Commit Graph

80 Commits

Author SHA1 Message Date
Andreas Kling
03cc45e5a2 Kernel: Use RefPtr instead of LockRefPtr for File and subclasses
This was mostly straightforward, as all the storage locations are
guarded by some related mutex.

The use of old-school associated mutexes instead of MutexProtected
is unfortunate, but the process to modernize such code is ongoing.
2023-03-10 13:15:44 +01:00
Andreas Kling
e6fc7b3ff7 Kernel: Switch LockRefPtr<Inode> to RefPtr<Inode>
The main place where this is a little iffy is in RAMFS where inodes
have a LockWeakPtr to their parent inode. I've left that as a
LockWeakPtr for now.
2023-03-09 21:54:59 +01:00
Andreas Kling
d1371d66f7 Kernel: Use non-locking {Nonnull,}RefPtr for OpenFileDescription
This patch switches away from {Nonnull,}LockRefPtr to the non-locking
smart pointers throughout the kernel.

I've looked at the handful of places where these were being persisted
and I don't see any race situations.

Note that the process file descriptor table (Process::m_fds) was already
guarded via MutexProtected.
2023-03-07 00:30:12 +01:00
Andreas Kling
7369d0ab5f Kernel: Stop using NonnullLockRefPtrVector 2023-03-06 23:46:36 +01:00
Peter Elliott
f20902deb3 Kernel: Support sending filedescriptors with sendmsg(2) and SCM_RIGHTS
This is necessary to support the wayland protocol.
I also moved the CMSG_* macros to the kernel API since they are used in
both kernel and userspace.
this does not break ntpquery/SCM_TIMESTAMP.
2023-02-19 00:37:37 +01:00
Peter Elliott
ae5d7f542c Kernel: Change polarity of weak ownership between Inode and LocalSocket
There was a bug in which bound Inodes would lose all their references
(because localsocket does not reference them), and they would be
deallocated, and clients would get ECONNREFUSED as a result. now
LocalSocket has a strong reference to inode so that the inode will live
as long as the socket, and Inode has a weak reference to the socket,
because if the socket stops being referenced anywhere it should not be
bound.

This still prevents the reference loop that
220b7dd779 was trying to fix.
2023-02-19 00:37:37 +01:00
Andreas Kling
42435ce5e4 Kernel: Make sys$recvfrom() with MSG_DONTWAIT not so racy
Instead of temporary changing the open file description's "blocking"
flag while doing a non-waiting recvfrom, we instead plumb the currently
wanted blocking behavior all the way through to the underlying socket.
2022-08-21 16:45:42 +02:00
Andreas Kling
8997c6a4d1 Kernel: Make Socket::connect() take credentials as input 2022-08-21 16:35:03 +02:00
Andreas Kling
51318d51a4 Kernel: Make Socket::bind() take credentials as input 2022-08-21 16:33:09 +02:00
Andreas Kling
006f753647 Kernel: Make File::{chown,chmod} take credentials as input
...instead of getting them from Process::current(). :^)
2022-08-21 16:15:29 +02:00
Andreas Kling
11eee67b85 Kernel: Make self-contained locking smart pointers their own classes
Until now, our kernel has reimplemented a number of AK classes to
provide automatic internal locking:

- RefPtr
- NonnullRefPtr
- WeakPtr
- Weakable

This patch renames the Kernel classes so that they can coexist with
the original AK classes:

- RefPtr => LockRefPtr
- NonnullRefPtr => NonnullLockRefPtr
- WeakPtr => LockWeakPtr
- Weakable => LockWeakable

The goal here is to eventually get rid of the Lock* classes in favor of
using external locking.
2022-08-20 17:20:43 +02:00
Idan Horowitz
364f6a9bf0 Kernel: Remove the Socket::{protocol,}connect ShouldBlock argument
This argument is always set to description.is_blocking(), but
description is also given as a separate argument, so there's no point
to piping it through separately.
2022-07-21 16:39:22 +02:00
Idan Horowitz
086969277e Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00
Idan Horowitz
24be52b3f5 Kernel: Add LocalSocket::try_for_each() for fallible iteration
This API will allow users to short circuit iteration and properly
propagate errors.
2022-02-27 20:37:57 +01:00
Idan Horowitz
664ca58746 Kernel: Use u64 instead of size_t for File::can_write offset
This ensures offsets will not be truncated on large files on i686.
2022-01-25 22:41:17 +02:00
Idan Horowitz
9ce537d703 Kernel: Use u64 instead of size_t for File::can_read offset
This ensures offsets will not be truncated on large files on i686.
2022-01-25 22:41:17 +02:00
Andreas Kling
79fa9765ca Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T>
We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace!
This was a slightly tedious refactoring that took a long time, so it's
not unlikely that some bugs crept in.

Nevertheless, it does pass basic functionality testing, and it's just
real nice to finally see the same pattern in all contexts. :^)
2021-11-08 01:10:53 +01:00
Ben Wiederhake
c05c5a7ff4 Kernel: Clarify ambiguous {File,Description}::absolute_path
Found due to smelly code in InodeFile::absolute_path.

In particular, this replaces the following misleading methods:

File::absolute_path
This method *never* returns an actual path, and if called on an
InodeFile (which is impossible), it would VERIFY_NOT_REACHED().

OpenFileDescription::try_serialize_absolute_path
OpenFileDescription::absolute_path
These methods do not guarantee to return an actual path (just like the
other method), and just like Custody::absolute_path they do not
guarantee accuracy. In particular, just renaming the method made a
TOCTOU bug obvious.

The new method signatures use KResultOr, just like
try_serialize_absolute_path() already did.
2021-10-31 12:06:28 +01:00
Brian Gianforcaro
5f1c98e576 Kernel: Use operator ""sv in all class_name() implementations
Previously there was a mix of returning plain strings and returning
explicit string views using `operator ""sv`. This change switches them
all to standardized on `operator ""sv` as it avoids a call to strlen.
2021-10-03 13:36:10 +02:00
sin-ack
220b7dd779 Kernel: Weakly hold on to the file in LocalSocket
Because we were holding a strong ref to the OpenFileDescription in
LocalSocket and a strong ref to the LocalSocket in Inode, we were
creating a reference cycle in the event of the socket being cleaned up
after the file description did (i.e. unlinking the file before closing
the socket), because the file description never got destructed.
2021-09-16 16:50:36 +02:00
Andreas Kling
b6efd66d56 Kernel: Use move semantics in sys$sendfd()
Avoid an unnecessary NonnullRefPtr<OpenFileDescription> copy.
2021-09-15 21:09:47 +02:00
Ali Mohammad Pur
5a0cdb15b0 AK+Everywhere: Reduce the number of template parameters of IntrusiveList
This makes the user-facing type only take the node member pointer, and
lets the compiler figure out the other needed types from that.
2021-09-10 18:05:46 +03:00
Andreas Kling
4a9c18afb9 Kernel: Rename FileDescription => OpenFileDescription
Dr. POSIX really calls these "open file description", not just
"file description", so let's call them exactly that. :^)
2021-09-07 13:53:14 +02:00
Andreas Kling
70b2225b3d Kernel: Store LocalSocket address as a KString internally
Just because we deal with sockaddr_un at the userspace API layer doesn't
mean we have to store an awkward C type internally. :^)
2021-08-29 02:21:01 +02:00
Andreas Kling
48a1a3c0ce Kernel: Rename LocalSocket::create_connected_pair() => try_*() 2021-08-29 01:33:15 +02:00
Andreas Kling
242063866f Kernel: Rename LocalSocket factory to try_create() & tighten return type
Also tighten the return type to KResultOr<NonnullRefPtr<LocalSocket>>
since it cannot return any other socket type.
2021-08-29 01:25:03 +02:00
Andreas Kling
ae197deb6b Kernel: Strongly typed user & group ID's
Prior to this change, both uid_t and gid_t were typedef'ed to `u32`.
This made it easy to use them interchangeably. Let's not allow that.

This patch adds UserID and GroupID using the AK::DistinctNumeric
mechanism we've already been employing for pid_t/ProcessID.
2021-08-29 01:09:19 +02:00
Peter Elliott
39a77559f1 Kernel+LibC: Implement FIONREAD ioctl
FIONREAD gets the number of bytes availible to read from a file
descriptor without blocking. I only implemented it for regular files and
sockets
2021-08-22 10:29:06 +02:00
Brian Gianforcaro
109c885585 Kernel: Handle OOM from DoubleBuffer usage in Net/LocalSocket
LocalSockets keep a DoubleBuffer for both client and server usage.
This change converts the usage from using the default constructor
which is unable to observe OOM, to the new try_create factory and
plumb the result through the constructor.
2021-08-03 18:54:23 +02:00
Brian Gianforcaro
ddc950ce42 Kernel: Avoid file descriptor leak in Process::sys$socketpair on error
Previously it was possible to leak the file descriptor if we error out
after allocating the first descriptor. Now we perform both fd
allocations back to back so we can handle the potential error when
processing the second fd allocation.
2021-07-28 19:07:00 +02:00
Andreas Kling
c9f6786e8b Kernel: Make various T::class_name() and similar return StringView
Instead of returning char const*, we can also give you a StringView.
2021-07-11 01:46:59 +02:00
Brian Gianforcaro
e0da61f9d6 Kernel: Switch LocalSocket to IntrusiveList from InlineLinkedList 2021-05-26 20:24:32 +02:00
Gunnar Beutner
aa792062cb Kernel+LibC: Implement the socketpair() syscall 2021-04-28 14:19:45 +02:00
Brian Gianforcaro
1682f0b760 Everything: Move to SPDX license identifiers in all files.
SPDX License Identifiers are a more compact / standardized
way of representing file license information.

See: https://spdx.dev/resources/use/#identifiers

This was done with the `ambr` search and replace tool.

 ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 11:22:27 +02:00
Ben Wiederhake
5c15ca7b84 Kernel: Make sockets use AK::Time 2021-03-02 08:36:08 +01:00
Tom
f98ca35b83 Kernel: Improve ProcFS behavior in low memory conditions
When ProcFS could no longer allocate KBuffer objects to serve calls to
read, it would just return 0, indicating EOF. This then triggered
parsing errors because code assumed it read the file.

Because read isn't supposed to return ENOMEM, change ProcFS to populate
the file data upon file open or seek to the beginning. This also means
that calls to open can now return ENOMEM if needed. This allows the
caller to either be able to successfully open the file and read it, or
fail to open it in the first place.
2021-01-03 22:12:19 +01:00
Andreas Kling
c6a0694f50 Kernel: Don't assert when reading from a listening-mode local socket
Instead just fail with EINVAL as a listening socket is never suitable
for reading from.

Fixes #4511.
2020-12-23 20:25:29 +01:00
Tom
046d6855f5 Kernel: Move block condition evaluation out of the Scheduler
This makes the Scheduler a lot leaner by not having to evaluate
block conditions every time it is invoked. Instead evaluate them as
the states change, and unblock threads at that point.

This also implements some more waitid/waitpid/wait features and
behavior. For example, WUNTRACED and WNOWAIT are now supported. And
wait will now not return EINTR when SIGCHLD is delivered at the
same time.
2020-11-30 13:17:02 +01:00
Nico Weber
416d470d07 Kernel: Plumb packet receive timestamp from NetworkAdapter to Socket::recvfrom
Since the receiving socket isn't yet known at packet receive time,
keep timestamps for all packets.

This is useful for keeping statistics about in-kernel queue latencies
in the future, and it can be used to implement SO_TIMESTAMP.
2020-09-17 17:23:01 +02:00
Tom
c8d9f1b9c9 Kernel: Make copy_to/from_user safe and remove unnecessary checks
Since the CPU already does almost all necessary validation steps
for us, we don't really need to attempt to do this. Doing it
ourselves doesn't really work very reliably, because we'd have to
account for other processors modifying virtual memory, and we'd
have to account for e.g. pages not being able to be allocated
due to insufficient resources.

So change the copy_to/from_user (and associated helper functions)
to use the new safe_memcpy, which will return whether it succeeded
or not. The only manual validation step needed (which the CPU
can't perform for us) is making sure the pointers provided by user
mode aren't pointing to kernel mappings.

To make it easier to read/write from/to either kernel or user mode
data add the UserOrKernelBuffer helper class, which will internally
either use copy_from/to_user or directly memcpy, or pass the data
through directly using a temporary buffer on the stack.

Last but not least we need to keep syscall params trivial as we
need to copy them from/to user mode using copy_from/to_user.
2020-09-13 21:19:15 +02:00
Brian Gianforcaro
8e97de2df9 Kernel: Use Userspace<T> for the recvfrom syscall, and Socket implementation
This fixes a bunch of unchecked kernel reads and writes, seems like they
would might exploitable :). Write of sockaddr_in size to any address you
please...
2020-08-19 21:05:28 +02:00
Brian Gianforcaro
9f9b05ba0f Kernel: Use Userspace<T> for the sendto syscall, and Socket implementation
Note that the data member is of type ImmutableBufferArgument, which has
no Userspace<T> usage. I left it alone for now, to be fixed in a future
change holistically for all usages.
2020-08-19 21:05:28 +02:00
Brian Gianforcaro
02660b5d60 Kernel: Use Userspace<T> for the bind syscall, and implementation 2020-08-10 12:52:15 +02:00
Brian Gianforcaro
30b2c0dc85 Kernel: Use Userspace<T> for the getsockopt syscall and Socket interface
The way getsockopt is implemented for socket types requires us to push
down Userspace<T> using into those interfaces. This change does so, and
utilizes proper copy implementations instead of the kind of haphazard
pointer dereferencing that was occurring there before.
2020-08-07 16:18:36 +02:00
Andreas Kling
7a3ab6c517 Kernel: Make File::write() and File::read() return KResultOr<size_t>
Instead of returning a ssize_t where negative values mean error,
we now return KResultOr<size_t> and use the error state to report
errors exclusively.
2020-08-04 18:17:16 +02:00
Andreas Kling
28bfd73b68 Kernel: Minor cleanups in sendfd/recvfd
Applying some nice suggestions by @bugaevc. :^)
2020-06-25 10:58:37 +02:00
Andreas Kling
d4195672b7 Kernel+LibC: Add sys$recvfd() and sys$sendfd() for fd passing
These new syscalls allow you to send and receive file descriptors over
a local domain socket. This will enable various privilege separation
techniques and other good stuff. :^)
2020-06-24 23:08:09 +02:00
Sergey Bugaev
a9946a99f2 Kernel: Pass a FileDescription to File::chmod() and File::chown()
We're going to make use of it in the next commit. But the idea is we want to
know how this File (more specifically, InodeFile) was opened in order to decide
how chown()/chmod() should behave, in particular whether it should be allowed or
not. Note that many other File operations, such as read(), write(), and ioctl(),
already require the caller to pass a FileDescription.
2020-05-29 07:53:30 +02:00
Sergey Bugaev
54550365eb Kernel: Use shared locking mode in some places
The notable piece of code that remains to be converted is Ext2FS.
2020-04-18 13:58:29 +02:00
Conrad Pankoff
a3edeb5868 Kernel: Add explicit offset parameter to File::read etc 2020-04-10 11:59:30 +02:00