From ce98400f8a9ebd4e62e76b9e292b7598d0d66cc0 Mon Sep 17 00:00:00 2001
From: Marvin Borner
Date: Fri, 2 Apr 2021 23:26:28 +0200
Subject: Added kernel section clear/protect after init

This is a huge security improvement as it prevents potential exploits
of using or modifying internal kernel functions or data.
---
 libs/libc/Makefile    |   1 -
 libs/libc/alloc.c     |   5 --
 libs/libc/cpu.c       | 182 --------------------------------------------------
 libs/libc/inc/cpu.h   | 110 ------------------------------
 libs/libc/inc/def.h   |   9 ++-
 libs/libc/inc/print.h |   2 +-
 libs/libc/inc/sys.h   |   2 +-
 libs/libc/print.c     |   9 +--
 libs/libc/random.c    |   5 +-
 9 files changed, 16 insertions(+), 309 deletions(-)
 delete mode 100644 libs/libc/cpu.c
 delete mode 100644 libs/libc/inc/cpu.h

(limited to 'libs')

diff --git a/libs/libc/Makefile b/libs/libc/Makefile
index d8d58ff..24970d8 100644
--- a/libs/libc/Makefile
+++ b/libs/libc/Makefile
@@ -10,7 +10,6 @@ COBJS = sanitize.o \
 	crypto.o \
 	conv.o \
 	print.o \
-	cpu.o \
 	sys.o \
 	list.o \
 	stack.o \
diff --git a/libs/libc/alloc.c b/libs/libc/alloc.c
index 02e30eb..2f8e0ba 100644
--- a/libs/libc/alloc.c
+++ b/libs/libc/alloc.c
@@ -2,7 +2,6 @@
 // Mostly by Durand Miller, released into public domain
 
 #include <assert.h>
-#include <cpu.h>
 #include <mem.h>
 
 #ifdef KERNEL
@@ -40,17 +39,13 @@ static int liballoc_free(void *ptr, u32 p)
 
 #endif
 
-static u32 locked = 0;
-
 static int liballoc_lock(void)
 {
-	spinlock(&locked);
 	return 0;
 }
 
 static int liballoc_unlock(void)
 {
-	locked = 0;
 	return 0;
 }
 
diff --git a/libs/libc/cpu.c b/libs/libc/cpu.c
deleted file mode 100644
index 7fbb66a..0000000
--- a/libs/libc/cpu.c
+++ /dev/null
@@ -1,182 +0,0 @@
-// MIT License, Copyright (c) 2020 Marvin Borner
-// This file is a wrapper around some CPU asm calls
-
-#include <cpu.h>
-#include <def.h>
-#include <print.h>
-
-u8 inb(u16 port)
-{
-	u8 value;
-	__asm__ volatile("inb %1, %0" : "=a"(value) : "Nd"(port));
-	return value;
-}
-
-u16 inw(u16 port)
-{
-	u16 value;
-	__asm__ volatile("inw %1, %0" : "=a"(value) : "Nd"(port));
-	return value;
-}
-
-u32 inl(u16 port)
-{
-	u32 value;
-	__asm__ volatile("inl %1, %0" : "=a"(value) : "Nd"(port));
-	return value;
-}
-
-void insl(u16 port, void *addr, int n)
-{
-	__asm__ volatile("rep insl" ::"c"(n), // Count
-			 "d"(port), // Port #
-			 "D"(addr)); // Buffer
-}
-
-void outb(u16 port, u8 data)
-{
-	__asm__ volatile("outb %0, %1" ::"a"(data), "Nd"(port));
-}
-
-void outw(u16 port, u16 data)
-{
-	__asm__ volatile("outw %0, %1" ::"a"(data), "Nd"(port));
-}
-
-void outl(u16 port, u32 data)
-{
-	__asm__ volatile("outl %0, %1" ::"a"(data), "Nd"(port));
-}
-
-#ifdef KERNEL
-
-static void cpuid(int code, u32 *a, u32 *b, u32 *c, u32 *d)
-{
-	__asm__ volatile("cpuid" : "=a"(*a), "=b"(*b), "=c"(*c), "=d"(*d) : "a"(code));
-}
-
-static char *cpu_string(char buf[16])
-{
-	// wtf
-	cpuid(CPUID_VENDOR_STRING, (u32 *)(buf + 12), (u32 *)(buf), (u32 *)(buf + 8),
-	      (u32 *)(buf + 4));
-
-	return buf;
-}
-
-void cpu_print(void)
-{
-	char buf[16] = { 0 };
-	printf("CPU vendor: %s\n", cpu_string(buf));
-}
-
-u32 cr0_get(void)
-{
-	u32 cr0;
-	__asm__ volatile("movl %%cr0, %%eax" : "=a"(cr0));
-	return cr0;
-}
-
-void cr0_set(u32 cr0)
-{
-	__asm__ volatile("movl %%eax, %%cr0" ::"a"(cr0));
-}
-
-u32 cr3_get(void)
-{
-	u32 cr3;
-	__asm__ volatile("movl %%cr0, %%eax" : "=a"(cr3));
-	return cr3;
-}
-
-void cr3_set(u32 cr3)
-{
-	__asm__ volatile("movl %%eax, %%cr3" ::"a"(cr3));
-}
-
-u32 cr4_get(void)
-{
-	u32 cr4;
-	__asm__ volatile("movl %%cr4, %%eax" : "=a"(cr4));
-	return cr4;
-}
-
-void cr4_set(u32 cr4)
-{
-	__asm__ volatile("movl %%eax, %%cr4" ::"a"(cr4));
-}
-
-static u32 cpu_cfeatures = 0;
-u8 cpu_has_cfeature(enum cpuid_features feature)
-{
-	return (cpu_cfeatures & feature) != 0;
-}
-
-static u32 cpu_dfeatures = 0;
-u8 cpu_has_dfeature(enum cpuid_features feature)
-{
-	return (cpu_dfeatures & feature) != 0;
-}
-
-static void fpu_handler(struct regs *r)
-{
-	UNUSED(r);
-	__asm__ volatile("clts");
-}
-
-static u8 fpu_state[512] ALIGNED(16);
-void fpu_restore(void)
-{
-	__asm__ volatile("fxrstor (%0)" ::"r"(fpu_state));
-}
-
-void cpu_enable_features(void)
-{
-	u32 a, b, c, d;
-	cpuid(CPUID_FEATURES, &a, &b, &c, &d);
-	cpu_cfeatures = c;
-	cpu_dfeatures = d;
-	if (cpu_has_dfeature(CPUID_FEAT_EDX_SSE)) {
-		cr0_set(cr0_get() & ~(1 << 2));
-		cr0_set(cr0_get() | (1 << 1));
-		cr4_set(cr4_get() | (3 << 9));
-	} else {
-		panic("No SSE support!\n");
-	}
-
-	if (cpu_has_dfeature(CPUID_FEAT_EDX_FPU)) {
-		__asm__ volatile("fninit");
-		__asm__ volatile("fxsave %0" : "=m"(fpu_state));
-		irq_install_handler(7, fpu_handler);
-	} else {
-		panic("No FPU support!\n");
-	}
-}
-
-void cli(void)
-{
-	__asm__ volatile("cli");
-}
-
-void sti(void)
-{
-	__asm__ volatile("sti");
-}
-
-void hlt(void)
-{
-	__asm__ volatile("hlt");
-}
-
-void idle(void)
-{
-	while (1)
-		hlt();
-}
-
-void loop(void)
-{
-	cli();
-	idle();
-}
-#endif
diff --git a/libs/libc/inc/cpu.h b/libs/libc/inc/cpu.h
deleted file mode 100644
index 0410125..0000000
--- a/libs/libc/inc/cpu.h
+++ /dev/null
@@ -1,110 +0,0 @@
-// MIT License, Copyright (c) 2020 Marvin Borner
-
-#ifndef CPU_H
-#define CPU_H
-
-#include <def.h>
-
-u8 inb(u16 port);
-u16 inw(u16 port);
-u32 inl(u16 port);
-void insl(u16 port, void *addr, int n) ATTR((nonnull(2)));
-
-void outb(u16 port, u8 data);
-void outw(u16 port, u16 data);
-void outl(u16 port, u32 data);
-
-static inline void spinlock(u32 *ptr)
-{
-	u32 prev;
-	do
-		__asm__ volatile("lock xchgl %0,%1" : "=a"(prev) : "m"(*ptr), "a"(1));
-	while (prev);
-}
-
-#ifdef KERNEL
-void cpu_print(void);
-void cpu_enable_features(void);
-void fpu_restore(void);
-
-u32 cr0_get(void);
-void cr0_set(u32 cr0);
-u32 cr3_get(void);
-void cr3_set(u32 cr3);
-u32 cr4_get(void);
-void cr4_set(u32 cr4);
-
-void cli(void);
-void sti(void);
-void hlt(void);
-void idle(void);
-void loop(void);
-
-enum cpuid_requests { CPUID_VENDOR_STRING, CPUID_FEATURES, CPUID_TLB, CPUID_SERIAL };
-enum cpuid_features {
-	CPUID_FEAT_ECX_SSE3 = 1u << 0,
-	CPUID_FEAT_ECX_PCLMUL = 1u << 1,
-	CPUID_FEAT_ECX_DTES64 = 1u << 2,
-	CPUID_FEAT_ECX_MONITOR = 1u << 3,
-	CPUID_FEAT_ECX_DS_CPL = 1u << 4,
-	CPUID_FEAT_ECX_VMX = 1u << 5,
-	CPUID_FEAT_ECX_SMX = 1u << 6,
-	CPUID_FEAT_ECX_EST = 1u << 7,
-	CPUID_FEAT_ECX_TM2 = 1u << 8,
-	CPUID_FEAT_ECX_SSSE3 = 1u << 9,
-	CPUID_FEAT_ECX_CID = 1u << 10,
-	CPUID_FEAT_ECX_FMA = 1u << 12,
-	CPUID_FEAT_ECX_CX16 = 1u << 13,
-	CPUID_FEAT_ECX_ETPRD = 1u << 14,
-	CPUID_FEAT_ECX_PDCM = 1u << 15,
-	CPUID_FEAT_ECX_PCIDE = 1u << 17,
-	CPUID_FEAT_ECX_DCA = 1u << 18,
-	CPUID_FEAT_ECX_SSE4_1 = 1u << 19,
-	CPUID_FEAT_ECX_SSE4_2 = 1u << 20,
-	CPUID_FEAT_ECX_x2APIC = 1u << 21,
-	CPUID_FEAT_ECX_MOVBE = 1u << 22,
-	CPUID_FEAT_ECX_POPCNT = 1u << 23,
-	CPUID_FEAT_ECX_AES = 1u << 25,
-	CPUID_FEAT_ECX_XSAVE = 1u << 26,
-	CPUID_FEAT_ECX_OSXSAVE = 1u << 27,
-	CPUID_FEAT_ECX_AVX = 1u << 28,
-	CPUID_FEAT_ECX_F16C = 1u << 29,
-	CPUID_FEAT_ECX_RDRND = 1u << 30,
-
-	CPUID_FEAT_EDX_FPU = 1u << 0,
-	CPUID_FEAT_EDX_VME = 1u << 1,
-	CPUID_FEAT_EDX_DE = 1u << 2,
-	CPUID_FEAT_EDX_PSE = 1u << 3,
-	CPUID_FEAT_EDX_TSC = 1u << 4,
-	CPUID_FEAT_EDX_MSR = 1u << 5,
-	CPUID_FEAT_EDX_PAE = 1u << 6,
-	CPUID_FEAT_EDX_MCE = 1u << 7,
-	CPUID_FEAT_EDX_CX8 = 1u << 8,
-	CPUID_FEAT_EDX_APIC = 1u << 9,
-	CPUID_FEAT_EDX_SEP = 1u << 11,
-	CPUID_FEAT_EDX_MTRR = 1u << 12,
-	CPUID_FEAT_EDX_PGE = 1u << 13,
-	CPUID_FEAT_EDX_MCA = 1u << 14,
-	CPUID_FEAT_EDX_CMOV = 1u << 15,
-	CPUID_FEAT_EDX_PAT = 1u << 16,
-	CPUID_FEAT_EDX_PSE36 = 1u << 17,
-	CPUID_FEAT_EDX_PSN = 1u << 18,
-	CPUID_FEAT_EDX_CLF = 1u << 19,
-	CPUID_FEAT_EDX_DTES = 1u << 21,
-	CPUID_FEAT_EDX_ACPI = 1u << 22,
-	CPUID_FEAT_EDX_MMX = 1u << 23,
-	CPUID_FEAT_EDX_FXSR = 1u << 24,
-	CPUID_FEAT_EDX_SSE = 1u << 25,
-	CPUID_FEAT_EDX_SSE2 = 1u << 26,
-	CPUID_FEAT_EDX_SS = 1u << 27,
-	CPUID_FEAT_EDX_HTT = 1u << 28,
-	CPUID_FEAT_EDX_TM1 = 1u << 29,
-	CPUID_FEAT_EDX_IA64 = 1u << 30,
-};
-
-u8 cpu_has_cfeature(enum cpuid_features feature);
-u8 cpu_has_dfeature(enum cpuid_features feature);
-
-#endif
-
-#endif
diff --git a/libs/libc/inc/def.h b/libs/libc/inc/def.h
index 583a351..f1201b9 100644
--- a/libs/libc/inc/def.h
+++ b/libs/libc/inc/def.h
@@ -23,7 +23,7 @@ typedef unsigned long long u64;
  * Macros
  */
 
-#define UNUSED(__a) ((void)(__a))
+#define UNUSED(a) ((void)(a))
 
 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
@@ -32,6 +32,7 @@ typedef unsigned long long u64;
 
 #define ATTR __attribute__
 #define NORETURN ATTR((noreturn))
+#define NOINLINE ATTR((noinline))
 #define DEPRECATED ATTR((deprecated))
 #define NONNULL ATTR((nonnull))
 #define PURE ATTR((pure))
@@ -44,7 +45,11 @@ typedef unsigned long long u64;
 #define UNUSED_FUNC ATTR((unused))
 #define NO_SANITIZE ATTR((no_sanitize("undefined")))
 #define ALIGNED(align) ATTR((aligned(align)))
-#define SECTION(section) ATTR((section(section)))
+
+#ifdef KERNEL
+#define CLEAR NOINLINE ATTR((section(".temp_clear")))
+#define PROTECTED ATTR((section(".temp_protect")))
+#endif
 
 #define EOF (-1)
 #define NULL ((void *)0)
diff --git a/libs/libc/inc/print.h b/libs/libc/inc/print.h
index c0d864e..1d85c33 100644
--- a/libs/libc/inc/print.h
+++ b/libs/libc/inc/print.h
@@ -17,7 +17,7 @@ NORETURN void panic(const char *format, ...) NONNULL;
 int vfprintf(const char *path, const char *format, va_list ap) NONNULL;
 int fprintf(const char *path, const char *format, ...) NONNULL;
 int log(const char *format, ...) NONNULL;
-int err(int code, const char *format, ...) NONNULL;
+void err(int code, const char *format, ...) NONNULL;
 #else
 #include <proc.h>
 int print_app(enum stream_defaults id, const char *proc_name, const char *str) NONNULL;
diff --git a/libs/libc/inc/sys.h b/libs/libc/inc/sys.h
index 81de724..b435899 100644
--- a/libs/libc/inc/sys.h
+++ b/libs/libc/inc/sys.h
@@ -66,7 +66,7 @@ struct stat {
  */
 
 void loop(void);
-void exit(s32 status);
+void exit(s32 status) NORETURN;
 res read(const char *path, void *buf, u32 offset, u32 count) NONNULL;
 res write(const char *path, const void *buf, u32 offset, u32 count) NONNULL;
 res ioctl(const char *path, ...) NONNULL;
diff --git a/libs/libc/print.c b/libs/libc/print.c
index b77c165..4c38cdc 100644
--- a/libs/libc/print.c
+++ b/libs/libc/print.c
@@ -3,7 +3,6 @@
 #include <arg.h>
 #include <assert.h>
 #include <conv.h>
-#include <cpu.h>
 #include <def.h>
 #include <mem.h>
 #include <str.h>
@@ -145,7 +144,7 @@ int log(const char *format, ...)
 	return len;
 }
 
-int err(int code, const char *format, ...)
+NORETURN void err(int code, const char *format, ...)
 {
 	if (errno != EOK)
 		log("ERRNO: %d (%s)\n", errno, strerror(errno));
@@ -154,7 +153,6 @@ int err(int code, const char *format, ...)
 	vfprintf(PATH_ERR, format, ap);
 	va_end(ap);
 	exit(code);
-	return -1;
 }
 
 int print(const char *str)
@@ -251,10 +249,9 @@ NORETURN void panic(const char *format, ...)
 	print("--- DON'T PANIC! ---\n");
 	print(buf);
 	print_trace(5);
-	loop();
+	while (1)
+		__asm__ volatile("cli\nhlt");
 #else
 	err(1, buf);
 #endif
-	while (1)
-		;
 }
diff --git a/libs/libc/random.c b/libs/libc/random.c
index 5cbbbb6..6e65959 100644
--- a/libs/libc/random.c
+++ b/libs/libc/random.c
@@ -1,10 +1,13 @@
 // MIT License, Copyright (c) 2020 Marvin Borner
 
-#include <cpu.h>
 #include <def.h>
 #include <mem.h>
 #include <random.h>
 
+#ifdef KERNEL
+#include <cpu.h>
+#endif
+
 static u32 g_seed = 1;
 
 void srand(u32 seed)
-- 
cgit v1.2.3