| Age | Commit message (Collapse) | Author |
|---|
|
The HashMap of InodeIndex->Inode in TmpFS only had one purpose: looking
up parent inodes by index.
Instead of using a map for this, we can simply give each inode a WeakPtr
to its parent inode. This saves us the trouble of dealing with the
fallibility of HashMap allocations, and it just generally simpler. :^)
|
|
Previously we were uncaching inodes from TmpFSInode::one_ref_left().
This was not safe, since one_ref_left() was effectively being called
on a raw pointer after decrementing the local ref count and observing
it become 1. There was a race here where someone else could trigger
the destructor by unreffing to 0 before one_ref_left() got called,
causing us to call one_ref_left() on a deleted inode.
We fix this by using the new remove_from_secondary_lists() mechanism
in ListedRefCounted and synchronizing all access to the TmpFS inode
map with the main Inode::all_instances() lock.
There's probably a nicer way to solve this.
|
|
|
|
If asked to add an already existing name to a directory inode, fail with
EEXIST, consistent with other filesystems.
|
|
We were doing this dance in notify_watchers():
set_metadata_dirty(true);
set_metadata_dirty(false);
This was done in order to force out inode watcher events immediately.
Unfortunately, this was racy, as if SyncTask got scheduled at the wrong
moment, it would try to flush metadata for a clean inode. This then got
trapped by the VERIFY() statement in Inode::sync_all():
VERIFY(inode.is_metadata_dirty());
This patch fixes the issue by replacing notify_watchers() with lazy
metadata notifications like all other filesystems.
|
|
|
|
This allows us to propagate errors from inside the callback with TRY().
|
|
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.
Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
|
|
Even if this goes nowhere yet, we have to start building an error
propagation path somewhere.
|
|
When creating and removing a child to a TmpFS directory, we were
forgetting to delete the TmpFSInode::Child struct.
|
|
This allows us to use TRY() in a lot of new places.
|
|
Dr. POSIX really calls these "open file description", not just
"file description", so let's call them exactly that. :^)
|
|
This allows us to simplify a whole bunch of call sites with TRY(). :^)
|
|
|
|
There are a number of places that don't have an error propagation path
right now, so I've added FIXME's about that.
|
|
- Use KResultOr<NonnullRefPtr<T>>
- Propagate errors
- Use TRY() at call sites
|
|
This allows for natural error propagation in a bunch of new places.
|
|
This struct is non-trivially large, it makes sense to pass it by
reference instead of by value in the factory method.
Found by Sonar Cloud.
|
|
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.
This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
|
|
|
|
This forced me to also come up with error codes for a bunch of
situations where we'd previously just panic the kernel.
|
|
This allows file systems to return arbitrary error codes instead of just
an Inode or not an Inode.
|
|
|
|
This patch moves TmpFS to using OOM-safe data types for storing
directory children.
|
|
All file system classes are expected to keep their root Inode object
in memory, so this function can safely return an Inode&.
|
|
|
|
This was only used in one place: VirtualFileSystem::rmdir(), and that
has now been converted to a simple directory traversal.
|
|
No sense in forcing callers to construct a String. One more small step
towards not using String in the kernel.
|
|
This makes file system code much easier to read since it was hard when
both the file system and inode locks were called "m_lock".
|
|
Let's be explicit about what kind of lock this is meant to be.
|
|
We need some overflow checks due to the implementation of TmpFS.
When size_t is 32 bits and off_t is 64 bits, we might overflow our
KBuffer max size and confuse the KBuffer set_size code, causing a VERIFY
failure. Make sure that resulting offset + size will fit in a size_t.
Another constraint, we make sure that the resulting offset + size will
be less than half of the maximum value of a size_t, because we double
the KBuffer size each time we resize it.
|
|
This matches our common naming style better.
|
|
This commit converts naked `new`s to `AK::try_make` and `AK::try_create`
wherever possible. If the called constructor is private, this can not be
done, so we instead now use the standard-defined and compiler-agnostic
`new (nothrow)`.
|
|
|
|
|
|
|
|
This patch modifies InodeWatcher to switch to a one watcher, multiple
watches architecture. The following changes have been made:
- The watch_file syscall is removed, and in its place the
create_iwatcher, iwatcher_add_watch and iwatcher_remove_watch calls
have been added.
- InodeWatcher now holds multiple WatchDescriptions for each file that
is being watched.
- The InodeWatcher file descriptor can be read from to receive events on
all watched files.
Co-authored-by: Gunnar Beutner <gunnar@beutner.name>
|
|
The error handling in all these cases was still using the old style
negative values to indicate errors. We have a nicer solution for this
now with KResultOr<T>. This change switches the interface and then all
implementers to use the new style.
|
|
This exposed some missing error propagation, which this patch also
takes care of.
|
|
|
|
This makes it more symmetrical with adopt_own() (which is used to
create a NonnullOwnPtr from the result of a naked new.)
|
|
SPDX License Identifiers are a more compact / standardized
way of representing file license information.
See: https://spdx.dev/resources/use/#identifiers
This was done with the `ambr` search and replace tool.
ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
|
|
As it turns out, Dr. POSIX doesn't require that post-mmap() changes
to a file are reflected in the memory mappings. So we don't actually
have to care about the file size changing (or the contents.)
IIUC, as long as all the MAP_SHARED mappings that refer to the same
inode are in sync, we're good.
This means that VMObjects don't need resizing capabilities. I'm sure
there are ways we can take advantage of this fact.
|
|
|
|
|
|
(...and ASSERT_NOT_REACHED => VERIFY_NOT_REACHED)
Since all of these checks are done in release builds as well,
let's rename them to VERIFY to prevent confusion, as everyone is
used to assertions being compiled out in release.
We can introduce a new ASSERT macro that is specifically for debug
checks, but I'm doing this wholesale conversion first since we've
accumulated thousands of these already, and it's not immediately
obvious which ones are suitable for ASSERT.
|
|
Use the DistinctNumeric mechanism to make InodeIndex a strongly typed
integer type.
|
|
..and allow implicit creation of KResult and KResultOr from ErrnoCode.
This means that kernel functions that return those types can finally
do "return EINVAL;" and it will just work.
There's a handful of functions that still deal with signed integers
that should be converted to return KResults.
|
|
If allocation fails, some TmpFS operations can now fail with ENOMEM.
|
|
cc @bcoles :^)
|
