1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-25 22:52:38 +00:00
Commit graph

81 commits

Author SHA1 Message Date
Liav A
3ad0e1a1d5 Kernel: Handle mmap requests on zero-length data file inodes safely 2022-09-16 14:55:45 +03:00
Liav A
c88cc8557f Kernel/FileSystem: Make Inode::{write,read}_bytes methods non-virtual
We make these methods non-virtual because we want to ensure we properly
enforce locking of the m_inode_lock mutex. Also, for write operations,
we want to call prepare_to_write_data before the actual write. The
previous design required us to ensure the callers do that at various
places which lead to hard-to-find bugs. By moving everything to a place
where we call prepare_to_write_data only once, we eliminate a possibilty
of forgeting to call it on some code path in the kernel.
2022-09-16 14:55:45 +03:00
Andreas Kling
30861daa93 Kernel: Simplify the File memory-mapping API
Before this change, we had File::mmap() which did all the work of
setting up a VMObject, and then creating a Region in the current
process's address space.

This patch simplifies the interface by removing the region part.
Files now only have to return a suitable VMObject from
vmobject_for_mmap(), and then sys$mmap() itself will take care of
actually mapping it into the address space.

This fixes an issue where we'd try to block on I/O (for inode metadata
lookup) while holding the address space spinlock. It also reduces time
spent holding the address space lock.
2022-08-24 14:57:51 +02:00
Andreas Kling
cf16b2c8e6 Kernel: Wrap process address spaces in SpinlockProtected
This forces anyone who wants to look into and/or manipulate an address
space to lock it. And this replaces the previous, more flimsy, manual
spinlock use.

Note that pointers *into* the address space are not safe to use after
you unlock the space. We've got many issues like this, and we'll have
to track those down as wlel.
2022-08-24 14:57:51 +02:00
Andreas Kling
280694bb46 Kernel: Update atime/ctime/mtime timestamps atomically
Instead of having three separate APIs (one for each timestamp),
there's now only Inode::update_timestamps() and it takes 3x optional
timestamps. The non-empty timestamps are updated while holding the inode
mutex, and the outside world no longer has to look at intermediate
timestamp states.
2022-08-22 17:56:03 +02:00
Anthony Iacono
f86b671de2 Kernel: Use Process::credentials() and remove user ID/group ID helpers
Move away from using the group ID/user ID helpers in the process to
allow for us to take advantage of the immutable credentials instead.
2022-08-22 12:46:32 +02:00
Andreas Kling
006f753647 Kernel: Make File::{chown,chmod} take credentials as input
...instead of getting them from Process::current(). :^)
2022-08-21 16:15:29 +02:00
Andreas Kling
c3351d4b9f Kernel: Make VirtualFileSystem functions take credentials as input
Instead of getting credentials from Process::current(), we now require
that they be provided as input to the various VFS functions.

This ensures that an atomic set of credentials is used throughout an
entire VFS operation.
2022-08-21 16:02:24 +02:00
Andreas Kling
11eee67b85 Kernel: Make self-contained locking smart pointers their own classes
Until now, our kernel has reimplemented a number of AK classes to
provide automatic internal locking:

- RefPtr
- NonnullRefPtr
- WeakPtr
- Weakable

This patch renames the Kernel classes so that they can coexist with
the original AK classes:

- RefPtr => LockRefPtr
- NonnullRefPtr => NonnullLockRefPtr
- WeakPtr => LockWeakPtr
- Weakable => LockWeakable

The goal here is to eventually get rid of the Lock* classes in favor of
using external locking.
2022-08-20 17:20:43 +02:00
Liav A
fcc0e4d538 Kernel/FileSystem: Funnel calls to Inode::prepare_to_write_data method
Instead of requiring each FileSystem implementation to call this method
when trying to write data, do the calls at 2 points to avoid further
calls (or lack of them due to not remembering to use it) at other files
and locations in the codebase.
2022-07-30 23:31:08 +02:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Lenny Maiorani
190cf1507b Kernel: Use default constructors/destructors
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules

"The compiler is more likely to get the default semantics right and
you cannot implement these functions better than the compiler."
2022-03-17 00:51:36 -07:00
sin-ack
69ef211925 Kernel+LibC: Move errno definitions to Kernel/API/POSIX
This fixes at least half of our LibC includes in the kernel. The source
of truth for errno codes and their description strings now lives in
Kernel/API/POSIX/errno.h as an enumeration, which LibC includes.
2021-12-16 22:21:35 +03:30
Andreas Kling
af6358e1e1 Kernel: Allow mmap() with PROT_WRITE+MAP_SHARED
Now that we have a way to flush changes back to disk, let's allow this
type of mapping.
2021-11-17 19:35:13 +01:00
Daniel Bertalan
304c03f457 Kernel: Reject writable shared file mappings
We have no way of writing changes to memory-mapped files back to disk,
and software relying on this functionality for output would fail
miserably. Let's just return ENOTSUP instead to allow callers to fall
back to standard file IO instead of silently discarding writes.

This makes the LLD port work, which uses memory-mapped files to write
its output by default.
2021-11-17 00:15:30 +01:00
Andrew Kaster
7243bcb7da Kernel: Use static_ptr_cast to convert between Userspace<T*> types
Some calls of copy_to_user were converting Userspace<T*> to
Userspace<U*> via the implicit conversion to FlatPtr. Change them to use
the static_ptr_cast overload that is designed to express this conversion
2021-11-16 00:13:22 +01:00
Andreas Kling
79fa9765ca Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.

Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
2021-11-08 01:10:53 +01:00
Ben Wiederhake
c05c5a7ff4 Kernel: Clarify ambiguous {File,Description}::absolute_path
Found due to smelly code in InodeFile::absolute_path.

In particular, this replaces the following misleading methods:

File::absolute_path
This method *never* returns an actual path, and if called on an
InodeFile (which is impossible), it would VERIFY_NOT_REACHED().

OpenFileDescription::try_serialize_absolute_path
OpenFileDescription::absolute_path
These methods do not guarantee to return an actual path (just like the
other method), and just like Custody::absolute_path they do not
guarantee accuracy. In particular, just renaming the method made a
TOCTOU bug obvious.

The new method signatures use KResultOr, just like
try_serialize_absolute_path() already did.
2021-10-31 12:06:28 +01:00
TheFightingCatfish
a81b21c1a7 Kernel+LibC: Implement fsync 2021-09-12 11:24:02 +02:00
Andreas Kling
ec4b814c9a Kernel: Use OOM-safe absolute path serialization in InodeFile::mmap()
Switch from OpenFileDescription::absolute_path() to the OOM-safe
try_serialize_absolute_path() (and propagate any errors to the caller.)
2021-09-07 22:16:25 +02:00
Andreas Kling
4a9c18afb9 Kernel: Rename FileDescription => OpenFileDescription
Dr. POSIX really calls these "open file description", not just
"file description", so let's call them exactly that. :^)
2021-09-07 13:53:14 +02:00
Andreas Kling
6e3381ac32 Kernel: Use KResultOr and TRY() for {Shared,Private}InodeVMObject 2021-09-06 13:06:05 +02:00
Andreas Kling
48a0b31c47 Kernel: Make copy_{from,to}_user() return KResult and use TRY()
This makes EFAULT propagation flow much more naturally. :^)
2021-09-05 17:38:37 +02:00
Andreas Kling
cad78f5904 Kernel: Use TRY() in InodeFile 2021-09-05 16:25:40 +02:00
Andreas Kling
ae197deb6b Kernel: Strongly typed user & group ID's
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.

This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
2021-08-29 01:09:19 +02:00
Peter Elliott
39a77559f1 Kernel+LibC: Implement FIONREAD ioctl
FIONREAD gets the number of bytes availible to read from a file
descriptor without blocking. I only implemented it for regular files and
sockets
2021-08-22 10:29:06 +02:00
Idan Horowitz
cf271183b4 Kernel: Make Process::current() return a Process& instead of Process*
This has several benefits:
1) We no longer just blindly derefence a null pointer in various places
2) We will get nicer runtime error messages if the current process does
turn out to be null in the call location
3) GCC no longer complains about possible nullptr dereferences when
compiling without KUBSAN
2021-08-19 23:49:53 +02:00
Andreas Kling
208147c77c Kernel: Rename Process::space() => Process::address_space()
We commonly talk about "a process's address space" so let's nudge the
code towards matching how we talk about it. :^)
2021-08-06 14:05:58 +02:00
Andreas Kling
cd5faf4e42 Kernel: Rename Range => VirtualRange
...and also RangeAllocator => VirtualRangeAllocator.

This clarifies that the ranges we're dealing with are *virtual* memory
ranges and not anything else.
2021-08-06 14:05:58 +02:00
Andreas Kling
93d98d4976 Kernel: Move Kernel/Memory/ code into Kernel::Memory namespace 2021-08-06 14:05:58 +02:00
Andreas Kling
a1d7ebf85a Kernel: Rename Kernel/VM/ to Kernel/Memory/
This directory isn't just about virtual memory, it's about all kinds
of memory management.
2021-08-06 14:05:58 +02:00
Brian Gianforcaro
de9ff0af50 Kernel: Modify the IOCTL API to return KResult
The kernel has been gradually moving towards KResult from just bare
int's, this change migrates the IOCTL paths.
2021-07-27 01:23:37 +04:30
Brian Gianforcaro
9a04f53a0f Kernel: Utilize AK::Userspace<T> in the ioctl interface
It's easy to forget the responsibility of validating and safely copying
kernel parameters in code that is far away from syscalls. ioctl's are
one such example, and bugs there are just as dangerous as at the root
syscall level.

To avoid this case, utilize the AK::Userspace<T> template in the ioctl
kernel interface so that implementors have no choice but to properly
validate and copy ioctl pointer arguments.
2021-07-27 01:23:37 +04:30
Andreas Kling
88d490566f Kernel: Rename various *VMObject::create*() => try_create()
try_*() implies that it can fail (and they all return RefPtr with
nullptr signalling failure.)
2021-07-11 17:55:29 +02:00
Andreas Kling
af8c74a328 Kernel: Make SharedInodeVMObject allocation OOM-safe 2021-07-11 17:52:07 +02:00
Andreas Kling
0d39bd04d3 Kernel: Rename VFS => VirtualFileSystem 2021-07-11 00:25:24 +02:00
Brian Gianforcaro
234c6ae32d Kernel: Change Inode::{read/write}_bytes interface to KResultOr<ssize_t>
The error handling in all these cases was still using the old style
negative values to indicate errors. We have a nicer solution for this
now with KResultOr<T>. This change switches the interface and then all
implementers to use the new style.
2021-05-02 13:27:37 +02:00
Andreas Kling
cd9be1733c Kernel: Make Inode::set_{a,c,m}time return KResult
This exposed some missing error propagation, which this patch also
takes care of.
2021-04-30 15:51:06 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Jean-Baptiste Boric
6698fd84ff Kernel: Refactor storage stack with u64 as mmap offset 2021-03-19 09:15:19 +01:00
Jean-Baptiste Boric
b05b4d4b24 Kernel: Refactor storage stack with u64 as file operations offset 2021-03-17 23:22:42 +01:00
Ben Wiederhake
336303bda4 Kernel: Make kgettimeofday use AK::Time 2021-03-02 08:36:08 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
f1b5def8fd Kernel: Factor address space management out of the Process class
This patch adds Space, a class representing a process's address space.

- Each Process has a Space.
- The Space owns the PageDirectory and all Regions in the Process.

This allows us to reorganize sys$execve() so that it constructs and
populates a new Space fully before committing to it.

Previously, we would construct the new address space while still
running in the old one, and encountering an error meant we had to do
tedious and error-prone rollback.

Those problems are now gone, replaced by what's hopefully a set of much
smaller problems and missing cleanups. :^)
2021-02-08 18:27:28 +01:00
Andreas Kling
9f05044c50 Kernel: Check for off_t overflow before reading/writing InodeFile
Let's double-check before calling the Inode. This way we don't have to
trust every Inode subclass to validate user-supplied inputs.
2021-02-03 10:51:37 +01:00
Peter Elliott
c0e88b9710 Kernel: Add FIBMAP ioctl to Ext2FileSystem
FIBMAP is a linux ioctl that gives the location on disk of a specific
block of a file
2021-01-30 22:54:51 +01:00
Andreas Kling
ab14b0ac64 Kernel: Hoist VM range allocation up to sys$mmap() itself
Instead of letting each File subclass do range allocation in their
mmap() override, do it up front in sys$mmap().

This makes us honor alignment requests for file-backed memory mappings
and simplifies the code somwhat.
2021-01-25 18:57:06 +01:00
Andreas Kling
19d3f8cab7 Kernel+LibC: Turn errno codes into a strongly typed enum
..and allow implicit creation of KResult and KResultOr from ErrnoCode.
This means that kernel functions that return those types can finally
do "return EINVAL;" and it will just work.

There's a handful of functions that still deal with signed integers
that should be converted to return KResults.
2021-01-20 23:20:02 +01:00
Andreas Kling
64b0d89335 Kernel: Make Process::allocate_region*() return KResultOr<Region*>
This allows region allocation to return specific errors and we don't
have to assume every failure is an ENOMEM.
2021-01-15 19:10:30 +01:00
Andreas Kling
5dae85afe7 Kernel: Pass "shared" flag to Region constructor
Before this change, we would sometimes map a region into the address
space with !is_shared(), and then moments later call set_shared(true).

I found this very confusing while debugging, so this patch makes us pass
the initial shared flag to the Region constructor, ensuring that it's in
the correct state by the time we first map the region.
2021-01-02 16:57:31 +01:00