1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 01:12:07 +00:00
Commit graph

290 commits

Author SHA1 Message Date
Liav A
91db482ad3 Kernel: Reorganize Arch/x86 directory to Arch/x86_64 after i686 removal
No functional change.
2022-12-28 11:53:41 +01:00
Liav A
5ff318cf3a Kernel: Remove i686 support 2022-12-28 11:53:41 +01:00
Liav A
d4b65f644e Kernel: Allow opening some device nodes sparingly for jailed processes
From now on, we don't allow jailed processes to open all device nodes in
/dev, but only allow jailed processes to open /dev/full, /dev/zero,
/dev/null, and various TTY and PTY devices (and not including virtual
consoles) so we basically restrict applications to what they can do when
they are in jail.
The motivation for this type of restriction is to ensure that even if a
remote code execution occurred, the damage that can be done is very
small.
We also don't restrict reading and writing on device nodes that were
already opened, because that limit seems not useful, especially in the
case where we do want to provide an OpenFileDescription to such device
but nothing further than that.
2022-12-09 23:09:00 -07:00
Liav A
fca3b7f1f9 Kernel: Split the DevPtsFS files into smaller components 2022-11-08 02:54:48 -07:00
Liav A
5e062414c1 Kernel: Add support for jails
Our implementation for Jails resembles much of how FreeBSD jails are
working - it's essentially only a matter of using a RefPtr in the
Process class to a Jail object. Then, when we iterate over all processes
in various cases, we could ensure if either the current process is in
jail and therefore should be restricted what is visible in terms of
PID isolation, and also to be able to expose metadata about Jails in
/sys/kernel/jails node (which does not reveal anything to a process
which is in jail).

A lifetime model for the Jail object is currently plain simple - there's
simpy no way to manually delete a Jail object once it was created. Such
feature should be carefully designed to allow safe destruction of a Jail
without the possibility of releasing a process which is in Jail from the
actual jail. Each process which is attached into a Jail cannot leave it
until the end of a Process (i.e. when finalizing a Process). All jails
are kept being referenced in the JailManagement. When a last attached
process is finalized, the Jail is automatically destroyed.
2022-11-05 18:00:58 -06:00
Timon Kruiper
9827c11d8b Kernel: Move InterruptDisabler out of Arch directory
The code in this file is not architecture specific, so it can be moved
to the base Kernel directory.
2022-10-17 20:11:31 +02:00
Liav A
fdef8d0d37 Kernel: Move PCSpeaker code to the x86-specific architecture directory
The PCSpeaker code is specific to x86 platforms, thus it makes sense to
put in the Arch/x86 subdirectory.
2022-09-20 18:43:05 +01:00
Liav A
84fbab6803 Kernel: Move IO delay code to x86 architecture subdirectory
Many code patterns and hardware procedures rely on reliable delay in the
microseconds granularity, and since they are using such delays which are
valid cases, but should not rely on x86 specific code, we allow to
determine in compile time the proper platform-specific code to use to
invoke such delays.
2022-09-20 18:43:05 +01:00
Anthony Iacono
f86b671de2 Kernel: Use Process::credentials() and remove user ID/group ID helpers
Move away from using the group ID/user ID helpers in the process to
allow for us to take advantage of the immutable credentials instead.
2022-08-22 12:46:32 +02:00
Andreas Kling
11eee67b85 Kernel: Make self-contained locking smart pointers their own classes
Until now, our kernel has reimplemented a number of AK classes to
provide automatic internal locking:

- RefPtr
- NonnullRefPtr
- WeakPtr
- Weakable

This patch renames the Kernel classes so that they can coexist with
the original AK classes:

- RefPtr => LockRefPtr
- NonnullRefPtr => NonnullLockRefPtr
- WeakPtr => LockWeakPtr
- Weakable => LockWeakable

The goal here is to eventually get rid of the Lock* classes in favor of
using external locking.
2022-08-20 17:20:43 +02:00
kleines Filmröllchen
4314c25cf2 Kernel: Require lock rank for Spinlock construction
All users which relied on the default constructor use a None lock rank
for now. This will make it easier to in the future remove LockRank and
actually annotate the ranks by searching for None.
2022-08-19 20:26:47 -07:00
sin-ack
3f3f45580a Everywhere: Add sv suffix to strings relying on StringView(char const*)
Each of these strings would previously rely on StringView's char const*
constructor overload, which would call __builtin_strlen on the string.
Since we now have operator ""sv, we can replace these with much simpler
versions. This opens the door to being able to remove
StringView(char const*).

No functional changes.
2022-07-12 23:11:35 +02:00
Tim Schumacher
3b3af58cf6 Kernel: Annotate all KBuffer and DoubleBuffer with a custom name 2022-07-12 00:55:31 +01:00
Michał Lach
e2b0f6795f LibVT+Kernel: Separate the caret shapes and its steadiness
Currently CursorStyle enum handles both the styles and the steadiness or
blinking of the terminal caret, which doubles the amount of its entries.
This commit changes CursorStyle to CursorShape and moves the blinking
option to a seperate boolean value.
2022-06-22 12:12:00 +01:00
Liav A
ec925cbb89 Kernel: Set console active before try to enable graphical mode
We should first enable the VirtualConsole and then enable graphical
mode, to ensure proper display output on the switched-to virtual console
that has been chosen. When de-activating graphical mode, we do the
de-activating first then enable the VirtualConsole to ensure proper text
output on screen.
2022-06-06 20:11:05 +01:00
Timon Kruiper
a4534678f9 Kernel: Implement InterruptDisabler using generic Processor functions
Now that the code does not use architectural specific code, it is moved
to the generic Arch directory and the paths are modified accordingly.
2022-06-02 13:14:12 +01:00
Peter Elliott
4b0be17c71 Kernel: Support userspace TTY graphics modesetting
This is a copy of linux's KDSETMODE/KDGETMODE console ioctl(2)
interface.
2022-04-29 19:52:32 +02:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Liav A
7053d7ece3 Kernel: Add a way to print the pseudo name of attached TTY of a process
Contrary to the past, we don't attempt to assume the real name of a TTY
device, but instead, we generate a pseudo name only when needed to do so
which is still OK because we don't break abstraction layer rules and we
still can provide userspace with the required information.
2022-03-26 11:01:49 +01:00
Liav A
b5ef900ccd Kernel: Don't assume paths of TTYs and pseudo terminals anymore
The obsolete ttyname and ptsname syscalls are removed.
LibC doesn't rely on these anymore, and it helps simplifying the Kernel
in many places, so it's an overall an improvement.

In addition to that, /proc/PID/tty node is removed too as it is not
needed anymore by userspace to get the attached TTY of a process, as
/dev/tty (which is already a character device) represents that as well.
2022-03-22 20:26:05 +01:00
Liav A
5ffe2f117c Kernel/TTY: Implement TIOCGPTN ioctl for MasterPTY
This ioctl operation will allow userspace to determine the index number
of a MasterPTY after opening /dev/ptmx and actually getting an internal
file descriptor of MasterPTY.
2022-03-22 20:26:05 +01:00
Brian Gianforcaro
913374163c LibVT/Kernel: Make VT::Attribute::Flags enum class, use AK EnumBits
Noticed the TODO in `Attribute.h` and realized we have as solution
to this problem already. :^)
2022-03-18 11:29:43 +01:00
Lenny Maiorani
190cf1507b Kernel: Use default constructors/destructors
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules

"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
2022-03-17 00:51:36 -07:00
Lenny Maiorani
c6acf64558 Kernel: Change static constexpr variables to constexpr where possible
Function-local `static constexpr` variables can be `constexpr`. This
can reduce memory consumption, binary size, and offer additional
compiler optimizations.

These changes result in a stripped x86_64 kernel binary size reduction
of 592 bytes.
2022-02-09 21:04:51 +00:00
Andreas Kling
0899153170 Kernel: Protect PTYMultiplexer freelist with spinlock instead of mutex 2022-02-03 16:11:26 +01:00
Idan Horowitz
664ca58746 Kernel: Use u64 instead of size_t for File::can_write offset
This ensures offsets will not be truncated on large files on i686.
2022-01-25 22:41:17 +02:00
Idan Horowitz
9ce537d703 Kernel: Use u64 instead of size_t for File::can_read offset
This ensures offsets will not be truncated on large files on i686.
2022-01-25 22:41:17 +02:00
Liav A
69f054616d Kernel: Add CommandLine option to disable or enable the PC speaker
By default, we disable the PC speaker as it's quite annoying when using
the text mode console.
2022-01-23 00:40:54 +00:00
Liav A
8dbbef9b5c Kernel: Implement beep functionality in virtual consoles 2022-01-23 00:40:54 +00:00
Andreas Kling
b86443f0e1 Kernel: Lock weak pointer revocation during listed-ref-counted unref
When doing the last unref() on a listed-ref-counted object, we keep
the list locked while mutating the ref count. The destructor itself
is invoked after unlocking the list.

This was racy with weakable classes, since their weak pointer factory
still pointed to the object after we'd decided to destroy it. That
opened a small time window where someone could try to strong-ref a weak
pointer to an object after it was removed from the list, but just before
the destructor got invoked.

This patch closes the race window by explicitly revoking all weak
pointers while the list is locked.
2022-01-08 16:31:14 +01:00
Daniel Bertalan
8e2efe78f7 Kernel: Tighten String-related includes 2021-12-30 14:16:03 +01:00
Brian Gianforcaro
54b9a4ec1e Kernel: Handle promise violations in the syscall handler
Previously we would crash the process immediately when a promise
violation was found during a syscall. This is error prone, as we
don't unwind the stack. This means that in certain cases we can
leak resources, like an OwnPtr / RefPtr tracked on the stack. Or
even leak a lock acquired in a ScopeLockLocker.

To remedy this situation we move the promise violation handling to
the syscall handler, right before we return to user space. This
allows the code to follow the normal unwind path, and grantees
there is no longer any cleanup that needs to occur.

The Process::require_promise() and Process::require_no_promises()
functions were modified to return ErrorOr<void> so we enforce that
the errors are always propagated by the caller.
2021-12-29 18:08:15 +01:00
Brian Gianforcaro
bad6d50b86 Kernel: Use Process::require_promise() instead of REQUIRE_PROMISE()
This change lays the foundation for making the require_promise return
an error hand handling the process abort outside of the syscall
implementations, to avoid cases where we would leak resources.

It also has the advantage that it makes removes a gs pointer read
to look up the current thread, then process for every syscall. We
can instead go through the Process this pointer in most cases.
2021-12-29 18:08:15 +01:00
Idan Horowitz
9d034785de Kernel: Make File::unref virtual
This is required for SlavePTY's custom unref handler to function
correctly, as otherwise a SlavePTY held in a File RefPtr would call
the base's (RefCounted<>) unref method instead of SlavePTY's version.
2021-12-29 15:46:14 +02:00
Brian Gianforcaro
dee0c004e0 Kernel: Zero initialize winsize in TIOCGWINSZ
It looks like type types are small enough that there is no padding.
So there didn't happen to be an info leak here, but lets zero initialize
just to be on the safe side, and make auditing easier.
2021-12-29 03:41:32 -08:00
Idan Horowitz
6e2a82df13 Kernel: Port File to RefCounted
Since RefCounted automatically calls a method named `will_be_destoyed`
on classes that have one, so there's no need to have a custom
implementation of unref in File.
2021-12-29 12:04:15 +01:00
Idan Horowitz
4a3a947df3 Kernel: Rename File::{before_removing => will_be_destroyed}
This will allow File and it's descendants to use RefCounted instead of
having a custom implementation of unref. (Since RefCounted calls
will_be_destroyed automatically)

This commit also removes an erroneous call to `before_removing` in
AHCIPort, this is a duplicate call, as the only reference to the device
is immediately dropped following the call, which in turns calls
`before_removing` via File::unref.
2021-12-29 12:04:15 +01:00
Guilherme Goncalves
33b78915d3 Kernel: Propagate overflow errors from Memory::page_round_up
Fixes #11402.
2021-12-28 23:08:50 +01:00
Andreas Kling
ac7ce12123 Kernel: Remove the kmalloc_eternal heap :^)
This was a premature optimization from the early days of SerenityOS.
The eternal heap was a simple bump pointer allocator over a static
byte array. My original idea was to avoid heap fragmentation and improve
data locality, but both ideas were rooted in cargo culting, not data.

We would reserve 4 MiB at boot and only ended up using ~256 KiB, wasting
the rest.

This patch replaces all kmalloc_eternal() usage by regular kmalloc().
2021-12-28 21:02:38 +01:00
Daniel Bertalan
52beeebe70 Kernel: Remove the KString::try_create(String::formatted(...)) pattern
We can now directly create formatted KStrings with KString::formatted.

:^)
2021-12-28 01:55:22 -08:00
Brian Gianforcaro
e88e4967d1 Kernel: Mark PTYMultiplexer init & parse_hex_digit as UNMAP_AFTER_INIT
Noticed these boot only functions are not currently UNMAP_AFTER_INIT.
Lets fix that :^)
2021-12-24 14:28:59 -08:00
Liav A
9eb08bdb0f Kernel: Make major and minor numbers to be DistinctNumerics
This helps avoid confusion in general, and make constructors, methods
and code patterns much more clean and understandable.
2021-12-23 23:02:39 +01:00
Andreas Kling
abf2204402 Kernel: Use copy_typed_from_user() in more places :^) 2021-12-18 11:30:10 +01:00
sin-ack
69ef211925 Kernel+LibC: Move errno definitions to Kernel/API/POSIX
This fixes at least half of our LibC includes in the kernel. The source
of truth for errno codes and their description strings now lives in
Kernel/API/POSIX/errno.h as an enumeration, which LibC includes.
2021-12-16 22:21:35 +03:30
Hendiadyoin1
e34eb3e36d Kernel: Remove unused String.h includes
This makes searching for not yet OOM safe interfaces a bit easier.
2021-12-11 13:15:26 -08:00
Andrew Kaster
a92132e44a Kernel: Resolve clang-tidy readability-implicit-bool-conversion warnings
... In files included from Kernel/Process.cpp and Kernel/Thread.cpp
2021-11-14 22:52:35 +01:00
Andreas Kling
8b1108e485 Everywhere: Pass AK::StringView by value 2021-11-11 01:27:46 +01:00
Andreas Kling
79fa9765ca Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.

Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
2021-11-08 01:10:53 +01:00
Brian Gianforcaro
9f6eabd73a Kernel: Move TTY subsystem to use KString instead of AK::String
This is minor progress on removing the `AK::String` API from the Kernel
in the interest of improving OOM safety.
2021-11-02 11:34:31 +01:00
Brian Gianforcaro
71f05c70b4 Kernel: Remove duplicate constructor from TTY/VirtualConsole
This removes some code dupe from the constructors.

By removing this duplicate constructor we can utilize the main
VirtualConsole::create factory implementation and call that from the
VirtualConsole::create_with_preset_log factory method.
2021-11-02 11:34:31 +01:00