* make runtime_loader a dynammically linked object
* add kernel support for loading user images that need to be relocated
* load runtime_loader at random address
Currently there are two generators. The fast one is the same one the scheduler
is using. The standard one is the same algorithm libroot's rand() uses. Should
there be a need for more cryptographically PRNG MD4 or MD5 might be a good
candidates.
This address specification is actually not needed since PIC images can be
located anywhere. Only their size is restriced but that is the compiler and
linker concern. Thanks to Alex Smith for pointing that out.
On some 64 bit architectures program and library images have to be mapped in
the lower 2 GB of the address space (due to instruction pointer relative
addressing). Address specification B_RANDOMIZED_IMAGE_ADDRESS ensures that
created area satisfies that requirement.
Placing commpage and team user data somewhere at the top of the user accessible
virtual address space prevents these areas from conflicting with elf images
that require to be mapped at exact address (in most cases: runtime_loader).
This patch introduces randomization of commpage position. From now on commpage
table contains offsets from begining to of the commpage to the particular
commpage entry. Similary addresses of symbols in ELF memory image "commpage"
are just offsets from the begining of the commpage.
This patch also updates KDL so that commpage entries are recognized and shown
correctly in stack trace. An update of Debugger is yet to be done.
Set execute disable bit for any page that belongs to area with neither
B_EXECUTE_AREA nor B_KERNEL_EXECUTE_AREA set.
In order to take advanage of NX bit in 32 bit protected mode PAE must be
enabled. Thus, from now on it is also enabled when the CPU supports NX bit.
vm_page_fault() takes additional argument which indicates whether page fault
was caused by an illegal instruction fetch.
x86_userspace_thread_exit() is a stub originally placed at the bottom of
each thread user stack that ensures any thread invokes exit_thread() upon
returning from its main higher level function.
Putting anything that is expected to be executed on a stack causes problems
when implementing data execution prevention. Code of x86_userspace_thread_exit()
is now moved to commpage which seems to be much more appropriate place for it.
When mmap() is invoked without specifying address hint B_RANDOMIZED_ANY_ADDRESS
is used.
Otherwise, unless MAP_FIXED flag is set (which requires mmap() to return an area
positioned exactly at given address), B_RANDOMIZED_BASE_ADDRESS is used.
When forking a process team user data area is not cloned but a new one is
created instead. However, the new one has to be at exactly the same address
parent's team user data area is. When process is exec then team user data
area may be recreated at random position.
This patch also make sure that instances of struct user_thread in team user
data are each in separate cache line in order to prevent false sharing since
these data are very likely to be accessed simultaneously from threads executing
on different CPUs. This change however reduces the number of threads process
can create. It is fixed by reserving 512kB of address space in case team user
data area needs to grow.
Randomized equivalent of B_ANY_ADDRESS. When a free space is found (as in
B_ANY_ADDRESS) the base adress is then randomized using _RandomizeAddress
pretty much like it is done in B_RANDOMIZED_BASE_ADDRESS.
B_RAND_BASE_ADDRESS is basically B_BASE_ADDRESS with non-deterministic created
area's base address.
Initial start address is randomized and then the algorithm looks for a large
enough free space in the interval [randomized start, end]. If it fails then
the search is repeated in the interval [original start, randomized start]. In
case it also fails the algorithm falls back to B_ANY_ADDRESS
(B_RANDOMIZED_ANY_ADDRESS when it is implemented) just like B_BASE_ADDRESS does.
Randomization range is limited by kMaxRandomize and kMaxInitialRandomize.
Inside the page randomization of initial user stack pointer is not only a part
of ASLR implementation but also a performance improvement that helps
eliminating aligned 64 kB data access.
Minimal user stack size is increased to 8 kB in order to ensure that regardless
of initial stack pointer value there is still enough space on stack.
* If we have a configured network, then we always try to connect to it
as soon as the interface has been brought up.
* If we don't have a configured network and are auto configuring, we
use the AutoconfigLooper to also do initial auto joins.
* Before issuing auto joins we need to wait for scan results to come
in, so we watch for corresponding messages.
For now auto joining is a one shot attempt as the infrastructure to
properly tell reasons for scans apart is not yet there.
This ensures that we don't spuriously re-detect a link if we have a
race between starting to watch for link state changes and detecting the
initial link.
The scanning still occurs so that the network list is populated. But if
no SSID has been explicitly configured, we now always set the
IEEE80211_SCAN_NOJOIN flag that prevents automatically joining open
networks at the end of the scan.
The wpa_supplicant (rightfully) supplies the SSID with this request.
However, with the code that is in place it gets ignored and the desired
SSID, as set by IEEE80211_IOC_SSID is used instead. This still works if
the wpa_supplicant is the only client in use and IEEE80211_IOC_SSID
is never used, as then the mlme.im_macaddr is used as the only
identifying element. If we used IEEE80211_IOC_SSID before though, for
example because we joined an open network from the net_server directly,
there will always be a mismatch between the desired SSID and the one
the wpa_supplicant tries to associate with using this MLME request.
No association is then possible. As there is no obvious reason why the
request supplied SSID shouldn't be used, we simply do so.
We need to make sure that the wpa_supplicant knows about our intention
even when joining an open network, as it otherwise might interfere.
Since leaving a network is not synchronous and the wpa_supplicant is
already running in that case anyway, this seems easier and more
reliable.
If the wpa_supplicant is not already running we still join ourselves.
The _ConfigureInterface() method is used as a backend for all
configuration tasks. That includes setting addresses manually or by
DHCP and changing flags, mtu or metric. Therefore we can't join
networks every time it is invoked. Instead we check for an existing
link first and only try to join if there is none yet.
This allows to reuse BMessenger objects for different targets, or to
recheck validity after initial creation. With that one can use the same
BMessenger after launching an application that was previously not found
valid for example.
Any fully empty keyring (no keys and no applications) would fail to add
the empty flat buffer and thus prevent the whole keystore database from
being stored. This could easily happen when you used separate keyrings
but the master keyring was left unused for example.
Adding a flag that tells that there is no data allows us to distinguish
between a case where the stored data is missing due to a problem versus
an actually empty buffer.
We always try to reach the wpa_supplicant first. If it isn't running
we check if this might have been a network we've connected directly
and then just disassociate using an MLME disassociation request.
* Updated to version 2.0 of vendor code.
* Reliability improvements in controlling the underlying devices.
* Implement leaving networks.
* Better timeout handling.
* Usability enhancements like cancel on escape, ok button being the
default and the password field having focus on start.
* Storing of the password using BKeyStore.
Using the original message and storing that into the settings resulted
in a not yet fully understood deadlock. Presumably related to missing
and/or stray replies.