beenull/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-11-22 15:40:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
ladybird/Kernel/FileSystem/VirtualFileSystem.h

140 lines
6.9 KiB
C
Raw Normal View History

Meta: Add license header to source files As suggested by Joshua, this commit adds the 2-clause BSD license as a comment block to the top of every source file. For the first pass, I've just added myself for simplicity. I encourage everyone to add themselves as copyright holders of any file they've added or modified in some significant way. If I've added myself in error somewhere, feel free to replace it with the appropriate copyright holder instead. Going forward, all new source files should include a license header.
2020-01-18 08:38:21 +00:00
/*
Kernel: Rename VFS => VirtualFileSystem
2021-07-10 22:25:24 +00:00
* Copyright (c) 2018-2021, Andreas Kling <kling@serenityos.org>
Meta: Add license header to source files As suggested by Joshua, this commit adds the 2-clause BSD license as a comment block to the top of every source file. For the first pass, I've just added myself for simplicity. I encourage everyone to add themselves as copyright holders of any file they've added or modified in some significant way. If I've added myself in error somewhere, feel free to replace it with the appropriate copyright holder instead. Going forward, all new source files should include a license header.
2020-01-18 08:38:21 +00:00
*
Everything: Move to SPDX license identifiers in all files. SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-22 08:24:48 +00:00
* SPDX-License-Identifier: BSD-2-Clause
Meta: Add license header to source files As suggested by Joshua, this commit adds the 2-clause BSD license as a comment block to the top of every source file. For the first pass, I've just added myself for simplicity. I encourage everyone to add themselves as copyright holders of any file they've added or modified in some significant way. If I've added myself in error somewhere, feel free to replace it with the appropriate copyright holder instead. Going forward, all new source files should include a license header.
2020-01-18 08:38:21 +00:00
*/
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
#pragma once
FileSystem: VFS should require Badge<Device> for device registration.
2019-05-31 13:36:49 +00:00
#include <AK/Badge.h>
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-07 23:51:39 +00:00
#include <AK/Error.h>
Add clang-format file Also run it across the whole tree to get everything using the One True Style. We don't yet run this in an automated fashion as it's a little slow, but there is a snippet to do so in makeall.sh.
2019-05-28 09:53:16 +00:00
#include <AK/Function.h>
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
#include <AK/HashMap.h>
#include <AK/OwnPtr.h>
Kernel: Introduce support for using FileSystem object in multiple mounts The idea is to enable mounting FileSystem objects across multiple mounts in contrast to what happened until now - each mount has its own unique FileSystem object being attached to it. Considering a situation of mounting a block device at 2 different mount points at in system, there were a couple of critical flaws due to how the previous "design" worked: 1. BlockBasedFileSystem(s) that pointed to the same actual device had a separate DiskCache object being attached to them. Because both instances were not synchronized by any means, corruption of the filesystem is most likely achieveable by a simple cache flush of either of the instances. 2. For superblock-oriented filesystems (such as the ext2 filesystem), lack of synchronization between both instances can lead to severe corruption in the superblock, which could render the entire filesystem unusable. 3. Flags of a specific filesystem implementation (for example, with xfs on Linux, one can instruct to mount it with the discard option) must be honored across multiple mounts, to ensure expected behavior against a particular filesystem. This patch put the foundations to start fix the issues mentioned above. However, there are still major issues to solve, so this is only a start.
2022-08-19 21:03:24 +00:00
#include <AK/RefPtr.h>
#include <Kernel/FileSystem/FileBackedFileSystem.h>
FileSystem: VFS should require Badge<Device> for device registration.
2019-05-31 13:36:49 +00:00
#include <Kernel/FileSystem/FileSystem.h>
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
#include <Kernel/FileSystem/Initializer.h>
FileSystem: VFS should require Badge<Device> for device registration.
2019-05-31 13:36:49 +00:00
#include <Kernel/FileSystem/InodeIdentifier.h>
#include <Kernel/FileSystem/InodeMetadata.h>
Kernel: Make VirtualFileSystem::Mount a top-level class And move it to its own compilation unit.
2021-07-10 22:46:06 +00:00
#include <Kernel/FileSystem/Mount.h>
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
#include <Kernel/FileSystem/MountFile.h>
Kernel: Move UnveilNode.h into Kernel/FileSystem/
2021-08-06 12:11:45 +00:00
#include <Kernel/FileSystem/UnveilNode.h>
Kernel: Use Forward.h headers more
2021-07-11 09:49:16 +00:00
#include <Kernel/Forward.h>
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
#include <Kernel/Locking/MutexProtected.h>
Kernel: Protect mounted filesystem list with spinlock instead of mutex
2022-02-03 00:37:46 +00:00
#include <Kernel/Locking/SpinlockProtected.h>
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Kernel: Move all code into the Kernel namespace
2020-02-16 00:27:42 +00:00
namespace Kernel {
Kernel+LibC: Clean up open() flag (O_*) definitions These were using a mix of decimal, octal and hexadecimal for no reason.
2020-01-21 12:34:39 +00:00
Kernel: Move VFS-internal O_FOO definitions to VirtualFileSystem.h
2021-08-14 17:46:18 +00:00
// Kernel internal options.
#define O_NOFOLLOW_NOERROR (1 << 29)
#define O_UNLINK_INTERNAL (1 << 30)
Kernel: Allow passing initial UID and GID when creating new inodes If we're creating something that should have a different owner than the current process's UID/GID, we need to plumb that all the way through VFS down to the FS functions.
2020-01-03 19:13:21 +00:00
struct UidAndGid {
Kernel: Strongly typed user & group ID's Prior to this change, both uid_t and gid_t were typedef'ed to `u32`. This made it easy to use them interchangeably. Let's not allow that. This patch adds UserID and GroupID using the AK::DistinctNumeric mechanism we've already been employing for pid_t/ProcessID.
2021-08-28 20:11:16 +00:00
UserID uid;
GroupID gid;
Kernel: Allow passing initial UID and GID when creating new inodes If we're creating something that should have a different owner than the current process's UID/GID, we need to plumb that all the way through VFS down to the FS functions.
2020-01-03 19:13:21 +00:00
};
Kernel+LibC+LibCore+UserspaceEmulator: Implement `faccessat(2)` Co-Authored-By: Daniel Bertalan <dani@danielbertalan.dev>
2022-10-01 12:24:56 +00:00
enum class AccessFlags {
None = 0,
EffectiveAccess = 1 << 0,
DoNotFollowSymlinks = 1 << 1,
};
AK_ENUM_BITWISE_OPERATORS(AccessFlags);
Kernel: Rename VFS => VirtualFileSystem
2021-07-10 22:25:24 +00:00
class VirtualFileSystem {
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
public:
Kernel: Move symlink recursion limit to .h, increase it to 8 As pointed out by BertalanD on Discord, POSIX specifies that _SC_SYMLOOP_MAX (implemented in the following commit) always needs to be equal or more than _POSIX_SYMLOOP_MAX (8, defined in LibC/bits/posix1_lim.h), hence I've increased it to that value to comply with the standard. The move to header is required for the following commit - to make this constant accessible outside of the VFS class, namely in sysconf.
2021-12-21 15:11:19 +00:00
// Required to be at least 8 by POSIX
// https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html
static constexpr int symlink_recursion_limit = 8;
Kernel: Switch singletons to use new Singleton class MemoryManager cannot use the Singleton class because MemoryManager::initialize is called before the global constructors are run. That caused the Singleton to be re-initialized, causing it to create another MemoryManager instance. Fixes #3226
2020-08-25 01:35:19 +00:00
static void initialize();
Kernel: Rename VFS => VirtualFileSystem
2021-07-10 22:25:24 +00:00
static VirtualFileSystem& the();
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
static ErrorOr<FileSystemInitializer const*> find_filesystem_type_initializer(StringView fs_type);
Kernel: Rename VFS => VirtualFileSystem
2021-07-10 22:25:24 +00:00
VirtualFileSystem();
~VirtualFileSystem();
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-07 23:51:39 +00:00
ErrorOr<void> mount_root(FileSystem&);
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
ErrorOr<void> mount(MountFile&, OpenFileDescription*, Custody& mount_point, int flags);
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-07 23:51:39 +00:00
ErrorOr<void> bind_mount(Custody& source, Custody& mount_point, int flags);
ErrorOr<void> remount(Custody& mount_point, int new_flags);
Kernel: Introduce support for using FileSystem object in multiple mounts The idea is to enable mounting FileSystem objects across multiple mounts in contrast to what happened until now - each mount has its own unique FileSystem object being attached to it. Considering a situation of mounting a block device at 2 different mount points at in system, there were a couple of critical flaws due to how the previous "design" worked: 1. BlockBasedFileSystem(s) that pointed to the same actual device had a separate DiskCache object being attached to them. Because both instances were not synchronized by any means, corruption of the filesystem is most likely achieveable by a simple cache flush of either of the instances. 2. For superblock-oriented filesystems (such as the ext2 filesystem), lack of synchronization between both instances can lead to severe corruption in the superblock, which could render the entire filesystem unusable. 3. Flags of a specific filesystem implementation (for example, with xfs on Linux, one can instruct to mount it with the discard option) must be honored across multiple mounts, to ensure expected behavior against a particular filesystem. This patch put the foundations to start fix the issues mentioned above. However, there are still major issues to solve, so this is only a start.
2022-08-19 21:03:24 +00:00
ErrorOr<void> unmount(Custody& mount_point);
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-07 23:51:39 +00:00
Kernel: Use non-locking {Nonnull,}RefPtr for OpenFileDescription This patch switches away from {Nonnull,}LockRefPtr to the non-locking smart pointers throughout the kernel. I've looked at the handful of places where these were being persisted and I don't see any race situations. Note that the process file descriptor table (Process::m_fds) was already guarded via MutexProtected.
2023-03-06 18:29:25 +00:00
ErrorOr<NonnullRefPtr<OpenFileDescription>> open(Credentials const&, StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> = {});
ErrorOr<NonnullRefPtr<OpenFileDescription>> open(Process const&, Credentials const&, StringView path, int options, mode_t mode, Custody& base, Optional<UidAndGid> = {});
ErrorOr<NonnullRefPtr<OpenFileDescription>> create(Credentials const&, StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> = {});
ErrorOr<NonnullRefPtr<OpenFileDescription>> create(Process const&, Credentials const&, StringView path, int options, mode_t mode, Custody& parent_custody, Optional<UidAndGid> = {});
Kernel: Make VirtualFileSystem functions take credentials as input Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
2022-08-21 14:02:24 +00:00
ErrorOr<void> mkdir(Credentials const&, StringView path, mode_t mode, Custody& base);
ErrorOr<void> link(Credentials const&, StringView old_path, StringView new_path, Custody& base);
ErrorOr<void> unlink(Credentials const&, StringView path, Custody& base);
ErrorOr<void> symlink(Credentials const&, StringView target, StringView linkpath, Custody& base);
ErrorOr<void> rmdir(Credentials const&, StringView path, Custody& base);
ErrorOr<void> chmod(Credentials const&, StringView path, mode_t, Custody& base, int options = 0);
ErrorOr<void> chmod(Credentials const&, Custody&, mode_t);
ErrorOr<void> chown(Credentials const&, StringView path, UserID, GroupID, Custody& base, int options);
ErrorOr<void> chown(Credentials const&, Custody&, UserID, GroupID);
Kernel+LibC+LibCore+UserspaceEmulator: Implement `faccessat(2)` Co-Authored-By: Daniel Bertalan <dani@danielbertalan.dev>
2022-10-01 12:24:56 +00:00
ErrorOr<void> access(Credentials const&, StringView path, int mode, Custody& base, AccessFlags);
Kernel: Make VirtualFileSystem functions take credentials as input Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
2022-08-21 14:02:24 +00:00
ErrorOr<InodeMetadata> lookup_metadata(Credentials const&, StringView path, Custody& base, int options = 0);
ErrorOr<void> utime(Credentials const&, StringView path, Custody& base, time_t atime, time_t mtime);
ErrorOr<void> utimensat(Credentials const&, StringView path, Custody& base, timespec const& atime, timespec const& mtime, int options = 0);
Kernel: Add the futimens syscall We have a problem with the original utimensat syscall because when we do call LibC futimens function, internally we provide an empty path, and the Kernel get_syscall_path_argument method will detect this as an invalid path. This happens to spit an error for example in the touch utility, so if a user is running "touch non_existing_file", it will create that file, but the user will still see an error coming from LibC futimens function. This new syscall gets an open file description and it provides the same functionality as utimensat, on the specified open file description. The new syscall will be used later by LibC to properly implement LibC futimens function so the situation described with relation to the "touch" utility could be fixed.
2023-04-08 08:37:15 +00:00
ErrorOr<void> do_utimens(Credentials const& credentials, Custody& custody, timespec const& atime, timespec const& mtime);
Kernel+LibC+LibCore: Implement `renameat(2)` Now with the ability to specify different bases for the old and new paths.
2022-10-01 11:42:25 +00:00
ErrorOr<void> rename(Credentials const&, Custody& old_base, StringView oldpath, Custody& new_base, StringView newpath);
Kernel: Make VirtualFileSystem functions take credentials as input Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
2022-08-21 14:02:24 +00:00
ErrorOr<void> mknod(Credentials const&, StringView path, mode_t, dev_t, Custody& base);
ErrorOr<NonnullRefPtr<Custody>> open_directory(Credentials const&, StringView path, Custody& base);
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Everywhere: Run clang-format
2022-04-01 17:58:27 +00:00
ErrorOr<void> for_each_mount(Function<ErrorOr<void>(Mount const&)>) const;
Add a simple /proc/mounts that enumerates the current VFS mounts.
2018-10-26 16:43:25 +00:00
Fix mkdir with relative paths.
2018-11-18 22:28:43 +00:00
InodeIdentifier root_inode_id() const;
Kernel/FileSystem: Discard safely filesystems when unmounted last time This commit reached that goal of "safely discarding" a filesystem by doing the following: 1. Stop using the s_file_system_map HashMap as it was an unsafe measure to access pointers of FileSystems. Instead, make sure to register all FileSystems at the VFS layer, with an IntrusiveList, to avoid problems related to OOM conditions. 2. Make sure to cleanly remove the DiskCache object from a BlockBased filesystem, so the destructor of such object will not need to do that in the destruction point. 3. For ext2 filesystems, don't cache the root inode at m_inode_cache HashMap. The reason for this is that when unmounting an ext2 filesystem, we lookup at the cache to see if there's a reference to a cached inode and if that's the case, we fail with EBUSY. If we keep the m_root_inode also being referenced at the m_inode_cache map, we have 2 references to that object, which will lead to fail with EBUSY. Also, it's much simpler to always ask for a root inode and get it immediately from m_root_inode, instead of looking up the cache for that inode.
2022-08-20 06:28:02 +00:00
void sync_filesystems();
void lock_all_filesystems();
Kernel: Make VirtualFileSystem::sync() static
2021-07-10 22:26:17 +00:00
static void sync();
Add sync() syscall and a /bin/sync. It walks all the live Inode objects and flushes pending metadata changes wherever needed. This could be optimized by keeping a separate list of dirty Inodes, but let's not get ahead of ourselves.
2018-12-19 23:39:29 +00:00
Kernel: Use RefPtr instead of LockRefPtr for Custody By protecting all the RefPtr<Custody> objects that may be accessed from multiple threads at the same time (with spinlocks), we remove the need for using LockRefPtr<Custody> (which is basically a RefPtr with a built-in spinlock.)
2022-08-20 23:04:35 +00:00
NonnullRefPtr<Custody> root_custody();
Kernel: Make VirtualFileSystem functions take credentials as input Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
2022-08-21 14:02:24 +00:00
ErrorOr<NonnullRefPtr<Custody>> resolve_path(Credentials const&, StringView path, NonnullRefPtr<Custody> base, RefPtr<Custody>* out_parent = nullptr, int options = 0, int symlink_recursion_level = 0);
Kernel: Actually check Process unveil data when creating perfcore dump Before of this patch, we looked at the unveil data of the FinalizerTask, which naturally doesn't have any unveil restrictions, therefore allowing an unveil bypass for a process that enabled performance coredumps. To ensure we always check the dumped process unveil data, an option to pass a Process& has been added to a couple of methods in the class of VirtualFileSystem.
2023-03-04 18:01:54 +00:00
ErrorOr<NonnullRefPtr<Custody>> resolve_path(Process const&, Credentials const&, StringView path, NonnullRefPtr<Custody> base, RefPtr<Custody>* out_parent = nullptr, int options = 0, int symlink_recursion_level = 0);
Kernel: Make VirtualFileSystem functions take credentials as input Instead of getting credentials from Process::current(), we now require that they be provided as input to the various VFS functions. This ensures that an atomic set of credentials is used throughout an entire VFS operation.
2022-08-21 14:02:24 +00:00
ErrorOr<NonnullRefPtr<Custody>> resolve_path_without_veil(Credentials const&, StringView path, NonnullRefPtr<Custody> base, RefPtr<Custody>* out_parent = nullptr, int options = 0, int symlink_recursion_level = 0);
FileSystem: Add a Custody class that represents a parent/child guardianship. A custody is kind of a directory entry abstraction that represents a single entry in a parent directory that tells us the name of a child inode. The idea here is for path resolution to produce a chain of custody objects.
2019-05-30 15:46:08 +00:00
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
private:
Kernel: Rename FileDescription => OpenFileDescription Dr. POSIX really calls these "open file description", not just "file description", so let's call them exactly that. :^)
2021-09-07 11:39:11 +00:00
friend class OpenFileDescription;
Lots of hacking to make a very simple "ls" utility. I added a dead-simple malloc that only allows allocations < 4096 bytes. It just forwards the request to mmap() every time. I also added simplified versions of opendir() and readdir().
2018-10-24 10:43:52 +00:00
Kernel: Actually check Process unveil data when creating perfcore dump Before of this patch, we looked at the unveil data of the FinalizerTask, which naturally doesn't have any unveil restrictions, therefore allowing an unveil bypass for a process that enabled performance coredumps. To ensure we always check the dumped process unveil data, an option to pass a Process& has been added to a couple of methods in the class of VirtualFileSystem.
2023-03-04 18:01:54 +00:00
UnveilNode const& find_matching_unveiled_path(Process const&, StringView path);
ErrorOr<void> validate_path_against_process_veil(Process const&, StringView path, int options);
ErrorOr<void> validate_path_against_process_veil(Process const& process, Custody const& custody, int options);
Kernel: Replace KResult and KResultOr<T> with Error and ErrorOr<T> We now use AK::Error and AK::ErrorOr<T> in both kernel and userspace! This was a slightly tedious refactoring that took a long time, so it's not unlikely that some bugs crept in. Nevertheless, it does pass basic functionality testing, and it's just real nice to finally see the same pattern in all contexts. :^)
2021-11-07 23:51:39 +00:00
ErrorOr<void> validate_path_against_process_veil(Custody const& path, int options);
ErrorOr<void> validate_path_against_process_veil(StringView path, int options);
Kernel: Add a basic implementation of unveil() This syscall is a complement to pledge() and adds the same sort of incremental relinquishing of capabilities for filesystem access. The first call to unveil() will "drop a veil" on the process, and from now on, only unveiled parts of the filesystem are visible to it. Each call to unveil() specifies a path to either a directory or a file along with permissions for that path. The permissions are a combination of the following: - r: Read access (like the "rpath" promise) - w: Write access (like the "wpath" promise) - x: Execute access - c: Create/remove access (like the "cpath" promise) Attempts to open a path that has not been unveiled with fail with ENOENT. If the unveiled path lacks sufficient permissions, it will fail with EACCES. Like pledge(), subsequent calls to unveil() with the same path can only remove permissions, not add them. Once you call unveil(nullptr, nullptr), the veil is locked, and it's no longer possible to unveil any more paths for the process, ever. This concept comes from OpenBSD, and their implementation does various things differently, I'm sure. This is just a first implementation for SerenityOS, and we'll keep improving on it as we go. :^)
2020-01-20 21:12:04 +00:00
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
ErrorOr<void> add_file_system_to_mount_table(FileSystem& file_system, Custody& mount_point, int flags);
Rename: VirtualFileSystem -> VFS VirtualFileSystem::Node -> Vnode
2018-11-15 13:43:10 +00:00
bool is_vfs_root(InodeIdentifier) const;
Kernel: Make Inode::traverse_as_directory() callback return ErrorOr This allows us to propagate errors from inside the callback with TRY().
2021-11-10 14:42:39 +00:00
ErrorOr<void> traverse_directory_inode(Inode&, Function<ErrorOr<void>(FileSystem::DirectoryEntryView const&)>);
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Kernel/VFS: Check that mount-point is not in use Before committing the mount, verify that this host i-node is not already a mount-point.
2022-08-10 15:50:23 +00:00
bool mount_point_exists_at_inode(InodeIdentifier inode);
Kernel: Use RefPtr instead of LockRefPtr for Custody By protecting all the RefPtr<Custody> objects that may be accessed from multiple threads at the same time (with spinlocks), we remove the need for using LockRefPtr<Custody> (which is basically a RefPtr with a built-in spinlock.)
2022-08-20 23:04:35 +00:00
// FIXME: These functions are totally unsafe as someone could unmount the returned Mount underneath us.
A pass of style/naming cleanup in VFS.
2018-11-15 14:10:12 +00:00
Mount* find_mount_for_host(InodeIdentifier);
Mount* find_mount_for_guest(InodeIdentifier);
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
Kernel: Switch LockRefPtr<Inode> to RefPtr<Inode> The main place where this is a little iffy is in RAMFS where inodes have a LockWeakPtr to their parent inode. I've left that as a LockWeakPtr for now.
2023-03-07 11:25:00 +00:00
RefPtr<Inode> m_root_inode;
Kernel: Use ProtectedValue for VirtualFileSystem::m_mounts This is what VirtualFileSystem::m_lock was actually guarding, and wrapping it in a ProtectedValue makes it so much more obvious how it all works. :^)
2021-08-15 23:40:19 +00:00
Kernel: Turn lock ranks into template parameters This step would ideally not have been necessary (increases amount of refactoring and templates necessary, which in turn increases build times), but it gives us a couple of nice properties: - SpinlockProtected inside Singleton (a very common combination) can now obtain any lock rank just via the template parameter. It was not previously possible to do this with SingletonInstanceCreator magic. - SpinlockProtected's lock rank is now mandatory; this is the majority of cases and allows us to see where we're still missing proper ranks. - The type already informs us what lock rank a lock has, which aids code readability and (possibly, if gdb cooperates) lock mismatch debugging. - The rank of a lock can no longer be dynamic, which is not something we wanted in the first place (or made use of). Locks randomly changing their rank sounds like a disaster waiting to happen. - In some places, we might be able to statically check that locks are taken in the right order (with the right lock rank checking implementation) as rank information is fully statically known. This refactoring even more exposes the fact that Mutex has no lock rank capabilites, which is not fixed here.
2022-11-09 10:39:58 +00:00
SpinlockProtected<RefPtr<Custody>, LockRank::None> m_root_custody {};
Kernel: Use RefPtr instead of LockRefPtr for Custody By protecting all the RefPtr<Custody> objects that may be accessed from multiple threads at the same time (with spinlocks), we remove the need for using LockRefPtr<Custody> (which is basically a RefPtr with a built-in spinlock.)
2022-08-20 23:04:35 +00:00
Kernel: Turn lock ranks into template parameters This step would ideally not have been necessary (increases amount of refactoring and templates necessary, which in turn increases build times), but it gives us a couple of nice properties: - SpinlockProtected inside Singleton (a very common combination) can now obtain any lock rank just via the template parameter. It was not previously possible to do this with SingletonInstanceCreator magic. - SpinlockProtected's lock rank is now mandatory; this is the majority of cases and allows us to see where we're still missing proper ranks. - The type already informs us what lock rank a lock has, which aids code readability and (possibly, if gdb cooperates) lock mismatch debugging. - The rank of a lock can no longer be dynamic, which is not something we wanted in the first place (or made use of). Locks randomly changing their rank sounds like a disaster waiting to happen. - In some places, we might be able to statically check that locks are taken in the right order (with the right lock rank checking implementation) as rank information is fully statically known. This refactoring even more exposes the fact that Mutex has no lock rank capabilites, which is not fixed here.
2022-11-09 10:39:58 +00:00
SpinlockProtected<IntrusiveList<&Mount::m_vfs_list_node>, LockRank::None> m_mounts {};
Kernel+LibCore+LibC: Split the mount syscall into multiple syscalls This is a preparation before we can create a usable mechanism to use filesystem-specific mount flags. To keep some compatibility with userland code, LibC and LibCore mount functions are kept being usable, but now instead of doing an "atomic" syscall, they do multiple syscalls to perform the complete procedure of mounting a filesystem. The FileBackedFileSystem IntrusiveList in the VFS code is now changed to be protected by a Mutex, because when we mount a new filesystem, we need to check if a filesystem is already created for a given source_fd so we do a scan for that OpenFileDescription in that list. If we fail to find an already-created filesystem we create a new one and register it in the list if we successfully mounted it. We use a Mutex because we might need to initiate disk access during the filesystem creation, which will take other mutexes in other parts of the kernel, therefore making it not possible to take a spinlock while doing this.
2022-12-15 09:42:40 +00:00
// NOTE: The FileBackedFileSystem list is protected by a mutex because we need to scan it
// to search for existing filesystems for already used block devices and therefore when doing
// that we could fail to find a filesystem so we need to create a new filesystem which might
// need to do disk access (i.e. taking Mutexes in other places) and then register that new filesystem
// in this list, to avoid TOCTOU bugs.
MutexProtected<IntrusiveList<&FileBackedFileSystem::m_file_backed_file_system_node>> m_file_backed_file_systems_list {};
Kernel: Turn lock ranks into template parameters This step would ideally not have been necessary (increases amount of refactoring and templates necessary, which in turn increases build times), but it gives us a couple of nice properties: - SpinlockProtected inside Singleton (a very common combination) can now obtain any lock rank just via the template parameter. It was not previously possible to do this with SingletonInstanceCreator magic. - SpinlockProtected's lock rank is now mandatory; this is the majority of cases and allows us to see where we're still missing proper ranks. - The type already informs us what lock rank a lock has, which aids code readability and (possibly, if gdb cooperates) lock mismatch debugging. - The rank of a lock can no longer be dynamic, which is not something we wanted in the first place (or made use of). Locks randomly changing their rank sounds like a disaster waiting to happen. - In some places, we might be able to statically check that locks are taken in the right order (with the right lock rank checking implementation) as rank information is fully statically known. This refactoring even more exposes the fact that Mutex has no lock rank capabilites, which is not fixed here.
2022-11-09 10:39:58 +00:00
SpinlockProtected<IntrusiveList<&FileSystem::m_file_system_node>, LockRank::FileSystem> m_file_systems_list {};
Import all this stuff into a single repo called Serenity.
2018-10-10 09:53:07 +00:00
};
Kernel: Move all code into the Kernel namespace
2020-02-16 00:27:42 +00:00
}
Reference in a new issue Copy permalink