| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
pselect() is similar() to select(), but it takes its timeout
as timespec instead of as timeval, and it takes an additional
sigmask parameter.
Change the sys$select parameters to match pselect() and implement
select() in terms of pselect().
|
|
|
|
As suggested by @supercomputer7, we can simply expose this as a blob
and decode it in userspace instead.
Fixes #2599.
|
|
It looks like they're considered a bad idea, so let's not add
them before we need them. I figured it's good to have them in
git history if we ever do need them though, hence the add/remove
dance.
|
|
Add seteuid()/setegid() under _POSIX_SAVED_IDS semantics,
which also requires adding suid and sgid to Process, and
changing setuid()/setgid() to honor these semantics.
The exact semantics aren't specified by POSIX and differ
between different Unix implementations. This patch makes
serenity follow FreeBSD. The 2002 USENIX paper
"Setuid Demystified" explains the differences well.
In addition to seteuid() and setegid() this also adds
setreuid()/setregid() and setresuid()/setresgid(), and
the accessors getresuid()/getresgid().
Also reorder uid/euid functions so that they are the
same order everywhere (namely, the order that
geteuid()/getuid() already have).
|
|
|
|
This syscall was disabling SMAP too late and would crash every time
when trying to set a new keymap.
|
|
|
|
The "Reference" object is not just a counter, it also represents the
permission to map a shbuf itself.
Without this change, a shbuf could not be re-mapped by the same
process after it released all of its refs on it.
|
|
We were getting a little overly memey in some places, so let's scale
things back to business-casual.
Informal language is fine in comments, commits and debug logs,
but let's keep the runtime nice and presentable. :^)
|
|
This fixes a bug where the mode of a FIFO was reported as 001000 instead
of 0010000 (you see the difference? me nethier), and hopefully doesn't
introduce new bugs. I've left 0777 and similar in a few places, because
that is *more* readable than its symbolic version.
|
|
That's not how readlink() is supposed to work: it should copy as many bytes
as fit into the buffer, and return the number of bytes copied. So do that,
but add a twist: make sys$readlink() actually return the whole size, not
the number of bytes copied. We fix up this return value in userspace, to make
LibC's readlink() behave as expected, but this will also allow other code
to allocate a buffer of just the right size.
Also, avoid an extra copy of the link target.
|
|
|
|
Remove character property from event and add code_point property.
|
|
Remove char mapping logic and constant character map.
|
|
|
|
Get rid of the weird old signature:
- int StringType::to_int(bool& ok) const
And replace it with sensible new signature:
- Optional<int> StringType::to_int() const
|
|
|
|
This isn't fully working, the APs pretend like they're
fully initialized and are just halted permanently for now.
|
|
|
|
|
|
Namely, those that contain assertions that can be easily eliminated at call site.
|
|
And pass the result through to sys$close() return value.
Fixes https://github.com/SerenityOS/serenity/issues/427
|
|
This resolves a bochs panic during bootup:
[Kernel]: HPET @ P0x07ff0fc0
00691951632p[HPET ] >>PANIC<< Unsupported HPET read at address 0x0000fed00100
These changes however don't fully resolve #2162
|
|
Since we're not keeping compatibility with OpenBSD about what promises are
required for which syscalls, tighten things up so that they make more sense.
|
|
Userspace could pass us a large count to overflow the check. I'm not enough of a
haxx0r to write an actual exploit though.
|
|
We were not setting the DMA transfer mode correctly. I have absolutely
no clue how this could ever have worked, but it did work for months
until it suddenly didn't.
Anyways, this fixes that. The sound is still a little bit glitchy and
that could probably be fixed by using the SB16's auto-initialized mode.
|
|
You can now request an update of the terminal's window progress by
sending this escape sequence:
<esc>]9;<value>;<max_value>;<escape><backslash>
I'm sure we can find many interesting uses for this! :^)
|
|
I've been using this in the new HTML parser and it makes it much easier
to understand the state of unfinished code branches.
TODO() is for places where it's okay to end up but we need to implement
something there.
ASSERT_NOT_REACHED() is for places where it's not okay to end up, and
something has gone wrong.
|
|
The SDL port failed to build because the CMake toolchain filed pointed
to the old root. Now the toolchain file assumes that the Root is in
Build/Root.
Additionally, the AK/ and Kernel/ headers need to be installed in the
root too.
|
|
.. and make travis run it.
I renamed check-license-headers.sh to check-style.sh and expanded it so
that it now also checks for the presence of "#pragma once" in .h files.
It also checks the presence of a (single) blank line above and below the
"#pragma once" line.
I also added "#pragma once" to all the files that need it: even the ones
we are not check.
I also added/removed blank lines in order to make the script not fail.
I also ran clang-format on the files I modified.
|
|
This makes it possible to change flags of a mount after the fact, with the
caveats outlined in the man page.
|
|
|
|
We remount /home and /root as read-write, to keep the ability to modify files
there. /tmp remains read-write, as it is mounted from a TmpFS.
|
|
This adds support for MS_RDONLY, a mount flag that tells the kernel to disallow
any attempts to write to the newly mounted filesystem. As this flag is
per-mount, and different mounts of the same filesystems (such as in case of bind
mounts) can have different mutability settings, you have to go though a custody
to find out if the filesystem is mounted read-only, instead of just asking the
filesystem itself whether it's inherently read-only.
This also adds a lot of checks we were previously missing; and moves some of
them to happen after more specific checks (such as regular permission checks).
One outstanding hole in this system is sys$mprotect(PROT_WRITE), as there's no
way we can know if the original file description this region has been mounted
from had been opened through a readonly mount point. Currently, we always allow
such sys$mprotect() calls to succeed, which effectively allows anyone to
circumvent the effect of MS_RDONLY. We should solve this one way or another.
|
|
That's where the other similar definitions reside. Also, use bit shift
operations for MS_* values.
|
|
If we fail to exec() the target executable, don't leak the thread (this actually
triggers an assertion when destructing the process), and print an error message.
|
|
When mounting Ext2FS, we don't care if the file has a custody (it doesn't if
it's a device, which is a common case). When doing a bind-mount, we do need a
custody; if none is provided, let's return an error instead of crashing.
|
|
POSIX says, "The file descriptor fildes shall have been opened with read
permission, regardless of the protection options specified."
|
|
VFS no longer deals with inodes in public API, only with custodies and file
descriptions. Talk directly to the file system if you need to operate on a
inode. In most cases you actually want to go though VFS, to get proper
permission check and other niceties. For this to work, you have to provide a
custody, which describes *how* you have opened the inode, not just what the
inode is.
|
|
We're going to make use of it in the next commit. But the idea is we want to
know how this File (more specifically, InodeFile) was opened in order to decide
how chown()/chmod() should behave, in particular whether it should be allowed or
not. Note that many other File operations, such as read(), write(), and ioctl(),
already require the caller to pass a FileDescription.
|
|
As opposed to the fs name.
This matches the new convention we have for specifying it in mount(8).
|
|
|
|
Meta: Update INSTALL.md and grub configs for new boot_mode option
|
|
Together, they replace the old text_debug option.
* boot_mode should be either "graphical" (the default) or "text". We could
potentially support other values here in the future.
* init specifies which userspace process the kernel should spawn to bootstrap
userspace. By default, this is SystemServer, but you can specify e.g.
init=/bin/Shell to run system diagnostics.
|
|
Unfortunately this drops the feature of preserving VGA buffer contents.
Resolves https://github.com/SerenityOS/serenity/issues/2399
|
|
And move canonicalized_path() to a static method on LexicalPath.
This is to make it clear that FileSystemPath/canonicalized_path() only
perform *lexical* canonicalization.
|
|
You now have to pledge "sigaction" to change signal handlers/dispositions. This
is to prevent malicious code from messing with assertions (and segmentation
faults), which are normally expected to instantly terminate the process but can
do other things if you change signal disposition for them.
|
