This patch makes it so that if a user provides a groupname/username
instead of an id, chown will automatically convert it to a gid/uid
using getgrnam() or getpwnam() respectively.
At the moment, the actual flags are ignored, but we correctly propagate them all
the way from the original mount() syscall to each custody that resides on the
mounted FS.
Before this, su would leave the process's extra GIDs untouched,
simply inheriting them from whoever spawned su.
Now we grab the target user's groups from /etc/group and setgroups().
Add missing keymap entries for the dollar sign and escape key and reformat
the Hungarian keymap.
Remove the workaround for "0x08", replace it with '\b'.
Fix the octal/hex mixup in the value of escape key. (033 != 0x33, 033 == 0x1B)
We now validate the full range of userspace memory passed into syscalls
instead of just checking that the first and last byte of the memory are
in process-owned regions.
This fixes an issue where it was possible to avoid rejection of invalid
addresses that sat between two valid ones, simply by passing a valid
address and a size large enough to put the end of the range at another
valid address.
I added a little test utility that tries to provoke EFAULT in various
ways to help verify this. I'm sure we can think of more ways to test
this but it's at least a start. :^)
Thanks to mozjag for pointing out that this code was still lacking!
Incidentally this also makes backtraces work again.
Fixes#989.
The new PCI subsystem is initialized during runtime.
PCI::Initializer is supposed to be called during early boot, to
perform a few tests, and initialize the proper configuration space
access mechanism. Kernel boot parameters can be specified by a user to
determine what tests will occur, to aid debugging on problematic
machines.
After that, PCI::Initializer should be dismissed.
PCI::IOAccess is a class that is derived from PCI::Access
class and implements PCI configuration space access mechanism via x86
IO ports.
PCI::MMIOAccess is a class that is derived from PCI::Access
and implements PCI configurtaion space access mechanism via memory
access.
The new PCI subsystem also supports determination of IO/MMIO space
needed by a device by checking a given BAR.
In addition, Every device or component that use the PCI subsystem has
changed to match the last changes.
All threads were running with iomapbase=0 in their TSS, which the CPU
interprets as "there's an I/O permission bitmap starting at offset 0
into my TSS".
Because of that, any bits that were 1 inside the TSS would allow the
thread to execute I/O instructions on the port with that bit index.
Fix this by always setting the iomapbase to sizeof(TSS32), and also
setting the TSS descriptor's limit to sizeof(TSS32), effectively making
the I/O permissions bitmap zero-length.
This should make it no longer possible to do I/O from userspace. :^)
This prevents code running outside of kernel mode from using the
following instructions:
* SGDT - Store Global Descriptor Table
* SIDT - Store Interrupt Descriptor Table
* SLDT - Store Local Descriptor Table
* SMSW - Store Machine Status Word
* STR - Store Task Register
There's no need for userspace to be able to use these instructions so
let's just disable them to prevent information leakage.
Add an option "-A", that will run all of the crash types in the crash
program. In this mode, all crash tests are run in a child process so
that the crash program does not crash.
Crash uses the return status of the child process to ascertain whether
the crash happened as expected.
Threads now have numeric priorities with a base priority in the 1-99
range.
Whenever a runnable thread is *not* scheduled, its effective priority
is incremented by 1. This is tracked in Thread::m_extra_priority.
The effective priority of a thread is m_priority + m_extra_priority.
When a runnable thread *is* scheduled, its m_extra_priority is reset to
zero and the effective priority returns to base.
This means that lower-priority threads will always eventually get
scheduled to run, once its effective priority becomes high enough to
exceed the base priority of threads "above" it.
The previous values for ThreadPriority (Low, Normal and High) are now
replaced as follows:
Low -> 10
Normal -> 30
High -> 50
In other words, it will take 20 ticks for a "Low" priority thread to
get to "Normal" effective priority, and another 20 to reach "High".
This is not perfect, and I've used some quite naive data structures,
but I think the mechanism will allow us to build various new and
interesting optimizations, and we can figure out better data structures
later on. :^)
This program takes JSON input and turns it into JavaScript statements
that construct the same data step by step. This format is much more
greppable than what "jp" gives us. :^)
Instead of directly manipulating LDFLAGS, set LIB_DEPS in each
subdirectory Makefile listing the libraries needed for
building/linking such as "LIB_DEPS = Core GUI Draw IPC Core".
This adds each library as an -L and -l argument in LDFLAGS, but
also adds the library.a file as a link dependency on the current
$(PROGRAM). This causes the given library to be (re)built before
linking the current $(PROGRAM), but will also re-link any binaries
depending on that library when it is modified, when running make
from the root directory.
Also turn generator tools like IPCCompiler into dependencies on the
files they generate, so they are built on-demand when a particular
directory needs them.
This all allows the root Makefile to just list directories and not
care about the order, as all of the dependency tracking will figure
it out.
Now cal is able to print the entire year when only that is passed
as an argument. For example: `cal 1992`.
However this meant breaking the highlighted day escape sequence
as it messed up the layout and the character count for each of the
rows :(
Now the current day is specified like 17* (for example for day 17).
Allow everything to be built from the top level directory with just
'make', cleaned with 'make clean', and installed with 'make
install'. Also support these in any particular subdirectory.
Specifying 'make VERBOSE=1' will print each ld/g++/etc. command as
it runs.
Kernel and early host tools (IPCCompiler, etc.) are built as
object.host.o so that they don't conflict with other things built
with the cross-compiler.
The kernel now supports basic profiling of all the threads in a process
by calling profiling_enable(pid_t). You finish the profiling by calling
profiling_disable(pid_t).
This all works by recording thread stacks when the timer interrupt
fires and the current thread is in a process being profiled.
Note that symbolication is deferred until profiling_disable() to avoid
adding more noise than necessary to the profile.
A simple "/bin/profile" command is included here that can be used to
start/stop profiling like so:
$ profile 10 on
... wait ...
$ profile 10 off
After a profile has been recorded, it can be fetched in /proc/profile
There are various limits (or "bugs") on this mechanism at the moment:
- Only one process can be profiled at a time.
- We allocate 8MB for the samples, if you use more space, things will
not work, and probably break a bit.
- Things will probably fall apart if the profiled process dies during
profiling, or while extracing /proc/profile
Using int was a mistake. This patch changes String, StringImpl,
StringView and StringBuilder to use size_t instead of int for lengths.
Obviously a lot of code needs to change as a result of this.
This patch makes it possible to make memory regions non-readable.
This is enforced using the "present" bit in the page tables.
A process that hits an not-present page fault in a non-readable
region will be crashed.
This is a very simple implementation of the cal command to display
a calendar into the command line.
For now this only prints the current month highlighting the current
day.
Kernel modules can now be unloaded via a syscall. They get a chance to
run some code of course. Before deallocating them, we call their
"module_fini" symbol.
It's now possible to load a .o file into the kernel via a syscall.
The kernel will perform all the necessary ELF relocations, and then
call the "module_init" symbol in the loaded module.
This defaults to 1500 for all adapters, but LoopbackAdapter increases
it to 65536 on construction.
If an IPv4 packet is larger than the MTU, we'll need to break it into
smaller fragments before transmitting it. This part is a FIXME. :^)
Previously it was not possible to see what each thread in a process was
up to, or how much CPU it was consuming. This patch fixes that.
SystemMonitor and "top" now show threads instead of just processes.
"ps" is gonna need some more fixing, but it at least builds for now.
Fixes#66.
LibProtocol::Client::start_download() now gives you a Download object
with convenient hooks (on_finish & on_progress).
Also, the IPC handshake is snuck into the Client constructor, so you
don't need to perform it after instantiating a Client.
This makes using LibProtocol much more pleasant. :^)
The DownloadFinished message from the server now includes a buffer ID
that can be mapped into the client program.
To avoid prematurely destroying the buffer, the server will hang on to
it until the client lets it know that they're all good. That's what the
ProtocolServer::DisownSharedBuffer message is about.
In the future it would be nice if the kernel had a mechanism to allow
passing ownership of a shared buffer along with an IPC message somehow.
This patch adds muting to ASMixer, which works by substituting what we
would normally send to the sound card with zero-filled memory instead.
We do it this way to ensure that the queued sample buffers keep getting
played (silently.)
This is obviously not the perfect way of doing this, and in the future
we should improve on this, and also find a way to utilize any hardware
mixing functions in the sound card.
Add an initial implementation of pthread attributes for:
* detach state (joinable, detached)
* schedule params (just priority)
* guard page size (as skeleton) (requires kernel support maybe?)
* stack size and user-provided stack location (4 or 8 MB only, must be aligned)
Add some tests too, to the thread test program.
Also, LibC: Move pthread declarations to sys/types.h, where they belong.
This can be implemented entirely in userspace by calling tcgetattr().
To avoid screwing up the syscall indexes, this patch also adds a
mechanism for removing a syscall without shifting the index of other
syscalls.
Note that ports will still have to be rebuilt after this change,
as their LibC code will try to make the isatty() syscall on startup.
VM regions can now be marked as stack regions, which is then validated
on syscall, and on page fault.
If a thread is caught with its stack pointer pointing into anything
that's *not* a Region with its stack bit set, we'll crash the whole
process with SIGSTKFLT.
Userspace must now allocate custom stacks by using mmap() with the new
MAP_STACK flag. This mechanism was first introduced in OpenBSD, and now
we have it too, yay! :^)
This patch adds these API's:
- pthread_mutex_init()
- pthread_mutex_lock()
- pthread_mutex_unlock()
No mutex attributes are supported yet, so we only do the simplest mutex
wihout recursive locking.
It's now possible to block until another thread in the same process has
exited. We can also retrieve its exit value, which is whatever value it
passed to pthread_exit(). :^)
By default, disk_benchmark will now use the O_DIRECT flag, causing it
to bypass the kernel's disk caches. This gives you "disk performance"
numbers rather than "disk cache performance" numbers.
You can use "disk_benchmark -c" to enable the caches.
Fixes#703.
The Plan9 OS has this program that can test a system call with the
given arguments. For the most basic system calls it can be very
helpful and aid with testing or just to play with a given syscall
without writing a dedicated program.
Some examples:
syscall write 1 hello 5
syscall -o read 0 buf 5
syscall mkdir /tmp/my-dir
syscall exit 2
...
I wrote a version of nl for Serenity with a lot but not all of the
options in POSIX nl. It includes line count type (-b), increment (-i),
delimiter (-s), start number (-v), and width (-w).
Now gets a true byte count by using the file size.
* When giving a single-line string without a trailing newline, the line
count should not go up ('printf "test" | wc -l' should output '0')
* Doesn't hang up when using two or more switch options in a row.
(It would hang if I did 'wc -lw test.frm').
While mine works with multiple args like that, they don't switch
anything, you have to do wc -l -w etc but I think that is an issue
with CArgsParser.
* It can now take standard input without needing a "-".
* When encountering a file that doesn't exist, it doesn't exit.
It prints the counts for each file that does, and prints an error to
stderr for each file that doesn't.
* Has slight buffering between counts to be closer to GNU and BSD wc.
This is roughly twice as fast as the old 4 KB buffer size. We still
don't go nearly as fast as "cp", since we don't ftruncate() up front
like "cp" does.
Since we usually know how many bytes we're going to write, we can be
nice to the kernel and ftruncate() the destination to the expected size
up front, reducing the amount of FS churn.
aplay used to quit as soon as the last enqueue of new buffer data
was sucessful. Because the connection closes as soon as the
application quits, samples were still in the buffer of the
ASBufferQueue as playback was halted.
Node.normalize() is a standard DOM API that coalesces Text nodes.
To avoid clashing with that, rename it to fixup().
This patch also makes it happen automagically as part of parsing.
Instead of HtmlView clients having to worry about parsing and loading
the default CSS, just take care of it inside StyleResolver.
The default style is automatically inserted into the stylesheet list,
at the very start, so everyone else gets a chance to override it.
This is a simple command that can be used to display HTML from a given
file, or from the standard input, in an HtmlView. It replaces the `tho`
(test HTML output) command.
This command uses LibMarkdown to parse and render Markdown documents
either for the terminal using escape sequences, or to HTML. For example,
you can now do:
$ md ReadMe.md
to read the Serenity ReadMe file ^)
Have these programs instantiate a GApplication to ensure they get a
connection to the WindowServer, otherwise the clipboard will not work.
Sorry Sergey! :^)
GEventLoop was just a dummy subclass of CEventLoop anyway. The only
thing it actually did was make sure a GWindowServerConnectionw was
instantiated. We now take care of that in GApplication instead.
CEventLoop is now non-virtual and a little less confusing. :^)
Okay, I've spent a whole day on this now, and it finally kinda works!
With this patch, CObject and all of its derived classes are reference
counted instead of tree-owned.
The previous, Qt-like model was nice and familiar, but ultimately also
outdated and difficult to reason about.
CObject-derived types should now be stored in RefPtr/NonnullRefPtr and
each class can be constructed using the forwarding construct() helper:
auto widget = GWidget::construct(parent_widget);
Note that construct() simply forwards all arguments to an existing
constructor. It is inserted into each class by the C_OBJECT macro,
see CObject.h to understand how that works.
CObject::delete_later() disappears in this patch, as there is no longer
a single logical owner of a CObject.
You can now copy into the system clipboard like this:
$ copy hello friends
or like this:
$ copy < ReadMe.md
or like this:
$ copy --type png < /res/wallpapers/sunset-retro.png
And paste just with
$ paste
or to view the copied type:
$ paste --print-type
RPC clients now send JSON-encoded requests to the RPC server.
The connection also stays alive instead of disconnecting automatically
after the initial CObject graph dump.
JSON payloads are preceded by a single host-order encoded 32-bit int
containing the length of the payload.
So far, we have three RPC commands:
- Identify
- GetAllObjects
- Disconnect
We'll be adding more of these as we go along. :^)
This was a workaround to be able to build on case-insensitive file
systems where it might get confused about <string.h> vs <String.h>.
Let's just not support building that way, so String.h can have an
objectively nicer name. :^)
This library is meant to provide C++-style wrappers over lower
level APIs such as syscalls and pthread_* functions, as well as
utilities for easily running pieces of logic on different
threads.
This new version can do three things:
* When invoked as `mount`, it will print out a list of mounted filesystem,
* When invoked as `mount -a`, it will try to mount filesystems
listed in /etc/fstab,
* When invoked as `mount device mountpoint -t fstype`, it will mount that
device on that mountpoint. If not specified, fstype defaults to ext2.
All programs that have a CEventLoop now allow local socket connections
via /tmp/rpc.PID and will dump a serialized JSON array of all the live
CObjects in the program onto connecting sockets.
Also added a small /bin/rpcdump tool that connects to an RPC socket and
produces a raw dump of the JSON that comes out.
It is now possible to unmount file systems from the VFS via `umount`.
It works via looking up the `fsid` of the filesystem from the `Inode`'s
metatdata so I'm not sure how fragile it is. It seems to work for now
though as something to get us going.
This patch adds the mprotect() syscall to allow changing the protection
flags for memory regions. We don't do any region splitting/merging yet,
so this only works on whole mmap() regions.
Added a "crash -r" flag to verify that we crash when you attempt to
write to read-only memory. :^)
This is a very simple version of the nc (netcat) command. It only
supports outgoing TCP connections, and has no options aside from the
target host and port.
This is comprised of five small changes:
* Keep a counter for tx/rx packets/bytes per TCP socket
* Keep a counter for tx/rx packets/bytes per network adapter
* Expose that data in /proc/net_tcp and /proc/netadapters
* Convert /proc/netadapters to JSON
* Fix up ifconfig to read the JSON from netadapters
This has a known bug in that you can't specify a negative size value.
This bug stems from the argument parser, and once it's fixed there,
everything should work here.
Fork the IPC Connection classes into Server:: and Client::ConnectionNG.
The new IPC messages are serialized very snugly instead of using the
same generic data structure for all messages.
Remove ASAPI.h since we now generate all of it from AudioServer.ipc :^)
It is now possible to mount ext2 `DiskDevice` devices under Serenity on
any folder in the root filesystem. Currently any user can do this with
any permissions. There's a fair amount of assumptions made here too,
that might not be too good, but can be worked on in the future. This is
a good start to allow more dynamic operation under the OS itself.
It is also currently impossible to unmount and such, and devices will
fail to mount in Linux as the FS 'needs to be cleaned'. I'll work on
getting `umount` done ASAP to rectify this (as well as working on less
assumption-making in the mount syscall. We don't want to just be able
to mount DiskDevices!). This could probably be fixed with some `-t`
flag or something similar.
Give the mixer a main volume value (percent) that we scale all the
outgoing samples by (before clipping.)
Also add a simple "avol" program for querying and setting the volume:
- "avol" prints the current volume.
- "avol 200" sets the main mix volume to 200%
Show some information about the file we're playing, and display how many
samples we've played out of how many total.
This might be a bit buggy as I haven't tested it with many different files,
but it's a start. :^)
This allows us to carry the same buffer all the way from the WAV loader
to the AudioServer mixer.
This alleviates some of the stutter, but there's still a noticeable
skip when switching buffers. We're gonna need to do better. :^)
I had to solve a bunch of things simultaneously to make this work.
Refactor AWavLoader to be a streaming loader rather than a one-shot one.
The constructor parses the header, and if everything looks good, you can
repeatedly ask the AWavLoader for sample buffers until it runs out.
Also send a message from AudioServer when a buffer has finished playing.
That allows us to implement a blocking variant of play().
Use all of this in aplay to play WAV files chunk-at-a-time.
This is definitely not perfect and it's a little glitchy and skippy,
but I think it's a step in the right direction.
The syscall is quite simple:
int watch_file(const char* path, int path_length);
It returns a file descriptor referring to a "InodeWatcher" object in the
kernel. It becomes readable whenever something changes about the inode.
Currently this is implemented by hooking the "metadata dirty bit" in
Inode which isn't perfect, but it's a start. :^)
Rolling with the theme of adding a dialog to shutdown the machine, it is
probably nice to have a way to reboot the machine without performing a full
system powerdown.
A reboot program has been added to `/bin/` as well as a corresponding
`syscall` (SC_reboot). This syscall works by attempting to pulse the 8042
keyboard controller. Note that this is NOT supported on new machines, and
should only be a fallback until we have proper ACPI support.
The implementation causes a triple fault in QEMU, which then restarts the
system. The filesystems are locked and synchronized before this occurs,
so there shouldn't be any corruption etctera.
Instead of LibGUI and WindowServer building their own copies of the drawing
and graphics code, let's it in a separate LibDraw library.
This avoids building the code twice, and will encourage better separation
of concerns. :^)
As a consequence, move to use an explicit handshake() method rather than
calling virtuals from the constructor. This seemed to not bother
AClientConnection, but LibGUI crashes (rightfully) because of it.
The center of this is now an ABuffer class in LibAudio.
ABuffer contains ASample, which has two channels (left/right) in
floating point for mixing purposes, in 44100hz.
This means that the loaders (AWavLoader in this case) needs to do some
manipulation to get things in the right format, but that we don't need
to care after format loading is done.
While we're at it, do some correctness fixes. PCM data is unsigned if
it's 8 bit, but 16 bit is signed. And /dev/audio also wants signed 16
bit audio, so give it what it wants.
On top of this, AudioServer now accepts requests to play a buffer.
The IPC mechanism here is pretty much a 1:1 copy-paste from
LibGUI/WindowServer. It can be generalized more in the future, but for
now I want to get AudioServer working decently first :)
Additionally, add a little "aplay" tool to load and play a WAV file. It
will break with large WAVs (run out of memory, heh...) but it's a start.
Future work needs to make AudioServer block buffer submission from
clients until it has played the buffer they are requesting to play.
Update ProcessManager, top and WSCPUMonitor to handle the new format.
Since the kernel is not allowed to use floating-point math, we now compile
the JSON classes in AK without JsonValue::Type::Double support.
To accomodate large unsigned ints, I added a JsonValue::Type::UnsignedInt.
This needs more work and polish, but it's a step in a more pleasant and
useful direction.
Also turn QuickShow into a fully-fledged "application". (By that, I really
just mean giving it its own Applications/ subdirectory.)
It's kinda funny how I can make a mistake like this in Serenity and then
get so used to it by spending lots of time using this API that I start to
believe that this is how printf() always worked..
We'll now try to detect crashes that were due to dereferencing nullptr,
uninitialized malloc() memory, or recently free()'d memory.
It's not perfect but I think it's pretty good. :^)
Also added some color to the most important parts of the crash log,
and added some more modes to /bin/crash for exercising this code.
Fixes#243.
I originally called it "linear" because that's how the Intel manual names
virtual addresses in many cases. I'm ready to accept that most people know
this as "virtual" so let's just call it that.