system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-10-07 00:19:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
32756 commits 2 branches 0 tags 516 MiB
Commit graph

6496 commits

Author SHA1 Message Date
Andreas Kling 0e08763483 Kernel: Wrap much of sys$execve() in a block scope 
Since we don't return normally from this function, let's make it a
little extra difficult to accidentally leak something by leaving it on
the stack in this function.
 2022-01-13 23:57:33 +01:00
Andreas Kling 0e72b04e7d Kernel: Perform exec-into-new-image directly in sys$execve() 
This ensures that everything allocated on the stack in Process::exec()
gets cleaned up. We had a few leaks related to the parsing of shebang
(#!) executables that get fixed by this.
 2022-01-13 23:57:33 +01:00
Idan Horowitz cfb9f889ac LibELF: Accept Span instead of Pointer+Size in validate_program_headers 2022-01-13 22:40:25 +01:00
Idan Horowitz 3e959618c3 LibELF: Use StringBuilders instead of Strings for the interpreter path 
This is required for the Kernel's usage of LibELF, since Strings do not
expose allocation failure.
 2022-01-13 22:40:25 +01:00
Idan Horowitz fb3e46e930 Kernel: Make map_typed() & map_typed_writable() fallible using ErrorOr 
This mostly just moved the problem, as a lot of the callers are not
capable of propagating the errors themselves, but it's a step in the
right direction.
 2022-01-13 22:40:25 +01:00
Idan Horowitz e2e5d4da16 Kernel: Make map_bios() and map_ebda() fallible using ErrorOr 2022-01-13 22:40:25 +01:00
Andreas Kling 8ad46fd8f5 Kernel: Stop leaking executable path in successful sys$execve() 
Since we don't return from sys$execve() when it's successful, we have to
take special care to tear down anything we've allocated.

Turns out we were not doing this for the full executable path itself.
 2022-01-13 16:15:37 +01:00
Andreas Kling cfc9ce66d9 Kernel: Skip unnecessary TLB flush when growing kmalloc heap 
When adding entirely new page table mappings, we don't need to flush
the TLB since they were not present before.
 2022-01-13 11:22:11 +01:00
Andreas Kling de05223122 Kernel: Don't flush TLB after creating brand-new mappings 
The CPU will not cache TLB entries for non-present mappings, so we
can simply skip flushing the TLB after creating entirely new mappings.
 2022-01-13 11:22:11 +01:00
Idan Horowitz 40159186c1 Kernel: Remove String use-after-free in generate_auxiliary_vector 
Instead we generate the random bytes directly in
make_userspace_context_for_main_thread if requested.
 2022-01-13 00:20:08 -08:00
Idan Horowitz 215e031bf5 Kenrel: Use a KString for Ext2FSDirectoryEntry::name 
This brings Ext2FileSystem one step closer to being OOM-safe.
 2022-01-13 00:20:08 -08:00
Idan Horowitz 0e44bb7d82 Kernel: Add a KString::bytes() helper 2022-01-13 00:20:08 -08:00
Idan Horowitz 3098b11c07 Kernel: Remove unused AK/String.h include from CommandLine.h 2022-01-13 00:20:08 -08:00
Idan Horowitz e72bbca9eb Kernel: Fix OOB write in sys$uname 
Since this was only out of bounds of the specific field, not of the
whole struct, and because setting the hostname requires root privileges
this was not actually a security vulnerability.
 2022-01-13 00:20:08 -08:00
Idan Horowitz 50d6a6a186 Kernel: Convert hostname to KString 2022-01-13 00:20:08 -08:00
Idan Horowitz 6402840670 Kernel: Replace {KString => String}::formatted in determine_boot_device 2022-01-13 00:20:08 -08:00
Idan Horowitz ec1f3abd34 Kernel: Use KString::formatted in FramebufferDevice::create_framebuffer 
This allows us to avoid the infallible String::formatted.
 2022-01-13 00:20:08 -08:00
Idan Horowitz 618f123463 Kernel: Use StringView instead of String in RingBuffer's constructor 
This String was being copied into a KString internally anyways.
 2022-01-13 00:20:08 -08:00
Idan Horowitz 792b8ca13c Kernel: Use StringView::to_uint instead of String::to_uint in ProcFS 2022-01-13 00:20:08 -08:00
Idan Horowitz 119f900451 Kernel: Use StringView literals instead of empty Strings in ProcFS 2022-01-13 00:20:08 -08:00
Idan Horowitz 0fc25273e4 Kernel: Make Process::dump_perfcore OOM-fallible using KString 2022-01-13 00:20:08 -08:00
Idan Horowitz 709fe64c1b Revert "Kernel: Use a StringView for Ext2FSDirectoryEntry::name" 
This reverts commit d1d24eaef4.

I missed the fact that traverse_as_directory uses a temporary buffer,
meaning that entries created based on its callback will point to free'd
memory.
 2022-01-12 21:26:03 +02:00
Idan Horowitz 9a7cd8fef8 Kernel: Make Thread::backtrace() fallible using KString 2022-01-12 16:09:09 +02:00
Idan Horowitz 06af81fcfb Kernel: Move NonnullRefPtrVector<NVMeQueue>s instead of copying them 2022-01-12 16:09:09 +02:00
Idan Horowitz 4b74f2e3ec Kernel: Convert NVMeNameSpace::try_create() to KString 2022-01-12 16:09:09 +02:00
Idan Horowitz c92753a686 Kernel: Convert IPv4SocketTuple::to_string() to KString 2022-01-12 16:09:09 +02:00
Idan Horowitz b84444cbb3 Kernel: Move IPv4SocketTuple into the Kernel namespace 
This class was accidentally declared in the global namespace.
 2022-01-12 16:09:09 +02:00
Idan Horowitz bc85b64a38 Kernel: Replace usages of String::formatted with KString in sys$exec 2022-01-12 16:09:09 +02:00
Idan Horowitz dba0840942 Kernel: Remove outdated FIXME comment in sys$sethostname 2022-01-12 16:09:09 +02:00
Idan Horowitz e236f9d85a Kernel: Convert Inode event APIs to use StringViews instead of Strings 
These APIs allocate a copy internally anyways, so there's no point to
making another one for them.
 2022-01-12 16:09:09 +02:00
Idan Horowitz d1d24eaef4 Kernel: Use a StringView for Ext2FSDirectoryEntry::name 
This is a temporary struct, so there's no need to allocate a long term
storage for these strings.
 2022-01-12 16:09:09 +02:00
Idan Horowitz 8a4654a924 Kernel: Make PerformanceEventBuffer::add_process fallible with ErrorOr 2022-01-12 16:09:09 +02:00
Idan Horowitz d2ffcfb762 Kernel: Remove the Custody::absolute_path() API 
With the last user removed this non-fallible API can now be removed.
 2022-01-12 16:09:09 +02:00
Idan Horowitz efc61370c0 Kernel: Convert ProcFS Process getters to try_serialize_absolute_path 2022-01-12 16:09:09 +02:00
Idan Horowitz 174056a479 Kernel: Use try_serialize_absolute_path in PerformanceEventBuffer 
This only moves the issue, as PerformanceEventBuffer::add_process can't
fail yet, but this will allow us to remove the non-failable
Custody::absolute_path API.
 2022-01-12 16:09:09 +02:00
Idan Horowitz a482f7718d Kernel: Convert CoreDump to KString using try_serialize_absolute_path 2022-01-12 16:09:09 +02:00
Idan Horowitz eb5f6cd108 Kernel: Use try_serialize_absolute_path in ProcFSOverallProcesses 2022-01-12 16:09:09 +02:00
Idan Horowitz 4e7d307166 Kernel: Convert Mount::absolute_path to ErrorOr<NonnullOwnPtr<KString>> 2022-01-12 16:09:09 +02:00
Idan Horowitz 6be2a51b10 Kernel: Use Vector::try_append in Custody::try_serialize_absolute_path 2022-01-12 16:09:09 +02:00
Idan Horowitz 194d1c884b Kernel: Convert CommandLine to KString 2022-01-12 16:09:09 +02:00
Idan Horowitz a4560313eb Kernel: Replace all usages of String::number with KString::number 2022-01-12 16:09:09 +02:00
Idan Horowitz aa1f7060af Kernel: Add an error propagating KString::number() API 
This is simply a thin wrapper around the already existing
KString::formatted() API.
 2022-01-12 16:09:09 +02:00
Idan Horowitz 809870d519 Kernel: Convert ProcessorInfo to KString 2022-01-12 16:09:09 +02:00
Idan Horowitz b4ce1e2e62 Kernel: Remove unused ProcessorInfo::m_processor field 2022-01-12 16:09:09 +02:00
Idan Horowitz f9528f1882 Kernel: Rename ProcessorInfo::{m_brandstr => m_brand} 
There's no need to specify the type of the member in it's name,
especially not in shorthand format.
 2022-01-12 16:09:09 +02:00
Daniel Bertalan 182016d7c0 Kernel+LibC+LibCore+UE: Implement fchmodat(2) 
This function is an extended version of `chmod(2)` that lets one control
whether to dereference symlinks, and specify a file descriptor to a
directory that will be used as the base for relative paths.
 2022-01-12 14:54:12 +01:00
Andreas Kling 5f71925aa4 Kernel: Actually clear page slots in Region::clear_to_zero() 
We were copying the RefPtr<PhysicalPage> and zeroing the copy instead
of zeroing the slot itself.
 2022-01-12 14:52:47 +01:00
Andreas Kling d8206c1059 Kernel: Don't release/relock spinlocks repeatedly during space teardown 
Grab the page directory and MM locks once at the start of address space
teardown, then hold onto them across all the region unmapping work.
 2022-01-12 14:52:47 +01:00
Andreas Kling 2323cdd914 Kernel: Do less unnecessary work when tearing down process address space 
When deleting an entire AddressSpace, we don't need to do TLB flushes
at all (since the entire page directory is going away anyway).

We also don't need to deallocate VM ranges one by one, since the entire
VM range allocator will be deleted anyway.
 2022-01-12 14:52:47 +01:00
Brian Gianforcaro 9592ba3548 Kernel: Avoid potential allocation when enumerating cpu features 
We can use `StringView::for_each_split_view` here to avoid the potential
allocation of `Vector<StringView>` elements we would get from the normal
Split view functions.
 2022-01-12 13:03:44 +01:00