Commit Graph

6572 Commits

Author SHA1 Message Date
liamwhite
fca7d975fd
Merge pull request #10839 from lat9nq/pgc-plus
general: Reimplement per-game configurations
2023-08-02 14:25:52 -04:00
Morph
9bca45aa15 audren_u: Fix parameter alignment
The reduction in size from 0x38 to 0x34 caused the parameter to be misaligned. Skipping 1 word fixes this.
2023-07-31 18:40:16 -04:00
lat9nq
eaf2ab5289 tz_content_man: Generate the time zone binary once
Fixes a memory leak with time zone binaries accumulating on theirselves.
2023-07-30 12:55:19 -04:00
liamwhite
d3da1e6517
Merge pull request #10990 from comex/ubsan
Fixes and workarounds to make UBSan happier on macOS
2023-07-26 10:33:28 -04:00
liamwhite
18000df5e9
Merge pull request #11095 from liamwhite/memory2
memory: cleanup
2023-07-24 13:47:11 -04:00
Liam
3e3294e1c2 core: implement GetGaiStringErrorRequest, IContextRegistrar 2023-07-22 23:29:45 -04:00
Liam
9f3f615e05 core: reduce TOCTTOU memory access 2023-07-22 11:19:29 -04:00
liamwhite
b1aed2c5b7
Merge pull request #11094 from liamwhite/get
kernel: misc cleanup of page table accessors
2023-07-22 11:17:36 -04:00
bunnei
482c957f5d
Merge pull request #11113 from liamwhite/nsd1
nsd: add GetApplicationServerEnvironmentType
2023-07-21 21:24:36 -07:00
Liam
05bc024260 core: remove remaining uses of dynamic_cast 2023-07-21 19:37:29 -04:00
lat9nq
8e91554e11 k_system_control: Always return some memory size 2023-07-21 10:56:55 -04:00
lat9nq
127b3da0f1 core,common: Give memory layout setting an enum
Allows for 6GB and 8GB layouts to be selected.
2023-07-21 10:56:55 -04:00
lat9nq
ff6a5031d5 settings: Require time zone setting value for stirng 2023-07-21 10:56:55 -04:00
lat9nq
8e15146026 configure_system: Implement with for loop 2023-07-21 10:56:07 -04:00
lat9nq
4133165607 settings,core,config_sys: Remove optional type from custom_rtc, rng_seed
core: Fix MSVC errors
2023-07-21 10:56:07 -04:00
liamwhite
c0202da9ac
Merge pull request #11096 from german77/amiibooo
service: nfc: Update Implementation to match with latest RE
2023-07-21 09:21:48 -04:00
liamwhite
014ca709c9
Merge pull request #11116 from lat9nq/clang-shadowing
general: Silence -Wshadow{,-uncaptured-local} warnings
2023-07-19 17:14:55 -04:00
liamwhite
86bbfe3b1d
Merge pull request #11114 from Kelebek1/warnings
Mark SetIdleTimeDetectionExtension logging as debug
2023-07-19 17:14:45 -04:00
lat9nq
71b3b2a2f0 general: Silence -Wshadow{,-uncaptured-local} warnings
These occur in the latest commits in LLVM Clang.
2023-07-18 19:31:35 -04:00
Kelebek1
80cd67ed7b Debug SetIdleTimeDetectionExtension 2023-07-18 10:16:14 +01:00
Liam
8f1d48fda6 nsd: add GetApplicationServerEnvironmentType 2023-07-17 21:34:23 -04:00
Morph
16c238e4b9 ssl: Link with crypt32 for secure channel backend 2023-07-17 15:46:24 -04:00
Morph
e0fb1d3d17 ssl: Reorder inclusions 2023-07-17 15:46:24 -04:00
Morph
5bbc3aef13 network: Forward declarations 2023-07-17 15:36:03 -04:00
Narr the Reg
54f150b70a service: nfc: Update Implementation to match with latest RE 2023-07-17 11:24:23 -06:00
liamwhite
2461c78e3f
Merge pull request #10912 from comex/ssl
Implement SSL service
2023-07-16 16:56:47 -04:00
comex
d7c532d889 Fixes and workarounds to make UBSan happier on macOS
There are still some other issues not addressed here, but it's a start.

Workarounds for false-positive reports:

- `RasterizerAccelerated`: Put a gigantic array behind a `unique_ptr`,
  because UBSan has a [hardcoded limit](https://stackoverflow.com/questions/64531383/c-runtime-error-using-fsanitize-undefined-object-has-a-possibly-invalid-vp)
  of how big it thinks objects can be, specifically when dealing with
  offset-to-top values used with multiple inheritance.  Hopefully this
  doesn't have a performance impact.

- `QueryCacheBase::QueryCacheBase`: Avoid an operation that UBSan thinks
  is UB even though it at least arguably isn't.  See the link in the
  comment for more information.

Fixes for correct reports:

- `PageTable`, `Memory`: Use `uintptr_t` values instead of pointers to
  avoid UB from pointer overflow (when pointer arithmetic wraps around
  the address space).

- `KScheduler::Reload`: `thread->GetOwnerProcess()` can be `nullptr`;
  avoid calling methods on it in this case.  (The existing code returns
  a garbage reference to a field, which is then passed into
  `LoadWatchpointArray`, and apparently it's never used, so it's
  harmless in practice but still triggers UBSan.)

- `KAutoObject::Close`: This function calls `this->Destroy()`, which
  overwrites the beginning of the object with junk (specifically a free
  list pointer).  Then it calls `this->UnregisterWithKernel()`.  UBSan
  complains about a type mismatch because the vtable has been
  overwritten, and I believe this is indeed UB.  `UnregisterWithKernel`
  also loads `m_kernel` from the 'freed' object, which seems to be
  technically safe (the overwriting doesn't extend as far as that
  field), but seems dubious.  Switch to a `static` method and load
  `m_kernel` in advance.
2023-07-15 12:00:28 -07:00
Liam
474db2d8da kernel: reduce page table region checking 2023-07-14 22:33:10 -04:00
Liam
a85ce8ea56 k_process: PageTable -> GetPageTable 2023-07-14 21:43:15 -04:00
bunnei
28598c9090
Merge pull request #10985 from liamwhite/handle-translate
k_server_session: translate special header for non-HLE requests
2023-07-11 16:49:24 -07:00
bunnei
ce7c418e0c
Merge pull request #10996 from Kelebek1/readblock_optimisation
Use spans over guest memory where possible instead of copying data
2023-07-10 18:54:19 -07:00
Liam
4540bcfaf7 k_server_session: translate special header for non-HLE requests 2023-07-08 01:01:49 -04:00
german77
9cd698e8ad service: nfc: Ensure controller is in the correct mode 2023-07-02 19:21:16 -06:00
Kelebek1
6f7cb69c94 Use spans over guest memory where possible instead of copying data. 2023-07-02 23:09:48 +01:00
liamwhite
daaf03942f
Merge pull request #10969 from Morph1984/k-synchronize
kernel: Synchronize
2023-07-02 17:38:14 -04:00
comex
644c3ce609 Rename variables to avoid -Wshadow warnings under GCC 2023-07-01 22:03:21 -07:00
comex
0ed1cb7266 ...actually add the SecureTransport backend to Git. 2023-07-01 17:48:36 -07:00
comex
0e191c2711 Updates:
- Address PR feedback.
- Add SecureTransport backend for macOS.
2023-07-01 17:27:35 -07:00
comex
98685d48e3 Merge remote-tracking branch 'origin/master' into ssl 2023-07-01 15:01:11 -07:00
Morph
b94e576653 kernel: Synchronize 2023-07-01 16:21:22 -04:00
Morph
1a46823ec5 parcel: Optimize small_vector sizes 2023-06-30 22:05:28 -04:00
Morph
310b6cf4af general: Use ScratchBuffer where possible 2023-06-30 21:49:59 -04:00
comex
d885dd5b64 PR feedback + constification 2023-06-25 19:24:49 -07:00
comex
cd4b8f037c re-format 2023-06-25 17:09:54 -07:00
comex
ac939f08a4 Fix more Windows build errors
I did test this beforehand, but not on MinGW, and the error that showed
up on the msvc builder didn't happen for me...
2023-06-25 17:06:57 -07:00
comex
42015de49b ssl: fix compatibility with OpenSSL 1.1.1
Turns out changes were needed after all.
2023-06-25 16:09:16 -07:00
comex
4a35569921 Fixes:
- Add missing virtual destructor on `SSLBackend`.

- On Windows, filter out `POLLWRBAND` (one of the new flags added) when
  calling `WSAPoll`, because despite the constant being defined on
  Windows, passing it calls `WSAPoll` to yield `EINVAL`.

- Reduce OpenSSL version requirement to satisfy CI; I haven't tested
  whether it actually builds (or runs) against 1.1.1, but if not, I'll
  figure it out.

- Change an instance of memcpy to memmove, even though the arguments
  cannot overlap, to avoid a [strange GCC
  error](https://github.com/yuzu-emu/yuzu/pull/10912#issuecomment-1606283351).
2023-06-25 15:06:52 -07:00
comex
8905142f43 ssl: rename argument to avoid false positive codespell warning
The original name `larg` was copied from the OpenSSL documentation and
is not a typo of 'large' but rather an abbreviation of '`long`
argument'.  But whatever, no harm in adding an underscore.
2023-06-25 13:10:41 -07:00
comex
8e703e08df Implement SSL service
This implements some missing network APIs including a large chunk of the SSL
service, enough for Mario Maker (with an appropriate mod applied) to connect to
the fan server [Open Course World](https://opencourse.world/).

Connecting to first-party servers is out of scope of this PR and is a
minefield I'd rather not step into.

 ## TLS

TLS is implemented with multiple backends depending on the system's 'native'
TLS library.  Currently there are two backends: Schannel for Windows, and
OpenSSL for Linux.  (In reality Linux is a bit of a free-for-all where there's
no one 'native' library, but OpenSSL is the closest it gets.)  On macOS the
'native' library is SecureTransport but that isn't implemented in this PR.
(Instead, all non-Windows OSes will use OpenSSL unless disabled with
`-DENABLE_OPENSSL=OFF`.)

Why have multiple backends instead of just using a single library, especially
given that Yuzu already embeds mbedtls for cryptographic algorithms?  Well, I
tried implementing this on mbedtls first, but the problem is TLS policies -
mainly trusted certificate policies, and to a lesser extent trusted algorithms,
SSL versions, etc.

...In practice, the chance that someone is going to conduct a man-in-the-middle
attack on a third-party game server is pretty low, but I'm a security nerd so I
like to do the right security things.

My base assumption is that we want to use the host system's TLS policies.  An
alternative would be to more closely emulate the Switch's TLS implementation
(which is based on NSS).  But for one thing, I don't feel like reverse
engineering it.  And I'd argue that for third-party servers such as Open Course
World, it's theoretically preferable to use the system's policies rather than
the Switch's, for two reasons

1. Someday the Switch will stop being updated, and the trusted cert list,
   algorithms, etc. will start to go stale, but users will still want to
   connect to third-party servers, and there's no reason they shouldn't have
   up-to-date security when doing so.  At that point, homebrew users on actual
   hardware may patch the TLS implementation, but for emulators it's simpler to
   just use the host's stack.

2. Also, it's good to respect any custom certificate policies the user may have
   added systemwide.  For example, they may have added custom trusted CAs in
   order to use TLS debugging tools or pass through corporate MitM middleboxes.
   Or they may have removed some CAs that are normally trusted out of paranoia.

Note that this policy wouldn't work as-is for connecting to first-party
servers, because some of them serve certificates based on Nintendo's own CA
rather than a publicly trusted one.  However, this could probably be solved
easily by using appropriate APIs to adding Nintendo's CA as an alternate
trusted cert for Yuzu's connections.  That is not implemented in this PR
because, again, first-party servers are out of scope.

(If anything I'd rather have an option to _block_ connections to Nintendo
servers, but that's not implemented here.)

To use the host's TLS policies, there are three theoretical options:

a) Import the host's trusted certificate list into a cross-platform TLS
   library (presumably mbedtls).

b) Use the native TLS library to verify certificates but use a cross-platform
   TLS library for everything else.

c) Use the native TLS library for everything.

Two problems with option a).  First, importing the trusted certificate list at
minimum requires a bunch of platform-specific code, which mbedtls does not have
built in.  Interestingly, OpenSSL recently gained the ability to import the
Windows certificate trust store... but that leads to the second problem, which
is that a list of trusted certificates is [not expressive
enough](https://bugs.archlinux.org/task/41909) to express a modern certificate
trust policy.  For example, Windows has the concept of [explicitly distrusted
certificates](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/dn265983(v=ws.11)),
and macOS requires Certificate Transparency validation for some certificates
with complex rules for when it's required.

Option b) (using native library just to verify certs) is probably feasible, but
it would miss aspects of TLS policy other than trusted certs (like allowed
algorithms), and in any case it might well require writing more code, not less,
compared to using the native library for everything.

So I ended up at option c), using the native library for everything.

What I'd *really* prefer would be to use a third-party library that does option
c) for me.  Rust has a good library for this,
[native-tls](https://docs.rs/native-tls/latest/native_tls/).  I did search, but
I couldn't find a good option in the C or C++ ecosystem, at least not any that
wasn't part of some much larger framework.  I was surprised - isn't this a
pretty common use case?  Well, many applications only need TLS for HTTPS, and they can
use libcurl, which has a TLS abstraction layer internally but doesn't expose
it.  Other applications only support a single TLS library, or use one of the
aforementioned larger frameworks, or are platform-specific to begin with, or of
course are written in a non-C/C++ language, most of which have some canonical
choice for TLS.  But there are also many applications that have a set of TLS
backends just like this; it's just that nobody has gone ahead and abstracted
the pattern into a library, at least not a widespread one.

Amusingly, there is one TLS abstraction layer that Yuzu already bundles: the
one in ffmpeg.  But it is missing some features that would be needed to use it
here (like reusing an existing socket rather than managing the socket itself).
Though, that does mean that the wiki's build instructions for Linux (and macOS
for some reason?) already recommend installing OpenSSL, so no need to update
those.

 ## Other APIs implemented

- Sockets:
    - GetSockOpt(`SO_ERROR`)
    - SetSockOpt(`SO_NOSIGPIPE`) (stub, I have no idea what this does on Switch)
    - `DuplicateSocket` (because the SSL sysmodule calls it internally)
    - More `PollEvents` values

- NSD:
    - `Resolve` and `ResolveEx` (stub, good enough for Open Course World and
      probably most third-party servers, but not first-party)

- SFDNSRES:
    - `GetHostByNameRequest` and `GetHostByNameRequestWithOptions`
    - `ResolverSetOptionRequest` (stub)

 ## Fixes

- Parts of the socket code were previously allocating a `sockaddr` object on
  the stack when calling functions that take a `sockaddr*` (e.g. `accept`).
  This might seem like the right thing to do to avoid illegal aliasing, but in
  fact `sockaddr` is not guaranteed to be large enough to hold any particular
  type of address, only the header.  This worked in practice because in
  practice `sockaddr` is the same size as `sockaddr_in`, but it's not how the
  API is meant to be used.  I changed this to allocate an `sockaddr_in` on the
  stack and `reinterpret_cast` it.  I could try to do something cleverer with
  `aligned_storage`, but casting is the idiomatic way to use these particular
  APIs, so it's really the system's responsibility to avoid any aliasing
  issues.

- I rewrote most of the `GetAddrInfoRequest[WithOptions]` implementation.  The
  old implementation invoked the host's getaddrinfo directly from sfdnsres.cpp,
  and directly passed through the host's socket type, protocol, etc. values
  rather than looking up the corresponding constants on the Switch.  To be
  fair, these constants don't tend to actually vary across systems, but
  still... I added a wrapper for `getaddrinfo` in
  `internal_network/network.cpp` similar to the ones for other socket APIs, and
  changed the `GetAddrInfoRequest` implementation to use it.  While I was at
  it, I rewrote the serialization to use the same approach I used to implement
  `GetHostByNameRequest`, because it reduces the number of size calculations.
  While doing so I removed `AF_INET6` support because the Switch doesn't
  support IPv6; it might be nice to support IPv6 anyway, but that would have to
  apply to all of the socket APIs.

  I also corrected the IPC wrappers for `GetAddrInfoRequest` and
  `GetAddrInfoRequestWithOptions` based on reverse engineering and hardware
  testing.  Every call to `GetAddrInfoRequestWithOptions` returns *four*
  different error codes (IPC status, getaddrinfo error code, netdb error code,
  and errno), and `GetAddrInfoRequest` returns three of those but in a
  different order, and it doesn't really matter but the existing implementation
  was a bit off, as I discovered while testing `GetHostByNameRequest`.

  - The new serialization code is based on two simple helper functions:

    ```cpp
    template <typename T> static void Append(std::vector<u8>& vec, T t);
    void AppendNulTerminated(std::vector<u8>& vec, std::string_view str);
    ```

    I was thinking there must be existing functions somewhere that assist with
    serialization/deserialization of binary data, but all I could find was the
    helper methods in `IOFile` and `HLERequestContext`, not anything that could
    be used with a generic byte buffer.  If I'm not missing something, then
    maybe I should move the above functions to a new header in `common`...
    right now they're just sitting in `sfdnsres.cpp` where they're used.

- Not a fix, but `SocketBase::Recv`/`Send` is changed to use `std::span<u8>`
  rather than `std::vector<u8>&` to avoid needing to copy the data to/from a
  vector when those methods are called from the TLS implementation.
2023-06-25 12:53:31 -07:00
liamwhite
a674022434
Merge pull request #10859 from liamwhite/no-more-atomic-wait
general: remove atomic signal and wait
2023-06-23 09:27:14 -04:00