This patch begins the work of sharing types and macros between Kernel
and LibC instead of duplicating them via the kludge in UnixTypes.h.
The basic idea is that the Kernel vends various POSIX headers via
Kernel/API/POSIX/ and LibC simply #include's them to get the macros.
The `nonnull` attribute may delete null checks in the generated code, as
per the [GCC documentation]:
> The compiler may also perform optimizations based on the knowledge
> that nonnul parameters cannot be null. This can currently not be
> disabled other than by removing the nonnull attribute.
Disassembling the function as compiled by GCC, we can see that there is
no branch based on if `tv` is null. This means that `gettimeofday`
would produce UB if passed a null parameter, even if we wanted to
predictably return an error. Clang refuses to compile this due to a
`pointer-bool-conversion` warning.
In this commit, `settimeofday` is changed as well to match
`gettimeofday`'s null argument handling.
[GCC documentation]:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute
Since the InodeIndex encapsulates a 64 bit value, it is correct to
ensure that the Kernel is exposing the entire value and the LibC is
aware of it.
This commit requires an entire re-compile because it's essentially a
change in the Kernel ABI, together with a corresponding change in LibC.
When the system calls return `NumericLimits<ptrdiff_t>::min()`, negating
the return code would produce `NumericLimits<ptrdiff_t>::max() + 1`
since we are on a two's complement architecture. Because this value
cannot be stored, signed overflow occurs which is UB. This can be fixed
by applying the negation to `EMAXERRNO` since that's known to contain a
relatively small value.
Found when running tests with Clang.
This implements bits and pieces to get the debugging functionality to
build. No testing has been done to check whether it actually works
because GCC doesn't currently work.
GCC and Clang allow us to inject a call to a function named
__sanitizer_cov_trace_pc on every edge. This function has to be defined
by us. By noting down the caller in that function we can trace the code
we have encountered during execution. Such information is used by
coverage guided fuzzers like AFL and LibFuzzer to determine if a new
input resulted in a new code path. This makes fuzzing much more
effective.
Additionally this adds a basic KCOV implementation. KCOV is an API that
allows user space to request the kernel to start collecting coverage
information for a given user space thread. Furthermore KCOV then exposes
the collected program counters to user space via a BlockDevice which can
be mmaped from user space.
This work is required to add effective support for fuzzing SerenityOS to
the Syzkaller syscall fuzzer. :^) :^)
This patch changes the semantics of purgeable memory.
- AnonymousVMObject now has a "purgeable" flag. It can only be set when
constructing the object. (Previously, all anonymous memory was
effectively purgeable.)
- AnonymousVMObject now has a "volatile" flag. It covers the entire
range of physical pages. (Previously, we tracked ranges of volatile
pages, effectively making it a page-level concept.)
- Non-volatile objects maintain a physical page reservation via the
committed pages mechanism, to ensure full coverage for page faults.
- When an object is made volatile, it relinquishes any unused committed
pages immediately. If later made non-volatile again, we then attempt
to make a new committed pages reservation. If this fails, we return
ENOMEM to userspace.
mmap() now creates purgeable objects if passed the MAP_PURGEABLE option
together with MAP_ANONYMOUS. anon_create() memory is always purgeable.
As we've opted to make these inline functions and not macros, let's at
least make sure that the users don't *observe* multiple definitions of
these functions.
This implementation features a fast path for pthread_cond_signal() and
pthread_cond_broadcast() for the case there's no thread waiting, and
does not exhibit the "thundering herd" issue in
pthread_cond_broadcast().
Fixes https://github.com/SerenityOS/serenity/issues/8432
Depending on the driver, the second buffer may not be located right
after the first, e.g. it may be page aligned. This removes this
assumption and queries the driver for the appropriate offset.
Some devices may require DMA transfers to flush the updated buffer
areas prior to flipping. For those devices we track the areas that
require flushing prior to the next flip. For devices that do not
support flipping, but require flushing, we'll simply flush after
updating the front buffer.
This also adds a small optimization that skips these steps entirely for
a screen that doesn't have any updates that need to be rendered.
We regularily need to flush many rectangles, so instead of making many
expensive ioctl() calls to the framebuffer driver, collect the
rectangles and only make one call. And if we have too many rectangles
then it may be cheaper to just update the entire region, in which case
we simply convert them all into a union and just flush that one
rectangle instead.
wint_t is also not supposed to be defined by sys/types.h, but should
be defined in wchar.h instead. Since we require it for our definition of
btowc, let's move it to the correct place.
Unlike accept() the new accept4() system call lets the caller specify
flags for the newly accepted socket file descriptor, such as
SOCK_CLOEXEC and SOCK_NONBLOCK.
This commit adds support for the various ECHO* lflags and fixes some
POSIX conformance issues around newline handling. Also included are
error messages when setting not implemented settings.
This non-POSIX header is used in Linux/BSD systems for storing the
default termios settings. This lets us setup new TTYs' `m_termios.c_cc`
in a nicer way than using a magic string.
The function fstatat can do the same thing as the stat and lstat
functions. However, it can be passed the file descriptor of a directory
which will be used when as the starting point for relative paths. This
is contrary to stat and lstat which use the current working directory as
the starting for relative paths.
It's technically not specified by POSIX, but it appears most Unix-like
systems worth mentioning put those definitions there. Also, it's more
logical since the dev_t type is defined there.
This change implements the pthread user space spinlock API. The
stress-ng Port requires a functioning version to work correctly.
To facilitate the requirements of the posix specification for the API
we implement the spinlock so that the owning tid is the value stored
in the spinlock. This gives us the proper ownership semantics needed
to implement the proper error handling.
This commit will add MSG_PEEK support, which allows a package to be
seen without taking it from the buffer, so that a subsequent recv()
without the MSG_PEEK flag can pick it up.
