ladybird/Kernel/Syscalls/getrandom.cpp

/*
 * Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>
 *
 * SPDX-License-Identifier: BSD-2-Clause
 */

#include <Kernel/Process.h>
#include <Kernel/Random.h>
#include <Kernel/UserOrKernelBuffer.h>

namespace Kernel {

// We don't use the flag yet, but we could use it for distinguishing
// random source like Linux, unlike the OpenBSD equivalent. However, if we
// do, we should be able of the caveats that Linux has dealt with.
ErrorOr<FlatPtr> Process::sys$getrandom(Userspace<void*> buffer, size_t buffer_size, [[maybe_unused]] unsigned flags)
{
    VERIFY_NO_PROCESS_BIG_LOCK(this);
    TRY(require_promise(Pledge::stdio));
    if (buffer_size > NumericLimits<ssize_t>::max())
        return EINVAL;

    auto data_buffer = TRY(UserOrKernelBuffer::for_user_buffer(buffer, buffer_size));

    return TRY(data_buffer.write_buffered<1024>(buffer_size, [&](Bytes bytes) {
        get_good_random_bytes(bytes);
        return bytes.size();
    }));
}

}
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00			`/*`
			`* Copyright (c) 2018-2020, Andreas Kling <kling@serenityos.org>`
			`*`
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt * 2021-04-22 11:24:48 +03:00			`* SPDX-License-Identifier: BSD-2-Clause`
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00			`*/`

			`#include <Kernel/Process.h>`
			`#include <Kernel/Random.h>`
Kernel: Make copy_to/from_user safe and remove unnecessary checks Since the CPU already does almost all necessary validation steps for us, we don't really need to attempt to do this. Doing it ourselves doesn't really work very reliably, because we'd have to account for other processors modifying virtual memory, and we'd have to account for e.g. pages not being able to be allocated due to insufficient resources. So change the copy_to/from_user (and associated helper functions) to use the new safe_memcpy, which will return whether it succeeded or not. The only manual validation step needed (which the CPU can't perform for us) is making sure the pointers provided by user mode aren't pointing to kernel mappings. To make it easier to read/write from/to either kernel or user mode data add the UserOrKernelBuffer helper class, which will internally either use copy_from/to_user or directly memcpy, or pass the data through directly using a temporary buffer on the stack. Last but not least we need to keep syscall params trivial as we need to copy them from/to user mode using copy_from/to_user. 2020-09-12 06:11:07 +03:00			`#include <Kernel/UserOrKernelBuffer.h>`
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00
			`namespace Kernel {`

			`// We don't use the flag yet, but we could use it for distinguishing`
			`// random source like Linux, unlike the OpenBSD equivalent. However, if we`
			`// do, we should be able of the caveats that Linux has dealt with.`
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^) 2021-11-08 02:51:39 +03:00			`ErrorOr<FlatPtr> Process::sys$getrandom(Userspace<void*> buffer, size_t buffer_size, [[maybe_unused]] unsigned flags)`
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00			`{`
Kernel: Disable big process lock for sys$getrandom This syscall doesn't touch any intra-process shared resources and already holds the global kernel RNG lock so there's no reason to hold the big lock. 2021-08-06 14:43:02 +03:00			`VERIFY_NO_PROCESS_BIG_LOCK(this);`
Kernel: Handle promise violations in the syscall handler Previously we would crash the process immediately when a promise violation was found during a syscall. This is error prone, as we don't unwind the stack. This means that in certain cases we can leak resources, like an OwnPtr / RefPtr tracked on the stack. Or even leak a lock acquired in a ScopeLockLocker. To remedy this situation we move the promise violation handling to the syscall handler, right before we return to user space. This allows the code to follow the normal unwind path, and grantees there is no longer any cleanup that needs to occur. The Process::require_promise() and Process::require_no_promises() functions were modified to return ErrorOr<void> so we enforce that the errors are always propagated by the caller. 2021-12-29 12:11:45 +03:00			`TRY(require_promise(Pledge::stdio));`
Kernel: Remove various other uses of ssize_t 2021-06-16 17:44:15 +03:00			`if (buffer_size > NumericLimits<ssize_t>::max())`
Kernel: Make all syscall functions return KResultOr<T> This makes it a lot easier to return errors since we no longer have to worry about negating EFOO errors and can just return them flat. 2021-03-01 15:49:16 +03:00			`return EINVAL;`
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00
Kernel: Make UserOrKernelBuffer::for_user_buffer() return ErrorOr<T> This simplifies EFAULT propagation with TRY(). :^) 2021-11-21 14:24:32 +03:00			`auto data_buffer = TRY(UserOrKernelBuffer::for_user_buffer(buffer, buffer_size));`
Kernel: Use TRY() in sys$getrandom() 2021-09-06 03:30:27 +03:00
Kernel: Make UserOrKernelBuffer::for_user_buffer() return ErrorOr<T> This simplifies EFAULT propagation with TRY(). :^) 2021-11-21 14:24:32 +03:00			`return TRY(data_buffer.write_buffered<1024>(buffer_size, [&](Bytes bytes) {`
Kernel: Convert UserOrKernelBuffer callbacks to use AK::Bytes 2021-09-01 09:44:55 +03:00			`get_good_random_bytes(bytes);`
			`return bytes.size();`
Kernel: Use TRY() in sys$getrandom() 2021-09-06 03:30:27 +03:00			`}));`
Kernel: Move syscall implementations out of Process.cpp This is something I've been meaning to do for a long time, and here we finally go. This patch moves all sys$foo functions out of Process.cpp and into files in Kernel/Syscalls/. It's not exactly one syscall per file (although it could be, but I got a bit tired of the repetitive work here..) This makes hacking on individual syscalls a lot less painful since you don't have to rebuild nearly as much code every time. I'm also hopeful that this makes it easier to understand individual syscalls. :^) 2020-07-31 00:38:15 +03:00			`}`

			`}`