| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Now that the code does not use architectural specific code, it is moved
to the generic Arch directory and the paths are modified accordingly.
|
|
As with the previous commit, we put a distinction between filesystems
that require a file description and those which don't, but now in a much
more readable mechanism - all initialization properties as well as the
create static method are grouped to create the FileSystemInitializer
structure. Then when we need to initialize an instance, we iterate over
a table of these structures, checking for matching structure and then
validating the given arguments from userspace against the requirements
to ensure we can create a valid instance of the requested filesystem.
|
|
We do this by putting a distinction between two types of filesystems -
the first type is backed in RAM, and includes TmpFS, ProcFS, SysFS,
DevPtsFS and DevTmpFS. Because these filesystems are backed in RAM,
trying to mount them doesn't require source open file description.
The second type is filesystems that are backed by a file, therefore the
userspace program has to open them (hence it has a open file description
on them) and provide the appropriate source open file description.
By putting this distinction, we can early check if the user tried to
mount the second type of filesystems without a valid file description,
and fail with EBADF then.
Otherwise, we can proceed to either mount either type of filesystem,
provided that the fs_type is valid.
|
|
The current behavior accidently trys to allocate 0 bytes when a non-null
address is provided and MAP_FIXED is specified. This is clearly a bug.
|
|
Implement futimes() in terms of utimensat(). Now, utimensat() strays
from POSIX compliance because it also accepts a combination of a file
descriptor of a regular file and an empty path. utimensat() then uses
this file descriptor instead of the path to update the last access
and/or modification time of a file. That being said, its prior behavior
remains intact.
With the new behavior of utimensat(), `path` must point to a valid
string; given a null pointer instead of an empty string, utimensat()
sets `errno` to `EFAULT` and returns a failure.
|
|
Create POSIX utimensat() library call and corresponding system call to
update file access and modification times.
|
|
|
|
The file does not contain any specific architectural code, thus it can
be moved to the Kernel/Arch directory.
|
|
Coverage tools like LLVM's source-based coverage or GNU's --coverage
need to be able to write out coverage files from any binary, regardless
of its security posture. Not ignoring these pledges and veils means we
can't get our coverage data out without playing some serious tricks.
However this is pretty terrible for normal exeuction, so only skip these
checks when we explicitly configured userspace for coverage.
|
|
These allow you to turn the close-on-exec flag on/off via ioctl().
|
|
|
|
This keeps us from accidentally overwriting an already set region name,
for example when we are mapping a file (as, in this case, the file name
is already stored in the region).
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
This syscall doesn't access any unprotected shared data.
|
|
The only requirement for this syscall is to make
Process::m_coredump_properties SpinlockProtected.
|
|
The only thing we needed to check is whether `socket.accept()` returns
a socket, and if not, we go back to blocking again.
|
|
This fixes an issue where File::mmap() overrides would fail because they
were expecting to be called with a size evenly divisible by PAGE_SIZE.
|
|
Since there is no separate virtual range allocator anymore, this is
no longer used for anything.
|
|
|
|
This syscall works on global kernel state and so doesn't need protection
from threads in the same process.
|
|
This syscall ends up disabling interrupts while changing the time,
and the clock is a global resource anyway, so preventing threads in the
same process from running wouldn't solve anything.
|
|
Both of these syscalls take the scheduler lock while accessing the
thread priority, so there's no reliance on the process big lock.
|
|
Stuff like TLS regions, main thread stacks, etc. All deserve to be
randomized unless the ELF requires specific placement. :^)
|
|
This syscall already performs the necessary locking and so doesn't
need to rely on the process big lock.
|
|
We don't need to hold the lock across the entire syscall. Once we've
fetched the open file description we're interested in, we can let go.
|
|
We don't need to hold the lock across the entire syscall. Once we've
fetched the open file description we're interested in, we can let go.
|
|
These syscalls already perform the necessary locking and don't rely on
the process big lock.
|
|
Functions that allocate and/or place a Region now take a parameter
that tells it whether to randomize unspecified addresses.
|
|
This patch move AddressSpace (the per-process memory manager) to using
the new atomic "place" APIs in RegionTree as well, just like we did for
MemoryManager in the previous commit.
This required updating quite a few places where VM allocation and
actually committing a Region object to the AddressSpace were separated
by other code.
All you have to do now is call into AddressSpace once and it'll take
care of everything for you.
|
|
RegionTree holds an IntrusiveRedBlackTree of Region objects and vends a
set of APIs for allocating memory ranges.
It's used by AddressSpace at the moment, and will be used by MM soon.
|
|
This patch stops using VirtualRangeAllocator in AddressSpace and instead
looks for holes in the region tree when allocating VM space.
There are many benefits:
- VirtualRangeAllocator is non-intrusive and would call kmalloc/kfree
when used. This new solution is allocation-free. This was a source
of unpleasant MM/kmalloc deadlocks.
- We consolidate authority on what the address space looks like in a
single place. Previously, we had both the range allocator *and* the
region tree both being used to determine if an address was valid.
Now there is only the region tree.
- Deallocation of VM when splitting regions is no longer complicated,
as we don't need to keep two separate trees in sync.
|
|
This means we never need to allocate when inserting/removing regions
from the address space.
|
|
|
|
|
|
8233da33985bf834685bc215a8a9ed261e674f5f introduced a not-so-subtle bug
where an application with an existing pledge set containing `no_error`
could elevate its pledge set by pledging _anything_, this commit makes
sure that no new promise is accepted.
|
|
This makes pledge() ignore promises that would otherwise cause it to
fail with EPERM, which is very useful for allowing programs to run under
a "jail" so to speak, without having them termiate early due to a
failing pledge() call.
|
