1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-10-24 05:32:31 +00:00
Commit graph

64 commits

Author SHA1 Message Date
Andreas Kling
ae197deb6b Kernel: Strongly typed user & group ID's
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.

This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
2021-08-29 01:09:19 +02:00
Edward Palmer
abccb45060 Kernel: Move set_metadata_dirty calls to notify_watchers 2021-08-19 10:41:54 +02:00
Andreas Kling
d30d776ca4 Kernel: Make FileSystem::initialize() return KResult
This forced me to also come up with error codes for a bunch of
situations where we'd previously just panic the kernel.
2021-08-14 15:19:00 +02:00
Andreas Kling
ef2720bcad Kernel: Make Inode::lookup() return a KResultOr<NonnullRefPtr<Inode>>
This allows file systems to return arbitrary error codes instead of just
an Inode or not an Inode.
2021-08-14 13:34:59 +02:00
Andreas Kling
7791f7b9e6 Kernel/TmpFS: Remove some unnecessary includes 2021-07-18 14:29:27 +02:00
Andreas Kling
61e17ed590 Kernel/TmpFS: Use IntrusiveList and KString for OOM safety
This patch moves TmpFS to using OOM-safe data types for storing
directory children.
2021-07-18 14:29:27 +02:00
Andreas Kling
1f18558ee2 Kernel: Make FileSystem::root_inode() return a plain Inode&
All file system classes are expected to keep their root Inode object
in memory, so this function can safely return an Inode&.
2021-07-18 01:53:04 +02:00
Andreas Kling
9457d83986 Kernel: Rename Locker => MutexLocker 2021-07-18 01:53:04 +02:00
Andreas Kling
b8d6c3722d Kernel: Remove Inode::directory_entry_count()
This was only used in one place: VirtualFileSystem::rmdir(), and that
has now been converted to a simple directory traversal.
2021-07-17 22:36:04 +02:00
Andreas Kling
6766efff9c Kernel: Make Inode::create_child() take the name as a StringView
No sense in forcing callers to construct a String. One more small step
towards not using String in the kernel.
2021-07-17 21:32:59 +02:00
Andreas Kling
3b805a57e6 Kernel: Rename Inode::m_lock => m_inode_lock
This makes file system code much easier to read since it was hard when
both the file system and inode locks were called "m_lock".
2021-07-17 21:17:39 +02:00
Andreas Kling
cee9528168 Kernel: Rename Lock to Mutex
Let's be explicit about what kind of lock this is meant to be.
2021-07-17 21:10:32 +02:00
Andrew Kaster
3f0dcd63dc Kernel: Fix TmpFS resize behavior around INT32_MAX for 32-bit systems
We need some overflow checks due to the implementation of TmpFS.
When size_t is 32 bits and off_t is 64 bits, we might overflow our
KBuffer max size and confuse the KBuffer set_size code, causing a VERIFY
failure. Make sure that resulting offset + size will fit in a size_t.
Another constraint, we make sure that the resulting offset + size will
be less than half of the maximum value of a size_t, because we double
the KBuffer size each time we resize it.
2021-07-11 19:42:00 +02:00
Andreas Kling
d53d9d3677 Kernel: Rename FS => FileSystem
This matches our common naming style better.
2021-07-11 00:20:38 +02:00
Daniel Bertalan
f820917a76 Everywhere: Use nothrow new with adopt_{ref,own}_if_nonnull
This commit converts naked `new`s to `AK::try_make` and `AK::try_create`
wherever possible. If the called constructor is private, this can not be
done, so we instead now use the standard-defined and compiler-agnostic
`new (nothrow)`.
2021-06-24 17:35:49 +04:30
Gunnar Beutner
441d6dcdf9 Kernel: Fix compiling TmpFSInode::write_bytes on x86_64 2021-06-24 09:27:13 +02:00
Gunnar Beutner
bc3076f894 Kernel: Remove various other uses of ssize_t 2021-06-16 21:29:36 +02:00
Brian Gianforcaro
23c021912e Kernel: Move TmpFS towards OOM safety 2021-06-01 23:14:40 +01:00
sin-ack
fe5ca6ca27 Kernel: Implement multi-watch InodeWatcher :^)
This patch modifies InodeWatcher to switch to a one watcher, multiple
watches architecture.  The following changes have been made:

- The watch_file syscall is removed, and in its place the
  create_iwatcher, iwatcher_add_watch and iwatcher_remove_watch calls
  have been added.
- InodeWatcher now holds multiple WatchDescriptions for each file that
  is being watched.
- The InodeWatcher file descriptor can be read from to receive events on
  all watched files.

Co-authored-by: Gunnar Beutner <gunnar@beutner.name>
2021-05-12 22:38:20 +02:00
Brian Gianforcaro
234c6ae32d Kernel: Change Inode::{read/write}_bytes interface to KResultOr<ssize_t>
The error handling in all these cases was still using the old style
negative values to indicate errors. We have a nicer solution for this
now with KResultOr<T>. This change switches the interface and then all
implementers to use the new style.
2021-05-02 13:27:37 +02:00
Andreas Kling
cd9be1733c Kernel: Make Inode::set_{a,c,m}time return KResult
This exposed some missing error propagation, which this patch also
takes care of.
2021-04-30 15:51:06 +02:00
Brian Gianforcaro
8d6e9fad40 Kernel: Remove the now defunct LOCKER(..) macro. 2021-04-25 09:38:27 +02:00
Andreas Kling
b91c49364d AK: Rename adopt() to adopt_ref()
This makes it more symmetrical with adopt_own() (which is used to
create a NonnullOwnPtr from the result of a naked new.)
2021-04-23 16:46:57 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Andreas Kling
2871df6f0d Kernel: Stop trying to keep InodeVMObject in sync with disk changes
As it turns out, Dr. POSIX doesn't require that post-mmap() changes
to a file are reflected in the memory mappings. So we don't actually
have to care about the file size changing (or the contents.)

IIUC, as long as all the MAP_SHARED mappings that refer to the same
inode are in sync, we're good.

This means that VMObjects don't need resizing capabilities. I'm sure
there are ways we can take advantage of this fact.
2021-03-04 15:42:51 +01:00
Ben Wiederhake
336303bda4 Kernel: Make kgettimeofday use AK::Time 2021-03-02 08:36:08 +01:00
Ben Wiederhake
05d5e3fad9 Kernel: Remove duplicative kgettimeofday(timeval&) function 2021-03-02 08:36:08 +01:00
Andreas Kling
5d180d1f99 Everywhere: Rename ASSERT => VERIFY
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)

Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.

We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
2021-02-23 20:56:54 +01:00
Andreas Kling
e44c1792a7 Kernel: Add distinct InodeIndex type
Use the DistinctNumeric mechanism to make InodeIndex a strongly typed
integer type.
2021-02-12 10:26:29 +01:00
Andreas Kling
19d3f8cab7 Kernel+LibC: Turn errno codes into a strongly typed enum
..and allow implicit creation of KResult and KResultOr from ErrnoCode.
This means that kernel functions that return those types can finally
do "return EINVAL;" and it will just work.

There's a handful of functions that still deal with signed integers
that should be converted to return KResults.
2021-01-20 23:20:02 +01:00
Andreas Kling
bcd2844439 TmpFS: Use fallible KBuffer API
If allocation fails, some TmpFS operations can now fail with ENOMEM.
2020-12-18 19:22:26 +01:00
Andreas Kling
abe9cec612 TmpFS: Set the root inode's timestamp to the current time
cc @bcoles :^)
2020-11-14 10:44:47 +01:00
Andreas Kling
a316ca0e0d TmpFS: Don't allow file names longer than NAME_MAX
Fixes #3636.
2020-10-22 18:59:00 +02:00
Linus Groh
bcfc6f0c57 Everywhere: Fix more typos 2020-10-03 12:36:49 +02:00
Andreas Kling
2cb32f8356 Kernel: Let InodeWatcher track child inode numbers instead of names
First of all, this fixes a dumb info leak where we'd write kernel heap
addresses (StringImpl*) into userspace memory when reading a watcher.

Instead of trying to pass names to userspace, we now simply pass the
child inode index. Nothing in userspace makes use of this yet anyway,
so it's not like we're breaking anything. We'll see how this evolves.
2020-09-19 16:39:52 +02:00
Tom
c8d9f1b9c9 Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
2020-09-13 21:19:15 +02:00
Andreas Kling
108263314a TmpFS: Stop using FS::DirectoryEntry in TmpFSInode
The list of children can just be a bunch of { name, inode }.
2020-08-18 18:26:54 +02:00
Andreas Kling
c096cb9352 TmpFS: Avoid unnecessary inode lookup in TmpFSInode::lookup()
We don't have to ask the VFS to find our child inode, we have a pointer
to it right here.
2020-08-18 18:26:54 +02:00
Andreas Kling
eeaba41d13 Kernel: Add DirectoryEntryView for VFS directory traversal
Unlike DirectoryEntry (which is used when constructing directories),
DirectoryEntryView does not manage storage for file names. Names are
just StringViews.

This is much more suited to the directory traversal API and makes
it easier to implement this in file system classes since they no
longer need to create temporary name copies while traversing.
2020-08-18 18:26:54 +02:00
Brian Gianforcaro
e8c9b5e870 Kernel: Make Inode::directory_entry_count errors observable.
Certain implementations of Inode::directory_entry_count were calling
functions which returned errors, but had no way of surfacing them.
Switch the return type to KResultOr<size_t> and start observing these
error paths.
2020-08-05 10:26:29 +02:00
Andreas Kling
0d577ab781 Kernel: Add "child added" and "child removed" InodeWatcher events
The child name is not yet accessible to userspace, but will be in a
future patch.
2020-07-04 13:37:51 +02:00
Sergey Bugaev
df66c28479 Kernel: Deemphasize inode identifiers
These APIs were clearly modeled after Ext2FS internals, and make perfect sense
in Ext2FS context. The new APIs are more generic, and map better to the
semantics exported to the userspace, where inode identifiers only appear in
stat() and readdir() output, but never in any input.

This will also hopefully reduce the potential for races (see commit c44b4d61f3).

Lastly, this makes it way more viable to implement a filesystem that only
synthesizes its inodes lazily when queried, and destroys them when they are no
longer in use. With inode identifiers being used to reference inodes, the only
choice for such a filesystem is to persist any inode it has given out the
identifier for, because it might be queried at any later time. With direct
references to inodes, the filesystem will know when the last reference is
dropped and the inode can be safely destroyed.
2020-06-25 15:49:04 +02:00
Sergey Bugaev
e0d0d52455 Kernel: Use symbolic constants for file modes
This fixes a bug where the mode of a FIFO was reported as 001000 instead
of 0010000 (you see the difference? me nethier), and hopefully doesn't
introduce new bugs. I've left 0777 and similar in a few places, because
that is *more* readable than its symbolic version.
2020-06-17 15:02:03 +02:00
Brian Gianforcaro
6a74af8063 Kernel: Plumb KResult through FileDescription::read_entire_file() implementation.
Allow file system implementation to return meaningful error codes to
callers of the FileDescription::read_entire_file(). This allows both
Process::sys$readlink() and Process::sys$module_load() to return more
detailed errors to the user.
2020-05-26 10:15:40 +02:00
Sergey Bugaev
54550365eb Kernel: Use shared locking mode in some places
The notable piece of code that remains to be converted is Ext2FS.
2020-04-18 13:58:29 +02:00
Andreas Kling
1d468ed6d3 AK: Stop allowing implicit downcast with RefPtr and NonnullRefPtr
We were allowing this dangerous kind of thing:

RefPtr<Base> base;
RefPtr<Derived> derived = base;

This patch changes the {Nonnull,}RefPtr constructors so this is no
longer possible.

To downcast one of these pointers, there is now static_ptr_cast<T>:

RefPtr<Derived> derived = static_ptr_cast<Derived>(base);

Fixing this exposed a ton of cowboy-downcasts in various places,
which we're now forced to fix. :^)
2020-04-05 11:19:00 +02:00
Andreas Kling
53d0ca2ad8 Kernel: Strip SUID+SGID bits from file when written to or chowned
Fixes #1624.
2020-04-04 19:46:55 +02:00
Andreas Kling
a356e48150 Kernel: Move all code into the Kernel namespace 2020-02-16 01:27:42 +01:00
Andreas Kling
7291370478 Kernel: Make File::truncate() take a u64
No point in taking a signed type here. We validate at the syscall layer
and then pass around a u64 from then on.
2020-02-08 12:07:04 +01:00
Andreas Kling
42d41fdf94 Kernel: Simplify FS::create_inode() a little bit
Return a KResultOr<NonnullRefPtr<Inode>> instead of returning errors in
an out-parameter.
2020-02-08 11:58:28 +01:00