All threads were running with iomapbase=0 in their TSS, which the CPU
interprets as "there's an I/O permission bitmap starting at offset 0
into my TSS".
Because of that, any bits that were 1 inside the TSS would allow the
thread to execute I/O instructions on the port with that bit index.
Fix this by always setting the iomapbase to sizeof(TSS32), and also
setting the TSS descriptor's limit to sizeof(TSS32), effectively making
the I/O permissions bitmap zero-length.
This should make it no longer possible to do I/O from userspace. :^)
This prevents code running outside of kernel mode from using the
following instructions:
* SGDT - Store Global Descriptor Table
* SIDT - Store Interrupt Descriptor Table
* SLDT - Store Local Descriptor Table
* SMSW - Store Machine Status Word
* STR - Store Task Register
There's no need for userspace to be able to use these instructions so
let's just disable them to prevent information leakage.
Add an option "-A", that will run all of the crash types in the crash
program. In this mode, all crash tests are run in a child process so
that the crash program does not crash.
Crash uses the return status of the child process to ascertain whether
the crash happened as expected.
The tool currently supports drawing an elliptical line of a specified
thickness. Further improvements can include adding a fill mode, and
holding down shift to draw a perfect circle.
Closes#375.
Color themes are loaded from .ini files in /res/themes/
The theme can be switched from the "Themes" section in the system menu.
The basic mechanism is that WindowServer broadcasts a SharedBuffer with
all of the color values of the current theme. Clients receive this with
the response to their initial WindowServer::Greet handshake.
When the theme is changed, WindowServer tells everyone by sending out
an UpdateSystemTheme message with a new SharedBuffer to use.
This does feel somewhat bloated somehow, but I'm sure we can iterate on
it over time and improve things.
To get one of the theme colors, use the Color(SystemColor) constructor:
painter.fill_rect(rect, SystemColor::HoverHighlight);
Some things don't work 100% right without a reboot. Specifically, when
constructing a GWidget, it will set its own background and foreground
colors based on the current SystemColor::Window and SystemColor::Text.
The widget is then stuck with these values, and they don't update on
system theme change, only on app restart.
All in all though, this is pretty cool. Merry Christmas! :^)
This patch introduces the second MenuApplet: Audio. To make this work,
menu applet windows now also receive mouse events.
There's still some problem with mute/unmute via clicking not actually
working, but the call goes from the applet program over IPC to the
AudioServer, where something goes wrong with the state change message.
Need to look at that separately.
Anyways, it's pretty cool to have more applets running in their own
separate processes. :^)
Windows that are being moved around by the user are now called "moving"
windows instead of "dragging" windows, to avoid confusion with the
drag and drop stuff.
This is a tiny bar at the left of the taskbar where you can put
your most used apps to launch them with a single click. In a way,
it's another replacement for the Launcher, in addition to the app
menu. Unlike the launcher and the menu, it's not meant to be the
primary way to launch apps; it's only a faster way to launch a few
most often used utilities.
This patch makes it possible to make memory regions non-readable.
This is enforced using the "present" bit in the page tables.
A process that hits an not-present page fault in a non-readable
region will be crashed.
For services explicitly configured as lazy, SystemServer will now listen
on the socket and only spawn the service once a client attempts to connect
to the socket.
When reaping a child, SystemServer will now match up child's pid with its own
record of the services, and respawn the service if keepalive is enabled for it.
For example, we want to restart the WindowServer if it crashes, but we wouldn't
want to restart the Terminal if it gets closed.
This patch adds "submit" inputs and default (text box) inputs, as well
as form elements that can be submitted.
Layout of input elements is implemented via a new LayoutWidget class
that allows you to put an arbitrary GWidget in the layout tree.
At the moment, the DOM node sets the initial size of the LayoutWidget,
and then the positioning is done by the normal layout algorithm.
We also now support submitting a <form method="GET">, which does a full
replacing load with a URL based on the form's action + a query string
built from the name/value of input elements within the submitted form.
This is pretty neat! :^)
The borders still look very wrong with any border-width other than 1,
but at least we can see that they have the right color, and end up in
mostly the right place :^)
Clicking on this icon toggles the AudioServer muted state.
It currently does not react to muted state changes caused by other
programs, since it has no way of learning about those from AudioServer,
other than performing a synchronous IPC call (GetMuted), which we don't
want to be doing in the WindowServer :^)
This patch adds a[foo] and a[foo=bar] attribute selectors.
Note that an attribute selector is an optional part of a selector
component, and not a component on its own.
The Launcher's functionality has been replaced by the app shortcuts in
the system menu.
There were various window management hacks to ensure that the launcher
stayed below all other windows while also being movable, etc.
The new system directory /res/apps now contains ".af" files describing
applications (name, category, executable path, and icon.)
These are used to populate the system menu with application shortcuts.
This will replace the Launcher app. :^)
Using the default cursor bitmap as the cursor tool icon in HackStudio
was predictably making it impossible to tell if it's the real cursor
or not. Replace it with a color-inverted cursor. :^)
I'll be reconstructing parts of the VisualBuilder application here and
then we can retire VisualBuilder entirely once all the functionality
is available in HackStudio.
When hovering over a C++ token that we have a man page for, we now show
the man page in a tooltip window.
This feels rather bulky at the moment, but the basic mechanism is quite
neat and just needs a bunch of tuning.
In order for this to work nicely, I made the line box classes use float
instead of int for its geometry information.
Justification works by distributing all of the whitespace on the line
(including the trailing whitespace before the line break) evenly across
the spaces in-between words.
We should probably use floating point (or maybe fixed point?) for all
the layout metrics stuff. But one thing at a time. :^)
This patch implements basic support for <a href="#foo"> fragment links.
To figure out where we actually want to scroll to, we have to do
something different based on the layout node's box type. So if it's a
regular LayoutBox we can just use the LayoutBox::position().
However, if it's an inline layout node, we use the position of the
first line box fragment in the containing block contributed by this
layout node or one of its descendants.
It's now possible to set a page background image via <body background>.
Also, HtmlView now officially handles rendering the body element's
background (color, image or both.) LayoutBox is responsible for all
other background rendering.
Note that it's not yet possible to use CSS background-image properties
directly, since we can't parse them yet. :^)
This is currently very aggressive. Whenever the Document's hovered node
changes, we invalidate all style and do a full relayout.
It does look cool though. So cool that I'm adding it to the default
stylesheet. :^)
This patch adds the CharacterData subclass of Node, which is now the
parent class of Text and a new Comment class.
A Comment node is one of these in HTML: <!--hello friends-->
Since these occur somewhat frequently on the web, we need to be able
to parse them.
This patch also adds a child rejection mechanism to the DOM tree.
Nodes can now override is_child_allowed(Node) and return false if they
don't want a particular Node to become a child of theirs. This is used
to prevent Document from taking on unwanted children.
