Commit graph

40248 commits

Author SHA1 Message Date
Andreas Kling
8ed06ad814 Kernel: Guard Process "protected data" with a spinlock
This ensures that both mutable and immutable access to the protected
data of a process is serialized.

Note that there may still be multiple TOCTOU issues around this, as we
have a bunch of convenience accessors that make it easy to introduce
them. We'll need to audit those as well.
2022-08-21 12:25:14 +02:00
Andreas Kling
728c3fbd14 Kernel: Use RefPtr instead of LockRefPtr for Custody
By protecting all the RefPtr<Custody> objects that may be accessed from
multiple threads at the same time (with spinlocks), we remove the need
for using LockRefPtr<Custody> (which is basically a RefPtr with a
built-in spinlock.)
2022-08-21 12:25:14 +02:00
Liav A
5331d243c6 Kernel/Syscall: Make anon_create to not use Process::allocate_fd method
Instead, allocate when acquiring the lock on m_fds struct, which is
safer to do in terms of safely mutating the m_fds struct, because we
don't use the big process lock in this syscall.
2022-08-21 10:56:48 +01:00
Liav A
0eaee045cf SystemMonitor: Don't unveil /boot/Kernel.debug if it does not exist
If the user decided for some reason to not include Kernel debug symbols
in the disk image, let's not try to unveil it.
2022-08-21 10:54:40 +01:00
djwisdom
66489ba4ad Base: Update Chillychilly theme use calming background 2022-08-21 10:53:25 +01:00
Luke Wilde
5ebf444199 LibWeb: Make window.performance replaceable and configurable
Required by Discord, which polyfills it by taking the existing native
object, polyfilling missing functions and setting window.performance to
it.

This is a hard requirement as this is done in strict mode with no
try/catch and thus causes their JavaScript to stop progressing.
2022-08-21 00:01:23 +01:00
davidot
ae349ec6a8 LibJS: Use a synthetic constructor if class with parent doesn't have one
We already did this but it called the @@iterator method of
%Array.prototype% visible to the user for example by overriding that
method. This should not be visible so we use a special version of
SuperCall now.
2022-08-20 23:53:55 +01:00
davidot
b79f03182d LibJS: Add special cases for Math.cosh and add spec comments
Although this already works in most cases in non-kvm serenity cases the
cosh and other math function tend to return incorrect values for
Infinity. This makes sure that whatever the underlying cosh function
returns Math.cosh conforms to the spec.
2022-08-20 23:53:55 +01:00
Ryan Liptak
379baa984d LibGfx: Always lookup emojis without emoji presentation specifiers
This allows us to treat unqualified, minimally-qualified, and
fully-qualified emojis the same as long as emoji filenames are in their
least qualified form (with respect to emoji presentation).

For example, the transgender flag emoji has 4 possible forms:

    1F3F3 FE0F 200D 26A7 FE0F ; fully-qualified  # 🏳️‍⚧️
    1F3F3 200D 26A7 FE0F      ; unqualified      # 🏳‍⚧️
    1F3F3 FE0F 200D 26A7      ; unqualified      # 🏳️‍⚧
    1F3F3 200D 26A7           ; unqualified      # 🏳‍⚧

In order to treat them all as the same, we now drop all forms down
to 1F3F3 200D 26A7 (skipping any FE0F codepoints) and then do the
lookup for that form.
2022-08-20 23:50:41 +01:00
Ryan Liptak
f64f5e79a8 Base: Fix all emoji filenames according to check-emoji rules 2022-08-20 23:50:41 +01:00
Ryan Liptak
68ff0a7d13 Meta: Add check-emoji script to validate emoji filenames
Verifies that emoji filenames:
- Contain only uppercase letters, numbers, +, and _
- Use _ and a separator between codepoints, not +
- Do not include the U+FE0F emoji presentation specifier
2022-08-20 23:50:41 +01:00
Andreas Kling
619ac65302 Kernel: Get GID from credentials object in sys$setgroups()
I missed one instance of these. Thanks Anthony Iacono for spotting it!
2022-08-20 22:41:49 +02:00
Andreas Kling
9eeee24a39 Kernel+LibC: Enforce a limit on the number of supplementary group IDs
This patch adds the NGROUPS_MAX constant and enforces it in
sys$setgroups() to ensure that no process has more than 32 supplementary
group IDs.

The number doesn't mean anything in particular, just had to pick a
number. Perhaps one day we'll have a reason to change it.
2022-08-20 22:39:56 +02:00
Andreas Kling
998c1152ef Kernel: Mark syscalls that get/set user/group ID as not needing big lock
Now that these operate on the neatly atomic and immutable Credentials
object, they should no longer require the process big lock for
synchronization. :^)
2022-08-20 18:36:47 +02:00
Andreas Kling
122d7d9533 Kernel: Add Credentials to hold a set of user and group IDs
This patch adds a new object to hold a Process's user credentials:

- UID, EUID, SUID
- GID, EGID, SGID, extra GIDs

Credentials are immutable and child processes initially inherit the
Credentials object from their parent.

Whenever a process changes one or more of its user/group IDs, a new
Credentials object is constructed.

Any code that wants to inspect and act on a set of credentials can now
do so without worrying about data races.
2022-08-20 18:32:50 +02:00
Andreas Kling
bec314611d Kernel: Move InodeMetadata methods out of line 2022-08-20 17:20:44 +02:00
Andreas Kling
11eee67b85 Kernel: Make self-contained locking smart pointers their own classes
Until now, our kernel has reimplemented a number of AK classes to
provide automatic internal locking:

- RefPtr
- NonnullRefPtr
- WeakPtr
- Weakable

This patch renames the Kernel classes so that they can coexist with
the original AK classes:

- RefPtr => LockRefPtr
- NonnullRefPtr => NonnullLockRefPtr
- WeakPtr => LockWeakPtr
- Weakable => LockWeakable

The goal here is to eventually get rid of the Lock* classes in favor of
using external locking.
2022-08-20 17:20:43 +02:00
Andreas Kling
e475263113 AK+Kernel: Add AK::AtomicRefCounted and use everywhere in the kernel
Instead of having two separate implementations of AK::RefCounted, one
for userspace and one for kernelspace, there is now RefCounted and
AtomicRefCounted.
2022-08-20 17:15:52 +02:00
Tim Schumacher
4889eb019a strace: Pledge rpath for searching binaries
After commit 91a03bc6ae we no longer try
to discover files for exec-ing by simply trying to exec on them, but we
check for the files existence by using `Core::file::exists()` first.

Contrary to the old solution, this now requires the `rpath` pledge, so
pledge it to keep `strace` from crashing when using non-absolute paths.
2022-08-20 12:28:46 +02:00
Ryan Liptak
548c23ded3 Base: Add 10 new (mostly weather-related) emojis
☀️ - U+2600 U+FE0F SUN
☁️ - U+2601 U+FE0F CLOUD
🌤️ - U+1F324 U+FE0F SUN BEHIND SMALL CLOUD
🌥️ - U+1F325 U+FE0F SUN BEHIND LARGE CLOUD
🌦️ - U+1F326 U+FE0F SUN BEHIND RAIN CLOUD
🌧️ - U+1F327 U+FE0F CLOUD WITH RAIN
🌨️ - U+1F328 U+FE0F CLOUD WITH SNOW
🌩️ - U+1F329 U+FE0F CLOUD WITH LIGHTNING
💯 - U+1F4AF HUNDRED POINTS
🫧 - U+1FAE7 BUBBLES
2022-08-20 09:11:21 +01:00
Liav A
00e59e8ab7 Kernel: Annotate SpinlockProtected<PacketList> in NetworkAdapter class 2022-08-19 23:50:28 -07:00
kleines Filmröllchen
4314c25cf2 Kernel: Require lock rank for Spinlock construction
All users which relied on the default constructor use a None lock rank
for now. This will make it easier to in the future remove LockRank and
actually annotate the ranks by searching for None.
2022-08-19 20:26:47 -07:00
kleines Filmröllchen
4809dc8ec2 AK: Add Singleton special-case constructor for SpinlockProtected
This will allow Singletons of that class to still be created when
SpinlockProtected can't be constructed without a lock rank argument
anymore.
2022-08-19 20:26:47 -07:00
davidot
f53aa5bfbb LibJS: Make IsHTMLDDA non-constructible 2022-08-20 00:19:03 +01:00
Roberto Bampi
78bc84c2d8 Docs: Update CLion configuration for WSL
In CLion on Windows subsystem for linux (WSL) we need to set up a
CLion toolchain so that the IDE can find the correct CMake.
2022-08-19 18:10:47 +01:00
Idan Horowitz
ae9c6a9ded Kernel: Add 8-byte atomics for i686 GCC
Unlike Clang, GCC does not support 8-byte atomics on i686 with the
-mno-80387 flag set, so until that is fixed, implement a minimal set of
atomics that are currently required.
2022-08-19 19:49:38 +03:00
Tim Schumacher
df4ba7b430 Kernel: Put too small unused network packets back into the list 2022-08-19 14:51:58 +02:00
Tim Schumacher
9e7faff181 Kernel: Protect the list of unused network packets with a Spinlock 2022-08-19 14:51:58 +02:00
Andreas Kling
766bf5c89e Kernel: Don't take thread lock for signal dispatch
Signal dispatch is already protected by the global scheduler lock, but
in some cases we also took Thread::m_lock for some reason. This led to
a number of different deadlocks that started showing up with 4+ CPU's
attached to the system.

As a first step towards solving this, simply don't take the thread lock
and let the scheduler lock cover it.

Eventually, we should work in the other direction and break the
scheduler lock into much finer-grained locks, but let's get out of the
deadlock swamp first.
2022-08-19 14:39:15 +02:00
Liav A
a1a1462a22 Kernel/Memory: Use scope guard to remove a region if we failed to map it 2022-08-19 15:26:04 +03:00
Andreas Kling
23902d46f1 Kernel: Don't lock scheduler in ~Thread()
This is not necessary, and is a leftover from before Thread started
using the ListedRefCounted pattern to be safely removed from lists on
the last call to unref().
2022-08-19 14:06:03 +02:00
Andreas Kling
806ade1367 Kernel: Don't lock scheduler while updating thread scheduling times
We can use simple atomic variables with relaxed ordering for this,
and avoid locking altogether.
2022-08-19 14:05:57 +02:00
Andreas Kling
5ada38f9c3 Kernel: Reduce time under VMObject lock while handling zero faults
We only need to hold the VMObject lock while inspecting and/or updating
the physical page array in the VMObject.
2022-08-19 12:52:48 +02:00
Andreas Kling
a84d893af8 Kernel/x86: Re-enable interrupts ASAP when handling page faults
As soon as we've saved CR2 (the faulting address), we can re-enable
interrupt processing. This should make the kernel more responsive under
heavy fault loads.
2022-08-19 12:14:57 +02:00
djwisdom
037f1ae979 Base: Add new emojis U+1F58A-U1F58D U+1F5DD U+1F5DE U+1F5E1 2022-08-19 10:31:07 +01:00
electrikmilk
1da13b6247 Base: Correct Flag Code Points
This corrects code points for the English, Scottish and Wales flags.
2022-08-19 10:19:09 +01:00
Andreas Kling
e1476788ad Kernel: Make sys$anon_create() allocate physical pages immediately
This fixes an issue where a sharing process would map the "lazy
committed page" early and then get stuck with that page even after
it had been replaced in the VMObject by a page fault.

Regressed in 27c1135d30, which made it
happen every time with the backing bitmaps used for WebContent.
2022-08-18 20:59:04 +02:00
Andreas Kling
81ee870c9b FileManager: Add "open child directory" action (Alt+Down)
This mirrors the "open parent directory" action, but traverses the
breadcrumbbar segments from left-to-right instead. The name is a little
bit strange, and maybe we can come up with something better.

It does feel pretty nice to use though. :^)
2022-08-18 20:44:15 +02:00
Andreas Kling
ff37ce7408 LibGUI: Make Breadcrumbbar remember the selected segment index
We had a selected_segment() accessor, but the member it returned was
never actually updated.
2022-08-18 20:43:39 +02:00
Andreas Kling
4bc3745ce6 Kernel: Make Region's physical page accessors safer to use
Region::physical_page() now takes the VMObject lock while accessing the
physical pages array, and returns a RefPtr<PhysicalPage>. This ensures
that the array access is safe.

Region::physical_page_slot() now VERIFY()'s that the VMObject lock is
held by the caller. Since we're returning a reference to the physical
page slot in the VMObject's physical page array, this is the best we
can do here.
2022-08-18 19:20:33 +02:00
Andreas Kling
c3ad4ffcec Kernel: Schedule threads on all processors when SMP is enabled
Note that SMP is still off by default, but this basically removes the
weird "SMP on but threads don't get scheduled" behavior we had by
default. If you pass "smp=on" to the kernel, you now get SMP. :^)
2022-08-18 18:58:33 +02:00
Andreas Kling
b560442fe1 Kernel: Don't hog VMObject lock when remapping a region page
We really only need the VMObject lock when accessing the physical pages
array, so once we have a strong pointer to the physical page we want to
remap, we can give up the VMObject lock.

This fixes a deadlock I encountered while building DOOM on SMP.
2022-08-18 18:56:35 +02:00
Andreas Kling
10399a258f Kernel: Move Region physical page accessors out of line 2022-08-18 18:52:34 +02:00
Andreas Kling
c14dda14c4 Kernel: Add a comment about what the MM lock protects 2022-08-18 18:52:34 +02:00
Andreas Kling
75348bdfd3 Kernel: Don't require MM lock for Region::set_page_directory()
The MM lock is not required for this, it's just a simple ref-counted
pointer assignment.
2022-08-18 18:52:34 +02:00
Andreas Kling
abb84b9fcd Kernel: Fix inconsistent lock acquisition order in kmalloc
We always want to grab the page directory lock before the MM lock.
This fixes a deadlock I encountered when building DOOM with make -j4.
2022-08-18 18:52:34 +02:00
Andreas Kling
27c1135d30 Kernel: Don't remap all regions from Region::remap_vmobject_page()
When handling a page fault, we only need to remap the faulting region in
the current process. There's no need to traverse *all* regions that map
the same VMObject and remap them cross-process as well.

Those other regions will get remapped lazily by their own page fault
handlers eventually. Or maybe they won't and we avoided some work. :^)
2022-08-18 18:52:34 +02:00
Andreas Kling
45e6123de8 Kernel: Shorten time under spinlocks while handling inode faults
- Instead of holding the VMObject lock across physical page allocation
  and quick-map + copy, we now only hold it when updating the VMObject's
  physical page slot.
2022-08-18 18:52:34 +02:00
Thomas Symalla
03e9697975 TextEditor: Change cursor when reaching the ruler area
Noticed that mouse-overing the ruler area in the TextEditor
does not change the cursor to the default cursor, instead, the
beam cursor is used, which does not look nice.

This PR extends the mousemove event and introduces a new
set_editing_cursor() function that takes care of setting the
cursor for the editor area.
2022-08-18 15:59:53 +02:00
Timothy Flynn
299cebbbcb FileManager: Do not activate "Show Dotfiles" action on every startup
Commit 75d1840cf detects if the initial path provided to the FileManager
contains a dotfile, and if so, forces the FileManager to show dotfiles.
However, it does this by activating the "Show Dotfiles" action. This has
the side effect of always setting and persisting the configuration,
overriding whatever the user's preference was.

Instead, only transiently update the view to show dotfiles if the path
contains a dotfile.
2022-08-18 15:58:41 +02:00