| Age | Commit message (Collapse) | Author |
|---|
|
The RPC client management was not updated for the changes that made
CObject reference-counted it seems. :^)
|
|
Now that we can fchmod() on a pre-bind() socket, use that to lock down
the RPC sockets we publish in all CEventLoop-driven programs.
|
|
Also make the sockets readable and writable only by that user.
This fixes a bug where anyone could connect to anyone else's services,
most obviously WindowServer.
|
|
In order to ensure a specific owner and mode when the local socket
filesystem endpoint is instantiated, we need to be able to call
fchmod() and fchown() on a socket fd between socket() and bind().
This is because until we call bind(), there is no filesystem inode
for the socket yet.
|
|
If we're creating something that should have a different owner than the
current process's UID/GID, we need to plumb that all the way through
VFS down to the FS functions.
|
|
Remove an unnecessary InterruptDisabler to make this not assert. :^)
|
|
Inode::size() may try to take a lock, so we can't be calling it with
interrupts disabled.
This fixes a kernel hang when trying to execute a binary in a TmpFS.
|
|
As Sergey pointed out, do_killpg() already interprets PID 0 as the
PGID of the calling process.
|
|
|
|
We now have these API's in <Kernel/Random.h>:
- get_fast_random_bytes(u8* buffer, size_t buffer_size)
- get_good_random_bytes(u8* buffer, size_t buffer_size)
- get_fast_random<T>()
- get_good_random<T>()
Internally they both use x86 RDRAND if available, otherwise they fall
back to the same LCG we had in RandomDevice all along.
The main purpose of this patch is to give kernel code a way to better
express its needs for random data.
Randomness is something that will require a lot more work, but this is
hopefully a step in the right direction.
|
|
Since nothing is using this, let's just remove it. That's one less
thing to worry about.
|
|
This was a hack used to profile things before we had a proper profiler.
Since RDTSC is not available in userspace, this is not useful anymore.
|
|
Before this patch, root was not able to "touch" someone else's file.
|
|
POSIX does not support rename() from one file system to another.
|
|
|
|
To accomodate file creation, path resolution optionally returns the
last valid parent directory seen while traversing the path.
Clients will then interpret "ENOENT, but I have a parent for you" as
meaning that the file doesn't exist, but its immediate parent directory
does. The client then goes ahead and creates a new file.
In the case of "/foo/bar/baz" where there is no "/foo", it would fail
with ENOENT and "/" as the last seen parent directory, causing e.g the
open() syscall to create "/baz".
Covered by test_io.
|
|
Modules are now mapped fully RWX. This can definitely be improved,
but at least it unbreaks the feature for now.
|
|
|
|
|
|
It was previously possible to write to read-only file descriptors,
and read from write-only file descriptors.
All FileDescription objects now start out non-readable + non-writable,
and whoever is creating them has to "manually" enable reading/writing
by calling set_readable() and/or set_writable() on them.
|
|
This exposes some very bad behaviors that will need fixing.
|
|
|
|
Just taking care of some FIXMEs.
|
|
In the same group as the calling process, that is.
|
|
Also kill() with pid 0 should send to everyone in the same process
group as the calling process.
|
|
This will be checked moments later by MM.validate_user_read().
|
|
Looks like this got missed, maybe a messy `git add --patch` job? It
caused packaging of the gcc port to fail.
|
|
Add missing keymap entries for the dollar sign and escape key and reformat
the Hungarian keymap.
Remove the workaround for "0x08", replace it with '\b'.
Fix the octal/hex mixup in the value of escape key. (033 != 0x33, 033 == 0x1B)
|
|
Process::m_extra_gids is for supplementary GIDs only.
|
|
Also add error checking and bail out if either call fails.
Doing it the wrong way around was causing us to retain GID=0 for all
processes (oops!)
Thanks to Chris Ball for reporting the bug. :^)
|
|
|
|
During initialization of PCI MMIO access mechanism we ensure that we
have an allocation from the kernel virtual address space that cannot be
taken by other components in the OS.
Also, now we ensure that interrupts are disabled so mapping the region
doesn't fail.
In order to reduce overhead, map_device() will map the requested PCI
address only if it's not mapped already.
The run script has been changed so now we can boot a Q35 machine, that
supports PCI ECAM.
To ensure we will be able to load the machine, a PIIX3 IDE controller
was added to the Q35 machine configuration in the run script.
An AHCI controller was added to the i440fx machine configuration.
|
|
This requires gcc8 from ports to build the Toolchain.
|
|
Allow HOST_CXX to be passed to make which will be the actual host
C++ compiler used, such as 'make HOST_CXX=clang++'.
|
|
This fixes an issue in SystemMonitor where old data would linger in the
table views after selecting a process owned by another user.
Since we can no longer read /proc/PID/* unless PID belongs to us,
we will now present empty views for these processes. :^)
|
|
|
|
Addresses outside the userspace virtual range will now show up as
0xdeadc0de in backtraces and profiles generated by unprivileged users.
|
|
Let's lock down access to the kernel symbol table, since it trivializes
learning where the kernel functions are.
Of course, you can just build the same revision yourself locally and
learn the information, but we're taking one step at a time here. :^)
|
|
The right window had a few pixels on the right cut off, i don't know how
i didn't notice this earlier.
|
|
This means that (for example) if you change the line width of the line
tool, you now switch to the line tool, instead of sticking with the
currently "checked" tool.
|
|
Previously we would be left with a menu stack containing nulled-out
WeakPtr's to menus in the now-disconnected clients.
This was tripping up an assertion when clicking anywhere after shutting
down a program while it had a menu open.
|
|
|
|
When selecting an element in the browser's DOM inspector, we now also
show the resolved CSS properties (and their values) for that element.
Since the inspector was growing a bit more complex, I moved it out of
the "show inspector" action callback and into its own class.
In the future, we will probably want to migrate the inspector down to
LibHTML to make it accessible to other clients of the library, but for
now we can keep working on it inside Browser. :^)
|
|
We simply expand the attributes inside the element item name, so they
look like natural "tags" :^)
|
|
This will make it easy to implement a simple element style inspector.
|
|
|
|
I don't think we need to give unprivileged users access to what is
essentially a kernel testing mechanism.
|
|
|
|
|
|
This code never worked, as was never used for anything. We can build
a much better SHM implementation on top of TmpFS or similar when we
get to the point when we need one.
|
