This patch adds the NGROUPS_MAX constant and enforces it in
sys$setgroups() to ensure that no process has more than 32 supplementary
group IDs.
The number doesn't mean anything in particular, just had to pick a
number. Perhaps one day we'll have a reason to change it.
Previously, we were incorrectly assuming that the daylight global
variable indicated whether the current time zone is in DST. In reality,
the daylight variable only indicates whether a time zone *can* be in
DST.
Instead, the tm structure has a tm_isdst member that should be used for
this purpose. Ensure our LibC handles tm_isdst, and avoid errant usage
of the daylight variable in Core::DateTime.
Right now, the tm_to_time helper invokes time_to_tm to validate the
time_t it creates. Soon, both tm_to_time and time_to_tm will perform
some TZDB lookups to handle DST. This isn't a huge cost, but let's
avoid the double lookup here.
The time zone name will be needed for TZDB lookups in various time.h
functions. Cache the value found by tzset(), defaulting to the system-
wide default of UTC.
This also moves the time.h global definitions to the top of the file.
The cached time zone name will be needed above where these variables are
defined, so this is just to keep them all together.
Now that the infrastructure of the Graphics subsystem is quite stable,
it is time to try to fix a long-standing problem, which is the lack of
locking on display connector devices. Reading and writing from multiple
processes to a framebuffer controlled by the display connector is not a
huge problem - it could be solved with POSIX locking.
The real problem is some program that will try to do ioctl operations on
a display connector without the WindowServer being aware of that which
can lead to very bad situations, for example - assuming a framebuffer is
encoded at a known resolution and certain display timings, but another
process changed the ModeSetting of the display connector, leading to
inconsistency on the properties of the current ModeSetting.
To solve this, there's a new "master" ioctl to take "ownership" and
another one to release that ownership of a display connector device. To
ensure we will not hold a Process object forever just because it has an
ownership over a display connector, we hold it with a weak reference,
and if the process is gone, someone else can take an ownership.
Note that as part of this commit semaphore.cpp is excluded from the
DynamicLoader, as the dynamic loader does not build with pthread.cpp
which semaphore.cpp uses.
This helps ensure random pointers are not passed in as semaphores, but
more importantly once named semaphores are implemented, this will
ensure that random files are not used as semaphores.
We are able to read the EDID from SysFS, therefore there's no need to
provide this ioctl on a DisplayConnector anymore.
Also, now we can simply require the video pledge to be set before doing
any ioctl on a DisplayConnector.
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).
No functional changes.
This commit moves the length calculations out to be directly on the
StringView users. This is an important step towards the goal of removing
StringView(char const*), as it moves the responsibility of calculating
the size of the string to the user of the StringView (which will prevent
naive uses causing OOB access).
The extra argument to fcntl is a pointer in the case of F_GETLK/F_SETLK
and we were pulling out a u32, leading to pointer truncation on x86_64.
Among other things, this fixes Assistant on x86_64 :^)
Once again, QEMU creates threads while running its constructors, which
is a recipe for disaster if we switch out the stack guard while that is
already running in the background.
To solve that, move initialization to our LibC initialization stage,
which is before any actual external initialization code runs.
`sigsuspend` was previously implemented using a poll on an empty set of
file descriptors. However, this broke quite a few assumptions in
`SelectBlocker`, as it verifies at least one file descriptor to be
ready after waking up and as it relies on being notified by the file
descriptor.
A bare-bones `sigsuspend` may also be implemented by relying on any of
the `sigwait` functions, but as `sigsuspend` features several (currently
unimplemented) restrictions on how returns work, it is a syscall on its
own.
This commit has no behavior changes.
In particular, this does not fix any of the wrong uses of the previous
default parameter (which used to be 'false', meaning "only replace the
first occurence in the string"). It simply replaces the default uses by
String::replace(..., ReplaceMode::FirstOnly), leaving them incorrect.
The POSIX documentation for `endgrent` only mentions that it "closes
the group database", not that it clears the backing storage for return
values. This means that applications might make use of the returned
values even after closing the group database itself. This includes our
own implementations for `getgrnam` and `getgrgid`.
The specification also states that "the storage areas might be
overwritten by a subsequent call to `getgrgid`, `getgrnam`, or
`getgrent`". This implies that `getgrgid` and `getgrnam` aren't meant
to have their own static storage and instead rely on the storage of
`getgrent`.
newlib has an extra character slot at the beginning to enable some
macro tricks that cause a warning when someone passes a type that's not
"int" into a ctype function. Our deviation from this causes issues for
LLVM.
This is a LibC function that POSIX defines to help userspace programs
to get suboptions. An example of a suboption is the token "pixclk" from
a Shell command running "edid-decode --gtf w=1024,h=768,pixclk=48".
The function should be run in a while loop to acquire all suboptions
until the last one.
* Always return 0 if `WNOHANG` is specified and no waitable child is
found, even if `wstatus` is null.
* Do not return 0 if the child is continued. Treat it the same way as
all the other states.
Refer to the RETURN VALUE section of the POSIX spec:
https://pubs.opengroup.org/onlinepubs/9699919799/functions/wait.html
