Previously, libcurl is not used in the git build because the test
program in configure fails to link against it properly. We bypass the
test and make sure we link against all necessary libraries (libssl,
libcrypto and zlib).
Previously, the git port would fail in various ways because it uses an
uname detection mechanism to update the configurations, and Makefile
would receive incorrect configurations from the host system. This makes
sure the build uses the correct configurations detected by ./configure.
Fixes#9357.
Problem:
- ToT clang will not build due to casting `nullptr` to `u8*`. This is
redundant because it casts to get a `0` then subtracts it.
Solution:
- Remove it since subtracting `0` doesn't do anything.
Now that we have a significant amount of code paths handling OOM, lets
enable kmalloc and friends to actually return nullptr. This way we can
start stressing these paths and validating all of they work as expected.
The implementation uses try_copy_kstring_from_user to allocate a kernel
string using, but does not use the length of the resulting string.
The size parameter to the syscall is untrusted, as try copy kstring will
attempt to perform a `safe_strlen(..)` on the user mode string and use
that value for the allocated length of the KString instead. The bug is
that we are printing the kstring, but with the usermode size argument.
During fuzzing this resulted in us walking off the end of the allocated
KString buffer printing garbage (or any kernel data!), until we stumbled
in to the KSym region and hit a fatal page fault.
This is technically a kernel information disclosure, but (un)fortunately
the disclosure only happens to the Bochs debug port, and or the serial
port if serial debugging is enabled. As far as I can tell it's not
actually possible for an untrusted attacker to use this to do something
nefarious, as they would need access to the host. If they have host
access then they can already do much worse things :^).
The only two paths for copying strings in the kernel should be going
through the existing Userspace<char const*>, or StringArgument methods.
Lets enforce this by removing the option for using the raw cstring APIs
that were previously available.
Having lots of small files in Base/ may require more inodes in the
ext2 filesystem than the format utility sets aside by default. Let's
make a more educated guess since we have a rough idea of how many
inodes we need by counting files and directories.
Also check for the most common event type (sample) first instead of
leaving it as the fallback. This avoids a lot of string comparisons
while parsing profiles.
Heredocs have a different parse end condition than double-quoted
strings. parse_doublequoted_string_inner would assume that a string
would always end in a double quote, so let's generalize it to
parse_string_inner and have it take a StringEndCondition enum which
specifies how the string terminates.
Instead of neatly searching for all framebuffer device nodes and
changing ownership of them, let's generalize this function so we can
apply the same pattern on tty nodes.
Previously, this was disabled because GCC flagged seemingly correct and
well-defined code. This was however not the case because GCC implicitly
marked some pointers non-null, even if we wanted to handle them
ourselves, and deleted null checks on them. By re-introducing this
warning, we will know if the compiler tries to discard our code again.
GCC implements `fputc`, `fputs` and `fwrite` as builtin functions, whose
`FILE*` argument is implicitly marked `__attribute__((nonnull))`. This
causes our `VERIFY(stream)` statements to be removed. This does not
happen with Clang, as they do not use the `nonnull` attribute in this
way.
The `nonnull` attribute may delete null checks in the generated code, as
per the [GCC documentation]:
> The compiler may also perform optimizations based on the knowledge
> that nonnul parameters cannot be null. This can currently not be
> disabled other than by removing the nonnull attribute.
Disassembling the function as compiled by GCC, we can see that there is
no branch based on if `tv` is null. This means that `gettimeofday`
would produce UB if passed a null parameter, even if we wanted to
predictably return an error. Clang refuses to compile this due to a
`pointer-bool-conversion` warning.
In this commit, `settimeofday` is changed as well to match
`gettimeofday`'s null argument handling.
[GCC documentation]:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute
We only need to know the initial bounds, which we calculate by default
when the interpreter is constructed.
This cuts down on syscalls and makes wasm calls a lot cheaper.
The variant member already contains enough information to give us the
type when needed, so remove the type member and synthesize it when
needed, this allows lots of optimisation opportunaties when copying and
moving Values around.
This should make debugging and profiling much better, at little to no
runtime cost.
Also moves off the operator definitions to a separate header, so it
should also improve the editing experience quite a bit.
Since the InodeIndex encapsulates a 64 bit value, it is correct to
ensure that the Kernel is exposing the entire value and the LibC is
aware of it.
This commit requires an entire re-compile because it's essentially a
change in the Kernel ABI, together with a corresponding change in LibC.
The compiler can re-order the structure (class) members if that's
necessary, so if we make Process to inherit from ProcFSExposedComponent,
even if the declaration is to inherit first from ProcessBase, then from
ProcFSExposedComponent and last from Weakable<Process>, the members of
class ProcFSExposedComponent (including the Ref-counted parts) are the
first members of the Process class.
This problem made it impossible to safely use the current toggling
method with the write-protection bit on the ProcessBase members, so
instead of inheriting from it, we make its members the last ones in the
Process class so we can safely locate and modify the corresponding page
write protection bit of these values.
We make sure that the Process class doesn't expand beyond 8192 bytes and
the protected values are always aligned on a page boundary.
