| Age | Commit message (Collapse) | Author |
|---|
|
Use the try variants of AK::StringBuilder append APIs to harden these
functions against OOM.
|
|
|
|
Since a socket can be accessed by multiple threads concurrently, we need
to protect shared data behind the socket mutex.
There's very likely more places where we need to fix this, the purpose
of this patch is to fix a VERIFY() failure in getsockopt() seen on CI.
|
|
This fixes at least half of our LibC includes in the kernel. The source
of truth for errno codes and their description strings now lives in
Kernel/API/POSIX/errno.h as an enumeration, which LibC includes.
|
|
ENOTTY is used to signify that no ioctl interface is provided at all,
but LocalSockets do support the FIONREAD ioctl.
|
|
Some calls of copy_to_user were converting Userspace<T*> to
Userspace<U*> via the implicit conversion to FlatPtr. Change them to use
the static_ptr_cast overload that is designed to express this conversion
|
|
Instead of signalling allocation failure with a bool return value
(false), we now use ErrorOr<void> and return ENOMEM as appropriate.
This allows us to use TRY() and MUST() with Vector. :^)
|
|
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.
Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
|
|
Found due to smelly code in InodeFile::absolute_path.
In particular, this replaces the following misleading methods:
File::absolute_path
This method *never* returns an actual path, and if called on an
InodeFile (which is impossible), it would VERIFY_NOT_REACHED().
OpenFileDescription::try_serialize_absolute_path
OpenFileDescription::absolute_path
These methods do not guarantee to return an actual path (just like the
other method), and just like Custody::absolute_path they do not
guarantee accuracy. In particular, just renaming the method made a
TOCTOU bug obvious.
The new method signatures use KResultOr, just like
try_serialize_absolute_path() already did.
|
|
|
|
Because we were holding a strong ref to the OpenFileDescription in
LocalSocket and a strong ref to the LocalSocket in Inode, we were
creating a reference cycle in the event of the socket being cleaned up
after the file description did (i.e. unlinking the file before closing
the socket), because the file description never got destructed.
|
|
Avoid an unnecessary NonnullRefPtr<OpenFileDescription> copy.
|
|
Sockets remember their last error code in the SO_ERROR field, so we need
to take special care to remember this when returning an error.
This patch adds a SOCKET_TRY() that works like TRY() but also calls
set_so_error() on the failure path.
There's probably a lot more code that should be using this, but that's
outside the scope of this patch.
|
|
This tidies up error propagation in a number of places.
|
|
Dr. POSIX really calls these "open file description", not just
"file description", so let's call them exactly that. :^)
|
|
|
|
There are a number of places that don't have an error propagation path
right now, so I've added FIXME's about that.
|
|
This makes EFAULT propagation flow much more naturally. :^)
|
|
|
|
Invoking sendmsg on a listening socket triggers this assertion as
sendto calls has_attached_peer before checking the result of
send_buffer_for.
|
|
"lock" is ambiguous (verb vs noun) while "mutex" is not.
|
|
Instead of having Socket subclasses write their role into Socket::m_role
directly, add a setter to do this.
|
|
Just because we deal with sockaddr_un at the userspace API layer doesn't
mean we have to store an awkward C type internally. :^)
|
|
|
|
|
|
Also tighten the return type to KResultOr<NonnullRefPtr<LocalSocket>>
since it cannot return any other socket type.
|
|
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.
This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
|
|
|
|
X11 handles this gracefully, and it makes more sense than panicking.
|
|
FIONREAD gets the number of bytes availible to read from a file
descriptor without blocking. I only implemented it for regular files and
sockets
|
|
Let's make it obvious what we're protecting it with.
|
|
This has several benefits:
1) We no longer just blindly derefence a null pointer in various places
2) We will get nicer runtime error messages if the current process does
turn out to be null in the call location
3) GCC no longer complains about possible nullptr dereferences when
compiling without KUBSAN
|
|
This patch removes KResult::operator int() and deals with the fallout.
This forces a lot of code to be more explicit in its handling of errors,
greatly improving readability.
|
|
This fixes the placeholder stub for the SO_ERROR via getsockopt. It
leverages the m_so_error value that each socket maintains. The SO_ERROR
option obtains and then clears this field, which is useful when checking
for errors that occur between socket calls. This uses an integer value
to return the SO_ERROR status.
Resolves #146
|
|
This sets the m_so_error variable every time the socket returns an
error.
|
|
|
|
|
|
|
|
LocalSockets keep a DoubleBuffer for both client and server usage.
This change converts the usage from using the default constructor
which is unable to observe OOM, to the new try_create factory and
plumb the result through the constructor.
|
|
|
|
Let's be explicit about what kind of lock this is meant to be.
|
|
|
|
This commit converts naked `new`s to `AK::try_make` and `AK::try_create`
wherever possible. If the called constructor is private, this can not be
done, so we instead now use the standard-defined and compiler-agnostic
`new (nothrow)`.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This makes it more symmetrical with adopt_own() (which is used to
create a NonnullOwnPtr from the result of a naked new.)
|
