If we find ourselves with a user-accessible, non-shared Region backed by
a SharedInodeVMObject, that's pretty bad news, so let's just panic the
kernel instead of getting abused.
There might be a better place for this kind of check, so I've added a
FIXME about putting more thought into that.
This was exploitable since the shared flag determines whether inode
permission checks are applied in sys$mprotect().
The bug was pretty hard to spot due to default arguments being used
instead. This patch removes the default arguments to make explicit
at each call site what's being done.
When passing nullptr for either promises or execpromises to pledge(),
the expected behaviour is to not change their current value at all - we
were accidentally resetting them to 0, effectively dropping previously
pledge()'d promises.
We now move the execpromises state into the regular promises, and clear
the execpromises state.
Also make sure to duplicate the promise state on fork.
This fixes an issue where "su" would launch a shell which immediately
crashed due to not having pledged "stdio".
Let's force callers to provide a VM range when allocating a region.
This makes ENOMEM error handling more visible and removes implicit
VM allocation which felt a bit magical.
This tells the kernel that the process wants to use pledge, but without
pledging anything - effectively restricting it to syscalls that don't
require a certain promise. This is part of OpenBSD's pledge() as well,
which served as basis for Serenity's.
We were enabling interrupts too early, before the first context switch to
a thread was complete. This could then trigger another context switch
within the context switch, which lead to a crash.
There is a window between acquiring/releasing the lock with the atomic
variables and subsequently waiting or waking threads. With a single
processor this window was closed by using a critical section, but
this doesn't prevent other processors from running these code paths.
To solve this, set a flag in the WaitQueue while holding m_lock which
determines if threads should be blocked at all.
This broke in add01b3, where Core::Timer::create_single_shot() was
changed to create a stopped timer. Fix it by actually starting the timer
right away ourselves.
Fixes#5111.
...and functions implemented in terms of it: blit_brightened(),
blit_dimmed(), blit_disabled().
In theory, this should stop the window server from asserting when
an application becomes unresponsive, but that feature seems to be
broken for unrelated reasons atm (#5111).
If you tried to move a cursor down when the last row is selected, the
index becomes invalid without updating the selection. On the next
cursor movement the invalid index is then reset to {0, 0}, selecting
the first row instead.
Instead of letting each File subclass do range allocation in their
mmap() override, do it up front in sys$mmap().
This makes us honor alignment requests for file-backed memory mappings
and simplifies the code somwhat.
This is in the else block of a `(source.has_alpha_channel() || opacity != 1.0f)`
conditional, so it's guaranteed that !source.has_alpha_channel() in
here, which means source.format() can't be RGBA32.
No behavior change.
If the source image had no alpha channel we'd ignore opacity < 1.0 and
blit the image as if it was fully opaque.
With this fix, adjusting the opacity of windows with mousewheel while
holding super works in hidpi mode.
Personally, I prefer the naming convention DEBUG_FOO over FOO_DEBUG, but
the majority of the debug macros are already named in the latter naming
convention, so I just enforce consistency here.
This was done with the following script:
find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/DEBUG_PATH/PATH_DEBUG/' {} \;
This was done with the help of several scripts, I dump them here to
easily find them later:
awk '/#ifdef/ { print "#cmakedefine01 "$2 }' AK/Debug.h.in
for debug_macro in $(awk '/#ifdef/ { print $2 }' AK/Debug.h.in)
do
find . \( -name '*.cpp' -o -name '*.h' -o -name '*.in' \) -not -path './Toolchain/*' -not -path './Build/*' -exec sed -i -E 's/#ifdef '$debug_macro'/#if '$debug_macro'/' {} \;
done
# Remember to remove WRAPPER_GERNERATOR_DEBUG from the list.
awk '/#cmake/ { print "set("$2" ON)" }' AK/Debug.h.in
Now we no longer crash on mousewheel over Terminal while holding the
super key. The terminal window doesn't yet correctly become transparent
in hidpi mode (needs more investigation), but it works in LibGfxScaleDemo,
so maybe that's a problem elsewhere.
Also add a FIXME for a pre-existing bug.
Core::IODevice (which Core::File inherits from) does not have a
reasonable way to block for a line. grep was spinning on
IODevice::read_line, passing endless empty strings to the matcher
lambda. Use getline instead, which will at least block in the Kernel for
characters to be available on stdin and only return full lines (or eof)