AK+Kernel: OOM-harden most parts of Trie

The only part of Unveil that can't handle OOM gracefully is the String::formatted() use in the node metadata.
2025-07-27 11:27:35 +00:00 · 2022-02-14 16:49:53 +03:30 · 2022-02-14 16:49:53 +03:30 · a1cb2c371a
commit a1cb2c371a
parent 80e6198563
9 changed files with 145 additions and 99 deletions
--- a/Kernel/Syscalls/execve.cpp
+++ b/Kernel/Syscalls/execve.cpp
@ -525,7 +525,7 @@ ErrorOr<void> Process::do_exec(NonnullRefPtr<OpenFileDescription> main_program_d

    m_veil_state = VeilState::None;
    m_unveiled_paths.clear();
-    m_unveiled_paths.set_metadata({ "/", UnveilAccess::None, false });
+    m_unveiled_paths.set_metadata({ TRY(KString::try_create("/"sv)), UnveilAccess::None, false });

    for (auto& property : m_coredump_properties)
        property = {};
--- a/Kernel/Syscalls/fork.cpp
+++ b/Kernel/Syscalls/fork.cpp
@ -21,7 +21,7 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
    auto child_name = TRY(m_name->try_clone());
    auto child = TRY(Process::try_create(child_first_thread, move(child_name), uid(), gid(), pid(), m_is_kernel_process, m_cwd, m_executable, m_tty, this));
    child->m_veil_state = m_veil_state;
-    child->m_unveiled_paths = m_unveiled_paths.deep_copy();
+    child->m_unveiled_paths = TRY(m_unveiled_paths.deep_copy());

    TRY(child->m_fds.with_exclusive([&](auto& child_fds) {
        return m_fds.with_exclusive([&](auto& parent_fds) {
--- a/Kernel/Syscalls/unveil.cpp
+++ b/Kernel/Syscalls/unveil.cpp
@ -19,7 +19,7 @@ static void update_intermediate_node_permissions(UnveilNode& root_node, UnveilAc
        auto& node = static_cast<UnveilNode&>(*entry.value);
        if (node.was_explicitly_unveiled())
            continue;
-        node.set_metadata({ node.path(), new_permissions, node.was_explicitly_unveiled() });
+        node.metadata_value().permissions = new_permissions;
        update_intermediate_node_permissions(node, new_permissions);
    }
 }
@ -109,19 +109,20 @@ ErrorOr<FlatPtr> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*>
        if (matching_node.permissions() != new_permissions)
            update_intermediate_node_permissions(matching_node, (UnveilAccess)new_permissions);

-        matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true });
+        matching_node.metadata_value().explicitly_unveiled = true;
+        matching_node.metadata_value().permissions = (UnveilAccess)new_permissions;
        m_veil_state = VeilState::Dropped;
        return 0;
    }

-    matching_node.insert(
+    TRY(matching_node.insert(
        it,
        path_parts.end(),
-        { new_unveiled_path->view(), (UnveilAccess)new_permissions, true },
-        [](auto& parent, auto& it) -> Optional<UnveilMetadata> {
-            auto path = String::formatted("{}/{}", parent.path(), *it);
-            return UnveilMetadata { path, parent.permissions(), false };
-        });
+        { new_unveiled_path.release_nonnull(), (UnveilAccess)new_permissions, true },
+        [](auto& parent, auto& it) -> ErrorOr<Optional<UnveilMetadata>> {
+            auto path = TRY(KString::formatted("{}/{}", parent.path(), *it));
+            return UnveilMetadata(move(path), parent.permissions(), false);
+        }));

    VERIFY(m_veil_state != VeilState::Locked);
    m_veil_state = VeilState::Dropped;