1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 22:42:07 +00:00
Commit graph

61 commits

Author SHA1 Message Date
Brian Gianforcaro
f8ad3cc6a0 Kernel: Harden DevPtsFSInode::traverse_as_directory against OOM
Use the try variants of AK::StringBuilder append APIs to harden this
function against OOM.
2022-01-12 13:03:44 +01:00
Andreas Kling
8b1108e485 Everywhere: Pass AK::StringView by value 2021-11-11 01:27:46 +01:00
Andreas Kling
5ce753b74d Kernel: Make Inode::traverse_as_directory() callback return ErrorOr
This allows us to propagate errors from inside the callback with TRY().
2021-11-10 21:58:58 +01:00
Andreas Kling
79fa9765ca Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.

Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
2021-11-08 01:10:53 +01:00
Andreas Kling
6f69d5204f Kernel: Make Inode::flush_metadata() return a KResult
Even if this goes nowhere yet, we have to start building an error
propagation path somewhere.
2021-10-21 23:23:23 +02:00
Liav A
aee4786d8e Kernel: Introduce the DeviceManagement singleton
This singleton simplifies many aspects that we struggled with before:
1. There's no need to make derived classes of Device expose the
constructor as public anymore. The singleton is a friend of them, so he
can call the constructor. This solves the issue with try_create_device
helper neatly, hopefully for good.
2. Getting a reference of the NullDevice is now being done from this
singleton, which means that NullDevice no longer needs to use its own
singleton, and we can apply the try_create_device helper on it too :)
3. We can now defer registration completely after the Device constructor
which means the Device constructor is merely assigning the major and
minor numbers of the Device, and the try_create_device helper ensures it
calls the after_inserting method immediately after construction. This
creates a great opportunity to make registration more OOM-safe.
2021-09-17 01:02:48 +03:00
Andreas Kling
4a9c18afb9 Kernel: Rename FileDescription => OpenFileDescription
Dr. POSIX really calls these "open file description", not just
"file description", so let's call them exactly that. :^)
2021-09-07 13:53:14 +02:00
Andreas Kling
efe4e230ee Kernel: Tidy up DevPtsFS construction and handle OOM errors
- Use KResultOr and TRY() to propagate errors
- Check for OOM when creating new inodes
2021-09-06 13:06:05 +02:00
Andreas Kling
caaeae9607 Kernel: Make FileSystem::get_inode() return KResultOr<NRP<Inode>>
This allows for natural error propagation in a bunch of new places.
2021-09-05 18:55:55 +02:00
Andreas Kling
ae197deb6b Kernel: Strongly typed user & group ID's
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.

This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
2021-08-29 01:09:19 +02:00
Andreas Kling
3a2d888913 Kernel/DevPtsFS: Avoid String allocation during directory traversal
Use a StringBuilder to generate a temporary string buffer with the
slave PTY names. (This works because StringBuilder has 128 bytes of
inline stack capacity before it does any heap allocations.)
2021-08-17 01:21:47 +02:00
Andreas Kling
0de8c95d49 Kernel: Convert SlavePTY all-instances HashTable to an IntrusiveList
This simplifies the DevPtsFS implementation somewhat, as it no longer
requires SlavePTY to register itself with it, since it can now simply
use the list of SlavePTY instances.
2021-08-17 01:21:47 +02:00
Andreas Kling
fc0cd8317a Kernel/DevPtsFS: Add tightly typed DevPtsFSInode::fs() 2021-08-17 01:21:47 +02:00
Andreas Kling
d30d776ca4 Kernel: Make FileSystem::initialize() return KResult
This forced me to also come up with error codes for a bunch of
situations where we'd previously just panic the kernel.
2021-08-14 15:19:00 +02:00
Andreas Kling
ef2720bcad Kernel: Make Inode::lookup() return a KResultOr<NonnullRefPtr<Inode>>
This allows file systems to return arbitrary error codes instead of just
an Inode or not an Inode.
2021-08-14 13:34:59 +02:00
Andreas Kling
c94c15d45c Everywhere: Replace AK::Singleton => Singleton 2021-08-08 00:03:45 +02:00
Andreas Kling
1f18558ee2 Kernel: Make FileSystem::root_inode() return a plain Inode&
All file system classes are expected to keep their root Inode object
in memory, so this function can safely return an Inode&.
2021-07-18 01:53:04 +02:00
Andreas Kling
b8d6c3722d Kernel: Remove Inode::directory_entry_count()
This was only used in one place: VirtualFileSystem::rmdir(), and that
has now been converted to a simple directory traversal.
2021-07-17 22:36:04 +02:00
Andreas Kling
6766efff9c Kernel: Make Inode::create_child() take the name as a StringView
No sense in forcing callers to construct a String. One more small step
towards not using String in the kernel.
2021-07-17 21:32:59 +02:00
Brian Gianforcaro
1c43836990 Kernel: Remove unused header includes in FileSystem subtree 2021-07-11 21:37:38 +02:00
Andreas Kling
d53d9d3677 Kernel: Rename FS => FileSystem
This matches our common naming style better.
2021-07-11 00:20:38 +02:00
Gunnar Beutner
bc3076f894 Kernel: Remove various other uses of ssize_t 2021-06-16 21:29:36 +02:00
Brian Gianforcaro
234c6ae32d Kernel: Change Inode::{read/write}_bytes interface to KResultOr<ssize_t>
The error handling in all these cases was still using the old style
negative values to indicate errors. We have a nicer solution for this
now with KResultOr<T>. This change switches the interface and then all
implementers to use the new style.
2021-05-02 13:27:37 +02:00
Gunnar Beutner
488ee56cf7 Kernel: chmod()/chown() for PTYs should return EROFS
All the other methods already do this and this is also what OpenSSH
expects when trying to change modes/ownership for devpts files.
2021-04-30 23:10:22 +02:00
Andreas Kling
b91c49364d AK: Rename adopt() to adopt_ref()
This makes it more symmetrical with adopt_own() (which is used to
create a NonnullOwnPtr from the result of a naked new.)
2021-04-23 16:46:57 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
e44c1792a7 Kernel: Add distinct InodeIndex type
Use the DistinctNumeric mechanism to make InodeIndex a strongly typed
integer type.
2021-02-12 10:26:29 +01:00
Andreas Kling
19d3f8cab7 Kernel+LibC: Turn errno codes into a strongly typed enum
..and allow implicit creation of KResult and KResultOr from ErrnoCode.
This means that kernel functions that return those types can finally
do "return EINVAL;" and it will just work.

There's a handful of functions that still deal with signed integers
that should be converted to return KResults.
2021-01-20 23:20:02 +01:00
Tom
75f61fe3d9 AK: Make RefPtr, NonnullRefPtr, WeakPtr thread safe
This makes most operations thread safe, especially so that they
can safely be used in the Kernel. This includes obtaining a strong
reference from a weak reference, which now requires an explicit
call to WeakPtr::strong_ref(). Another major change is that
Weakable::make_weak_ref() may require the explicit target type.
Previously we used reinterpret_cast in WeakPtr, assuming that it
can be properly converted. But WeakPtr does not necessarily have
the knowledge to be able to do this. Instead, we now ask the class
itself to deliver a WeakPtr to the type that we want.

Also, WeakLink is no longer specific to a target type. The reason
for this is that we want to be able to safely convert e.g. WeakPtr<T>
to WeakPtr<U>, and before this we just reinterpret_cast the internal
WeakLink<T> to WeakLink<U>, which is a bold assumption that it would
actually produce the correct code. Instead, WeakLink now operates
on just a raw pointer and we only make those constructors/operators
available if we can verify that it can be safely cast.

In order to guarantee thread safety, we now use the least significant
bit in the pointer for locking purposes. This also means that only
properly aligned pointers can be used.
2020-11-10 19:11:52 +01:00
Tom
c8d9f1b9c9 Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
2020-09-13 21:19:15 +02:00
Andreas Kling
4527d9852a Kernel: Track time-of-last-write in SlavePTY and report it as mtime 2020-09-06 18:48:24 +02:00
Tom
d89582880e Kernel: Switch singletons to use new Singleton class
MemoryManager cannot use the Singleton class because
MemoryManager::initialize is called before the global constructors
are run. That caused the Singleton to be re-initialized, causing
it to create another MemoryManager instance.

Fixes #3226
2020-08-25 09:48:48 +02:00
Andreas Kling
2fd9e72264 Revert "Kernel: Switch singletons to use new Singleton class"
This reverts commit f48feae0b2.
2020-08-22 18:01:59 +02:00
Andreas Kling
8925ad3fa0 Revert "Kernel: Move Singleton class to AK"
This reverts commit f0906250a1.
2020-08-22 16:34:49 +02:00
Andreas Kling
68580d5a8d Revert "AK: Get rid of make_singleton function"
This reverts commit 5a98e329d1.
2020-08-22 16:34:14 +02:00
Tom
5a98e329d1 AK: Get rid of make_singleton function
Just default the InitFunction template argument.
2020-08-22 10:46:24 +02:00
Tom
f0906250a1 Kernel: Move Singleton class to AK 2020-08-22 10:46:24 +02:00
Tom
f48feae0b2 Kernel: Switch singletons to use new Singleton class
Fixes #3226
2020-08-21 11:47:35 +02:00
Andreas Kling
eeaba41d13 Kernel: Add DirectoryEntryView for VFS directory traversal
Unlike DirectoryEntry (which is used when constructing directories),
DirectoryEntryView does not manage storage for file names. Names are
just StringViews.

This is much more suited to the directory traversal API and makes
it easier to implement this in file system classes since they no
longer need to create temporary name copies while traversing.
2020-08-18 18:26:54 +02:00
Brian Gianforcaro
e8c9b5e870 Kernel: Make Inode::directory_entry_count errors observable.
Certain implementations of Inode::directory_entry_count were calling
functions which returned errors, but had no way of surfacing them.
Switch the return type to KResultOr<size_t> and start observing these
error paths.
2020-08-05 10:26:29 +02:00
Sergey Bugaev
df66c28479 Kernel: Deemphasize inode identifiers
These APIs were clearly modeled after Ext2FS internals, and make perfect sense
in Ext2FS context. The new APIs are more generic, and map better to the
semantics exported to the userspace, where inode identifiers only appear in
stat() and readdir() output, but never in any input.

This will also hopefully reduce the potential for races (see commit c44b4d61f3).

Lastly, this makes it way more viable to implement a filesystem that only
synthesizes its inodes lazily when queried, and destroys them when they are no
longer in use. With inode identifiers being used to reference inodes, the only
choice for such a filesystem is to persist any inode it has given out the
identifier for, because it might be queried at any later time. With direct
references to inodes, the filesystem will know when the last reference is
dropped and the inode can be safely destroyed.
2020-06-25 15:49:04 +02:00
Andreas Kling
fdfda6dec2 AK: Make string-to-number conversion helpers return Optional
Get rid of the weird old signature:

- int StringType::to_int(bool& ok) const

And replace it with sensible new signature:

- Optional<int> StringType::to_int() const
2020-06-12 21:28:55 +02:00
Brian Gianforcaro
6a74af8063 Kernel: Plumb KResult through FileDescription::read_entire_file() implementation.
Allow file system implementation to return meaningful error codes to
callers of the FileDescription::read_entire_file(). This allows both
Process::sys$readlink() and Process::sys$module_load() to return more
detailed errors to the user.
2020-05-26 10:15:40 +02:00
Andreas Kling
7d862dd5fc AK: Reduce header dependency graph of String.h
String.h no longer pulls in StringView.h. We do this by moving a bunch
of String functions out-of-line.
2020-03-23 13:48:44 +01:00
Andreas Kling
a356e48150 Kernel: Move all code into the Kernel namespace 2020-02-16 01:27:42 +01:00
Andreas Kling
42d41fdf94 Kernel: Simplify FS::create_inode() a little bit
Return a KResultOr<NonnullRefPtr<Inode>> instead of returning errors in
an out-parameter.
2020-02-08 11:58:28 +01:00
Andreas Kling
8731682d0e Kernel: Simplify FS::create_directory() a little bit
None of the clients of this function actually used the returned Inode,
so it can simply return a KResult instead.
2020-02-08 02:34:22 +01:00
Andreas Kling
c44b4d61f3 Kernel: Make Inode::lookup() return a RefPtr<Inode>
Previously this API would return an InodeIdentifier, which meant that
there was a race in path resolution where an inode could be unlinked
in between finding the InodeIdentifier for a path component, and
actually resolving that to an Inode object.

Attaching a test that would quickly trip an assertion before.

Test: Kernel/path-resolution-race.cpp
2020-02-01 10:56:17 +01:00
Sergey Bugaev
c0b32f7b76 Meta: Claim copyright for files created by me
This changes copyright holder to myself for the source code files that I've
created or have (almost) completely rewritten. Not included are the files
that were significantly changed by others even though it was me who originally
created them (think HtmlView), or the many other files I've contributed code to.
2020-01-24 15:15:16 +01:00