Commit Graph

41 Commits

Author SHA1 Message Date
Sönke Holz
c20bc22bae DynamicLoader: Disable stack protector in some files for RISC-V 2024-03-04 01:44:11 +01:00
Tom Finet
900ec37f81 LibC: Separate arch dependent fenv functions
Remove all functions with platform #if's from fenv, and
add arch dependent implementations instead. The build
system now selects the implementation based on the platform.
2024-01-22 20:06:09 -07:00
Daniel Bertalan
1f747b9132 CMake: Use CMAKE_POSITION_INDEPENDENT_CODE instead of explicit -fpic
This makes CMake pass `-fpie` instead of `-fpic` to the compiler when
building the Kernel and userland *executables*. This allows the compiler
to make certain optimizations based on the fact that the code will be
used in an executable, such as not having to emit `.localalias` symbols.
This leads to a 450 KiB decrease in the size of the Kernel binary.
2023-09-18 10:26:42 +02:00
Daniel Bertalan
ad9e674fa0 LibC+LibELF: Support loading shared libraries compiled with dynamic TLS
This is a prerequisite for upstreaming our LLVM patches, as our current
hack forcing `-ftls-model=initial-exec` in the Clang driver is not
acceptable upstream.

Currently, our kernel-managed TLS implementation limits us to only
having a single block of storage for all thread-local variables that's
initialized at load time. This PR merely implements the dynamic TLS
interface (`__tls_get_addr` and TLSDESC) on top of our static TLS
infrastructure. The current model's limitations still stand:
- a single static TLS block is reserved at load time, `dlopen()`-ing
  shared libraries that define thread-local variables might cause us to
  run out of space.
- the initial TLS image is not changeable post-load, so `dlopen()`-ing
  libraries with non-zero-initialized TLS variables is not supported.

The way we repurpose `ti_module` to mean "offset within static TLS
block" instead of "module index" is not ABI-compliant.
2023-08-18 16:20:13 +02:00
implicitfield
5dfe2eb389 Everywhere: Resolve conflicts with LibC and libc++
Since https://reviews.llvm.org/D131441, libc++ must be included before
LibC. As clang includes libc++ as one of the system includes, LibC
must be included after those, and the only correct way to do that is
to install LibC's headers into the sysroot.

Targets that don't link with LibC yet require its headers for one
reason or another must add install_libc_headers as a dependency to
ensure that the correct headers have been (re)installed into the
sysroot.

LibC/stddef.h has been dropped since the built-in stddef.h receives
a higher include priority.

In addition, string.h and wchar.h must
define __CORRECT_ISO_CPP_STRING_H_PROTO and
_LIBCPP_WCHAR_H_HAS_CONST_OVERLOADS respectively in order to tell
libc++ to not try to define methods implemented by LibC.
2023-06-27 12:40:38 +02:00
Timon Kruiper
b2e223d2bc DynamicLoader: Disable stack protector in some files for aarch64 build
The code would access the __stack_chk_guard variable in main.cpp and
LibELF/Relocation.cpp before the loader was able to relocate itself, so
this commit disable the stack protector for the aarch64 build to make
sure that no accesses to __stack_chk_guard are inserted.
2023-02-15 22:53:19 +01:00
Liav A
2f7443c900 DynamicLoader: Remove i686 support 2022-12-28 11:53:41 +01:00
Tim Schumacher
678db534ff LibC: Properly implement stack protectors
The shared parts are now firmly compiled into LibC instead of being
defined as a static library and then being copied over manually.
The non-shared ("local") parts are kept as a static library that is
linked into each binary on demand.

This finally allows us to support linking with the -fstack-protector
flag, which now replaces the `ssp` target being linked into each binary
accidentally via CMake.
2022-11-01 14:49:09 +00:00
Andrew Kaster
2a218ebb9d DynamicLoader: Use fewer GLOB patterns for arch-specific files
There's still a GLOB pattern for the LibC assembly files, but orgaizing
the patterns to use ${SERENITY_ARCH} instead of a big if-else chain
makes the patterns easier to understand.
2022-10-16 16:36:39 +02:00
Andrew Kaster
1ca48a2aec AK+Userland: Use a CMake variable for AK_SOURCES instead of GLOB
This lets us remove a glob pattern from LibC, the DynamicLoader, and,
later, Lagom. The Kernel already has its own separate list of AK files
that it wants, which is only a subset of all AK files.
2022-10-16 16:36:39 +02:00
Idan Horowitz
01f0ae20b6 LibPthread: Implement named semaphores
Note that as part of this commit semaphore.cpp is excluded from the
DynamicLoader, as the dynamic loader does not build with pthread.cpp
which semaphore.cpp uses.
2022-07-21 16:39:22 +02:00
Tim Schumacher
2f3b9c49a5 LibPthread: Move the pthread and semaphore implementation to LibC
This additionally adds some compatibility code to redirect linking
attempts for LibPthread to LibC instead.
2022-07-19 11:00:35 +01:00
Daniel Bertalan
fd3e3d5e28 LibC+Kernel: Prevent string functions from calling themselves
Most of the string.h and wchar.h functions are implemented quite naively
at the moment, and GCC's pattern recognition pass might realize what we
are trying to do, and transform them into libcalls. This is usually a
useful optimization, but not when we're implementing the functions
themselves :^)

Relevant discussion from the GCC Bugzilla:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102725

This prevents the infamous recursive `strlen`.

A more proper fix would be writing these functions in assembly. That
would likely give a small performance boost as well ;)
2022-05-12 13:12:37 +02:00
Andrew Kaster
5120b39d0e Meta+Userland: Add ENABLE_USERSPACE_COVERAGE_COLLECTION CMake option
This option sets -fprofile-instr-generate -fcoverage-mapping for Clang
builds only on almost all of Userland. Loader and LibTimeZone are
exempt. This can be used for generating code coverage reports, or even
PGO in the future.
2022-05-02 01:46:18 +02:00
Andrew Kaster
f75edeb9ad DynamicLoader: Remove stale FIXME for removing -nodefaultlibs
The FIXME says "Remove after next toolchain update" and I'm very certain
we've had some :tool: :chain: in the last 7 months.
2022-05-02 01:46:18 +02:00
Daniel Bertalan
bcf124c07d LibC: Implement a faster memset routine for x86-64 in assembly
This commit addresses the following shortcomings of our current, simple
and elegant memset function:
- REP STOSB/STOSQ has considerable startup overhead, it's impractical to
  use for smaller sizes.
- Up until very recently, AMD CPUs didn't have support for "Enhanced REP
  MOVSB/STOSB", so it performed pretty poorly on them.

With this commit applied, I could measure a ~5% decrease in `test-js`'s
runtime when I used qemu's TCG backend. The implementation is based on
the following article from Microsoft:

https://msrc-blog.microsoft.com/2021/01/11/building-faster-amd64-memset-routines

Two versions of the routine are implemented: one that uses the ERMS
extension mentioned above, and one that performs plain SSE stores. The
version appropriate for the CPU is selected at load time using an IFUNC.
2022-05-01 12:42:01 +02:00
Timothy Flynn
6988403d59 DynamicLoader+LibC+LibTimeZone: Include LibTimeZone sources in LibC
LibTimeZone will be needed directly within LibC for functions such as
localtime(). This change adds LibTimeZone directly within LibC, so that
LibTimeZone isn't its own .so library anymore.

LibTimeZone itself is compiled as an object library to make it easier to
give it generator-specific compilation flags.
2022-01-23 12:48:26 +00:00
Daniel Bertalan
06fc64be13 Toolchain+Meta: Update LLVM version to 13.0.0
This commit updates the Clang toolchain's version to 13.0.0, which comes
with better C++20 support and improved handling of new features by
clang-format. Due to the newly enabled `-Bsymbolic-functions` flag, our
Clang binaries will only be 2-4% slower than if we dynamically linked
them, but we save hundreds of megabytes of disk space.

The `BuildClang.sh` script has been reworked to build the entire
toolchain in just three steps: one for the compiler, one for GNU
binutils, and one for the runtime libraries. This reduces the complexity
of the build script, and will allow us to modify the CI configuration to
only rebuild the libraries when our libc headers change.

Most of the compile flags have been moved out to a separate CMake cache
file, similarly to how the Android and Fuchsia toolchains are
implemented within the LLVM repo. This provides a nicer interface than
the heaps of command-line arguments.

We no longer build separate toolchains for each architecture, as the
same Clang binary can compile code for multiple targets.

The horrible mess that `SERENITY_CLANG_ARCH` was, has been removed in
this commit. Clang happily accepts an `i686-pc-serenity` target triple,
which matches what our GCC toolchain accepts.
2021-10-17 17:09:58 +01:00
Andrew Kaster
b5c98ede08 Meta: Switch to a SuperBuild that splits host and target builds
Replace the old logic where we would start with a host build, and swap
all the CMake compiler and target variables underneath it to trick
CMake into building for Serenity after we configured and built the Lagom
code generators.

The SuperBuild creates two ExternalProjects, one for Lagom and one for
Serenity. The Serenity project depends on the install stage for the
Lagom build. The SuperBuild also generates a CMakeToolchain file for the
Serenity build to use that replaces the old toolchain file that was only
used for Ports.

To ensure that code generators are rebuilt when core libraries such as
AK and LibCore are modified, developers will need to direct their manual
`ninja` invocations to the SuperBuild's binary directory instead of the
Serenity binary directory.

This commit includes warning coalescing and option style cleanup for the
affected CMakeLists in the Kernel, top level, and runtime support
libraries. A large part of the cleanup is replacing USE_CLANG_TOOLCHAIN
with the proper CMAKE_CXX_COMPILER_ID variable, which will no longer be
confused by a host clang compiler.
2021-09-15 19:04:52 +04:30
Nico Weber
bbad4758b2 CMake: Let Meta/serenity.sh run aarch64 make it past cmake
This adds just enough scaffolding to make cmake succeed.
The build falls over immediately.
2021-08-28 14:43:07 +01:00
Daniel Bertalan
c2c12e9dc5 LibC+DynamicLoader: Prevent GCC from removing null checks
GCC implements `fputc`, `fputs` and `fwrite` as builtin functions, whose
`FILE*` argument is implicitly marked `__attribute__((nonnull))`. This
causes our `VERIFY(stream)` statements to be removed. This does not
happen with Clang, as they do not use the `nonnull` attribute in this
way.
2021-08-12 21:10:44 +02:00
Gunnar Beutner
aabbfa78e2 DynamicLoader: Make sure we don't link against libgcc_s
This bug was reintroduced by the removal of -fbuilding-gcc.
2021-08-08 16:41:51 +02:00
Daniel Bertalan
13e3df41de Meta: Add Clang support to the CMake build scripts 2021-08-08 10:55:36 +02:00
Gunnar Beutner
06883ed8a3 Kernel+Userland: Make the stack alignment comply with the System V ABI
The System V ABI for both x86 and x86_64 requires that the stack pointer
is 16-byte aligned on entry. Previously we did not align the stack
pointer properly.

As far as "main" was concerned the stack alignment was correct even
without this patch due to how the C++ _start function and the kernel
interacted, i.e. the kernel misaligned the stack as far as the ABI
was concerned but that misalignment (read: it was properly aligned for
a regular function call - but misaligned in terms of what the ABI
dictates) was actually expected by our _start function.
2021-07-10 01:41:57 +02:00
Gunnar Beutner
e8a25f3795 DynamicLoader: Remove -fbuilding-libgcc hack
This won't be necessary anymore after a toolchain rebuild.
2021-07-04 00:35:35 +02:00
Gunnar Beutner
092ee955aa DynamicLoader: Remove obsolete comment 2021-07-01 17:22:22 +02:00
Andrew Kaster
4a5a1e8648 Userland: Port UBSAN implementation to userspace
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.

We can use LibSanitizer to hold other sanitizers as people implement
them :^).

To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in

Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).

Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
2021-05-27 15:18:03 +02:00
Gunnar Beutner
dd39bb7784 DynamicLoader: Remove math functionality in favor of -lgcc
This links the dynamic linker against libgcc.a instead of having
our own copy of the math functions.

For now we need to specify -fbuilding-libgcc as a hack to work
around a bug with the -nodefaultlibs flag. Once everyone is on
the latest toolchain version this can be removed.
2021-05-07 15:35:50 +02:00
Brian Gianforcaro
8ae3191ab5 Tests: Unify LibC tests to single location.
In a1720eed2a I added this new test,
but missed that there were already some "unit tests" for LibC over
in Userland/Tests/LibC. So lets unify these two locations.
2021-04-29 10:37:26 +02:00
Brian Gianforcaro
a1720eed2a LibC: Setup a unit test harness for LibC, add ctime_r / asctime_r tests.
LibC is no different than any other code, it should be unit tested where
appropriate / possible.
2021-04-21 08:04:52 +02:00
Gunnar Beutner
88cebb05ad LibC+LibPthread: Implement function forwarding for libpthread
GCC will insert various calls to pthread functions when compiling
C++ code with static initializers, even when the user doesn't link
their program against libpthread explicitly.

This is used to make static initializers thread-safe, e.g. when
building a library that does not itself use thread functionality
and thus does not link against libpthread - but is intended to
be used with other code that does use libpthread explicitly.

This makes these symbols available in libc.
2021-04-20 21:08:17 +02:00
Hendiadyoin1
009b196a04 LibC: Add x86_64 Registers 2021-03-21 09:35:23 +01:00
Andreas Kling
8714f389f9 LibC: Add x86_64 implementation of setjmp() and longjmp() 2021-02-25 16:27:12 +01:00
Andreas Kling
412cb66666 Revert "DynamicLoader: Remove unnecessary math functions"
This reverts commit b1f1f5afcf.

Unfortunately this broke dbgln() in the dynamic loader. We need to
figure out how to link libgcc into it properly.
2021-02-08 19:58:10 +01:00
Andreas Kling
b1f1f5afcf DynamicLoader: Remove unnecessary math functions
These are provided by libgcc.
2021-02-07 14:21:53 +01:00
Andreas Kling
e87eac9273 Userland: Add LibSystem and funnel all syscalls through it
This achieves two things:

- Programs can now intentionally perform arbitrary syscalls by calling
  syscall(). This allows us to work on things like syscall fuzzing.

- It restricts the ability of userspace to make syscalls to a single
  4KB page of code. In order to call the kernel directly, an attacker
  must now locate this page and call through it.
2021-02-05 12:23:39 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
Brian Gianforcaro
06da50afc7 Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions.

The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.

Details:

    -fstack-protector enables stack protection for vulnerable functions that contain:

    * A character array larger than 8 bytes.
    * An 8-bit integer array larger than 8 bytes.
    * A call to alloca() with either a variable size or a constant size bigger than 8 bytes.

    -fstack-protector-strong enables stack protection for vulnerable functions that contain:

    * An array of any size and type.
    * A call to alloca().
    * A local variable that has its address taken.

Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
2021-01-02 11:34:55 +01:00
Andrew Kaster
350d4d3543 Meta: Enable RTTI for Userspace programs
RTTI is still disabled for the Kernel, and for the Dynamic Loader. This
allows for much less awkward navigation of class heirarchies in LibCore,
LibGUI, LibWeb, and LibJS (eventually). Measured RootFS size increase
was < 1%, and libgui.so binary size was ~3.3%. The small binary size
increase here seems worth it :^)
2021-01-01 14:45:09 +01:00
Andrew Kaster
a3a9016701 DynamicLoader: Tell the linker to not add a PT_INTERP header
Use the GNU LD option --no-dynamic-linker. This allows uncommenting some
code in the Kernel that gets upset if your ELF interpreter has its own
interpreter.
2021-01-01 02:12:28 +01:00
Itamar
07b4957361 Loader: Add dynamic loader program
The dynamic loader exists as /usr/lib/Loader.so and is loaded by the
kernel when ET_DYN programs are executed.

The dynamic loader is responsible for loading the dependencies of the
main program, allocating TLS storage, preparing all loaded objects for
execution and finally jumping to the entry of the main program.
2020-12-14 23:05:53 +01:00