If we do not mark these ranges as reserved, RangeAllocator might later
give us addresses that overlap these, which then causes an assertion
failure in the SoftMMU. This behavior led to recurring CI failures, and
sometimes made programs as simple as `/bin/true` fail.
Fixes "Crash 1" reported in #9104
Most other syscalls pass address arguments as `void*` instead of
`uintptr_t`, so let's do that here too. Besides improving consistency,
this commit makes `strace` correctly pretty-print these arguments in
hex.
This feature was introduced in version 4.17 of the Linux kernel, and
while it's not specified by POSIX, I think it will be a nice addition to
our system.
MAP_FIXED_NOREPLACE provides a less error-prone alternative to
MAP_FIXED: while regular fixed mappings would cause any intersecting
ranges to be unmapped, MAP_FIXED_NOREPLACE returns EEXIST instead. This
ensures that we don't corrupt our process's address space if something
is already at the requested address.
Note that the more portable way to do this is to use regular
MAP_ANONYMOUS, and check afterwards whether the returned address matches
what we wanted. This, however, has a large performance impact on
programs like Wine which try to reserve large portions of the address
space at once, as the non-matching addresses have to be unmapped
separately.
We create a base class called GenericFramebufferDevice, which defines
all the virtual functions that must be implemented by a
FramebufferDevice. Then, we make the VirtIO FramebufferDevice and other
FramebufferDevice implementations inherit from it.
The most important consequence of rearranging the classes is that we now
have one IOCTL method, so all drivers should be committed to not
override the IOCTL method or make their own IOCTLs of FramebufferDevice.
All graphical IOCTLs are known to all FramebufferDevices, and it's up to
the specific implementation whether to support them or discard them (so
we require extensive usage of KResult and KResultOr, together with
virtual characteristic functions).
As a result, the interface is much cleaner and understandable to read.
We only froward String setting and FlagPost creation for now, due to the
other performance events being nonsensical to forward.
We also record these signposts in the optionally generated profile.
It was fragile to use the address of the body of the memory management
functions to disable memory auditing within them. Functions called from
these did not get exempted from the audits, so in some cases
UserspaceEmulator reported bogus heap buffer overflows.
Memory auditing did not work at all on Clang because when querying the
addresses, their offset was taken relative to the base of `.text` which
is not the first segment in the `R/RX/RW(RELRO)/RW(non-RELRO)` layout
produced by LLD.
Similarly to when setting metadata about the allocations, we now use the
`emuctl` system call to selectively suppress auditing when we reach
these functions. This ensures that functions called from `malloc` are
affected too, and no issues occur because of the inconsistency between
Clang and GCC memory layouts.
`ue --profile --profile-file ~/some-file.profile id` can now generate a
full profile (instruction-by-instruction, if needed), at the cost of not
being able to see past the syscall boundary (a.la. callgrind).
This makes it significantly easier to profile seemingly fast userspace
things, like Loader.so :^)
Previously each malloc size class would keep around a limited number of
unused blocks which were marked with MADV_SET_VOLATILE which could then
be reinitialized when additional blocks were needed.
This changes malloc() so that it also keeps around a number of blocks
without marking them with MADV_SET_VOLATILE. I termed these "hot"
blocks whereas blocks which were marked as MADV_SET_VOLATILE are called
"cold" blocks because they're more expensive to reinitialize.
In the worst case this could increase memory usage per process by
1MB when a program requests a bunch of memory and frees all of it.
Also, in order to make more efficient use of these unused blocks
they're now shared between size classes.
Unlike accept() the new accept4() system call lets the caller specify
flags for the newly accepted socket file descriptor, such as
SOCK_CLOEXEC and SOCK_NONBLOCK.
Previously struct sockaddr was used which isn't guaranteed to be
large enough to hold the socket address get{sock,peer}name() returns.
Also, the addrlen argument was initialized incorrectly and should
instead use the address length specified by the caller.
With the new InodeWatcher API, the old style of creating a watcher per
inode will no longer work. Therefore the FileWatcher API has been
updated to support multiple watches, and its users have also been
refactored to the new style. At the moment, all operations done on a
(Blocking)FileWatcher return Result objects, however, this may be
changed in the future if it becomes too obnoxious. :^)
Co-authored-by: Gunnar Beutner <gunnar@beutner.name>
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
According to the Single UNIX Specification, Version 2 that's where
those macros should be defined. This fixes the libiconv port.
This also fixes some (but not all) build errors for the diffutils and nano ports.
Otherwise it'll have some random value from the stack, and the kernel
will not bother setting it to zero.
Also add a debug print and tweak the FIXME message.
Old behavior: Crash due to VERIFY, unless we're completely and entirely out of
memory (m_available_ranges being empty), in which case it would return -ENOMEM.
New behavior: Return ENOMEM (and don't crash). In the case of nullptr,
also emit a helpful diagnostic.
Note that MAP_FIXED with nullptr is technically okay, but tends to be a sign
that something went wrong.
Also, this should improve mmap performance marginally, as it pulls the check out
of a loop that does not modify any parts of the check.
UE is now self-hosting! Fixes#5709.
However, this still needs some love: "ue UserspaceEmulator true" spits out tons
of error messages, probably false-positives, and takes about 229 seconds to run.
Then again, true-in-ue-in-ue-in-Qemu is three levels of emulation, so no wonder
it takes a long time! :D
