Commit Graph

39 Commits

Author SHA1 Message Date
Andrew Kaster
4a5a1e8648 Userland: Port UBSAN implementation to userspace
Take Kernel/UBSanitizer.cpp and make a copy in LibSanitizer.

We can use LibSanitizer to hold other sanitizers as people implement
them :^).

To enable UBSAN for LibC, DynamicLoader, and other low level system
libraries, LibUBSanitizer is built as a serenity_libc, and has a static
version for LibCStatic to use. The approach is the same as that taken in

Note that this means now UBSAN is enabled for code generators, Lagom,
Kernel, and Userspace with -DENABLE_UNDEFINED_SANTIZER=ON. In userspace
however, UBSAN is not deadly (yet).

Co-authored-by: ForLoveOfCats <ForLoveOfCats@vivaldi.net>
2021-05-27 15:18:03 +02:00
Gunnar Beutner
dd39bb7784 DynamicLoader: Remove math functionality in favor of -lgcc
This links the dynamic linker against libgcc.a instead of having
our own copy of the math functions.

For now we need to specify -fbuilding-libgcc as a hack to work
around a bug with the -nodefaultlibs flag. Once everyone is on
the latest toolchain version this can be removed.
2021-05-07 15:35:50 +02:00
Gunnar Beutner
824bfa9600 DynamicLoader: Fix compiler warning
math.cpp: In function 'int64_t __moddi3(int64_t, int64_t)':
math.cpp:168:13: error: 'r' may be used uninitialized
[-Werror=maybe-uninitialized]
  168 |     return ((int64_t)r ^ s) - s; // negate if s == -1
      |             ^~~~~~~~~~
2021-05-03 08:42:39 +02:00
Brian Gianforcaro
8ae3191ab5 Tests: Unify LibC tests to single location.
In a1720eed2a I added this new test,
but missed that there were already some "unit tests" for LibC over
in Userland/Tests/LibC. So lets unify these two locations.
2021-04-29 10:37:26 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Brian Gianforcaro
a1720eed2a LibC: Setup a unit test harness for LibC, add ctime_r / asctime_r tests.
LibC is no different than any other code, it should be unit tested where
appropriate / possible.
2021-04-21 08:04:52 +02:00
Gunnar Beutner
88cebb05ad LibC+LibPthread: Implement function forwarding for libpthread
GCC will insert various calls to pthread functions when compiling
C++ code with static initializers, even when the user doesn't link
their program against libpthread explicitly.

This is used to make static initializers thread-safe, e.g. when
building a library that does not itself use thread functionality
and thus does not link against libpthread - but is intended to
be used with other code that does use libpthread explicitly.

This makes these symbols available in libc.
2021-04-20 21:08:17 +02:00
Gunnar Beutner
6cb28ecee8 LibC+LibELF: Implement support for the dl_iterate_phdr helper
This helper is used by libgcc_s to figure out where the .eh_frame sections
are located for all loaded shared objects.
2021-04-18 10:55:25 +02:00
Hendiadyoin1
009b196a04 LibC: Add x86_64 Registers 2021-03-21 09:35:23 +01:00
Andreas Kling
ef1e5db1d0 Everywhere: Remove klog(), dbg() and purge all LogStream usage :^)
Good-bye LogStream. Long live AK::Format!
2021-03-12 17:29:37 +01:00
Andreas Kling
8714f389f9 LibC: Add x86_64 implementation of setjmp() and longjmp() 2021-02-25 16:27:12 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
ba1eea9898 LibELF+DynamicLoader: Rename DynamicObject::construct() => create() 2021-02-21 00:02:21 +01:00
Andreas Kling
412cb66666 Revert "DynamicLoader: Remove unnecessary math functions"
This reverts commit b1f1f5afcf.

Unfortunately this broke dbgln() in the dynamic loader. We need to
figure out how to link libgcc into it properly.
2021-02-08 19:58:10 +01:00
Andreas Kling
b1f1f5afcf DynamicLoader: Remove unnecessary math functions
These are provided by libgcc.
2021-02-07 14:21:53 +01:00
Andreas Kling
e87eac9273 Userland: Add LibSystem and funnel all syscalls through it
This achieves two things:

- Programs can now intentionally perform arbitrary syscalls by calling
  syscall(). This allows us to work on things like syscall fuzzing.

- It restricts the ability of userspace to make syscalls to a single
  4KB page of code. In order to call the kernel directly, an attacker
  must now locate this page and call through it.
2021-02-05 12:23:39 +01:00
Andreas Kling
eb354b7ce8 DynamicLoader: Remove some unnecessary #includes 2021-01-25 18:57:06 +01:00
Andreas Kling
9a0762b203 DynamicLoader: Remove unused debugging macros 2021-01-25 18:57:06 +01:00
asynts
acdcf59a33 Everywhere: Remove unnecessary debug comments.
It would be tempting to uncomment these statements, but that won't work
with the new changes.

This was done with the following commands:

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/#define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/#define/ { toggle = 1 }' {} \;

    find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec awk -i inplace '$0 !~ /\/\/ #define/ { if (!toggle) { print; } else { toggle = !toggle } } ; $0 ~/\/\/ #define/ { toggle = 1 }' {} \;
2021-01-25 09:47:36 +01:00
Andreas Kling
13d7c09125 Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
asynts
938e5c7719 Everywhere: Replace a bundle of dbg with dbgln.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:

The modifications in this commit were automatically made using the
following command:

    find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
2021-01-09 21:11:09 +01:00
Itamar
a4b74cba0b Loader.so+LibELF: Do not read environment variables if AT_SECURE is set
AT_SECURE is set in the auxiliary vector when we execute setuid/setgid
programs.
In those cases, we do not want to read environment variables that
influence the logic of the dynamic loader, as they can be controlled
by the user.
2021-01-09 10:55:46 +01:00
William Marlow
747e8de96a Kernel+Loader.so: Allow dynamic executables without an interpreter
Commit a3a9016701 removed the PT_INTERP header
from Loader.so which cleaned up some kernel code in execve. Unfortunately
it prevents Loader.so from being run as an executable
2021-01-03 19:45:16 +01:00
William Marlow
3e815ad5b1 Loader.so+LibELF: Move most of Loader.so's logic into ELF::DynamicLinker
Loader.so now just performs the initial self relocations and static
LibC initialisation before handing over to ELF::DynamicLinker::linker_main
to handle the rest of the process.

As a trade-off, ELF::DynamicLinker needs to be explicitly excluded from
Lagom unless we really want to try writing a cross platform dynamic loader
2021-01-03 17:15:55 +01:00
Brian Gianforcaro
06da50afc7 Build + LibC: Enable -fstack-protector-strong in user space
Modify the user mode runtime to insert stack canaries to find stack corruptions.

The `-fstack-protector-strong` variant was chosen because it catches more
issues than vanilla `-fstack-protector`, but doesn't have substantial
performance impact like `-fstack-protector-all`.

Details:

    -fstack-protector enables stack protection for vulnerable functions that contain:

    * A character array larger than 8 bytes.
    * An 8-bit integer array larger than 8 bytes.
    * A call to alloca() with either a variable size or a constant size bigger than 8 bytes.

    -fstack-protector-strong enables stack protection for vulnerable functions that contain:

    * An array of any size and type.
    * A call to alloca().
    * A local variable that has its address taken.

Example of it catching corrupting in the `stack-smash` test:
```
courage ~ $ ./user/Tests/LibC/stack-smash
[+] Starting the stack smash ...
Error: Stack protector failure, stack smashing detected!
Shell: Job 1 (/usr/Tests/LibC/stack-smash) Aborted
```
2021-01-02 11:34:55 +01:00
Andrew Kaster
350d4d3543 Meta: Enable RTTI for Userspace programs
RTTI is still disabled for the Kernel, and for the Dynamic Loader. This
allows for much less awkward navigation of class heirarchies in LibCore,
LibGUI, LibWeb, and LibJS (eventually). Measured RootFS size increase
was < 1%, and libgui.so binary size was ~3.3%. The small binary size
increase here seems worth it :^)
2021-01-01 14:45:09 +01:00
Andrew Kaster
a3a9016701 DynamicLoader: Tell the linker to not add a PT_INTERP header
Use the GNU LD option --no-dynamic-linker. This allows uncommenting some
code in the Kernel that gets upset if your ELF interpreter has its own
interpreter.
2021-01-01 02:12:28 +01:00
William Marlow
146fac2481 DynamicLoader: Handle Loader.so being invoked directly as an executable
Loader.so is an actual executable, as well as the interpreter for dynamic
libraries. Currently launching Loader.so as a standalone executable results
in an obsucre crash as it tries to load itself over itself.

Now we at least print a helpful message saying that you're doing the wrong
thing and exit gracefully. In future we may wish to allow users to specify
additional options to learn more about what's going on during dynamic
linking, such as ld-linux.so.2 on Linux.
2020-12-31 00:52:02 +01:00
Sahan Fernando
d780e2265d LibC: Fix some incorrect printf usages 2020-12-26 10:05:50 +01:00
Andreas Kling
40e9edd798 LibELF: Move AuxiliaryValue into the ELF namespace 2020-12-25 14:48:30 +01:00
Andreas Kling
1e4c010643 LibELF: Remove ELF::Loader and move everyone to ELF::Image
This commit gets rid of ELF::Loader entirely since its very ambiguous
purpose was actually to load executables for the kernel, and that is
now handled by the kernel itself.

This patch includes some drive-by cleanup in LibDebug and CrashDaemon
enabled by the fact that we no longer need to keep the ref-counted
ELF::Loader around.
2020-12-25 02:14:56 +01:00
Itamar
a83a9f3a55 Loader: Support loading non-position independent executables 2020-12-24 21:46:35 +01:00
Sahan Fernando
bcecd2fa2f DynamicLoader: Call libc's exit when exitting, to flush standard streams 2020-12-24 20:49:05 +01:00
Lenny Maiorani
765936ebae
Everywhere: Switch from (void) to [[maybe_unused]] (#4473)
Problem:
- `(void)` simply casts the expression to void. This is understood to
  indicate that it is ignored, but this is really a compiler trick to
  get the compiler to not generate a warning.

Solution:
- Use the `[[maybe_unused]]` attribute to indicate the value is unused.

Note:
- Functions taking a `(void)` argument list have also been changed to
  `()` because this is not needed and shows up in the same grep
  command.
2020-12-21 00:09:48 +01:00
Itamar
d2a984f2c7 Loader: Don't re-load self-dependant libraries 2020-12-14 23:05:53 +01:00
Itamar
72ca45e300 UserspaceEmulator: Support dynamically loaded programs
When loading dynamic objects, the emulator loads the interpreter,
generates an auxiliary vector and starts executing the loader.

Additionally, this commits also makes the MallocTracer and backtrace
symbolication work for dynamically loaded programs.
2020-12-14 23:05:53 +01:00
Itamar
f12e13e81c Loader: Take main program name from auxiliary vector 2020-12-14 23:05:53 +01:00
Itamar
efe4da57df Loader: Stabilize loader & Use shared libraries everywhere :^)
The dynamic loader is now stable enough to be used everywhere in the
system - so this commit does just that.
No More .a Files, Long Live .so's!
2020-12-14 23:05:53 +01:00
Itamar
07b4957361 Loader: Add dynamic loader program
The dynamic loader exists as /usr/lib/Loader.so and is loaded by the
kernel when ET_DYN programs are executed.

The dynamic loader is responsible for loading the dependencies of the
main program, allocating TLS storage, preparing all loaded objects for
execution and finally jumping to the entry of the main program.
2020-12-14 23:05:53 +01:00