The inline capacity on ThreadEventQueue::Private::queued_events caused
us to reserve (and importantly, not initialize!) 2 KiB of stack memory
when entering ThreadEventQueue::process().
This was causing any leftover pointers to GC-allocated objects within
that memory range to keep those objects alive, even when all other
references were gone.
Problem:
- Many constructors are defined as `{}` rather than using the ` =
default` compiler-provided constructor.
- Some types provide an implicit conversion operator from `nullptr_t`
instead of requiring the caller to default construct. This violates
the C++ Core Guidelines suggestion to declare single-argument
constructors explicit
(https://isocpp.github.io/CppCoreGuidelines/CppCoreGuidelines#c46-by-default-declare-single-argument-constructors-explicit).
Solution:
- Change default constructors to use the compiler-provided default
constructor.
- Remove implicit conversion operators from `nullptr_t` and change
usage to enforce type consistency without conversion.
Problem:
- The implementation of `find` is coupled to the implementation of `Vector`.
- `Vector::find` takes the predicate by value which might be expensive.
Solution:
- Decouple the implementation of `find` from `Vector` by using a
generic `find` algorithm.
- Change the name of `find` with a predicate to `find_if` so that a
binding reference can be used and the predicate can be forwarded to
avoid copies.
- Change all the `find(pred)` call sites to use `find_if`.
This avoids unintentionally adding a newline character at the end of
user passwords when they are set using passwd(1).
I also fixed these two issues:
- The return value of getline() was being saved in an `int` variable
instead of in a `ssize_t` variable; I replaced the `int` keyword with
`auto` to fix this issue.
- Prior to this patch, get_password() could potentially return
tcsetattr()'s errno instead of getline()'s errno in case of an error.
We now make sure it always returns the right errno in case of an error.
This was very obviously racy and would only succeed if we already own
the socket anyway. (And if we do, we can bind to it without unlinking!)
Work towards #4876.
This doesn't solve half of the problems with /tmp/rpc, but this way we
can at least make it sticky instead of having it fully world-writable
and owned by whoever was the first to bind an RPC socket.
Move some more complex globals into a Singleton, which allows it being
used from global destructors. It solves problems where some global
variables, such as HashMaps may already be deleted, triggering crashes
trying to use them.
This allows adding and removing of asynchronous signal handlers while
executing signal handlers, even if it is for the same signal that is
being handled right now.
These changes are arbitrarily divided into multiple commits to make it
easier to find potentially introduced bugs with git bisect.Everything:
The modifications in this commit were automatically made using the
following command:
find . -name '*.cpp' -exec sed -i -E 's/dbg\(\) << ("[^"{]*");/dbgln\(\1\);/' {} \;
This patch moves the user account password hashes from /etc/passwd,
where they were world-readable, to /etc/shadow, where only root can
access them.
The Core::Account class is extended to support both authentication
against, and modification of /etc/shadow.
The default password for "anon" as of this commit is "foo" :^)
We were using the "accept" flag on the event to break out of the
bubbling loop, but this had lasting consequences since all events that
bubbled too far came out looking as if someone had accepted them.
If an event is ignored by everyone, it should appear ignored.
Because ProcFS will refresh the data upon seek to 0, we can re-use
the same file descriptor. This saves us from having to open it every
time, but it also reduces the odds that we are unable to open a new
file descriptor due to low memory conditions.
This patchset makes ProtocolServer stream the downloads to its client
(LibProtocol), and as such changes the download API; a possible
download lifecycle could be as such:
notation = client->server:'>', server->client:'<', pipe activity:'*'
```
> StartDownload(GET, url, headers, {})
< Response(0, fd 8)
* {data, 1024b}
< HeadersBecameAvailable(0, response_headers, 200)
< DownloadProgress(0, 4K, 1024)
* {data, 1024b}
* {data, 1024b}
< DownloadProgress(0, 4K, 2048)
* {data, 1024b}
< DownloadProgress(0, 4K, 1024)
< DownloadFinished(0, true, 4K)
```
Since managing the received file descriptor is a pain, LibProtocol
implements `Download::stream_into(OutputStream)`, which can be used to
stream the download into any given output stream (be it a file, or
memory, or writing stuff with a delay, etc.).
Also, as some of the users of this API require all the downloaded data
upfront, LibProtocol also implements `set_should_buffer_all_input()`,
which causes the download instance to buffer all the data until the
download is complete, and to call the `on_buffered_download_finish`
hook.
This can be used to register a property that maps enum values to certain
strings, e.g.
REGISTER_ENUM_PROPERTY(
property_name, getter, setter, Enum,
{ Enum::Foo, "Foo" },
{ Enum::Bar, "Bar" });
Also use it for REGISTER_SIZE_POLICY_PROPERTY :^)
None of the code using this actually expected the timer to fire right
away, but they would instead call start() on it once they were ready to
accept a timer fire.
Let's make the API behave the way its clients believed it did. :^)
This was a goofy kernel API where you could assign an icon_id (int) to
a process which referred to a global shbuf with a 16x16 icon bitmap
inside it.
Instead of this, programs that want to display a process icon now
retrieve it from the process executable instead.
POSIX allows the default streams (stdin, stdout and stderr) to be
macros, which means that on such systems (musl libc is one) building
Lagom will fail due to the File::std*() names.
Also fix any files that use these identifiers.
This implements a number of changes related to time:
* If a HPET is present, it is now used only as a system timer, unless
the Local APIC timer is used (in which case the HPET timer will not
trigger any interrupts at all).
* If a HPET is present, the current time can now be as accurate as the
chip can be, independently from the system timer. We now query the
HPET main counter for the current time in CPU #0's system timer
interrupt, and use that as a base line. If a high precision time is
queried, that base line is used in combination with quering the HPET
timer directly, which should give a much more accurate time stamp at
the expense of more overhead. For faster time stamps, the more coarse
value based on the last interrupt will be returned. This also means
that any missed interrupts should not cause the time to drift.
* The default system interrupt rate is reduced to about 250 per second.
* Fix calculation of Thread CPU usage by using the amount of ticks they
used rather than the number of times a context switch happened.
* Implement CLOCK_REALTIME_COARSE and CLOCK_MONOTONIC_COARSE and use it
for most cases where precise timestamps are not needed.
Almost everyone using this API actually wanted String instead of a
ByteBuffer anyway, and there were a bunch of slightly different ways
clients would convert to String.
Let's just cut out all the confusion and make it return String. :^)
That's just silly :)
Also fix that one use of read_line() which assumes it will
null-terminated in mount.cpp (this would've blown up if the IODevice was
at EOF and had a line with the same size as max_size).