Commit Graph

118 Commits

Author SHA1 Message Date
Giacomo Tesio 80a8501c05 kern/ip/gre: fix CID 156224: Uninitialized scalar variable 2017-04-25 15:53:20 +02:00
Giacomo Tesio ea6f34f4f7 kern: mark pexit() as noreturn
Since pexit() calls sched() it wont return to the caller.
Should fix

- CID 155655: Missing break in switch
- CID 155672: Missing break in switch
2017-04-24 09:55:45 +02:00
Giacomo Tesio c2204d83a5 libposix: getppid 2017-04-22 00:40:39 +02:00
Giacomo Tesio a1b4085b7b libc: keep __libc_init weak definition private 2017-04-21 23:58:06 +02:00
Giacomo Tesio 4142b70d32 libposix: allow custom translations of exit status 2017-04-21 23:56:43 +02:00
Giacomo Tesio 188a07782d libposix: initial draft 2017-04-19 23:48:54 +02:00
Giacomo Tesio e70feee4a3 libc: introduce "jehanne_" namespace
With this commit all functions declared in libc.h have been renamed
with the "jehanne_" prefix. This is done for several reason:

- it removes conflicts during symbol resolution when linking
  standard C libraries like newlib or musl
- it allows programs depending on a standard C library to directly
  link to a library depending on our non standard libc (eg libsec).

To ease transiction two files are provided:

- sys/include/lib9.h that can be included instead of <libc.h> to use
  the old names (via a simple set of macros)
- sys/src/lib/c/lib9.c that can be compiled with a program where the
  macro provided by lib9.h are too dumb (see for example rc or grep).

In the kernel port/lib.h has been modified accordingly and some of
the functions it directly provides has been renamed too (eg malloc
in qmalloc.c and print in devcons.c).
2017-04-19 23:48:21 +02:00
Giacomo Tesio 7609abaaf3 libauth: fix potential null deref in auth_proxy
Should fix CID 155820
2017-02-08 00:07:01 +01:00
Giacomo Tesio 1f59502bf5 kernel/boot: #ec/console (from kernel args) defines the console to start 2017-02-04 01:04:51 +01:00
Giacomo Tesio 19bf511603 kernel: devdup: fix dup(n, 0)
Completes e1a14b49be
2017-01-24 22:24:55 +01:00
Giacomo Tesio edd84db070 kernel: import 9front's PCI improvements 2017-01-24 22:24:43 +01:00
Giacomo Tesio c2b06ebf80 kernel: fix out of bound read in trap()
Reported by coverity, CID 155927: if vno == 32 it would access index
32 of excname at trap.c:339.
2017-01-24 22:24:20 +01:00
Giacomo Tesio 6dd0f2e130 kernel: use pprint instead of print in elf64ldseg.
Should also fix CID 156242, CID 156240 and CID 156236 avoiding
access to uninitialized pointers (get64, get32 and get16).
2017-01-24 22:23:17 +01:00
Giacomo Tesio db8aab1a04 kernel: boot: fix more dup() leaks reported by coverity 2017-01-24 22:22:58 +01:00
Giacomo Tesio aa25654232 libsec: improve fix #4: check valid length in TLS (msgRecv)
This commit should complete the work done at 90fe80e73b

Should also fix CID 155874.
2017-01-24 22:22:20 +01:00
Giacomo Tesio 65cdad4317 libc: rewrite putenv and getenv.
These new implementations

- do several validity check on input parameters
- allow a bit larger variable names (127 bytes, aka sizeof(Proc.genbuf)-1)
- preserve nulls in the content (the original version used to replace
  '\0' with ' '). I can't see why they did, actually.
  See also http://marc.info/?l=9fans&m=148475801229908&w=2

Should also fix CID 155718
2017-01-19 00:58:43 +01:00
Giacomo Tesio d43be3861b libc: fix potential nil dereference in system() posix wrapper
Should also fix CID 155750.
2017-01-18 23:36:18 +01:00
Giacomo Tesio b05c21397e libc: rewrite brk() and sbrk()
Also fix Coverity 1 scan defects, CID 155773 and CID 155768, removing
less-than-zero comparisons of unsigned values that were never true.
2017-01-18 23:35:41 +01:00
Giacomo Tesio 6e816b293d libmp: fix #6: mptole takes `p` xor `pp`
See commit 0f82a2c3c3 for further info

Also fix build after typo.
2017-01-18 01:59:44 +01:00
Giacomo Tesio 0f82a2c3c3 libmp: fix #5: mptole takes `p` xor `pp`
According to http://man.cat-v.org/9front/2/mp mptole either take p or pp:

> Mptobe and mptole convert an mpint to a byte array.  The
> former creates a big endian representation, the latter a
> little endian one.  If the destination buf is not nil, it
> specifies the buffer of length blen for the result.  If the
> representation is less than blen bytes, the rest of the
> buffer is zero filled.  **If buf is nil**, then a buffer is
> allocated and a pointer to it is deposited in the location
> pointed to by **bufp**. Sign is ignored in these conversions,
> i.e., the byte array version is always positive.

Assert accordingly.
2017-01-18 01:47:31 +01:00
Giacomo Tesio 90fe80e73b libsec: fix #4: Finished.n can only be 0, 12 or 36
As noted ty Cinap Lenrek Finished.n is only set by setVersion and can only
be either 0 before setVersion() as emalloc() zeros the TlsConnection struct
or SSL3FinishedLen/TLSFinishedLen after when we got the client/server hello.

Introducing FinishedLength enum we make the domain of the field explicit.
2017-01-18 00:24:10 +01:00
Giacomo Tesio 49040ffdaa kernel: boot: fix dup() leaks reported by coverity 2017-01-17 22:01:15 +01:00
Giacomo Tesio e1a14b49be kernel: devdup: fix dup(n, 0)
A successful dup(n, 0) must not return -1L
2017-01-17 21:48:33 +01:00
Giacomo Tesio 207967f9e8 libc: _assert do not return. should fix build 2017-01-17 21:28:56 +01:00
Giacomo Tesio 04962f0637 libsec: fix #3: out-of-bound access in aesXCBCmac (CID 155914) 2017-01-17 21:05:59 +01:00
Giacomo Tesio 90f3d2ce31 lib9p2000: cleanup redundant checks in convM2S
CID 49221 (#1 of 1): Identical code for different branches (IDENTICAL_BRANCHES)
identical_branches: The same code is executed when the condition p == NULL is true or false, because the code in the if-then branch and after the if statement is identical. Should the if statement be removed?
2017-01-17 21:05:15 +01:00
Giacomo Tesio 663b002529 libsec: mark DigestState as stack var in ccpoly_*
CID 160099 and CID 160100 (#1 of 1): Free of address-of expression (BAD_FREE)
address_free: ccpolylen frees address of ds
2017-01-17 21:04:15 +01:00
Giacomo Tesio 3cfe366cc0 libsec: fix out of bound write (CID 155904)
In aesXCBCmac fix (potential) out of bound write in padding.

CID 155904 (#1 of 1): Out-of-bounds write (OVERRUN)
7. overrun-local: Overrunning array of 16 bytes at byte offset 16 by dereferencing pointer p2++.
2017-01-17 21:03:32 +01:00
Giacomo Tesio 6daa49324a kernel: umem: fix frees in segments_fill
CID 155453 (#1 of 1): Free of address-of expression (BAD_FREE)
address_free: free frees address of (segments + 0).pages.
2017-01-17 00:26:23 +01:00
Giacomo Tesio 20f15cbe5a kernel: fix not null terminated string in options()
CID 155471 (#1 of 1): Buffer not null terminated (BUFFER_SIZE_WARNING)67.
buffer_size_warning: Calling strncpy with a maximum size argument of 256 bytes on destination array envcopy of size 256 bytes might leave the destination string unterminated.
2017-01-17 00:18:18 +01:00
Giacomo Tesio 41a9489dd4 libsec: fix des56to64 access to key array
CID 155910 (#1 of 1): Out-of-bounds access (OVERRUN)1.

overrun-buffer-val: Overrunning buffer pointed to by key of 7 bytes by passing it to a function which accesses it at byte offset 63.
2017-01-17 00:01:08 +01:00
Giacomo Tesio e2b5953d99 libc: handle positive fd on "always-failing" creates (brk and dup) 2017-01-16 23:53:05 +01:00
Giacomo Tesio 042e206d13 kernel: devrtc: fix use of uninitialized array in rtcextract
CID 156229: Uninitialized scalar variable (UNINIT)9.
uninit_use: Using uninitialized value bcdclock[0].
2017-01-16 02:00:10 +01:00
Giacomo Tesio 237b7709ae kernel: umem: fix use of uninitialized fptr in freelist_pop
CID 156230 (#1 of 1): Uninitialized pointer read (UNINIT)9.
uninit_use: Using uninitialized value fptr.
2017-01-15 01:59:41 +01:00
Giacomo Tesio 1cb4610ed2 kernel: udp: fix read of uninitialized array
CID 156231 (#1 of 1): Uninitialized scalar variable (UNINIT)6.
uninit_use_in_call: Using uninitialized element of array laddr when calling memcmp.
2017-01-15 01:35:28 +01:00
Giacomo Tesio f2f95a935f kernel: fix use of uninitialized value in freelist_pop
CID 156233 (#1 of 1): Uninitialized pointer read (UNINIT)5. uninit_use: Using uninitialized value fimg.
2017-01-15 01:03:35 +01:00
Giacomo Tesio c4fb99ec38 qa: fix a few issues detected by coverity 2017-01-14 17:58:33 +01:00
Giacomo Tesio 0de2dfc95b kernel: fix /dev/swap and `stats -m` 2017-01-12 00:41:14 +01:00
Giacomo Tesio d1cc947cd9 kernel: fix fd mode print in devproc 2017-01-12 00:39:50 +01:00
Giacomo Tesio e93aafc028 qa: build everything with -Werror 2017-01-12 00:38:56 +01:00
Giacomo Tesio 51d12f1f34 kernel: fix #0/brk/ qid (it's a special directory, not a special file) 2017-01-09 00:44:01 +01:00
Giacomo Tesio a8e2247e20 kernel: drop SysNsec references from syscall() 2017-01-06 01:40:04 +01:00
Giacomo Tesio 4676c65a3d kernel: move nsec to libc 2017-01-06 00:56:22 +01:00
Giacomo Tesio 2508de40ea kernel: move sysdup to libc 2017-01-06 00:56:22 +01:00
Giacomo Tesio c342234d74 kernel: print faults to process standard error 2017-01-06 00:54:04 +01:00
Giacomo Tesio e8562ff537 cmd/pict: import 9front's graphical tools 2017-01-03 22:31:09 +01:00
Giacomo Tesio 890f126abc kernel: fix usb after changing OREAD/OWRITE values
OREAD and OWRITE are used as array indexes assuming that OREAD was zero
and OWRITE was one. Thus each related allocation reserved just 2 slot and
even Ep struct in usb.h reserved just 2 int for toggles.

Since OREAD is now 1 and OWRITE is 2 we have to allocate/reserve 3 slot
as long as we use them as array indexes (which we could change in the future).

Unfortunately this means we waste the index zero in those arrays that will
always be unused. This also means that, to loop in such arrays we must begin
with OREAD as index zero is always empty.

PRO-MEMORIA: if/when we introduce the walk() syscall, OSTAT might turn useless.
In that case we might remove it and thus consider to move back OREAD/OWRITE
to 0/1 respectively (which might or might not be a good idea, to be analyzed).
2017-01-03 01:27:08 +01:00
Giacomo Tesio c1eb65b35e kernel: move null and zero from #c to #0 2017-01-03 01:27:08 +01:00
Giacomo Tesio 8e7f47c743 kernel/boot: bind #0 wherever #c is bound 2017-01-03 01:27:08 +01:00
Giacomo Tesio ac15346de7 kernel: make #0/pid, #0/ppid and #0/pgrpid readable 2017-01-03 01:27:07 +01:00
Giacomo Tesio da77086023 mount: update dev9p name (#9 instead of #M) 2016-12-31 17:19:40 +01:00
Giacomo Tesio 37541724d0 kernel: add #0/brk and move brk_() to libc 2016-12-31 00:43:02 +01:00
Giacomo Tesio 0bbd79e0a5 kernel: waitdebugger on lapictimerset if apic->div == 0 2016-12-26 02:18:19 +01:00
Giacomo Tesio 71ea62eb5b rm -e prints the return value of remove syscalls
Some devices return useful info on specific file remove (eg #0/pid, #0/ppid...)
so we need a tool to get such info.

	rm -e '#0/pid' '#0/ppid'
	#0/pid 65
	#0/ppid 59
2016-12-26 02:18:19 +01:00
Giacomo Tesio 31aa85b01a kernel: move pgrpid to devself 2016-12-26 02:18:19 +01:00
Giacomo Tesio 66373243bd libc: rewrite access() 2016-12-26 02:18:06 +01:00
Giacomo Tesio b862596737 kernel&all: create() syscall only sends Tcreate
In Plan9 the create syscall fallback on a open(OTRUNC) if the
path provided already exists. This is actually a common requirement
as most programs (editors, cat...) simply requires that a file is
there and is empty, and doesn't care overwriting existing contents
(note that this is particularily sensible with something like fossil).

In Jehanne the application is responsible of actually handle this
"file exists" error but libc provides ocreate() to mimic the Plan9
behaviour. Note that ocreate introduce a subtle race too: the path
is walked several times if the file exists, thus it could misbehave
on concurrent namespace changes. However I guess this is not going to
happen often enough to care now.

NOTE we will probably address this rare race too, with a more drammatic change
to syscalls: a new walk() syscall that will provide an unopen fd.
2016-12-24 21:25:20 +01:00
Giacomo Tesio c30fb72b82 kernel: allow negative lengths in pwrite 2016-12-24 21:24:49 +01:00
Giacomo Tesio ca05868e4d kernel: use #9 instead of #M in /proc/n/ns 2016-12-24 21:24:28 +01:00
Giacomo Tesio 99855d60d6 kernel: move chdir to libc using devself/devproc
Added wdir to devself and devproc:

- read '#0/wdir' to get the working directory of the calling process
  NOTE that a read(fd, nil, -1) will return the negated length
  of the working directory, just in case you want to
  allocate the memory required

- read '/proc/n/wdir' to know the working directory of process n
  (read(fd, nil, -1) still returns the negated length)

- write '#0/wdir' to change the working directory of the calling process
  NOTE: no offset is allowed and the provided string must
  be null terminated

- write '/proc/n/wdir' to change the working directory of process n
  NOTE: no offset is allowed and the provided string must
  be null terminated; moreover if another process change the working
  directory change during the write, the current process will
  receive an error.

In libc updated getwd() and chdir().
Also modified pwd to get advantage of the new file.

To test, run /arch/amd64/qa/kern/wdir.rc or simply try

	% pwd
	/usr/glenda
	% echo -n /tmp > /proc/$pid/wdir
        % pwd
        /tmp
        % cat '#0/wdir' && echo
        /tmp

The expected use cases for wdir in devproc are rio and acme.

Also, note that we could theoretically remove the cd builtin
from rc and simply implement it as a rc function.
We don't do that to preserve rc portability to other OS.
2016-12-15 22:42:01 +01:00
Giacomo Tesio c6de6b66e9 kernel: introduce devself
Devself provides to each process access to its own structures.

So far it contains four files:

- pid
- ppid
- pipes	used to implement pipe(2)
- segments used to implement segattach, segdetach and segfree
2016-12-11 01:26:08 +01:00
Giacomo Tesio f52a185030 decouple Jehanne from 9P2000 (as much as needed)
Jehanne is going to use a new file protocol, but Plan 9 is really
coupled with 9P2000.

Renamed fcall.h as 9P2000.h and introduced specific constants such
as NP_OREAD, NP_OWRITE and so on, so that we can use different values
in the kernel and new protocol.

Renamed devmnt to devninep, since it's actually a device serving 9P2000
file systems.

Also, fixed 9P2000 support in Jehanne, that was broken with the introduction
of OSTAT.
2016-12-06 23:01:45 +01:00
Giacomo Tesio bbb375a585 kernel: return long from file related syscalls 2016-11-30 20:18:45 +01:00
Giacomo Tesio a9745e02c5 kernel: in Proc defined syscallerr to hold the return value of failing syscalls 2016-11-30 01:07:45 +01:00
Giacomo Tesio 488106eaac cmd/ms: read #P/ps2mouse in a char (not in an int)
After the removal of dumb push in crt0 (commit 929014ebca5c738d3854758326de7abfb77c1ef1)
the first byte of the c integer is not zeroed anymore (which is correct).

But since ms.c reads and bit-match a single byte in c, when it's an int some test success/fail
due to the state of the unused bytes.

This makes the mouse turn crazy.

So we turn it into a char, so that bitmasks and tests work as expected.
2016-11-29 20:42:24 +01:00
Giacomo Tesio 52777e21ab kernel: devdraw: use sys->ticks instead of m->ticks in drawactive() 2016-11-29 20:41:55 +01:00
Giacomo Tesio 38aca7a581 first usable version of kernel and commands
After an year of hard work, this is a first "usable" version of Jehanne.
2016-11-26 03:49:29 +01:00
Giacomo Tesio 3925b61fa6 libc: initial import from Harvey
Note that libc is what distinguish "native" software from "non-native"
in Jehanne: further C libraries can be ported to Jehanne, but this libc
will remain the main building block of the system.

Also note that a few files have not been ported from Harvey:

	- 9sys/pushtls.c
	- port/rijndael.c
	- port/rijndael.tbl
	- port/sha2.c

Pushtls.c depends on libmp and libsec so libc is not the appropriate place
for it. The other three will be moved to libsec.
2015-12-22 11:55:44 +00:00