| Age | Commit message (Collapse) | Author |
|---|
|
The SDL port failed to build because the CMake toolchain filed pointed
to the old root. Now the toolchain file assumes that the Root is in
Build/Root.
Additionally, the AK/ and Kernel/ headers need to be installed in the
root too.
|
|
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
|
|
This makes it possible to change flags of a mount after the fact, with the
caveats outlined in the man page.
|
|
|
|
We remount /home and /root as read-write, to keep the ability to modify files
there. /tmp remains read-write, as it is mounted from a TmpFS.
|
|
This adds support for MS_RDONLY, a mount flag that tells the kernel to disallow
any attempts to write to the newly mounted filesystem. As this flag is
per-mount, and different mounts of the same filesystems (such as in case of bind
mounts) can have different mutability settings, you have to go though a custody
to find out if the filesystem is mounted read-only, instead of just asking the
filesystem itself whether it's inherently read-only.
This also adds a lot of checks we were previously missing; and moves some of
them to happen after more specific checks (such as regular permission checks).
One outstanding hole in this system is sys$mprotect(PROT_WRITE), as there's no
way we can know if the original file description this region has been mounted
from had been opened through a readonly mount point. Currently, we always allow
such sys$mprotect() calls to succeed, which effectively allows anyone to
circumvent the effect of MS_RDONLY. We should solve this one way or another.
|
|
That's where the other similar definitions reside. Also, use bit shift
operations for MS_* values.
|
|
If we fail to exec() the target executable, don't leak the thread (this actually
triggers an assertion when destructing the process), and print an error message.
|
|
When mounting Ext2FS, we don't care if the file has a custody (it doesn't if
it's a device, which is a common case). When doing a bind-mount, we do need a
custody; if none is provided, let's return an error instead of crashing.
|
|
POSIX says, "The file descriptor fildes shall have been opened with read
permission, regardless of the protection options specified."
|
|
VFS no longer deals with inodes in public API, only with custodies and file
descriptions. Talk directly to the file system if you need to operate on a
inode. In most cases you actually want to go though VFS, to get proper
permission check and other niceties. For this to work, you have to provide a
custody, which describes *how* you have opened the inode, not just what the
inode is.
|
|
We're going to make use of it in the next commit. But the idea is we want to
know how this File (more specifically, InodeFile) was opened in order to decide
how chown()/chmod() should behave, in particular whether it should be allowed or
not. Note that many other File operations, such as read(), write(), and ioctl(),
already require the caller to pass a FileDescription.
|
|
As opposed to the fs name.
This matches the new convention we have for specifying it in mount(8).
|
|
|
|
Meta: Update INSTALL.md and grub configs for new boot_mode option
|
|
Together, they replace the old text_debug option.
* boot_mode should be either "graphical" (the default) or "text". We could
potentially support other values here in the future.
* init specifies which userspace process the kernel should spawn to bootstrap
userspace. By default, this is SystemServer, but you can specify e.g.
init=/bin/Shell to run system diagnostics.
|
|
Unfortunately this drops the feature of preserving VGA buffer contents.
Resolves https://github.com/SerenityOS/serenity/issues/2399
|
|
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
|
|
You now have to pledge "sigaction" to change signal handlers/dispositions. This
is to prevent malicious code from messing with assertions (and segmentation
faults), which are normally expected to instantly terminate the process but can
do other things if you change signal disposition for them.
|
|
The is_error() check on the KResultOr returned when reading the link
target had a stray ! operator which causes link resolution to crash the
kernel with an assertion error.
|
|
implementation.
Allow file system implementation to return meaningful error codes to
callers of the FileDescription::read_entire_file(). This allows both
Process::sys$readlink() and Process::sys$module_load() to return more
detailed errors to the user.
|
|
|
|
|
|
|
|
In case WNOHANG was specified, we want to always set should_unblock to
true (which we do since commit 4402207b983b6ad4e317ef5affa4a78f10903a26), not
wait_finished -- the latter causes us to immediately return this child to our
caller, which is not what we want -- perhaps we should return another child
which has actually exited or stopped, or nobody at all.
To avoid confusion, also rename wait_finished to fits_the_spec.
This fixes service keepalive functionality in SystemServer.
|
|
|
|
|
|
|
|
|
|
Now that ssize_t is derived from size_t, we have to
|
|
|
|
|
|
|
|
This code needs a closer looking-into at some point. It doesn't seem
entirely safe to be casting u32's to pointers like it does.
|
|
|
|
Since it's often used to pass pointers, it should really be a FlatPtr.
|
|
Get rid of the ConfigurationTableEntryLength enum and just look at the
sizeof() for each entry type.
|
|
Since FlatPtr is register width agnostic. :^)
|
|
This is what Dr. POSIX says it should do.
|
|
Now that we can pass arbitrary integer types to the JSON serialization
code, we don't have to cast to u32 as much!
|
|
We no longer blindly use PAGE_SIZE here. :^)
|
|
Add a MappedROM::find_chunk_starting_with() helper since that's a very
common usage pattern in clients of this code.
Also convert MultiProcessorParser from a persistent singleton object
to a temporary object constructed via a failable factory function.
|
|
This patch adds a MappedROM abstraction to the Kernel VM subsystem.
It's basically the read-only byte buffer equivalent of a TypedMapping.
We use this in the ACPI and MP table parsers to scan for interesting
stuff in low memory instead of doing a bunch of address arithmetic.
|
|
Use map_typed<T> to map physically addressed structs into kernel VM.
This is so much easier than doing address arithmetic everywhere. :^)
|
|
For singly-indirect blocks, "callback" is just "add_block".
For doubly-indirect blocks, "callback" is the lambda function
iterating on singly-indirect blocks: so instead of adding itself to the
list, the doubly-indirect block will add all its childs, but they add
themselves again when they run the callback of singly-indirect blocks.
And nothing adds the doubly-indirect block itself :(
This leads to a double free of all child blocks of the doubly-indirect
block, which is the failed assert described in #1549.
Closes: #1549.
|
|
If RDRAND doesn't give us data, we want to try again, not jump to some
low address like 0x80 :^)
|
|
This reverts commit 6d0d8487201eb3cc8d63a1d066a0735a97cdc6e3.
|
|
This reverts commit bde7bc3472e0541583ed333efc42a3bde53881ad.
|
|
This reverts commit c1eb744ff0a82cf6c8e3470ac10e2f417c7d9de2.
|
|
Let's not be paying the function call overhead for these tiny ops.
Maybe there's an argument for having fewer gadgets in the kernel but
for now we're actually seeing stac() in profiles so let's put
that above theoretical security issues.
|
