This change makes all the standard library and kernel headers use header
guards with a consistent scheme within the reserved namespace to avoid
conflicts with non-standard-library-implementation code.
Previously, sys_dup() would do dtable->Get() on the passed in-file
descriptor and then pass the result directly to dtable->Allocate(). If
the file descriptor is not valid, dtable->Get() returns a NULL reference
and sets errno to mark the error. Since sys_dup() did not check the
return value of dtable->Get() and dtable->Allocate() does not check
whether the passed in Ref<Descriptor> is a NULL reference, dup(2) with
invalid file descriptor would succesfully allocate a new file descriptor
with garbage contents.
This commit changes sys_dup() to use a variant of dtable->Allocate()
that takes in a file descriptor as an integer and properly validates it
before use.
The .init section for global constructors in the kernel is unused at the
moment as the _init function is never invoked, but its existence means
it got linked at 128 MiB on i686. This address isn't mapped by the
kernel and the bootloader requires the machine to have that much
physical memory. Unfortunately that meant the i686 build didn't work on
machines with less than 129 MiB of memory.
Previously Sortix would initialize SSE unconditionally as part of the
boot process. Since earlier i686 CPUs like Pentium 2 did not include
SSE, Sortix would not run on them. With this SSE is only enabled for
CPUs that include it, which should theoretically allow Sortix to boot on
all i686 CPUs. Additionally, this removes -msse -msse2 compiler flags
from trianglix/Makefile.
This change refactors the Unix socket / pipe backend to have a ring buffer
containing segments, where each segment has an optional leading ancillary
buffer containing control messages followed by a normal data buffer.
The SCM_RIGHTS control message has been implemented which transfers file
descriptors to the receiving process. File descriptors are reference counted
and cycles are prevented using the following restrictions:
1) Unix sockets cannot be sent on themselves (on either end).
2) Unix sockets themselves being sent cannot be sent on.
3) Unix sockets cannot send a Unix socket being sent on.
This is a compatible ABI change.
The file descriptor table now allows reserving room for multiple file
descriptors without assigning their numbers. This functionality means
any error conditions happen up front and the subsequent number
assignment will never fail.
This change uses the new functionality to fix troublesome error handling
when allocating multiple file descriptors. One pty allocation error path
was even wrong.
There were subtle race conditions where one (kernel) thread may have
allocated one file descriptor, and another thread spuciously replaces it
with something else, and then the second file descriptor allocation
failed in the first thread, and it closes the first file descriptor now
pointing to a different file description. This case seems harmless but
it's not a great class of bugs to exist in the first place. The new
behavior means the file descriptions appear in the file descriptor table
without fail and never needs to be cleaned up midway and is certainly
immune to shenangians from other threads.
Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
The idle thread is now actually run when the system is idle because it
truly goes idle. The idle thread is made power efficient by using the hlt
instruction rather than a busy loop.
The new futex(2) system call is used to implement fast user-space mutexes,
condition variables, and semaphores. The same backend and design is used as
kutexes for truly sleeping kernel mutexes and condition variables.
The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex.
Sleeping on clocks in the kernel now uses timers for true sleep.
The interrupt worker thread now truly sleeps when idle.
Kernel threads are now named.
This is a compatible ABI change.
The change 9d29e96c3b "Fix open(2) allowing
opening directories invalidly and check O_TRUNC errors." broke the chmod(2),
chown(2), and utimens(2) system calls on directories, because they can no
longer be opened for writing.
This changes fixes the regression by opening such paths for reading. There
is currently no filesystem permission checks for those system calls. However,
those system calls should check the permissions at the time of the operation
rather than relying on the file having been opened for writing previously.
Among other things, redirecting to a directory will now display an error
as it should.
Also fix a bug when opening /dev/pts: O_WRITE on a directory is a POSIX
violation.