| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
This change adds a static lock hierarchy / ranking to the Kernel with
the goal of reducing / finding deadlocks when running with SMP enabled.
We have seen quite a few lock ordering deadlocks (locks taken in a
different order, on two different code paths). As we properly annotate
locks in the system, then these facilities will find these locking
protocol violations automatically
The `LockRank` enum documents the various locks in the system and their
rank. The implementation guarantees that a thread holding one or more
locks of a lower rank cannot acquire an additional lock with rank that
is greater or equal to any of the currently held locks.
|
|
There are certain checks that we should skip if the system is crashing.
The system can avoid stack overflow during crash, or even triple
faulting while while handling issues that can causes recursive panics
or aborts.
|
|
I had to look at this for a moment before I realized that sys$execve()
and the spawning of /bin/SystemServer at boot are taking two different
paths out of exec().
Add a comment to help the next person looking at it. :^)
|
|
Before this patch, we were leaking a ref on the open file description
used for the interpreter (the dynamic loader) in sys$execve().
This surfaced when adapting the syscall to use TRY(), since we were now
correctly transferring ownership of the interpreter to Process::exec()
and no longer holding on to a local copy of it (in `elf_result`).
Fixing the leak uncovered another problem. The interpreter description
would now get destroyed when returning from do_exec(), which led to a
kernel panic when attempting to acquire a mutex.
This happens because we're in a particularly delicate state when
returning from do_exec(). Everything is primed for the upcoming context
switch into the new executable image, and trying to block the thread
at this point will panic the kernel.
We fix this by destroying the interpreter description earlier in
do_exec(), at the point where we no longer need it.
|
|
The dynamic loader doesn't care if the kernel has moved the file
cursor around before it gains control.
|
|
When executing a dynamically linked program, we need to pass the main
program executable via a file descriptor to the dynamic loader.
Before this patch, we were allocating an FD for this purpose long after
it was safe to do anything fallible. If we were unable to allocate an
FD we would simply panic the kernel(!)
We now hoist the allocation so it can fail before we've committed to
a new executable.
|
|
Due to the use of ELF::Image::for_each_program_header(), we were
previously unable to use TRY() in the ELF loading code (since the return
statement inside TRY() would only return from the iteration callback.)
|
|
Both KResult and KResultOr are [[nodiscard]] at the class level,
so there's no need to have functions return `[[nodiscard]] KResult`.
|
|
...and use TRY() for smooth error propagation everywhere.
|
|
Put all but the first core into a loop, make room for some stack,
and call init().
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There are a number of places that don't have an error propagation path
right now, so I've added FIXME's about that.
|
|
Instead of creating a bunch of ByteBuffers and concatenating them to
generate the "notes" segment, we now simply create a KBufferBuilder
and tell each of the notes generator helpers to write into the builder.
This allows the code to flow more naturally, with some bonus additional
error propagation. :^)
|
|
This allows us to propagate a whole bunch of KBufferBuilder errors.
|
|
This allows callers to react to a failed append (due to OOM.)
|
|
- Use KResultOr and TRY to propagate errors
- Return more specific errors now that they have a path out from here
|
|
|
|
|
|
- enter_space => enter_address_space
- enter_process_paging_scope => enter_process_address_space
|
|
Once we commit to a new executable image in sys$execve(), we can no
longer return with an error to whoever called us from userspace.
We must make sure to surface any potential errors before that point.
This patch moves signal trampoline allocation before the commit.
A number of other things remain to be moved.
|
|
I just keep finding more and more places to make use of this. :^)
|
|
|
|
|
|
Instead, just propagate whatever the real error was.
|
|
Instead of turning any arguments related error into an EFAULT, we now
propagate the innermost error during arguments retrieval.
|
|
|
|
..and use TRY() at the call sites to propagate errors. :^)
|
|
We previously allowed Thread to exist in a state where its m_name was
null, and had to work around that in various places.
This patch removes that possibility and forces those who would create a
thread (or change the name of one) to provide a NonnullOwnPtr<KString>
with the name.
|
|
- Renamed try_create_absolute_path() => try_serialize_absolute_path()
- Use KResultOr and TRY() to propagate errors
- Don't call this when it's only for debug logging
|
|
|
|
|
|
Nothing says we can't TRY() a multi-line function call. :^)
|
|
|
|
|
|
|
|
- Use KResultOr and TRY() to propagate errors
- Check for OOM errors
- Move allocation out of constructors
There's still a lot more to do here, as SysFS is still quite brittle
in the face of memory pressure.
|
|
- Use KResultOr and TRY() to propagate errors
- Check for OOM
- Move allocations out of the DevFS constructor
|
|
- Use KResultOr and TRY() to propagate errors
- Check for OOM when creating new inodes
|
