diff options
| author | Marvin Borner | 2021-04-02 23:26:28 +0200 |
|---|---|---|
| committer | Marvin Borner | 2021-04-02 23:26:28 +0200 |
| commit | ce98400f8a9ebd4e62e76b9e292b7598d0d66cc0 (patch) | |
| tree | 823f06c2c325ead611863eeb3ac974c1ae562878 /kernel | |
| parent | fe468b476d567b6aa0695a030c408ccf46278c7d (diff) | |
Added kernel section clear/protect after init
This is a huge security improvement as it prevents potential exploits
of using or modifying internal kernel functions or data.
Diffstat (limited to 'kernel')
| -rw-r--r-- | kernel/Makefile | 5 | ||||
| -rw-r--r-- | kernel/drivers/cpu.c | 155 | ||||
| -rw-r--r-- | kernel/drivers/fb.c | 6 | ||||
| -rw-r--r-- | kernel/drivers/ide.c | 18 | ||||
| -rw-r--r-- | kernel/drivers/interrupts.c | 110 | ||||
| -rw-r--r-- | kernel/drivers/keyboard.c | 10 | ||||
| -rw-r--r-- | kernel/drivers/mouse.c | 21 | ||||
| -rw-r--r-- | kernel/drivers/pci.c | 26 | ||||
| -rw-r--r-- | kernel/drivers/serial.c | 2 | ||||
| -rw-r--r-- | kernel/drivers/timer.c | 12 | ||||
| -rw-r--r-- | kernel/features/fs.c | 10 | ||||
| -rw-r--r-- | kernel/features/mm.c | 47 | ||||
| -rw-r--r-- | kernel/features/proc.c | 14 | ||||
| -rw-r--r-- | kernel/features/syscall.c | 5 | ||||
| -rw-r--r-- | kernel/inc/cpu.h | 103 | ||||
| -rw-r--r-- | kernel/inc/mm.h | 1 | ||||
| -rw-r--r-- | kernel/link.ld | 29 | ||||
| -rw-r--r-- | kernel/main.c | 1 |
18 files changed, 445 insertions, 130 deletions
diff --git a/kernel/Makefile b/kernel/Makefile index 392665d..8970c1b 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -3,6 +3,7 @@ COBJS = main.o \ drivers/interrupts.o \ drivers/interrupts_asm.o \ + drivers/cpu.o \ drivers/serial.o \ drivers/keyboard.o \ drivers/mouse.o \ @@ -10,14 +11,12 @@ COBJS = main.o \ drivers/ide.o \ drivers/fb.o \ drivers/timer.o \ - drivers/rtl8139.o \ features/mm.o \ features/fs.o \ features/load.o \ features/proc.o \ features/proc_asm.o \ - features/syscall.o \ - features/net.o + features/syscall.o CC = ccache ../cross/opt/bin/i686-elf-gcc LD = ccache ../cross/opt/bin/i686-elf-ld OC = ccache ../cross/opt/bin/i686-elf-objcopy diff --git a/kernel/drivers/cpu.c b/kernel/drivers/cpu.c new file mode 100644 index 0000000..774d9f7 --- /dev/null +++ b/kernel/drivers/cpu.c @@ -0,0 +1,155 @@ +// MIT License, Copyright (c) 2020 Marvin Borner +// This file is a wrapper around some CPU asm calls + +#include <cpu.h> +#include <def.h> +#include <print.h> + +u8 inb(u16 port) +{ + u8 value; + __asm__ volatile("inb %1, %0" : "=a"(value) : "Nd"(port)); + return value; +} + +u16 inw(u16 port) +{ + u16 value; + __asm__ volatile("inw %1, %0" : "=a"(value) : "Nd"(port)); + return value; +} + +u32 inl(u16 port) +{ + u32 value; + __asm__ volatile("inl %1, %0" : "=a"(value) : "Nd"(port)); + return value; +} + +void outb(u16 port, u8 data) +{ + __asm__ volatile("outb %0, %1" ::"a"(data), "Nd"(port)); +} + +void outw(u16 port, u16 data) +{ + __asm__ volatile("outw %0, %1" ::"a"(data), "Nd"(port)); +} + +void outl(u16 port, u32 data) +{ + __asm__ volatile("outl %0, %1" ::"a"(data), "Nd"(port)); +} + +CLEAR static void cpuid(int code, u32 *a, u32 *b, u32 *c, u32 *d) +{ + __asm__ volatile("cpuid" : "=a"(*a), "=b"(*b), "=c"(*c), "=d"(*d) : "a"(code)); +} + +CLEAR static char *cpu_string(char buf[16]) +{ + // wtf + cpuid(CPUID_VENDOR_STRING, (u32 *)(buf + 12), (u32 *)(buf), (u32 *)(buf + 8), + (u32 *)(buf + 4)); + + return buf; +} + +CLEAR void cpu_print(void) +{ + char buf[16] = { 0 }; + printf("CPU vendor: %s\n", cpu_string(buf)); +} + +CLEAR u32 cr0_get(void) +{ + u32 cr0; + __asm__ volatile("movl %%cr0, %%eax" : "=a"(cr0)); + return cr0; +} + +CLEAR void cr0_set(u32 cr0) +{ + __asm__ volatile("movl %%eax, %%cr0" ::"a"(cr0)); +} + +u32 cr3_get(void) +{ + u32 cr3; + __asm__ volatile("movl %%cr0, %%eax" : "=a"(cr3)); + return cr3; +} + +void cr3_set(u32 cr3) +{ + __asm__ volatile("movl %%eax, %%cr3" ::"a"(cr3)); +} + +CLEAR u32 cr4_get(void) +{ + u32 cr4; + __asm__ volatile("movl %%cr4, %%eax" : "=a"(cr4)); + return cr4; +} + +CLEAR void cr4_set(u32 cr4) +{ + __asm__ volatile("movl %%eax, %%cr4" ::"a"(cr4)); +} + +static u32 cpu_cfeatures = 0; +u8 cpu_has_cfeature(enum cpuid_features feature) +{ + return (cpu_cfeatures & feature) != 0; +} + +static u32 cpu_dfeatures = 0; +u8 cpu_has_dfeature(enum cpuid_features feature) +{ + return (cpu_dfeatures & feature) != 0; +} + +static void fpu_handler(struct regs *r) +{ + UNUSED(r); + __asm__ volatile("clts"); +} + +static u8 fpu_state[512] ALIGNED(16); +void fpu_restore(void) +{ + __asm__ volatile("fxrstor (%0)" ::"r"(fpu_state)); +} + +CLEAR void cpu_enable_features(void) +{ + u32 a, b, c, d; + cpuid(CPUID_FEATURES, &a, &b, &c, &d); + cpu_cfeatures = c; + cpu_dfeatures = d; + if (cpu_has_dfeature(CPUID_FEAT_EDX_SSE)) { + cr0_set(cr0_get() & ~(1 << 2)); + cr0_set(cr0_get() | (1 << 1)); + cr4_set(cr4_get() | (3 << 9)); + } else { + panic("No SSE support!\n"); + } + + if (cpu_has_dfeature(CPUID_FEAT_EDX_FPU)) { + __asm__ volatile("fninit"); + __asm__ volatile("fxsave %0" : "=m"(fpu_state)); + irq_install_handler(7, fpu_handler); + } else { + panic("No FPU support!\n"); + } +} + +CLEAR void cli(void) +{ + __asm__ volatile("cli"); +} + +CLEAR void sti(void) +{ + __asm__ volatile("sti"); +} diff --git a/kernel/drivers/fb.c b/kernel/drivers/fb.c index 0a9494a..577debf 100644 --- a/kernel/drivers/fb.c +++ b/kernel/drivers/fb.c @@ -21,8 +21,8 @@ struct vbe_basic { u8 stuff3[212]; }; -static u32 dev_id = 0; -static struct vid_info *info = NULL; +PROTECTED static u32 dev_id = 0; +PROTECTED static struct vid_info *info = NULL; static u32 fb_owner = 0; static res fb_ioctl(u32 request, void *arg1, void *arg2, void *arg3, struct device *dev) @@ -65,7 +65,7 @@ void fb_map_buffer(struct page_dir *dir, struct vid_info *boot) memory_map_identity(dir, memory_range_around((u32)vbe->fb, size), MEMORY_USER); } -void fb_install(struct vid_info *boot) +CLEAR void fb_install(struct vid_info *boot) { info = boot; diff --git a/kernel/drivers/ide.c b/kernel/drivers/ide.c index 7146eb2..f19fe4d 100644 --- a/kernel/drivers/ide.c +++ b/kernel/drivers/ide.c @@ -8,13 +8,13 @@ #include <mem.h> #include <print.h> -static u8 *ide_buf = NULL; +PROTECTED static u8 *ide_buf = NULL; struct ata_data { u8 drive; }; -static void ide_select_drive(u8 bus, u8 drive) +CLEAR static void ide_select_drive(u8 bus, u8 drive) { if (bus == ATA_PRIMARY) { if (drive == ATA_MASTER) @@ -29,7 +29,7 @@ static void ide_select_drive(u8 bus, u8 drive) } } -static u8 ide_find(u8 bus, u8 drive) +CLEAR static u8 ide_find(u8 bus, u8 drive) { u16 io = bus == ATA_PRIMARY ? ATA_PRIMARY_IO : ATA_SECONDARY_IO; ide_select_drive(bus, drive); @@ -116,12 +116,12 @@ static res ata_read(void *buf, u32 lba, u32 sector_count, struct device *dev) return sector_count; } -int ata_pm = 0, ata_ps = 0, ata_sm = 0, ata_ss = 0; -static void ata_probe(void) +u8 ata_pm = 0, ata_ps = 0, ata_sm = 0, ata_ss = 0; +CLEAR static void ata_probe(void) { - for (int i = 0; i < 4; i++) { - int bus = i < 2 ? ATA_PRIMARY : ATA_SECONDARY; - int drive = i % 2 ? ATA_MASTER : ATA_SLAVE; + for (u8 i = 0; i < 4; i++) { + u32 bus = i < 2 ? ATA_PRIMARY : ATA_SECONDARY; + u32 drive = i % 2 ? ATA_MASTER : ATA_SLAVE; if (!ide_find(bus, drive)) continue; @@ -156,7 +156,7 @@ static void ata_probe(void) } } -void ata_install(void) +CLEAR void ata_install(void) { ide_buf = zalloc(SECTOR_SIZE); ata_probe(); diff --git a/kernel/drivers/interrupts.c b/kernel/drivers/interrupts.c index 0189b6c..9898ef1 100644 --- a/kernel/drivers/interrupts.c +++ b/kernel/drivers/interrupts.c @@ -14,10 +14,11 @@ * IDT */ +// TODO: Why does PROTECTED on idt only work when debug mode is disabled? File size? static struct idt_entry idt[256] = { 0 }; -static struct idt_ptr idt_ptr = { 0 }; +PROTECTED static struct idt_ptr idt_ptr = { 0 }; -void idt_set_gate(u8 num, u32 base, u16 sel, u8 flags) +CLEAR void idt_set_gate(u8 num, u32 base, u16 sel, u8 flags) { // Specify the interrupt routine's base address idt[num].base_low = (u16)(base & 0xFFFF); @@ -30,14 +31,14 @@ void idt_set_gate(u8 num, u32 base, u16 sel, u8 flags) } // Install IDT -static void idt_install(void) +CLEAR static void idt_install(void) { // Set IDT pointer and limit - idt_ptr.limit = (sizeof(struct idt_entry) * 256) - 1; + idt_ptr.limit = sizeof(idt) - 1; idt_ptr.base = &idt; // Clear IDT by setting memory cells to 0 - memset(&idt, 0, sizeof(struct idt_entry) * 256); + memset(&idt, 0, sizeof(idt)); __asm__ volatile("lidt %0" : : "m"(idt_ptr)); } @@ -46,22 +47,22 @@ static void idt_install(void) * IRQ */ -static void (*irq_routines[16])(struct regs *) = { 0 }; +PROTECTED static void (*irq_routines[16])(struct regs *) = { 0 }; // Install IRQ handler -void irq_install_handler(int irq, void (*handler)(struct regs *r)) +CLEAR void irq_install_handler(int irq, void (*handler)(struct regs *r)) { irq_routines[irq] = handler; } // Remove IRQ handler -void irq_uninstall_handler(int irq) +CLEAR void irq_uninstall_handler(int irq) { irq_routines[irq] = 0; } // Remap the IRQ table -static void irq_remap(void) +CLEAR static void irq_remap(void) { outb(0x20, 0x11); outb(0xA0, 0x11); @@ -95,7 +96,7 @@ void irq_handler(struct regs *r) } // Map ISRs to the correct entries in the IDT -static void irq_install(void) +CLEAR static void irq_install(void) { irq_remap(); @@ -122,57 +123,59 @@ static void irq_install(void) * ISR */ -static void (*isr_routines[256])(struct regs *) = { 0 }; - -const char *isr_exceptions[32] = { "Division By Zero", - "Debug", - "Non Maskable Interrupt", - "Breakpoint", - "Into Detected Overflow", - "Out of Bounds", - "Invalid Opcode", - "No Coprocessor", - - "Double Fault", - "Coprocessor Segment Overrun", - "Bad TSS", - "Segment Not Present", - "Stack Fault", - "General Protection Fault", - "Page Fault", - "Unknown Interrupt", - - "Coprocessor Fault", - "Alignment Check", - "Machine Check", - "Reserved", - "Reserved", - "Reserved", - "Reserved", - "Reserved", - - "Reserved", - "Reserved", - "Reserved", - "Reserved", - "Reserved", - "Reserved", - "Reserved", - "Reserved" }; - -void isr_install_handler(int isr, void (*handler)(struct regs *r)) +PROTECTED static void (*isr_routines[256])(struct regs *) = { 0 }; + +PROTECTED const char *isr_exceptions[32] = { + "Division By Zero", + "Debug", + "Non Maskable Interrupt", + "Breakpoint", + "Into Detected Overflow", + "Out of Bounds", + "Invalid Opcode", + "No Coprocessor", + + "Double Fault", + "Coprocessor Segment Overrun", + "Bad TSS", + "Segment Not Present", + "Stack Fault", + "General Protection Fault", + "Page Fault", + "Unknown Interrupt", + + "Coprocessor Fault", + "Alignment Check", + "Machine Check", + "Reserved", + "Reserved", + "Reserved", + "Reserved", + "Reserved", + + "Reserved", + "Reserved", + "Reserved", + "Reserved", + "Reserved", + "Reserved", + "Reserved", + "Reserved", +}; + +CLEAR void isr_install_handler(int isr, void (*handler)(struct regs *r)) { isr_routines[isr] = handler; } -void isr_uninstall_handler(int isr) +CLEAR void isr_uninstall_handler(int isr) { isr_routines[isr] = 0; } void isr_panic(struct regs *r) { - printf("%s Exception (%x) at 0x%x (ring %d), exiting!\n", isr_exceptions[r->int_no], + printf("%s Exception (code %x) at 0x%x (ring %d), exiting!\n", isr_exceptions[r->int_no], r->err_code, r->eip, RING(r)); struct proc *proc = proc_current(); if (proc) { @@ -196,7 +199,7 @@ void isr_handler(struct regs *r) isr_panic(r); } -static void isr_install(void) +CLEAR static void isr_install(void) { idt_set_gate(0, (u32)isr0, 0x08, 0x8E); idt_set_gate(1, (u32)isr1, 0x08, 0x8E); @@ -245,7 +248,8 @@ static void isr_install(void) /** * Combined */ -void interrupts_install(void) + +CLEAR void interrupts_install(void) { idt_install(); isr_install(); diff --git a/kernel/drivers/keyboard.c b/kernel/drivers/keyboard.c index 63005b9..b917e4e 100644 --- a/kernel/drivers/keyboard.c +++ b/kernel/drivers/keyboard.c @@ -13,10 +13,10 @@ #include <str.h> #include <sys.h> -static struct event_keyboard *event = NULL; -static struct stack *queue = NULL; -static u32 dev_id = 0; +PROTECTED static struct stack *queue = NULL; +PROTECTED static u32 dev_id = 0; +static struct event_keyboard *event = NULL; static int state = 0; static int merged = 0; static void keyboard_handler(struct regs *r) @@ -78,12 +78,12 @@ static res keyboard_ready(void) return !stack_empty(queue); } -void keyboard_reset(void) +CLEAR void keyboard_reset(void) { stack_clear(queue); } -void keyboard_install(void) +CLEAR void keyboard_install(void) { //keyboard_rate(); TODO: Fix keyboard rate? irq_install_handler(1, keyboard_handler); diff --git a/kernel/drivers/mouse.c b/kernel/drivers/mouse.c index db0d2fb..eb05d08 100644 --- a/kernel/drivers/mouse.c +++ b/kernel/drivers/mouse.c @@ -13,13 +13,12 @@ #include <str.h> #include <sys.h> -static char mouse_cycle = 0; -static char mouse_byte[3] = { 0 }; -static struct stack *queue = NULL; -static u32 dev_id = 0; +PROTECTED static struct stack *queue = NULL; +PROTECTED static u32 dev_id = 0; static struct event_mouse *event = NULL; - +static char mouse_cycle = 0; +static char mouse_byte[3] = { 0 }; static void mouse_handler(struct regs *r) { UNUSED(r); @@ -54,7 +53,7 @@ static void mouse_handler(struct regs *r) } } -static void mouse_serial_wait(u8 a_type) +CLEAR static void mouse_serial_wait(u8 a_type) { u32 time_out = 100000; if (a_type == 0) { @@ -70,7 +69,7 @@ static void mouse_serial_wait(u8 a_type) } } -static void mouse_serial_write(u8 a_write) +CLEAR static void mouse_serial_write(u8 a_write) { mouse_serial_wait(1); outb(0x64, 0xD4); @@ -78,7 +77,7 @@ static void mouse_serial_write(u8 a_write) outb(0x60, a_write); } -static u8 mouse_serial_read(void) +CLEAR static u8 mouse_serial_read(void) { mouse_serial_wait(0); return inb(0x60); @@ -101,7 +100,7 @@ static res mouse_read(void *buf, u32 offset, u32 count, struct device *dev) return MIN(count, sizeof(*e)); } -void mouse_install(void) +CLEAR void mouse_install(void) { u8 status; @@ -143,7 +142,7 @@ void mouse_install(void) mouse_serial_read(); status = (u8)mouse_serial_read(); if (status == 3) { - }; + } /* printf("Scrollwheel support!\n"); */ // Activate 4th and 5th mouse buttons @@ -166,7 +165,7 @@ void mouse_install(void) mouse_serial_read(); status = (u8)mouse_serial_read(); if (status == 4) { - }; + } /* printf("4th and 5th mouse button support!\n"); */ /* TODO: Fix mouse laggyness diff --git a/kernel/drivers/pci.c b/kernel/drivers/pci.c index 72b9aa8..829f5b9 100644 --- a/kernel/drivers/pci.c +++ b/kernel/drivers/pci.c @@ -7,13 +7,13 @@ #include <mem.h> #include <pci.h> -void pci_write_field(u32 device, int field, u32 value) +CLEAR void pci_write_field(u32 device, int field, u32 value) { outl(PCI_ADDRESS_PORT, pci_get_addr(device, field)); outl(PCI_VALUE_PORT, value); } -u32 pci_read_field(u32 device, int field, int size) +CLEAR u32 pci_read_field(u32 device, int field, int size) { outl(PCI_ADDRESS_PORT, pci_get_addr(device, field)); @@ -30,13 +30,13 @@ u32 pci_read_field(u32 device, int field, int size) return 0xFFFF; } -u16 pci_find_type(u32 device) +CLEAR u16 pci_find_type(u32 device) { return (u16)((pci_read_field(device, PCI_CLASS, 1) << 8) | pci_read_field(device, PCI_SUBCLASS, 1)); } -void pci_scan_hit(pci_func_t f, u32 dev, void *extra) +CLEAR void pci_scan_hit(pci_func_t f, u32 dev, void *extra) { int dev_vend = (int)pci_read_field(dev, PCI_VENDOR_ID, 2); int dev_dvid = (int)pci_read_field(dev, PCI_DEVICE_ID, 2); @@ -44,7 +44,7 @@ void pci_scan_hit(pci_func_t f, u32 dev, void *extra) f(dev, (u16)dev_vend, (u16)dev_dvid, extra); } -void pci_scan_func(pci_func_t f, int type, int bus, int slot, int func, void *extra) +CLEAR void pci_scan_func(pci_func_t f, int type, int bus, int slot, int func, void *extra) { u32 dev = pci_box_device(bus, slot, func); if (type == -1 || type == pci_find_type(dev)) @@ -53,7 +53,7 @@ void pci_scan_func(pci_func_t f, int type, int bus, int slot, int func, void *ex pci_scan_bus(f, type, (int)pci_read_field(dev, PCI_SECONDARY_BUS, 1), extra); } -void pci_scan_slot(pci_func_t f, int type, int bus, int slot, void *extra) +CLEAR void pci_scan_slot(pci_func_t f, int type, int bus, int slot, void *extra) { u32 dev = pci_box_device(bus, slot, 0); if (pci_read_field(dev, PCI_VENDOR_ID, 2) == PCI_NONE) @@ -68,13 +68,13 @@ void pci_scan_slot(pci_func_t f, int type, int bus, int slot, void *extra) } } -void pci_scan_bus(pci_func_t f, int type, int bus, void *extra) +CLEAR void pci_scan_bus(pci_func_t f, int type, int bus, void *extra) { for (int slot = 0; slot < 32; ++slot) pci_scan_slot(f, type, bus, slot, extra); } -void pci_scan(pci_func_t f, int type, void *extra) +CLEAR void pci_scan(pci_func_t f, int type, void *extra) { if ((pci_read_field(0, PCI_HEADER_TYPE, 1) & 0x80) == 0) { pci_scan_bus(f, type, 0, extra); @@ -90,17 +90,17 @@ void pci_scan(pci_func_t f, int type, void *extra) } } -static void find_isa_bridge(u32 device, u16 vendor_id, u16 device_id, void *extra) +CLEAR static void find_isa_bridge(u32 device, u16 vendor_id, u16 device_id, void *extra) { if (vendor_id == 0x8086 && (device_id == 0x7000 || device_id == 0x7110)) *((u32 *)extra) = device; } -static u32 pci_isa = 0; -static u8 pci_remaps[4] = { 0 }; +PROTECTED static u32 pci_isa = 0; +PROTECTED static u8 pci_remaps[4] = { 0 }; // Remap -void pci_install(void) +CLEAR void pci_install(void) { pci_scan(&find_isa_bridge, -1, &pci_isa); if (pci_isa) { @@ -116,7 +116,7 @@ void pci_install(void) } } -int pci_get_interrupt(u32 device) +CLEAR int pci_get_interrupt(u32 device) { if (pci_isa) { u32 irq_pin = pci_read_field(device, 0x3D, 1); diff --git a/kernel/drivers/serial.c b/kernel/drivers/serial.c index 98108eb..6f00ac7 100644 --- a/kernel/drivers/serial.c +++ b/kernel/drivers/serial.c @@ -5,7 +5,7 @@ #include <serial.h> #include <str.h> -void serial_install(void) +CLEAR void serial_install(void) { outb(0x3f8 + 1, 0x00); outb(0x3f8 + 3, 0x80); diff --git a/kernel/drivers/timer.c b/kernel/drivers/timer.c index 8887279..2a7ca2a 100644 --- a/kernel/drivers/timer.c +++ b/kernel/drivers/timer.c @@ -7,9 +7,9 @@ #include <timer.h> static u32 timer_ticks = 0; -static u8 call_scheduler = 0; +PROTECTED static u8 call_scheduler = 0; -static void timer_phase(int hz) +CLEAR static void timer_phase(int hz) { int divisor = 3579545 / 3 / hz; outb(0x43, 0x36); // 01 10 11 0b // CTR, RW, MODE, BCD @@ -38,12 +38,12 @@ void timer_wait(u32 ticks) { u32 eticks = timer_ticks + ticks; while (timer_ticks < eticks) { - __asm__ volatile("sti//hlt//cli"); + __asm__ volatile("sti\nhlt\ncli"); } } // Install timer handler into IRQ0 -void timer_install(void) +CLEAR void timer_install(void) { /* hpet_install(10000); // TODO: Find optimal femtosecond period */ /* if (!hpet) */ @@ -51,13 +51,13 @@ void timer_install(void) irq_install_handler(0, timer_handler); } -void scheduler_enable(void) +CLEAR void scheduler_enable(void) { call_scheduler = 1; irq_install_handler(0, timer_handler); } -void scheduler_disable(void) +CLEAR void scheduler_disable(void) { call_scheduler = 0; irq_install_handler(0, timer_handler); diff --git a/kernel/features/fs.c b/kernel/features/fs.c index 0ffe80f..cc9949e 100644 --- a/kernel/features/fs.c +++ b/kernel/features/fs.c @@ -16,7 +16,7 @@ * VFS */ -static struct list *mount_points = NULL; +PROTECTED static struct list *mount_points = NULL; static char *vfs_normalize_path(const char *path) { @@ -293,7 +293,7 @@ res vfs_ready(const char *path) return m->dev->vfs->ready(path, m->dev); } -void vfs_install(void) +CLEAR void vfs_install(void) { mount_points = list_new(); } @@ -302,9 +302,9 @@ void vfs_install(void) * Device */ -static struct list *devices = NULL; +PROTECTED static struct list *devices = NULL; -void device_add(struct device *dev) +CLEAR void device_add(struct device *dev) { dev->id = rand() + 1; list_add(devices, dev); @@ -373,7 +373,7 @@ static res devfs_ready(const char *path, struct device *dev) return target->ready(); } -void device_install(void) +CLEAR void device_install(void) { devices = list_new(); diff --git a/kernel/features/mm.c b/kernel/features/mm.c index 3be798a..86d33c7 100644 --- a/kernel/features/mm.c +++ b/kernel/features/mm.c @@ -11,7 +11,7 @@ #include <print.h> #include <random.h> -static struct page_dir kernel_dir ALIGNED(PAGE_SIZE) = { 0 }; +PROTECTED static struct page_dir kernel_dir ALIGNED(PAGE_SIZE) = { 0 }; static struct page_table kernel_tables[PAGE_KERNEL_COUNT] ALIGNED(PAGE_SIZE) = { 0 }; /** @@ -23,14 +23,14 @@ static void paging_switch_dir(u32 dir) cr3_set(dir); } -extern void paging_invalidate_tlb(void); +CLEAR extern void paging_invalidate_tlb(void); -void paging_disable(void) +CLEAR void paging_disable(void) { cr0_set(cr0_get() | 0x7fffffff); } -void paging_enable(void) +CLEAR void paging_enable(void) { cr0_set(cr0_get() | 0x80010000); } @@ -70,7 +70,7 @@ void page_fault_handler(struct regs *r) */ static u32 memory_used = 0; -static u32 memory_total = 0; +PROTECTED static u32 memory_total = 0; static u32 best_bet = 0; static u8 memory[PAGE_COUNT * PAGE_COUNT / 8] = { 0 }; @@ -563,7 +563,7 @@ struct memory_range memory_range_around(u32 base, u32 size) extern u32 kernel_rw_start; extern u32 kernel_rw_end; -static struct memory_range kernel_rw_memory_range(void) +CLEAR static struct memory_range kernel_rw_memory_range(void) { return memory_range_around((u32)&kernel_rw_start, (u32)&kernel_rw_end - (u32)&kernel_rw_start); @@ -571,13 +571,44 @@ static struct memory_range kernel_rw_memory_range(void) extern u32 kernel_ro_start; extern u32 kernel_ro_end; -static struct memory_range kernel_ro_memory_range(void) +CLEAR static struct memory_range kernel_ro_memory_range(void) { return memory_range_around((u32)&kernel_ro_start, (u32)&kernel_ro_end - (u32)&kernel_ro_start); } -void memory_install(struct mem_info *mem_info, struct vid_info *vid_info) +extern u32 kernel_temp_clear_start; +extern u32 kernel_temp_clear_end; +static void memory_temp_clear(void) +{ + u8 *data = (u8 *)&kernel_temp_clear_start; + u32 size = (u32)&kernel_temp_clear_end - (u32)&kernel_temp_clear_start; + memset(data, 0, size); + memory_free(&kernel_dir, memory_range_around((u32)data, size)); + printf("Cleared %dKiB\n", size >> 10); +} + +extern u32 kernel_temp_protect_start; +extern u32 kernel_temp_protect_end; +CLEAR static void memory_temp_protect(void) +{ + u32 data = (u32)&kernel_temp_protect_start; + u32 size = (u32)&kernel_temp_protect_end - (u32)&kernel_temp_protect_start; + memory_map_identity(&kernel_dir, memory_range_around((u32)data, size), MEMORY_READONLY); + printf("Protected %dKiB\n", size >> 10); +} + +void memory_user_hook(void) +{ + PROTECTED static u8 called = 0; + if (!called) { + called = 1; + memory_temp_protect(); + memory_temp_clear(); + } +} + +CLEAR void memory_install(struct mem_info *mem_info, struct vid_info *vid_info) { for (struct mmap_boot *p = mem_info->start; (u32)(p - mem_info->start) < mem_info->size; p++) { diff --git a/kernel/features/proc.c b/kernel/features/proc.c index 8625e7d..6d07945 100644 --- a/kernel/features/proc.c +++ b/kernel/features/proc.c @@ -18,12 +18,12 @@ static u32 locked = 0; static u32 current_pid = 0; -static struct node *idle_proc = NULL; static struct node *current = NULL; +PROTECTED static struct node *idle_proc = NULL; -static struct list *proc_list_running = NULL; -static struct list *proc_list_blocked = NULL; -static struct list *proc_list_idle = NULL; +PROTECTED static struct list *proc_list_running = NULL; +PROTECTED static struct list *proc_list_blocked = NULL; +PROTECTED static struct list *proc_list_idle = NULL; // TODO: Use less memcpy and only copy relevant registers // TODO: 20 priority queues (https://www.kernel.org/doc/html/latest/scheduler/sched-nice-design.html) @@ -111,7 +111,7 @@ struct proc *proc_from_pid(u32 pid) return NULL; } -void proc_set_quantum(struct proc *proc, u32 value) +CLEAR void proc_set_quantum(struct proc *proc, u32 value) { proc->quantum.val = value; } @@ -552,8 +552,10 @@ NORETURN void proc_init(void) _eip = init->regs.eip; _esp = init->regs.useresp; - memory_switch_dir(init->page_dir); + // We'll shortly jump to usermode. Clear and protect every secret! + memory_user_hook(); + memory_switch_dir(init->page_dir); printf("Jumping to userspace!\n"); // You're waiting for a train. A train that will take you far away... diff --git a/kernel/features/syscall.c b/kernel/features/syscall.c index ab14539..6a64996 100644 --- a/kernel/features/syscall.c +++ b/kernel/features/syscall.c @@ -24,8 +24,7 @@ static void syscall_handler(struct regs *r) switch (num) { case SYS_LOOP: { - loop(); - panic("Fell out of the looping!\n"); + panic("Loop is deprecated!\n"); break; } case SYS_ALLOC: { @@ -134,7 +133,7 @@ static void syscall_handler(struct regs *r) } } -void syscall_init(void) +CLEAR void syscall_init(void) { idt_set_gate(0x80, (u32)isr128, 0x08, 0x8E); isr_install_handler(0x80, syscall_handler); diff --git a/kernel/inc/cpu.h b/kernel/inc/cpu.h new file mode 100644 index 0000000..a88d94e --- /dev/null +++ b/kernel/inc/cpu.h @@ -0,0 +1,103 @@ +// MIT License, Copyright (c) 2020 Marvin Borner + +#ifndef CPU_H +#define CPU_H + +#include <def.h> + +static inline void spinlock(u32 *ptr) +{ + u32 prev; + do + __asm__ volatile("lock xchgl %0,%1" : "=a"(prev) : "m"(*ptr), "a"(1)); + while (prev); +} + +u8 inb(u16 port); +u16 inw(u16 port); +u32 inl(u16 port); + +void outb(u16 port, u8 data); +void outw(u16 port, u16 data); +void outl(u16 port, u32 data); + +void cpu_print(void); +void cpu_enable_features(void); +void fpu_restore(void); + +u32 cr0_get(void); +void cr0_set(u32 cr0); +u32 cr3_get(void); +void cr3_set(u32 cr3); +u32 cr4_get(void); +void cr4_set(u32 cr4); + +void cli(void); +void sti(void); + +enum cpuid_requests { CPUID_VENDOR_STRING, CPUID_FEATURES, CPUID_TLB, CPUID_SERIAL }; +enum cpuid_features { + CPUID_FEAT_ECX_SSE3 = 1u << 0, + CPUID_FEAT_ECX_PCLMUL = 1u << 1, + CPUID_FEAT_ECX_DTES64 = 1u << 2, + CPUID_FEAT_ECX_MONITOR = 1u << 3, + CPUID_FEAT_ECX_DS_CPL = 1u << 4, + CPUID_FEAT_ECX_VMX = 1u << 5, + CPUID_FEAT_ECX_SMX = 1u << 6, + CPUID_FEAT_ECX_EST = 1u << 7, + CPUID_FEAT_ECX_TM2 = 1u << 8, + CPUID_FEAT_ECX_SSSE3 = 1u << 9, + CPUID_FEAT_ECX_CID = 1u << 10, + CPUID_FEAT_ECX_FMA = 1u << 12, + CPUID_FEAT_ECX_CX16 = 1u << 13, + CPUID_FEAT_ECX_ETPRD = 1u << 14, + CPUID_FEAT_ECX_PDCM = 1u << 15, + CPUID_FEAT_ECX_PCIDE = 1u << 17, + CPUID_FEAT_ECX_DCA = 1u << 18, + CPUID_FEAT_ECX_SSE4_1 = 1u << 19, + CPUID_FEAT_ECX_SSE4_2 = 1u << 20, + CPUID_FEAT_ECX_x2APIC = 1u << 21, + CPUID_FEAT_ECX_MOVBE = 1u << 22, + CPUID_FEAT_ECX_POPCNT = 1u << 23, + CPUID_FEAT_ECX_AES = 1u << 25, + CPUID_FEAT_ECX_XSAVE = 1u << 26, + CPUID_FEAT_ECX_OSXSAVE = 1u << 27, + CPUID_FEAT_ECX_AVX = 1u << 28, + CPUID_FEAT_ECX_F16C = 1u << 29, + CPUID_FEAT_ECX_RDRND = 1u << 30, + + CPUID_FEAT_EDX_FPU = 1u << 0, + CPUID_FEAT_EDX_VME = 1u << 1, + CPUID_FEAT_EDX_DE = 1u << 2, + CPUID_FEAT_EDX_PSE = 1u << 3, + CPUID_FEAT_EDX_TSC = 1u << 4, + CPUID_FEAT_EDX_MSR = 1u << 5, + CPUID_FEAT_EDX_PAE = 1u << 6, + CPUID_FEAT_EDX_MCE = 1u << 7, + CPUID_FEAT_EDX_CX8 = 1u << 8, + CPUID_FEAT_EDX_APIC = 1u << 9, + CPUID_FEAT_EDX_SEP = 1u << 11, + CPUID_FEAT_EDX_MTRR = 1u << 12, + CPUID_FEAT_EDX_PGE = 1u << 13, + CPUID_FEAT_EDX_MCA = 1u << 14, + CPUID_FEAT_EDX_CMOV = 1u << 15, + CPUID_FEAT_EDX_PAT = 1u << 16, + CPUID_FEAT_EDX_PSE36 = 1u << 17, + CPUID_FEAT_EDX_PSN = 1u << 18, + CPUID_FEAT_EDX_CLF = 1u << 19, + CPUID_FEAT_EDX_DTES = 1u << 21, + CPUID_FEAT_EDX_ACPI = 1u << 22, + CPUID_FEAT_EDX_MMX = 1u << 23, + CPUID_FEAT_EDX_FXSR = 1u << 24, + CPUID_FEAT_EDX_SSE = 1u << 25, + CPUID_FEAT_EDX_SSE2 = 1u << 26, + CPUID_FEAT_EDX_SS = 1u << 27, + CPUID_FEAT_EDX_HTT = 1u << 28, + CPUID_FEAT_EDX_TM1 = 1u << 29, + CPUID_FEAT_EDX_IA64 = 1u << 30, +}; + +u8 cpu_has_cfeature(enum cpuid_features feature); +u8 cpu_has_dfeature(enum cpuid_features feature); + +#endif diff --git a/kernel/inc/mm.h b/kernel/inc/mm.h index a0b39a5..7226adb 100644 --- a/kernel/inc/mm.h +++ b/kernel/inc/mm.h @@ -135,6 +135,7 @@ res memory_sys_alloc(struct page_dir *dir, u32 size, u32 *addr, u32 *id, u8 shar res memory_sys_free(struct page_dir *dir, u32 addr) NONNULL; res memory_sys_shaccess(struct page_dir *dir, u32 id, u32 *addr, u32 *size) NONNULL; +void memory_user_hook(void); void memory_install(struct mem_info *mem_info, struct vid_info *vid_info) NONNULL; #endif diff --git a/kernel/link.ld b/kernel/link.ld index c3b59b3..3b92e82 100644 --- a/kernel/link.ld +++ b/kernel/link.ld @@ -8,22 +8,42 @@ SECTIONS . = phys; kernel_ro_start = .; + .text BLOCK(4K) : ALIGN(4K) { - *(.text) + *(.text*) } .rodata BLOCK(4K) : ALIGN(4K) { - *(.rodata) + *(.rodata*) } - kernel_ro_end = .; + kernel_ro_end = .; kernel_rw_start = .; + + /* Clear after init */ + .temp_clear BLOCK(4K) : ALIGN(4K) + { + kernel_temp_clear_start = .; + *(.temp_clear) + kernel_temp_clear_end = .; + . = ALIGN(4K); + } + + /* Make read-only after init */ + .temp_protect BLOCK(4K) : ALIGN(4K) + { + kernel_temp_protect_start = .; + *(.temp_protect) + kernel_temp_protect_end = .; + . = ALIGN(4K); + } + .data BLOCK(4K) : ALIGN(4K) { - *(.data) + *(.data*) } .bss BLOCK(4K) : ALIGN(4K) @@ -31,5 +51,6 @@ SECTIONS *(COMMON) *(.bss) } + kernel_rw_end = .; } diff --git a/kernel/main.c b/kernel/main.c index 326bd5c..14a3555 100644 --- a/kernel/main.c +++ b/kernel/main.c @@ -50,5 +50,6 @@ void kernel_main(struct mem_info *mem_info, struct vid_info *vid_info) keyboard_reset(); syscall_init(); + proc_init(); } |