a VM range when allocating a region. This makes ENOMEM error handling more visible and removes implicit VM allocation which felt a bit magical.
2021-01-26 14:13:57 +01:00
ph_load_result = ENOMEM;
return IterationDecision::Break;
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto region_or_error = new_space->allocate_region(range.value(), String::formatted("{} (master-tls)", elf_name), PROT_READ | PROT_WRITE, AllocationStrategy::Reserve);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (region_or_error.is_error()) {
ph_load_result = region_or_error.error();
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel: Set TLS-related members of Process after loading static program We previously ignored these values in the return value of load_elf_object, which causes us to not allocate a TLS region for statically-linked programs.
2021-03-15 21:56:13 +02:00
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
master_tls_region = region_or_error.value();
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
master_tls_size = program_header.size_in_memory();
master_tls_alignment = program_header.alignment();
if (!copy_to_user(master_tls_region->vaddr().as_ptr(), program_header.raw_data(), program_header.size_in_image())) {
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
ph_load_result = EFAULT;
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Continue;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
if (program_header.type() != PT_LOAD)
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Continue;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
if (program_header.is_writable()) {
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
// Writable section: create a copy in memory.
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(program_header.size_in_memory());
VERIFY(program_header.alignment() == PAGE_SIZE);
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
if (!elf_image.is_within_image(program_header.raw_data(), program_header.size_in_image())) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("Shenanigans! Writable ELF PT_LOAD header sneaks outside of executable.");
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
ph_load_result = ENOEXEC;
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
int prot = 0;
if (program_header.is_readable())
prot |= PROT_READ;
if (program_header.is_writable())
prot |= PROT_WRITE;
auto region_name = String::formatted("{} (data-{}{})", elf_name, program_header.is_readable() ? "r" : "", program_header.is_writable() ? "w" : "");
Kernel: Fix rounding of PT_LOAD mappings in sys$execve() We were not rounding the mappings down/up correctly, which could lead to executables missing the last 4 KB of text and/or data.
2021-03-12 17:26:24 +01:00
auto range_base = VirtualAddress { page_round_down(program_header.vaddr().offset(load_offset).get()) };
auto range_end = VirtualAddress { page_round_up(program_header.vaddr().offset(load_offset).offset(program_header.size_in_memory()).get()) };
auto range = new_space->allocate_range(range_base, range_end.get() - range_base.get());
Kernel: Remove Range "valid" state and use Optional<Range> instead It's easier to understand VM ranges if they are always valid. We can simply use an empty Optional<Range> to encode absence when needed.
2021-01-27 21:01:45 +01:00
if (!range.has_value()) {
Kernel: Remove allocate_region() functions that don't take a Range Let's force callers to provide a VM range when allocating a region. This makes ENOMEM error handling more visible and removes implicit VM allocation which felt a bit magical.
2021-01-26 14:13:57 +01:00
ph_load_result = ENOMEM;
return IterationDecision::Break;
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto region_or_error = new_space->allocate_region(range.value(), region_name, prot, AllocationStrategy::Reserve);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (region_or_error.is_error()) {
ph_load_result = region_or_error.error();
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel: Simplify ELF loading logic in sys$execve() somewhat Get rid of the lambda functions and put the logic inline in the program header traversal loop instead. This makes the code quite a bit shorter and hopefully makes it easier to see what's going on.
2020-12-25 02:31:04 +01:00
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
// It's not always the case with PIE executables (and very well shouldn't be) that the
// virtual address in the program header matches the one we end up giving the process.
// In order to copy the data image correctly into memory, we need to copy the data starting at
// the right initial page offset into the pages allocated for the elf_alloc-XX section.
// FIXME: There's an opportunity to munmap, or at least mprotect, the padding space between
// the .text and .data PT_LOAD sections of the executable.
// Accessing it would definitely be a bug.
auto page_offset = program_header.vaddr();
page_offset.mask(~PAGE_MASK);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (!copy_to_user((u8*)region_or_error.value()->vaddr().as_ptr() + page_offset.get(), program_header.raw_data(), program_header.size_in_image())) {
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
ph_load_result = EFAULT;
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Continue;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
}
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
// Non-writable section: map the executable itself in memory.
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(program_header.size_in_memory());
VERIFY(program_header.alignment() == PAGE_SIZE);
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
int prot = 0;
if (program_header.is_readable())
prot |= PROT_READ;
if (program_header.is_writable())
prot |= PROT_WRITE;
if (program_header.is_executable())
prot |= PROT_EXEC;
Kernel: Map non-page-aligned text segments correctly `.text` segments with non-aligned offsets had their lengths applied to the first page's base address. This meant that in some cases the last PAGE_SIZE - 1 bytes weren't mapped. Previously, it did not cause any problems as the GNU ld insists on aligning everything; but that's not the case with the LLVM toolchain.
2021-07-07 20:38:54 +02:00
auto range_base = VirtualAddress { page_round_down(program_header.vaddr().offset(load_offset).get()) };
auto range_end = VirtualAddress { page_round_up(program_header.vaddr().offset(load_offset).offset(program_header.size_in_memory()).get()) };
auto range = new_space->allocate_range(range_base, range_end.get() - range_base.get());
Kernel: Remove Range "valid" state and use Optional<Range> instead It's easier to understand VM ranges if they are always valid. We can simply use an empty Optional<Range> to encode absence when needed.
2021-01-27 21:01:45 +01:00
if (!range.has_value()) {
Kernel: Remove allocate_region() functions that don't take a Range Let's force callers to provide a VM range when allocating a region. This makes ENOMEM error handling more visible and removes implicit VM allocation which felt a bit magical.
2021-01-26 14:13:57 +01:00
ph_load_result = ENOMEM;
return IterationDecision::Break;
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto region_or_error = new_space->allocate_region_with_vmobject(range.value(), *vmobject, program_header.offset(), elf_name, prot, true);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (region_or_error.is_error()) {
ph_load_result = region_or_error.error();
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Break;
}
Kernel: Allow system calls from the dynamic loader Previously the dynamic loader would become unused after it had invoked the program's entry function. However, in order to support exceptions and - at a later point - dlfcn functionality we need to call back into the dynamic loader at runtime. Because the dynamic loader has a static copy of LibC it'll attempt to invoke syscalls directly from its text segment. For this to work the executable region for the dynamic loader needs to have syscalls enabled.
2021-04-16 21:50:17 +02:00
if (should_allow_syscalls == ShouldAllowSyscalls::Yes)
region_or_error.value()->set_syscall_region(true);
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
if (program_header.offset() == 0)
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
load_base_address = (FlatPtr)region_or_error.value()->vaddr().as_ptr();
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
return IterationDecision::Continue;
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
});
Kernel+LibELF: Abort ELF executable load sooner when something fails Make it possible to bail out of ELF::Image::for_each_program_header() and then do exactly that if something goes wrong during executable loading in the kernel. Also make the errors we return slightly more nuanced than just ENOEXEC.
2020-12-25 14:42:42 +01:00
if (ph_load_result.is_error()) {
dbgln("do_exec: Failure loading program ({})", ph_load_result.error());
return ph_load_result;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
if (!elf_image.entry().offset(load_offset).get()) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("do_exec: Failure loading program, entry pointer is invalid! {})", elf_image.entry().offset(load_offset));
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto stack_range = new_space->allocate_range({}, Thread::default_userspace_stack_size);
Kernel: Remove Range "valid" state and use Optional<Range> instead It's easier to understand VM ranges if they are always valid. We can simply use an empty Optional<Range> to encode absence when needed.
2021-01-27 21:01:45 +01:00
if (!stack_range.has_value()) {
Kernel: Remove allocate_region() functions that don't take a Range Let's force callers to provide a VM range when allocating a region. This makes ENOMEM error handling more visible and removes implicit VM allocation which felt a bit magical.
2021-01-26 14:13:57 +01:00
dbgln("do_exec: Failed to allocate VM range for stack");
return ENOMEM;
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto stack_region_or_error = new_space->allocate_region(stack_range.value(), "Stack (Main thread)", PROT_READ | PROT_WRITE, AllocationStrategy::Reserve);
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
if (stack_region_or_error.is_error())
return stack_region_or_error.error();
auto& stack_region = *stack_region_or_error.value();
stack_region.set_stack(true);
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
return LoadResult {
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
move(new_space),
Loader: Stabilize loader & Use shared libraries everywhere :^) The dynamic loader is now stable enough to be used everywhere in the system - so this commit does just that. No More .a Files, Long Live .so's!
2020-10-17 14:39:36 +03:00
load_base_address,
Kernel+LibELF: Move sys$execve()'s loading logic from LibELF to Kernel It was really weird that ELF loading was performed by the ELF::Loader class instead of just being done by the kernel itself. This patch moves all the layout logic from ELF::Loader over to sys$execve(). The kernel no longer cares about ELF::Loader and instead only uses an ELF::Image as an interpreting wrapper around executables.
2020-12-25 01:22:55 +01:00
elf_image.entry().offset(load_offset).get(),
Kernel: Don't fetch full inode metadata in sys$execve() We only need the size, so let's not fetch all the metadata.
2020-12-25 14:15:33 +01:00
executable_size,
AK: Simplify constructors and conversions from nullptr_t Problem: - Many constructors are defined as `{}` rather than using the ` = default` compiler-provided constructor. - Some types provide an implicit conversion operator from `nullptr_t` instead of requiring the caller to default construct. This violates the C++ Core Guidelines suggestion to declare single-argument constructors explicit (https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit). Solution: - Change default constructors to use the compiler-provided default constructor. - Remove implicit conversion operators from `nullptr_t` and change usage to enforce type consistency without conversion.
2021-01-10 16:29:28 -07:00
AK::try_make_weak_ptr(master_tls_region),
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
master_tls_size,
Kernel: Allocate new main thread stack before committing to exec If the allocation fails (e.g ENOMEM) we want to simply return an error from sys$execve() and continue executing the current executable. This patch also moves make_userspace_stack_for_main_thread() out of the Thread class since it had nothing in particular to do with Thread.
2020-12-25 16:20:26 +01:00
master_tls_alignment,
Kernel: Make Process::allocate_region*() return KResultOr<Region*> This allows region allocation to return specific errors and we don't have to assume every failure is an ENOMEM.
2021-01-15 17:27:52 +01:00
stack_region.make_weak_ptr()
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
};
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
KResultOr<LoadResult> Process::load(NonnullRefPtr<FileDescription> main_program_description,
RefPtr<FileDescription> interpreter_description, const ElfW(Ehdr) & main_program_header)
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
{
Kernel: Rename Space::create => Space::try_create()
2021-07-27 14:54:08 +02:00
auto new_space = Space::try_create(*this, nullptr);
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
if (!new_space)
return ENOMEM;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
ScopeGuard space_guard([&]() {
MemoryManager::enter_process_paging_scope(*this);
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
});
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
auto load_offset = get_load_offset(main_program_header, main_program_description, interpreter_description);
if (load_offset.is_error()) {
return load_offset.error();
}
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
if (interpreter_description.is_null()) {
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
auto result = load_elf_object(new_space.release_nonnull(), main_program_description, load_offset.value(), ShouldAllocateTls::Yes, ShouldAllowSyscalls::No);
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
if (result.is_error())
return result.error();
Kernel: Set TLS-related members of Process after loading static program We previously ignored these values in the return value of load_elf_object, which causes us to not allocate a TLS region for statically-linked programs.
2021-03-15 21:56:13 +02:00
m_master_tls_region = result.value().tls_region;
m_master_tls_size = result.value().tls_size;
m_master_tls_alignment = result.value().tls_alignment;
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
return result;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Fix loading ELF images without PT_INTERP Previously we'd try to load ELF images which did not have an interpreter set with an incorrect load offset of 0, i.e. way outside of the part of the address space where we'd expect either the dynamic loader or the user's executable to reside. This fixes the problem by using get_load_offset for both executables which have an interpreter set and those which don't. Notably this allows us to actually successfully execute the Loader.so binary: courage:~ $ /usr/lib/Loader.so You have invoked `Loader.so'. This is the helper program for programs that use shared libraries. Special directives embedded in executables tell the kernel to load this program. This helper program loads the shared libraries needed by the program, prepares the program to run, and runs it. You do not need to invoke this helper program directly. courage:~ $
2021-05-10 16:16:05 +02:00
auto interpreter_load_result = load_elf_object(new_space.release_nonnull(), *interpreter_description, load_offset.value(), ShouldAllocateTls::No, ShouldAllowSyscalls::Yes);
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
if (interpreter_load_result.is_error())
return interpreter_load_result.error();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
// TLS allocation will be done in userspace by the loader
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(!interpreter_load_result.value().tls_region);
VERIFY(!interpreter_load_result.value().tls_alignment);
VERIFY(!interpreter_load_result.value().tls_size);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
return interpreter_load_result;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
KResult Process::do_exec(NonnullRefPtr<FileDescription> main_program_description, Vector<String> arguments, Vector<String> environment,
RefPtr<FileDescription> interpreter_description, Thread*& new_main_thread, u32& prev_flags, const ElfW(Ehdr) & main_program_header)
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
{
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(is_user_process());
VERIFY(!Processor::current().in_critical());
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
auto path = main_program_description->absolute_path();
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
dbgln_if(EXEC_DEBUG, "do_exec: {}", path);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
// FIXME: How much stack space does process startup need?
if (!validate_stack_size(arguments, environment))
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return E2BIG;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
auto parts = path.split('/');
if (parts.is_empty())
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOENT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto main_program_metadata = main_program_description->metadata();
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto load_result_or_error = load(main_program_description, interpreter_description, main_program_header);
if (load_result_or_error.is_error()) {
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
dbgln("do_exec: Failed to load main program or interpreter for {}", path);
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
return load_result_or_error.error();
}
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
Kernel: Map signal trampoline into each process's address space The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-14 00:53:53 +01:00
auto signal_trampoline_range = load_result_or_error.value().space->allocate_range({}, PAGE_SIZE);
if (!signal_trampoline_range.has_value()) {
dbgln("do_exec: Failed to allocate VM for signal trampoline");
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOMEM;
Kernel: Map signal trampoline into each process's address space The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-14 00:53:53 +01:00
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
// We commit to the new executable at this point. There is no turning back!
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
Kernel: Prevent execve/ptrace race Add a per-process ptrace lock and use it to prevent ptrace access to a process after it decides to commit to a new executable in sys$execve(). Fixes #5230.
2021-02-08 23:01:53 +01:00
// Prevent other processes from attaching to us with ptrace while we're doing this.
Kernel: Rename Locker => MutexLocker
2021-07-18 01:13:34 +02:00
MutexLocker ptrace_locker(ptrace_lock());
Kernel: Prevent execve/ptrace race Add a per-process ptrace lock and use it to prevent ptrace access to a process after it decides to commit to a new executable in sys$execve(). Fixes #5230.
2021-02-08 23:01:53 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
// Disable profiling temporarily in case it's running on this process.
Kernel: Make sure we only log profiling events when m_profiling is true Previously the process' m_profiling flag was ignored for all event types other than CPU samples. The kfree tracing code relies on temporarily disabling tracing during exec. This didn't work for per-process profiles and would instead panic. This updates the profiling code so that the m_profiling flag isn't ignored.
2021-05-23 22:16:30 +02:00
auto was_profiling = m_profiling;
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
TemporaryChange profiling_disabler(m_profiling, false);
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
kill_threads_except_self();
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto& load_result = load_result_or_error.value();
Kernel: Reset the process dumpable flag on successful non-setid exec Once we've committed to a new memory layout and non-setid credentials, we can reset the dumpable flag.
2020-12-26 01:18:41 +01:00
bool executable_is_setid = false;
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
if (!(main_program_description->custody()->mount_flags() & MS_NOSUID)) {
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
if (main_program_metadata.is_setuid()) {
Kernel: Reset the process dumpable flag on successful non-setid exec Once we've committed to a new memory layout and non-setid credentials, we can reset the dumpable flag.
2020-12-26 01:18:41 +01:00
executable_is_setid = true;
Kernel: Don't keep protected Process data in a separate allocation The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-11 13:13:05 +01:00
ProtectedDataMutationScope scope { *this };
m_euid = main_program_metadata.uid;
m_suid = main_program_metadata.uid;
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
}
if (main_program_metadata.is_setgid()) {
Kernel: Reset the process dumpable flag on successful non-setid exec Once we've committed to a new memory layout and non-setid credentials, we can reset the dumpable flag.
2020-12-26 01:18:41 +01:00
executable_is_setid = true;
Kernel: Don't keep protected Process data in a separate allocation The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-11 13:13:05 +01:00
ProtectedDataMutationScope scope { *this };
m_egid = main_program_metadata.gid;
m_sgid = main_program_metadata.gid;
Kernel+LibC: Introduce a "dumpable" flag for processes This new flag controls two things: - Whether the kernel will generate core dumps for the process - Whether the EUID:EGID should own the process's files in /proc Processes are automatically made non-dumpable when their EUID or EGID is changed, either via syscalls that specifically modify those ID's, or via sys$execve(), when a set-uid or set-gid program is executed. A process can change its own dumpable flag at any time by calling the new sys$prctl(PR_SET_DUMPABLE) syscall. Fixes #4504.
2020-12-25 18:27:42 +01:00
}
Kernel: Activate SUID/SGID credentials earlier in sys$execve() Switch on the new credentials before loading the new executable into memory. This ensures that attempts to ptrace() the program from an unprivileged process will fail. This covers one bug that was exploited in the 2020 HXP CTF: https://hxp.io/blog/79/hxp-CTF-2020-wisdom2/ Thanks to yyyyyyy for finding the bug! :^)
2020-12-20 18:35:29 +01:00
}
Kernel: Set the dumpable flag before switching spaces in sys$execve()
2021-02-08 19:15:42 +01:00
set_dumpable(!executable_is_setid);
Kernel: Add support for profiling kmalloc()/kfree()
2021-05-13 13:09:00 +02:00
{
// We must disable global profiling (especially kfree tracing) here because
// we might otherwise end up walking the stack into the process' space that
// is about to be destroyed.
TemporaryChange global_profiling_disabler(g_profiling_all_threads, false);
m_space = load_result.space.release_nonnull();
}
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
MemoryManager::enter_space(*m_space);
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
Kernel: Map signal trampoline into each process's address space The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-14 00:53:53 +01:00
auto signal_trampoline_region = m_space->allocate_region_with_vmobject(signal_trampoline_range.value(), g_signal_trampoline_region->vmobject(), 0, "Signal trampoline", PROT_READ | PROT_EXEC, true);
if (signal_trampoline_region.is_error()) {
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY_NOT_REACHED();
Kernel: Map signal trampoline into each process's address space The signal trampoline was previously in kernelspace memory, but with a special exception to make it user-accessible. This patch moves it into each process's regular address space so we can stop supporting user-allowed memory above 0xc0000000.
2021-02-14 00:53:53 +01:00
}
signal_trampoline_region.value()->set_syscall_region(true);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
m_executable = main_program_description->custody();
Kernel: Store process arguments and environment in coredumps Currently they're only pushed onto the stack but not easily accessible from the Process class, so this adds a Vector<String> for both.
2021-01-15 20:21:03 +01:00
m_arguments = arguments;
m_environment = environment;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
m_veil_state = VeilState::None;
m_unveiled_paths.clear();
Kernel: Properly reset m_unveiled_paths on execve() When a process executes another program, its unveil state is reset. For this, we not only need to clear all nodes from m_unveiled_paths, but also reset the metadata of m_unveiled_paths (the root node) itself. This fixes the following bug: 1) A process unveils "/", then executes another program. 2) That other program also unveils some path. 3) "/" is now unveiled for the new program.
2021-06-06 23:23:00 +02:00
m_unveiled_paths.set_metadata({ "/", UnveilAccess::None, false });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Clear coredump metadata on exec() If for some reason a process wants to exec after saving some coredump metadata, we should just throw away the data.
2021-01-23 09:41:11 +01:00
m_coredump_metadata.clear();
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
auto current_thread = Thread::current();
Kernel: Keep signal state in sync In c3d231616c1d20309b2b568f383fbcb736887dad we added the atomic variable m_have_any_unmasked_pending_signals tracking the state of pending signals. Add helper functions that automatically update this variable as needed.
2020-09-08 20:37:15 -06:00
current_thread->clear_signals();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Some futex improvements This adds support for FUTEX_WAKE_OP, FUTEX_WAIT_BITSET, FUTEX_WAKE_BITSET, FUTEX_REQUEUE, and FUTEX_CMP_REQUEUE, as well well as global and private futex and absolute/relative timeouts against the appropriate clock. This also changes the implementation so that kernel resources are only used when a thread is blocked on a futex. Global futexes are implemented as offsets in VMObjects, so that different processes can share a futex against the same VMObject despite potentially being mapped at different virtual addresses.
2020-12-21 23:21:58 -07:00
clear_futex_queues_on_exec();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Don't copy a Vector<FileDescriptionAndFlags> Instead of copying a Vector everytime we need to enumerate a Process' file descriptions, we can just temporarily lock so it won't change.
2021-06-22 21:22:17 +03:00
fds().change_each([&](auto& file_description_metadata) {
if (file_description_metadata.is_valid() && file_description_metadata.flags() & FD_CLOEXEC)
file_description_metadata = {};
});
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
int main_program_fd = -1;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
if (interpreter_description) {
Kernel: Track allocated FileDescriptionAndFlag elements in each Process The way the Process::FileDescriptions::allocate() API works today means that two callers who allocate back to back without associating a FileDescription with the allocated FD, will receive the same FD and thus one will stomp over the other. Naively tracking which FileDescriptions are allocated and moving onto the next would introduce other bugs however, as now if you "allocate" a fd and then return early further down the control flow of the syscall you would leak that fd. This change modifies this behavior by tracking which descriptions are allocated and then having an RAII type to "deallocate" the fd if the association is not setup the end of it's scope.
2021-07-27 23:59:24 -07:00
auto main_program_fd_wrapper = m_fds.allocate().release_value();
VERIFY(main_program_fd_wrapper.fd >= 0);
Kernel: Make FileDescription::seek() return KResultOr<off_t> This exposed a bunch of places where errors were not propagated, so this patch is forced to deal with them as well.
2021-03-19 10:43:58 +01:00
auto seek_result = main_program_description->seek(0, SEEK_SET);
VERIFY(!seek_result.is_error());
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
main_program_description->set_readable(true);
Kernel: Track allocated FileDescriptionAndFlag elements in each Process The way the Process::FileDescriptions::allocate() API works today means that two callers who allocate back to back without associating a FileDescription with the allocated FD, will receive the same FD and thus one will stomp over the other. Naively tracking which FileDescriptions are allocated and moving onto the next would introduce other bugs however, as now if you "allocate" a fd and then return early further down the control flow of the syscall you would leak that fd. This change modifies this behavior by tracking which descriptions are allocated and then having an RAII type to "deallocate" the fd if the association is not setup the end of it's scope.
2021-07-27 23:59:24 -07:00
m_fds[main_program_fd_wrapper.fd].set(move(main_program_description), FD_CLOEXEC);
main_program_fd = main_program_fd_wrapper.fd;
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
new_main_thread = nullptr;
if (&current_thread->process() == this) {
new_main_thread = current_thread;
} else {
for_each_thread([&](auto& thread) {
new_main_thread = &thread;
return IterationDecision::Break;
});
}
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(new_main_thread);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move select Process members into protected memory Process member variable like m_euid are very valuable targets for kernel exploits and until now they have been writable at all times. This patch moves m_euid along with a whole bunch of other members into a new Process::ProtectedData struct. This struct is remapped as read-only memory whenever we don't need to write to it. This means that a kernel write primitive is no longer enough to overwrite a process's effective UID, you must first unprotect the protected data where the UID is stored. :^)
2021-03-10 19:59:46 +01:00
auto auxv = generate_auxiliary_vector(load_result.load_base, load_result.entry_eip, uid(), euid(), gid(), egid(), path, main_program_fd);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// NOTE: We create the new stack before disabling interrupts since it will zero-fault
// and we don't want to deal with faults after this point.
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
auto make_stack_result = make_userspace_context_for_main_thread(new_main_thread->regs(), *load_result.stack_region.unsafe_ptr(), move(arguments), move(environment), move(auxv));
Kernel: Return ENOMEM in more places There are plenty of places in the kernel that aren't checking if they actually got their allocation. This fixes some of them, but definitely not all. Fixes #3390 Fixes #3391 Also, let's make find_one_free_page() return nullptr if it doesn't get a free index. This stops the kernel crashing when out of memory and allows memory purging to take place again. Fixes #3487
2020-09-16 18:47:47 +01:00
if (make_stack_result.is_error())
return make_stack_result.error();
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
FlatPtr new_userspace_sp = make_stack_result.value();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Release ptrace lock in exec before stopping due to PT_TRACE_ME If we have a tracer process waiting for us to exec, we need to release the ptrace lock before stopping ourselves, since otherwise the tracer will block forever on the lock. Fixes #5409.
2021-02-19 12:10:29 +01:00
if (wait_for_tracer_at_next_execve()) {
// Make sure we release the ptrace lock here or the tracer will block forever.
ptrace_locker.unlock();
Kernel: Fix behaviour of PT_TRACEME in ptrace The behaviour of the PT_TRACEME feature has been broken for some time, this change fixes it. When this ptrace flag is used, the traced process should be paused before exiting execve. We previously were sending the SIGSTOP signal at a stage where interrupts are disabled, and the traced process continued executing normally, without pausing and waiting for the tracer. This change fixes it.
2020-08-15 10:57:53 +03:00
Thread::current()->send_urgent_signal_to_self(SIGSTOP);
Kernel: Release ptrace lock in exec before stopping due to PT_TRACE_ME If we have a tracer process waiting for us to exec, we need to release the ptrace lock before stopping ourselves, since otherwise the tracer will block forever on the lock. Fixes #5409.
2021-02-19 12:10:29 +01:00
}
Kernel: Fix behaviour of PT_TRACEME in ptrace The behaviour of the PT_TRACEME feature has been broken for some time, this change fixes it. When this ptrace flag is used, the traced process should be paused before exiting execve. We previously were sending the SIGSTOP signal at a stage where interrupts are disabled, and the traced process continued executing normally, without pausing and waiting for the tracer. This change fixes it.
2020-08-15 10:57:53 +03:00
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// We enter a critical section here because we don't want to get interrupted between do_exec()
// and Processor::assume_context() or the next context switch.
// If we used an InterruptDisabler that sti()'d on exit, we might timer tick'd too soon in exec().
Processor::current().enter_critical(prev_flags);
// NOTE: Be careful to not trigger any page faults below!
m_name = parts.take_last();
Kernel: Store Thread name as a KString
2021-08-05 22:22:26 +02:00
new_main_thread->set_name(KString::try_create(m_name));
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move process pledge promises into protected data
2021-03-10 22:50:00 +01:00
{
Kernel: Don't keep protected Process data in a separate allocation The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-11 13:13:05 +01:00
ProtectedDataMutationScope scope { *this };
m_promises = m_execpromises;
m_has_promises = m_has_execpromises;
Kernel: Move process pledge promises into protected data
2021-03-10 22:50:00 +01:00
Kernel: Don't keep protected Process data in a separate allocation The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-11 13:13:05 +01:00
m_execpromises = 0;
m_has_execpromises = false;
Kernel: Move process pledge promises into protected data
2021-03-10 22:50:00 +01:00
Kernel: Move process signal trampoline address into protected data
2021-03-11 13:28:50 +01:00
m_signal_trampoline = signal_trampoline_region.value()->vaddr();
Kernel: Move process pledge promises into protected data
2021-03-10 22:50:00 +01:00
// FIXME: PID/TID ISSUE
Kernel: Don't keep protected Process data in a separate allocation The previous architecture had a huge flaw: the pointer to the protected data was itself unprotected, allowing you to overwrite it at any time. This patch reorganizes the protected data so it's part of the Process class itself. (Actually, it's a new ProcessBase helper class.) We use the first 4 KB of Process objects themselves as the new storage location for protected data. Then we make Process objects page-aligned using MAKE_ALIGNED_ALLOCATED. This allows us to easily turn on/off write-protection for everything in the ProcessBase portion of Process. :^) Thanks to @bugaevc for pointing out the flaw! This is still not perfect but it's an improvement.
2021-03-11 13:13:05 +01:00
m_pid = new_main_thread->tid().value();
Kernel: Move process pledge promises into protected data
2021-03-10 22:50:00 +01:00
}
Kernel: Return ENOMEM in more places There are plenty of places in the kernel that aren't checking if they actually got their allocation. This fixes some of them, but definitely not all. Fixes #3390 Fixes #3391 Also, let's make find_one_free_page() return nullptr if it doesn't get a free index. This stops the kernel crashing when out of memory and allows memory purging to take place again. Fixes #3487
2020-09-16 18:47:47 +01:00
auto tsr_result = new_main_thread->make_thread_specific_region({});
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
if (tsr_result.is_error()) {
// FIXME: We cannot fail this late. Refactor this so the allocation happens before we commit to the new executable.
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY_NOT_REACHED();
Kernel: Factor address space management out of the Process class This patch adds Space, a class representing a process's address space. - Each Process has a Space. - The Space owns the PageDirectory and all Regions in the Process. This allows us to reorganize sys$execve() so that it constructs and populates a new Space fully before committing to it. Previously, we would construct the new address space while still running in the old one, and encountering an error meant we had to do tedious and error-prone rollback. Those problems are now gone, replaced by what's hopefully a set of much smaller problems and missing cleanups. :^)
2021-02-08 15:45:40 +01:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
new_main_thread->reset_fpu_state();
Kernel: Rename Thread::tss to Thread::regs and add x86_64 support We're using software context switches so calling this struct tss is somewhat misleading.
2021-06-26 19:57:16 +02:00
auto& regs = new_main_thread->m_regs;
Kernel: Add stubs for missing x86_64 functionality This adds just enough stubs to make the kernel compile on x86_64. Obviously it won't do anything useful - in fact it won't even attempt to boot because Multiboot doesn't support ELF64 binaries - but it gets those compiler errors out of the way so more progress can be made getting all the missing functionality in place.
2021-06-23 21:54:41 +02:00
#if ARCH(I386)
Kernel: Rename Thread::tss to Thread::regs and add x86_64 support We're using software context switches so calling this struct tss is somewhat misleading.
2021-06-26 19:57:16 +02:00
regs.cs = GDT_SELECTOR_CODE3 | 3;
regs.ds = GDT_SELECTOR_DATA3 | 3;
regs.es = GDT_SELECTOR_DATA3 | 3;
regs.ss = GDT_SELECTOR_DATA3 | 3;
regs.fs = GDT_SELECTOR_DATA3 | 3;
regs.gs = GDT_SELECTOR_TLS | 3;
regs.eip = load_result.entry_eip;
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
regs.esp = new_userspace_sp;
Kernel: Add stubs for missing x86_64 functionality This adds just enough stubs to make the kernel compile on x86_64. Obviously it won't do anything useful - in fact it won't even attempt to boot because Multiboot doesn't support ELF64 binaries - but it gets those compiler errors out of the way so more progress can be made getting all the missing functionality in place.
2021-06-23 21:54:41 +02:00
#else
Kernel: Rename Thread::tss to Thread::regs and add x86_64 support We're using software context switches so calling this struct tss is somewhat misleading.
2021-06-26 19:57:16 +02:00
regs.rip = load_result.entry_eip;
Kernel: Properly set up the userland context for new processes on x86_64
2021-06-28 17:42:29 +02:00
regs.rsp = new_userspace_sp;
Kernel: Add stubs for missing x86_64 functionality This adds just enough stubs to make the kernel compile on x86_64. Obviously it won't do anything useful - in fact it won't even attempt to boot because Multiboot doesn't support ELF64 binaries - but it gets those compiler errors out of the way so more progress can be made getting all the missing functionality in place.
2021-06-23 21:54:41 +02:00
#endif
Kernel: Rename Thread::tss to Thread::regs and add x86_64 support We're using software context switches so calling this struct tss is somewhat misleading.
2021-06-26 19:57:16 +02:00
regs.cr3 = space().page_directory().cr3();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Make sure we only log profiling events when m_profiling is true Previously the process' m_profiling flag was ignored for all event types other than CPU samples. The kfree tracing code relies on temporarily disabling tracing during exec. This didn't work for per-process profiles and would instead panic. This updates the profiling code so that the m_profiling flag isn't ignored.
2021-05-23 22:16:30 +02:00
{
TemporaryChange profiling_disabler(m_profiling, was_profiling);
PerformanceManager::add_process_exec_event(*this);
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Fix a few deadlocks with Thread::m_lock and g_scheduler_lock g_scheduler_lock cannot safely be acquired after Thread::m_lock because another processor may already hold g_scheduler_lock and wait for the same Thread::m_lock.
2020-10-25 20:22:59 -06:00
{
ScopedSpinLock lock(g_scheduler_lock);
new_main_thread->set_state(Thread::State::Runnable);
}
Kernel: Fix Lock race causing infinite spinning between two threads We need to account for how many shared lock instances the current thread owns, so that we can properly release such references when yielding execution. We also need to release the process lock when donating.
2020-12-14 16:36:22 -07:00
u32 lock_count_to_restore;
Everywhere: Switch from (void) to [[maybe_unused]] (#4473) Problem: - `(void)` simply casts the expression to void. This is understood to indicate that it is ignored, but this is really a compiler trick to get the compiler to not generate a warning. Solution: - Use the `[[maybe_unused]]` attribute to indicate the value is unused. Note: - Functions taking a `(void)` argument list have also been changed to `()` because this is not needed and shows up in the same grep command.
2020-12-20 16:09:48 -07:00
[[maybe_unused]] auto rc = big_lock().force_unlock_if_locked(lock_count_to_restore);
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY_INTERRUPTS_DISABLED();
VERIFY(Processor::current().in_critical());
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return KSuccess;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
static Vector<ELF::AuxiliaryValue> generate_auxiliary_vector(FlatPtr load_base, FlatPtr entry_eip, uid_t uid, uid_t euid, gid_t gid, gid_t egid, String executable_path, int main_program_fd)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
Vector<ELF::AuxiliaryValue> auxv;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// PHDR/EXECFD
// PH*
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
auxv.append({ ELF::AuxiliaryValue::PageSize, PAGE_SIZE });
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::BaseAddress, (void*)load_base });
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::Entry, (void*)entry_eip });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// NOTELF
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::Uid, (long)uid });
auxv.append({ ELF::AuxiliaryValue::EUid, (long)euid });
auxv.append({ ELF::AuxiliaryValue::Gid, (long)gid });
auxv.append({ ELF::AuxiliaryValue::EGid, (long)egid });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Populate ELF::AuxilaryValue::Platform from Processor object. Move this to the processor object so it can easily be implemented when Serenity is compiled for a different architecture.
2021-02-21 07:58:57 -08:00
auxv.append({ ELF::AuxiliaryValue::Platform, Processor::current().platform_string() });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// FIXME: This is platform specific
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
auxv.append({ ELF::AuxiliaryValue::HwCap, (long)CPUID(1).edx() });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
auxv.append({ ELF::AuxiliaryValue::ClockTick, (long)TimeManagement::the().ticks_per_second() });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// FIXME: Also take into account things like extended filesystem permissions? That's what linux does...
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::Secure, ((uid != euid) || (gid != egid)) ? 1 : 0 });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
char random_bytes[16] {};
get_fast_random_bytes((u8*)random_bytes, sizeof(random_bytes));
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
auxv.append({ ELF::AuxiliaryValue::Random, String(random_bytes, sizeof(random_bytes)) });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::ExecFilename, executable_path });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Move ELF auxiliary vector building out of Process class Process had a couple of members whose only purpose was holding on to some temporary data while building the auxiliary vector. Remove those members and move the vector building to a free function in execve.cpp
2020-12-25 15:23:35 +01:00
auxv.append({ ELF::AuxiliaryValue::ExecFileDescriptor, main_program_fd });
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
LibELF: Move AuxiliaryValue into the ELF namespace
2020-12-25 14:48:30 +01:00
auxv.append({ ELF::AuxiliaryValue::Null, 0L });
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return auxv;
}
static KResultOr<Vector<String>> find_shebang_interpreter_for_executable(const char first_page[], int nread)
{
int word_start = 2;
int word_length = 0;
if (nread > 2 && first_page[0] == '#' && first_page[1] == '!') {
Vector<String> interpreter_words;
for (int i = 2; i < nread; ++i) {
if (first_page[i] == '\n') {
break;
}
if (first_page[i] != ' ') {
++word_length;
}
if (first_page[i] == ' ') {
if (word_length > 0) {
interpreter_words.append(String(&first_page[word_start], word_length));
}
word_length = 0;
word_start = i + 1;
}
}
if (word_length > 0)
interpreter_words.append(String(&first_page[word_start], word_length));
if (!interpreter_words.is_empty())
return interpreter_words;
}
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
KResultOr<RefPtr<FileDescription>> Process::find_elf_interpreter_for_executable(const String& path, const ElfW(Ehdr) & main_program_header, int nread, size_t file_size)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
// Not using KResultOr here because we'll want to do the same thing in userspace in the RTLD
String interpreter_path;
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
if (!ELF::validate_program_headers(main_program_header, file_size, (const u8*)&main_program_header, nread, &interpreter_path)) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("exec({}): File has invalid ELF Program headers", path);
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
if (!interpreter_path.is_empty()) {
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
dbgln_if(EXEC_DEBUG, "exec({}): Using program interpreter {}", path, interpreter_path);
Kernel: Rename VFS => VirtualFileSystem
2021-07-11 00:25:24 +02:00
auto interp_result = VirtualFileSystem::the().open(interpreter_path, O_EXEC, 0, current_directory());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (interp_result.is_error()) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("exec({}): Unable to open program interpreter {}", path, interpreter_path);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return interp_result.error();
}
auto interpreter_description = interp_result.value();
auto interp_metadata = interpreter_description->metadata();
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(interpreter_description->inode());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// Validate the program interpreter as a valid elf binary.
// If your program interpreter is a #! file or something, it's time to stop playing games :)
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
if (interp_metadata.size < (int)sizeof(ElfW(Ehdr)))
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
char first_page[PAGE_SIZE] = {};
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = interpreter_description->read(first_page_buffer, sizeof(first_page));
Kernel: Make File::write() and File::read() return KResultOr<size_t> Instead of returning a ssize_t where negative values mean error, we now return KResultOr<size_t> and use the error state to report errors exclusively.
2020-08-04 18:02:23 +02:00
if (nread_or_error.is_error())
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Make File::write() and File::read() return KResultOr<size_t> Instead of returning a ssize_t where negative values mean error, we now return KResultOr<size_t> and use the error state to report errors exclusively.
2020-08-04 18:02:23 +02:00
nread = nread_or_error.value();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
if (nread < (int)sizeof(ElfW(Ehdr)))
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
auto elf_header = (ElfW(Ehdr)*)first_page;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (!ELF::validate_elf_header(*elf_header, interp_metadata.size)) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("exec({}): Interpreter ({}) has invalid ELF header", path, interpreter_description->absolute_path());
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
// Not using KResultOr here because we'll want to do the same thing in userspace in the RTLD
String interpreter_interpreter_path;
LibELF+Kernel: Validate program headers in Image::parse This should catch more malformed ELF files earlier than simply checking the ELF header alone. Also change the API of validate_program_headers to take the interpreter_path by pointer. This makes it less awkward to call when we don't care about the interpreter, and just want the validation.
2020-11-30 23:21:55 -07:00
if (!ELF::validate_program_headers(*elf_header, interp_metadata.size, (u8*)first_page, nread, &interpreter_interpreter_path)) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("exec({}): Interpreter ({}) has invalid ELF Program headers", path, interpreter_description->absolute_path());
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
DynamicLoader: Tell the linker to not add a PT_INTERP header Use the GNU LD option --no-dynamic-linker. This allows uncommenting some code in the Kernel that gets upset if your ELF interpreter has its own interpreter.
2020-12-31 17:51:21 -07:00
if (!interpreter_interpreter_path.is_empty()) {
dbgln("exec({}): Interpreter ({}) has its own interpreter ({})! No thank you!", path, interpreter_description->absolute_path(), interpreter_interpreter_path);
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ELOOP;
DynamicLoader: Tell the linker to not add a PT_INTERP header Use the GNU LD option --no-dynamic-linker. This allows uncommenting some code in the Kernel that gets upset if your ELF interpreter has its own interpreter.
2020-12-31 17:51:21 -07:00
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return interpreter_description;
}
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
if (main_program_header.e_type == ET_REL) {
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// We can't exec an ET_REL, that's just an object file from the compiler
Kernel+LibC: Turn errno codes into a strongly typed enum ..and allow implicit creation of KResult and KResultOr from ErrnoCode. This means that kernel functions that return those types can finally do "return EINVAL;" and it will just work. There's a handful of functions that still deal with signed integers that should be converted to return KResults.
2021-01-20 23:11:17 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
if (main_program_header.e_type == ET_DYN) {
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
// If it's ET_DYN with no PT_INTERP, then it's a dynamic executable responsible
// for its own relocation (i.e. it's /usr/lib/Loader.so)
if (path != "/usr/lib/Loader.so")
Kernel: execve: find_elf_interpreter_for_executable: Fix dbgln
2021-01-16 21:34:53 +00:00
dbgln("exec({}): WARNING - Dynamic ELF executable without a PT_INTERP header, and isn't /usr/lib/Loader.so", path);
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
return nullptr;
}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// No interpreter, but, path refers to a valid elf image
return KResult(KSuccess);
}
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
KResult Process::exec(String path, Vector<String> arguments, Vector<String> environment, int recursion_depth)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
if (recursion_depth > 2) {
Kernel: Convert dbg() => dbgln() in sys$execve()
2020-12-25 12:51:35 +01:00
dbgln("exec({}): SHENANIGANS! recursed too far trying to find #! interpreter", path);
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ELOOP;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
// Open the file to check what kind of binary format it is
// Currently supported formats:
// - #! interpreted file
// - ELF32
// * ET_EXEC binary that just gets loaded
// * ET_DYN binary that requires a program interpreter
//
Kernel: Rename VFS => VirtualFileSystem
2021-07-11 00:25:24 +02:00
auto file_or_error = VirtualFileSystem::the().open(path, O_EXEC, 0, current_directory());
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
if (file_or_error.is_error())
return file_or_error.error();
auto description = file_or_error.release_value();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
auto metadata = description->metadata();
Kernel: Process::exec(): Check if path is a regular file https://pubs.opengroup.org/onlinepubs/9699919799/functions/exec.html [EACCES] The new process image file is not a regular file and the implementation does not support execution of files of its type. Let's check whether the passed `path` is indeed a regular file.
2021-06-04 22:51:04 +02:00
if (!metadata.is_regular_file())
return EACCES;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// Always gonna need at least 3 bytes. these are for #!X
if (metadata.size < 3)
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(description->inode());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// Read the first page of the program into memory so we can validate the binfmt of it
char first_page[PAGE_SIZE];
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
auto first_page_buffer = UserOrKernelBuffer::for_kernel_buffer((u8*)&first_page);
auto nread_or_error = description->read(first_page_buffer, sizeof(first_page));
Kernel: Make File::write() and File::read() return KResultOr<size_t> Instead of returning a ssize_t where negative values mean error, we now return KResultOr<size_t> and use the error state to report errors exclusively.
2020-08-04 18:02:23 +02:00
if (nread_or_error.is_error())
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOEXEC;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
// 1) #! interpreted file
Kernel: Make File::write() and File::read() return KResultOr<size_t> Instead of returning a ssize_t where negative values mean error, we now return KResultOr<size_t> and use the error state to report errors exclusively.
2020-08-04 18:02:23 +02:00
auto shebang_result = find_shebang_interpreter_for_executable(first_page, nread_or_error.value());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (!shebang_result.is_error()) {
Kernel: Simplify `execve` shebang argument handling
2021-06-06 01:13:25 +02:00
auto shebang_words = shebang_result.release_value();
auto shebang_path = shebang_words.first();
Kernel: Pass absolute path to shebang interpreter When you invoke a binary with a shebang line, the `execve` syscall makes sure to pass along command line arguments to the shebang interpreter including the path to the binary to execute. This does not work well when the binary lives in $PATH. For example, given this script living in `/usr/local/bin/my-script`: #!/bin/my-interpreter echo "well hello friends" When executing it as `my-script` from outside `/usr/local/bin/`, it is executed as `/bin/my-interpreter my-script`. To make sure that the interpreter can find the binary to execute, we need to replace the first argument with an absolute path to the binary, so that the resulting command is: /bin/my-interpreter /usr/local/bin/my-script
2021-06-13 17:20:56 +02:00
arguments[0] = move(path);
Kernel: Simplify `execve` shebang argument handling
2021-06-06 01:13:25 +02:00
if (!arguments.try_prepend(move(shebang_words)))
return ENOMEM;
Kernel: Also `move()` the shebang path in execve
2021-06-13 17:20:35 +02:00
return exec(move(shebang_path), move(arguments), move(environment), ++recursion_depth);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
// #2) ELF32 for i386
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
if (nread_or_error.value() < (int)sizeof(ElfW(Ehdr)))
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOEXEC;
Kernel+LibELF: Add support for validating and loading ELF64 executables
2021-06-28 17:24:08 +02:00
auto main_program_header = (ElfW(Ehdr)*)first_page;
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
if (!ELF::validate_elf_header(*main_program_header, metadata.size)) {
dbgln("exec({}): File has invalid ELF header", path);
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return ENOEXEC;
Kernel: Plumb the elf header of the main program down to Process::load This will enable us to take the desired load address of non-position independent programs into account when randomizing the load address of the dynamic loader.
2021-01-10 21:07:08 +02:00
}
auto elf_result = find_elf_interpreter_for_executable(path, *main_program_header, nread_or_error.value(), metadata.size);
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
// Assume a static ELF executable by default
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
RefPtr<FileDescription> interpreter_description;
// We're getting either an interpreter, an error, or KSuccess (i.e. no interpreter but file checks out)
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
if (!elf_result.is_error()) {
// It's a dynamic ELF executable, with or without an interpreter. Do not allocate TLS
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
interpreter_description = elf_result.value();
Kernel+Loader.so: Allow dynamic executables without an interpreter Commit a3a9016701e487a5ca92d83b8cff179a190cdeb2 removed the PT_INTERP header from Loader.so which cleaned up some kernel code in execve. Unfortunately it prevents Loader.so from being run as an executable
2021-01-02 21:31:01 +00:00
} else if (elf_result.error().is_error())
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return elf_result.error();
// The bulk of exec() is done by do_exec(), which ensures that all locals
// are cleaned up by the time we yield-teleport below.
Thread* new_main_thread = nullptr;
u32 prev_flags = 0;
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
auto result = do_exec(move(description), move(arguments), move(environment), move(interpreter_description), new_main_thread, prev_flags, *main_program_header);
if (result.is_error())
return result;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY_INTERRUPTS_DISABLED();
VERIFY(Processor::current().in_critical());
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
auto current_thread = Thread::current();
if (current_thread == new_main_thread) {
// We need to enter the scheduler lock before changing the state
// and it will be released after the context switch into that
// thread. We should also still be in our critical section
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(!g_scheduler_lock.own_lock());
VERIFY(Processor::current().in_critical() == 1);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
g_scheduler_lock.lock();
current_thread->set_state(Thread::State::Running);
Processor::assume_context(*current_thread, prev_flags);
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY_NOT_REACHED();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Processor::current().leave_critical(prev_flags);
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return KSuccess;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Fix the return type for syscalls The Process::Handler type has KResultOr<FlatPtr> as its return type. Using a different return type with an equally-sized template parameter sort of works but breaks once that condition is no longer true, e.g. for KResultOr<int> on x86_64. Ideally the syscall handlers would also take FlatPtrs as their args so we can get rid of the reinterpret_cast for the function pointer but I didn't quite feel like cleaning that up as well.
2021-06-28 20:59:35 +02:00
KResultOr<FlatPtr> Process::sys$execve(Userspace<const Syscall::SC_execve_params*> user_params)
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
{
Kernel: Annotate all syscalls with VERIFY_PROCESS_BIG_LOCK_ACQUIRED Before we start disabling acquisition of the big process lock for specific syscalls, make sure to document and assert that all the lock is held during all syscalls.
2021-07-18 11:20:12 -07:00
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
REQUIRE_PROMISE(exec);
// NOTE: Be extremely careful with allocating any kernel memory in exec().
// On success, the kernel stack will be lost.
Syscall::SC_execve_params params;
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
if (!copy_from_user(&params, user_params))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (params.arguments.length > ARG_MAX || params.environment.length > ARG_MAX)
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return E2BIG;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
String path;
{
auto path_arg = get_syscall_path_argument(params.path);
if (path_arg.is_error())
return path_arg.error();
Kernel: Convert Process::get_syscall_path_argument() to KString This API now returns a KResultOr<NonnullOwnPtr<KString>> and allocation failures should be propagated everywhere nicely. :^)
2021-05-29 16:59:40 +02:00
path = path_arg.value()->view();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Remove unnecessary capture in sys$execve()
2020-09-28 22:24:27 +02:00
auto copy_user_strings = [](const auto& list, auto& output) {
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (!list.length)
return true;
Everywhere: Fix incorrect usages of AK::Checked Specifically, explicitly specify the checked type, use the resulting value instead of doing the same calculation twice, and break down calculations to discrete operations to ensure no intermediary overflows are missed.
2021-07-04 20:23:26 +03:00
Checked<size_t> size = sizeof(*list.strings);
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
size *= list.length;
if (size.has_overflow())
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
return false;
Vector<Syscall::StringArgument, 32> strings;
Kernel: Harden sys$execve Vector usage against OOM.
2021-04-29 01:40:19 -07:00
if (!strings.try_resize(list.length))
return false;
Everywhere: Fix incorrect usages of AK::Checked Specifically, explicitly specify the checked type, use the resulting value instead of doing the same calculation twice, and break down calculations to discrete operations to ensure no intermediary overflows are missed.
2021-07-04 20:23:26 +03:00
if (!copy_from_user(strings.data(), list.strings, size.value()))
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
return false;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
for (size_t i = 0; i < list.length; ++i) {
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user.
2020-09-11 21:11:07 -06:00
auto string = copy_string_from_user(strings[i]);
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
if (string.is_null())
return false;
Kernel: Harden sys$execve Vector usage against OOM.
2021-04-29 01:40:19 -07:00
if (!output.try_append(move(string)))
return false;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
return true;
};
Vector<String> arguments;
if (!copy_user_strings(params.arguments, arguments))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Vector<String> environment;
if (!copy_user_strings(params.environment, environment))
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat.
2021-03-01 13:49:16 +01:00
return EFAULT;
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
auto result = exec(move(path), move(arguments), move(environment));
Everywhere: Rename ASSERT => VERIFY (...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED) Since all of these checks are done in release builds as well, let's rename them to VERIFY to prevent confusion, as everyone is used to assertions being compiled out in release. We can introduce a new ASSERT macro that is specifically for debug checks, but I'm doing this wholesale conversion first since we've accumulated thousands of these already, and it's not immediately obvious which ones are suitable for ASSERT.
2021-02-23 20:42:32 +01:00
VERIFY(result.is_error()); // We should never continue after a successful exec!
Kernel: Use KResult a bit more in sys$execve()
2021-02-18 08:51:06 +01:00
return result.error();
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Kernel: Add ability to load interpreter instead of main program When the main executable needs an interpreter, we load the requested interpreter program, and pass to it an open file decsriptor to the main executable via the auxiliary vector. Note that we do not allocate a TLS region for the interpreter.
2020-10-10 12:13:21 +03:00
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^)
2020-07-30 23:38:15 +02:00
}
Reference in a new issue Copy permalink