summaryrefslogtreecommitdiff
path: root/Kernel/TTY
AgeCommit message (Collapse)Author
2022-12-09Kernel: Allow opening some device nodes sparingly for jailed processesLiav A
From now on, we don't allow jailed processes to open all device nodes in /dev, but only allow jailed processes to open /dev/full, /dev/zero, /dev/null, and various TTY and PTY devices (and not including virtual consoles) so we basically restrict applications to what they can do when they are in jail. The motivation for this type of restriction is to ensure that even if a remote code execution occurred, the damage that can be done is very small. We also don't restrict reading and writing on device nodes that were already opened, because that limit seems not useful, especially in the case where we do want to provide an OpenFileDescription to such device but nothing further than that.
2022-11-08Kernel: Split the DevPtsFS files into smaller componentsLiav A
2022-11-05Kernel: Add support for jailsLiav A
Our implementation for Jails resembles much of how FreeBSD jails are working - it's essentially only a matter of using a RefPtr in the Process class to a Jail object. Then, when we iterate over all processes in various cases, we could ensure if either the current process is in jail and therefore should be restricted what is visible in terms of PID isolation, and also to be able to expose metadata about Jails in /sys/kernel/jails node (which does not reveal anything to a process which is in jail). A lifetime model for the Jail object is currently plain simple - there's simpy no way to manually delete a Jail object once it was created. Such feature should be carefully designed to allow safe destruction of a Jail without the possibility of releasing a process which is in Jail from the actual jail. Each process which is attached into a Jail cannot leave it until the end of a Process (i.e. when finalizing a Process). All jails are kept being referenced in the JailManagement. When a last attached process is finalized, the Jail is automatically destroyed.
2022-10-17Kernel: Move InterruptDisabler out of Arch directoryTimon Kruiper
The code in this file is not architecture specific, so it can be moved to the base Kernel directory.
2022-09-20Kernel: Move PCSpeaker code to the x86-specific architecture directoryLiav A
The PCSpeaker code is specific to x86 platforms, thus it makes sense to put in the Arch/x86 subdirectory.
2022-09-20Kernel: Move IO delay code to x86 architecture subdirectoryLiav A
Many code patterns and hardware procedures rely on reliable delay in the microseconds granularity, and since they are using such delays which are valid cases, but should not rely on x86 specific code, we allow to determine in compile time the proper platform-specific code to use to invoke such delays.
2022-08-22Kernel: Use Process::credentials() and remove user ID/group ID helpersAnthony Iacono
Move away from using the group ID/user ID helpers in the process to allow for us to take advantage of the immutable credentials instead.
2022-08-20Kernel: Make self-contained locking smart pointers their own classesAndreas Kling
Until now, our kernel has reimplemented a number of AK classes to provide automatic internal locking: - RefPtr - NonnullRefPtr - WeakPtr - Weakable This patch renames the Kernel classes so that they can coexist with the original AK classes: - RefPtr => LockRefPtr - NonnullRefPtr => NonnullLockRefPtr - WeakPtr => LockWeakPtr - Weakable => LockWeakable The goal here is to eventually get rid of the Lock* classes in favor of using external locking.
2022-08-19Kernel: Require lock rank for Spinlock constructionkleines Filmröllchen
All users which relied on the default constructor use a None lock rank for now. This will make it easier to in the future remove LockRank and actually annotate the ranks by searching for None.
2022-07-12Everywhere: Add sv suffix to strings relying on StringView(char const*)sin-ack
Each of these strings would previously rely on StringView's char const* constructor overload, which would call __builtin_strlen on the string. Since we now have operator ""sv, we can replace these with much simpler versions. This opens the door to being able to remove StringView(char const*). No functional changes.
2022-07-12Kernel: Annotate all `KBuffer` and `DoubleBuffer` with a custom nameTim Schumacher
2022-06-22LibVT+Kernel: Separate the caret shapes and its steadinessMichał Lach
Currently CursorStyle enum handles both the styles and the steadiness or blinking of the terminal caret, which doubles the amount of its entries. This commit changes CursorStyle to CursorShape and moves the blinking option to a seperate boolean value.
2022-06-06Kernel: Set console active before try to enable graphical modeLiav A
We should first enable the VirtualConsole and then enable graphical mode, to ensure proper display output on the switched-to virtual console that has been chosen. When de-activating graphical mode, we do the de-activating first then enable the VirtualConsole to ensure proper text output on screen.
2022-06-02Kernel: Implement InterruptDisabler using generic Processor functionsTimon Kruiper
Now that the code does not use architectural specific code, it is moved to the generic Arch directory and the paths are modified accordingly.
2022-04-29Kernel: Support userspace TTY graphics modesettingPeter Elliott
This is a copy of linux's KDSETMODE/KDGETMODE console ioctl(2) interface.
2022-04-01Everywhere: Run clang-formatIdan Horowitz
2022-03-26Kernel: Add a way to print the pseudo name of attached TTY of a processLiav A
Contrary to the past, we don't attempt to assume the real name of a TTY device, but instead, we generate a pseudo name only when needed to do so which is still OK because we don't break abstraction layer rules and we still can provide userspace with the required information.
2022-03-22Kernel: Don't assume paths of TTYs and pseudo terminals anymoreLiav A
The obsolete ttyname and ptsname syscalls are removed. LibC doesn't rely on these anymore, and it helps simplifying the Kernel in many places, so it's an overall an improvement. In addition to that, /proc/PID/tty node is removed too as it is not needed anymore by userspace to get the attached TTY of a process, as /dev/tty (which is already a character device) represents that as well.
2022-03-22Kernel/TTY: Implement TIOCGPTN ioctl for MasterPTYLiav A
This ioctl operation will allow userspace to determine the index number of a MasterPTY after opening /dev/ptmx and actually getting an internal file descriptor of MasterPTY.
2022-03-18LibVT/Kernel: Make VT::Attribute::Flags enum class, use AK EnumBitsBrian Gianforcaro
Noticed the TODO in `Attribute.h` and realized we have as solution to this problem already. :^)
2022-03-17Kernel: Use default constructors/destructorsLenny Maiorani
https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#cother-other-default-operation-rules "The compiler is more likely to get the default semantics right and you cannot implement these functions better than the compiler."
2022-02-09Kernel: Change static constexpr variables to constexpr where possibleLenny Maiorani
Function-local `static constexpr` variables can be `constexpr`. This can reduce memory consumption, binary size, and offer additional compiler optimizations. These changes result in a stripped x86_64 kernel binary size reduction of 592 bytes.
2022-02-03Kernel: Protect PTYMultiplexer freelist with spinlock instead of mutexAndreas Kling
2022-01-25Kernel: Use u64 instead of size_t for File::can_write offsetIdan Horowitz
This ensures offsets will not be truncated on large files on i686.
2022-01-25Kernel: Use u64 instead of size_t for File::can_read offsetIdan Horowitz
This ensures offsets will not be truncated on large files on i686.
2022-01-23Kernel: Add CommandLine option to disable or enable the PC speakerLiav A
By default, we disable the PC speaker as it's quite annoying when using the text mode console.
2022-01-23Kernel: Implement beep functionality in virtual consolesLiav A
2022-01-08Kernel: Lock weak pointer revocation during listed-ref-counted unrefAndreas Kling
When doing the last unref() on a listed-ref-counted object, we keep the list locked while mutating the ref count. The destructor itself is invoked after unlocking the list. This was racy with weakable classes, since their weak pointer factory still pointed to the object after we'd decided to destroy it. That opened a small time window where someone could try to strong-ref a weak pointer to an object after it was removed from the list, but just before the destructor got invoked. This patch closes the race window by explicitly revoking all weak pointers while the list is locked.
2021-12-30Kernel: Tighten String-related includesDaniel Bertalan
2021-12-29Kernel: Handle promise violations in the syscall handlerBrian Gianforcaro
Previously we would crash the process immediately when a promise violation was found during a syscall. This is error prone, as we don't unwind the stack. This means that in certain cases we can leak resources, like an OwnPtr / RefPtr tracked on the stack. Or even leak a lock acquired in a ScopeLockLocker. To remedy this situation we move the promise violation handling to the syscall handler, right before we return to user space. This allows the code to follow the normal unwind path, and grantees there is no longer any cleanup that needs to occur. The Process::require_promise() and Process::require_no_promises() functions were modified to return ErrorOr<void> so we enforce that the errors are always propagated by the caller.
2021-12-29Kernel: Use Process::require_promise() instead of REQUIRE_PROMISE()Brian Gianforcaro
This change lays the foundation for making the require_promise return an error hand handling the process abort outside of the syscall implementations, to avoid cases where we would leak resources. It also has the advantage that it makes removes a gs pointer read to look up the current thread, then process for every syscall. We can instead go through the Process this pointer in most cases.
2021-12-29Kernel: Make File::unref virtualIdan Horowitz
This is required for SlavePTY's custom unref handler to function correctly, as otherwise a SlavePTY held in a File RefPtr would call the base's (RefCounted<>) unref method instead of SlavePTY's version.
2021-12-29Kernel: Zero initialize `winsize` in TIOCGWINSZBrian Gianforcaro
It looks like type types are small enough that there is no padding. So there didn't happen to be an info leak here, but lets zero initialize just to be on the safe side, and make auditing easier.
2021-12-29Kernel: Port File to RefCountedIdan Horowitz
Since RefCounted automatically calls a method named `will_be_destoyed` on classes that have one, so there's no need to have a custom implementation of unref in File.
2021-12-29Kernel: Rename File::{before_removing => will_be_destroyed}Idan Horowitz
This will allow File and it's descendants to use RefCounted instead of having a custom implementation of unref. (Since RefCounted calls will_be_destroyed automatically) This commit also removes an erroneous call to `before_removing` in AHCIPort, this is a duplicate call, as the only reference to the device is immediately dropped following the call, which in turns calls `before_removing` via File::unref.
2021-12-28Kernel: Propagate overflow errors from Memory::page_round_upGuilherme Goncalves
Fixes #11402.
2021-12-28Kernel: Remove the kmalloc_eternal heap :^)Andreas Kling
This was a premature optimization from the early days of SerenityOS. The eternal heap was a simple bump pointer allocator over a static byte array. My original idea was to avoid heap fragmentation and improve data locality, but both ideas were rooted in cargo culting, not data. We would reserve 4 MiB at boot and only ended up using ~256 KiB, wasting the rest. This patch replaces all kmalloc_eternal() usage by regular kmalloc().
2021-12-28Kernel: Remove the KString::try_create(String::formatted(...)) patternDaniel Bertalan
We can now directly create formatted KStrings with KString::formatted. :^)
2021-12-24Kernel: Mark PTYMultiplexer init & parse_hex_digit as UNMAP_AFTER_INITBrian Gianforcaro
Noticed these boot only functions are not currently UNMAP_AFTER_INIT. Lets fix that :^)
2021-12-23Kernel: Make major and minor numbers to be DistinctNumericsLiav A
This helps avoid confusion in general, and make constructors, methods and code patterns much more clean and understandable.
2021-12-18Kernel: Use copy_typed_from_user() in more places :^)Andreas Kling
2021-12-16Kernel+LibC: Move errno definitions to Kernel/API/POSIXsin-ack
This fixes at least half of our LibC includes in the kernel. The source of truth for errno codes and their description strings now lives in Kernel/API/POSIX/errno.h as an enumeration, which LibC includes.
2021-12-11Kernel: Remove unused String.h includesHendiadyoin1
This makes searching for not yet OOM safe interfaces a bit easier.
2021-11-14Kernel: Resolve clang-tidy readability-implicit-bool-conversion warningsAndrew Kaster
... In files included from Kernel/Process.cpp and Kernel/Thread.cpp
2021-11-11Everywhere: Pass AK::StringView by valueAndreas Kling
2021-11-08Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>Andreas Kling
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-02Kernel: Move TTY subsystem to use KString instead of `AK::String`Brian Gianforcaro
This is minor progress on removing the `AK::String` API from the Kernel in the interest of improving OOM safety.
2021-11-02Kernel: Remove duplicate constructor from TTY/VirtualConsoleBrian Gianforcaro
This removes some code dupe from the constructors. By removing this duplicate constructor we can utilize the main VirtualConsole::create factory implementation and call that from the VirtualConsole::create_with_preset_log factory method.
2021-10-31Kernel: Clarify ambiguous {File,Description}::absolute_pathBen Wiederhake
Found due to smelly code in InodeFile::absolute_path. In particular, this replaces the following misleading methods: File::absolute_path This method *never* returns an actual path, and if called on an InodeFile (which is impossible), it would VERIFY_NOT_REACHED(). OpenFileDescription::try_serialize_absolute_path OpenFileDescription::absolute_path These methods do not guarantee to return an actual path (just like the other method), and just like Custody::absolute_path they do not guarantee accuracy. In particular, just renaming the method made a TOCTOU bug obvious. The new method signatures use KResultOr, just like try_serialize_absolute_path() already did.
2021-10-25Kernel+LibC: Default to 8-bit characters in TTYDaniel Bertalan
Some ports (like `bc` with history enabled) sensibly set the termios character size to 8 bits. Previously, we left the character size value (given by the bitmask CSIZE) as zero by default (meaning 5 bits per character), and returned ENOTIMPL whenever someone modified it. This was dumb.