mirrors/ladybird
1
0
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2025-04-21 20:15:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

Kernel: Handle promise violations in the syscall handler

Browse source 
Previously we would crash the process immediately when a promise
violation was found during a syscall. This is error prone, as we
don't unwind the stack. This means that in certain cases we can
leak resources, like an OwnPtr / RefPtr tracked on the stack. Or
even leak a lock acquired in a ScopeLockLocker.

To remedy this situation we move the promise violation handling to
the syscall handler, right before we return to user space. This
allows the code to follow the normal unwind path, and grantees
there is no longer any cleanup that needs to occur.

The Process::require_promise() and Process::require_no_promises()
functions were modified to return ErrorOr<void> so we enforce that
the errors are always propagated by the caller.
This commit is contained in:
Brian Gianforcaro 2021-12-29 01:11:45 -08:00 committed by Andreas Kling
parent c444a3fc9e
commit 54b9a4ec1e
Notes: sideshowbarker 2024-07-17 21:58:25 +09:00
66 changed files with 156 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
Kernel/Graphics/FramebufferDevice.cpp
View file

@ -29,7 +29,7 @@ NonnullRefPtr<FramebufferDevice> FramebufferDevice::create(const GenericGraphics
ErrorOr<Memory::Region*> FramebufferDevice::mmap(Process& process, OpenFileDescription&, Memory::VirtualRange const& range, u64 offset, int prot, bool shared)
{
process.require_promise(Pledge::video);
TRY(process.require_promise(Pledge::video));
SpinlockLocker lock(m_activation_lock);
if (!shared)
return ENODEV;

2
Kernel/Graphics/GenericFramebufferDevice.cpp
View file

@ -33,7 +33,7 @@ ErrorOr<void> GenericFramebufferDevice::verify_head_index(int head_index) const
ErrorOr<void> GenericFramebufferDevice::ioctl(OpenFileDescription&, unsigned request, Userspace<void*> arg)
{
Process::current().require_promise(Pledge::video);
TRY(Process::current().require_promise(Pledge::video));
switch (request) {
case FB_IOCTL_GET_PROPERTIES: {
auto user_properties = static_ptr_cast<FBProperties*>(arg);

2
Kernel/Graphics/VirtIOGPU/FramebufferDevice.cpp
View file

@ -257,7 +257,7 @@ void FramebufferDevice::set_buffer(int buffer_index)
ErrorOr<Memory::Region*> FramebufferDevice::mmap(Process& process, OpenFileDescription&, Memory::VirtualRange const& range, u64 offset, int prot, bool shared)
{
process.require_promise(Pledge::video);
TRY(process.require_promise(Pledge::video));
if (!shared)
return ENODEV;
if (offset != 0 || !m_framebuffer)

2
Kernel/Net/IPv4Socket.cpp
View file

@ -607,7 +607,7 @@ ErrorOr<void> IPv4Socket::getsockopt(OpenFileDescription& description, int level
ErrorOr<void> IPv4Socket::ioctl(OpenFileDescription&, unsigned request, Userspace<void*> arg)
{
Process::current().require_promise(Pledge::inet);
TRY(Process::current().require_promise(Pledge::inet));
auto ioctl_route = [request, arg]() -> ErrorOr<void> {
auto user_route = static_ptr_cast<rtentry*>(arg);

15
Kernel/Process.cpp
View file

@ -863,26 +863,25 @@ static constexpr StringView to_string(Pledge promise)
VERIFY_NOT_REACHED();
}
void Process::require_no_promises() const
ErrorOr<void> Process::require_no_promises() const
{
if (!has_promises())
return;
return {};
dbgln("Has made a promise");
Process::current().crash(SIGABRT, 0);
VERIFY_NOT_REACHED();
return EPROMISEVIOLATION;
}
void Process::require_promise(Pledge promise)
ErrorOr<void> Process::require_promise(Pledge promise)
{
if (!has_promises())
return;
return {};
if (has_promised(promise))
return;
return {};
dbgln("Has not pledged {}", to_string(promise));
(void)try_set_coredump_property("pledge_violation"sv, to_string(promise));
crash(SIGABRT, 0);
return EPROMISEVIOLATION;
}
}

4
Kernel/Process.h
View file

@ -508,8 +508,8 @@ public:
VirtualAddress signal_trampoline() const { return m_protected_values.signal_trampoline; }
void require_promise(Pledge);
void require_no_promises() const;
ErrorOr<void> require_promise(Pledge);
ErrorOr<void> require_no_promises() const;
private:
friend class MemoryManager;

4
Kernel/Syscall.cpp
View file

@ -234,6 +234,10 @@ NEVER_INLINE void syscall_handler(TrapFrame* trap)
// Check if we're supposed to return to userspace or just die.
current_thread->die_if_needed();
// Crash any processes which have commited a promise violation during syscall handling.
if (result.is_error() && result.error().code() == EPROMISEVIOLATION)
process.crash(SIGABRT, 0);
VERIFY(!g_scheduler_lock.is_locked_by_current_processor());
}

2
Kernel/Syscalls/access.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$access(Userspace<const char*> user_path, size_t path_length, int mode)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
TRY(VirtualFileSystem::the().access(path->view(), mode, current_directory()));
return 0;

2
Kernel/Syscalls/alarm.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$alarm(unsigned seconds)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
unsigned previous_alarm_remaining = 0;
if (m_alarm_timer) {
bool was_in_use = false;

2
Kernel/Syscalls/anon_create.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$anon_create(size_t size, int options)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (!size)
return EINVAL;

6
Kernel/Syscalls/chdir.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$chdir(Userspace<const char*> user_path, size_t path_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
m_cwd = TRY(VirtualFileSystem::the().open_directory(path->view(), current_directory()));
return 0;
@ -22,7 +22,7 @@ ErrorOr<FlatPtr> Process::sys$chdir(Userspace<const char*> user_path, size_t pat
ErrorOr<FlatPtr> Process::sys$fchdir(int fd)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
if (!description->is_directory())
return ENOTDIR;
@ -35,7 +35,7 @@ ErrorOr<FlatPtr> Process::sys$fchdir(int fd)
ErrorOr<FlatPtr> Process::sys$getcwd(Userspace<char*> buffer, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
if (size > NumericLimits<ssize_t>::max())
return EINVAL;

4
Kernel/Syscalls/chmod.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$chmod(Userspace<const char*> user_path, size_t path_length, mode_t mode)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::fattr);
TRY(require_promise(Pledge::fattr));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
TRY(VirtualFileSystem::the().chmod(path->view(), mode, current_directory()));
return 0;
@ -22,7 +22,7 @@ ErrorOr<FlatPtr> Process::sys$chmod(Userspace<const char*> user_path, size_t pat
ErrorOr<FlatPtr> Process::sys$fchmod(int fd, mode_t mode)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::fattr);
TRY(require_promise(Pledge::fattr));
auto description = TRY(fds().open_file_description(fd));
TRY(description->chmod(mode));
return 0;

4
Kernel/Syscalls/chown.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$fchown(int fd, UserID uid, GroupID gid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::chown);
TRY(require_promise(Pledge::chown));
auto description = TRY(fds().open_file_description(fd));
TRY(description->chown(uid, gid));
return 0;
@ -21,7 +21,7 @@ ErrorOr<FlatPtr> Process::sys$fchown(int fd, UserID uid, GroupID gid)
ErrorOr<FlatPtr> Process::sys$chown(Userspace<const Syscall::SC_chown_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::chown);
TRY(require_promise(Pledge::chown));
auto params = TRY(copy_typed_from_user(user_params));
auto path = TRY(get_syscall_path_argument(params.path));
TRY(VirtualFileSystem::the().chown(path->view(), params.uid, params.gid, current_directory()));

10
Kernel/Syscalls/clock.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$map_time_page()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto& vmobject = TimeManagement::the().time_page_vmobject();
@ -25,7 +25,7 @@ ErrorOr<FlatPtr> Process::sys$map_time_page()
ErrorOr<FlatPtr> Process::sys$clock_gettime(clockid_t clock_id, Userspace<timespec*> user_ts)
{
VERIFY_NO_PROCESS_BIG_LOCK(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (!TimeManagement::is_valid_clock_id(clock_id))
return EINVAL;
@ -38,7 +38,7 @@ ErrorOr<FlatPtr> Process::sys$clock_gettime(clockid_t clock_id, Userspace<timesp
ErrorOr<FlatPtr> Process::sys$clock_settime(clockid_t clock_id, Userspace<const timespec*> user_ts)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::settime);
TRY(require_promise(Pledge::settime));
if (!is_superuser())
return EPERM;
@ -58,7 +58,7 @@ ErrorOr<FlatPtr> Process::sys$clock_settime(clockid_t clock_id, Userspace<const
ErrorOr<FlatPtr> Process::sys$clock_nanosleep(Userspace<const Syscall::SC_clock_nanosleep_params*> user_params)
{
VERIFY_NO_PROCESS_BIG_LOCK(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto params = TRY(copy_typed_from_user(user_params));
auto requested_sleep = TRY(copy_time_from_user(params.requested_sleep));
@ -105,7 +105,7 @@ ErrorOr<FlatPtr> Process::sys$adjtime(Userspace<const timeval*> user_delta, User
}
if (user_delta) {
require_promise(Pledge::settime);
TRY(require_promise(Pledge::settime));
if (!is_superuser())
return EPERM;
auto delta = TRY(copy_time_from_user(user_delta));

2
Kernel/Syscalls/disown.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$disown(ProcessID pid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
auto process = Process::from_pid(pid);
if (!process)
return ESRCH;

2
Kernel/Syscalls/dup2.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$dup2(int old_fd, int new_fd)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(old_fd));
if (old_fd == new_fd)
return new_fd;

2
Kernel/Syscalls/execve.cpp
View file

@ -859,7 +859,7 @@ ErrorOr<void> Process::exec(NonnullOwnPtr<KString> path, NonnullOwnPtrVector<KSt
ErrorOr<FlatPtr> Process::sys$execve(Userspace<const Syscall::SC_execve_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::exec);
TRY(require_promise(Pledge::exec));
// NOTE: Be extremely careful with allocating any kernel memory in exec().
// On success, the kernel stack will be lost.

2
Kernel/Syscalls/fcntl.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$fcntl(int fd, int cmd, u32 arg)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
dbgln_if(IO_DEBUG, "sys$fcntl: fd={}, cmd={}, arg={}", fd, cmd, arg);
auto description = TRY(fds().open_file_description(fd));
// NOTE: The FD flags are not shared between OpenFileDescription objects.

2
Kernel/Syscalls/fork.cpp
View file

@ -16,7 +16,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
RefPtr<Thread> child_first_thread;
auto child_name = TRY(m_name->try_clone());
auto child = TRY(Process::try_create(child_first_thread, move(child_name), uid(), gid(), pid(), m_is_kernel_process, m_cwd, m_executable, m_tty, this));

2
Kernel/Syscalls/fsync.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$fsync(int fd)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
TRY(description->sync());
return 0;

2
Kernel/Syscalls/ftruncate.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$ftruncate(int fd, Userspace<off_t const*> userspace_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto length = TRY(copy_typed_from_user(userspace_length));
if (length < 0)
return EINVAL;

2
Kernel/Syscalls/get_dir_entries.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$get_dir_entries(int fd, Userspace<void*> user_buffer, size_t user_size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (user_size > NumericLimits<ssize_t>::max())
return EINVAL;
auto description = TRY(fds().open_file_description(fd));

2
Kernel/Syscalls/getrandom.cpp
View file

@ -16,7 +16,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$getrandom(Userspace<void*> buffer, size_t buffer_size, [[maybe_unused]] unsigned flags)
{
VERIFY_NO_PROCESS_BIG_LOCK(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (buffer_size > NumericLimits<ssize_t>::max())
return EINVAL;

14
Kernel/Syscalls/getuid.cpp
View file

@ -11,35 +11,35 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$getuid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return uid().value();
}
ErrorOr<FlatPtr> Process::sys$getgid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return gid().value();
}
ErrorOr<FlatPtr> Process::sys$geteuid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return euid().value();
}
ErrorOr<FlatPtr> Process::sys$getegid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return egid().value();
}
ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> ruid, Userspace<UserID*> euid, Userspace<UserID*> suid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
TRY(copy_to_user(ruid, &m_protected_values.uid));
TRY(copy_to_user(euid, &m_protected_values.euid));
TRY(copy_to_user(suid, &m_protected_values.suid));
@ -49,7 +49,7 @@ ErrorOr<FlatPtr> Process::sys$getresuid(Userspace<UserID*> ruid, Userspace<UserI
ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> rgid, Userspace<GroupID*> egid, Userspace<GroupID*> sgid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
TRY(copy_to_user(rgid, &m_protected_values.gid));
TRY(copy_to_user(egid, &m_protected_values.egid));
TRY(copy_to_user(sgid, &m_protected_values.sgid));
@ -59,7 +59,7 @@ ErrorOr<FlatPtr> Process::sys$getresgid(Userspace<GroupID*> rgid, Userspace<Grou
ErrorOr<FlatPtr> Process::sys$getgroups(size_t count, Userspace<gid_t*> user_gids)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (!count)
return extra_gids().size();
if (count != extra_gids().size())

4
Kernel/Syscalls/hostname.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$gethostname(Userspace<char*> buffer, size_t size)
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (size > NumericLimits<ssize_t>::max())
return EINVAL;
return hostname().with_shared([&](const auto& name) -> ErrorOr<FlatPtr> {
@ -25,7 +25,7 @@ ErrorOr<FlatPtr> Process::sys$gethostname(Userspace<char*> buffer, size_t size)
ErrorOr<FlatPtr> Process::sys$sethostname(Userspace<const char*> buffer, size_t length)
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_no_promises();
TRY(require_no_promises());
if (!is_superuser())
return EPERM;

4
Kernel/Syscalls/inode_watcher.cpp
View file

@ -16,7 +16,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$create_inode_watcher(u32 flags)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto fd_allocation = TRY(m_fds.allocate());
auto watcher = TRY(InodeWatcher::try_create());
@ -37,7 +37,7 @@ ErrorOr<FlatPtr> Process::sys$create_inode_watcher(u32 flags)
ErrorOr<FlatPtr> Process::sys$inode_watcher_add_watch(Userspace<const Syscall::SC_inode_watcher_add_watch_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto params = TRY(copy_typed_from_user(user_params));
auto description = TRY(fds().open_file_description(params.fd));

4
Kernel/Syscalls/keymap.cpp
View file

@ -14,7 +14,7 @@ constexpr size_t map_name_max_size = 50;
ErrorOr<FlatPtr> Process::sys$setkeymap(Userspace<const Syscall::SC_setkeymap_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this);
require_promise(Pledge::setkeymap);
TRY(require_promise(Pledge::setkeymap));
if (!is_superuser())
return EPERM;
@ -40,7 +40,7 @@ ErrorOr<FlatPtr> Process::sys$setkeymap(Userspace<const Syscall::SC_setkeymap_pa
ErrorOr<FlatPtr> Process::sys$getkeymap(Userspace<const Syscall::SC_getkeymap_params*> user_params)
{
VERIFY_NO_PROCESS_BIG_LOCK(this);
require_promise(Pledge::getkeymap);
TRY(require_promise(Pledge::getkeymap));
auto params = TRY(copy_typed_from_user(user_params));
String keymap_name = HIDManagement::the().keymap_name();

6
Kernel/Syscalls/kill.cpp
View file

@ -99,9 +99,9 @@ ErrorOr<FlatPtr> Process::sys$kill(pid_t pid_or_pgid, int signal)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
if (pid_or_pgid == pid().value())
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
else
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
if (signal < 0 || signal >= 32)
return EINVAL;
@ -130,7 +130,7 @@ ErrorOr<FlatPtr> Process::sys$kill(pid_t pid_or_pgid, int signal)
ErrorOr<FlatPtr> Process::sys$killpg(pid_t pgrp, int signum)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
if (signum < 1 || signum >= 32)
return EINVAL;
if (pgrp < 0)

4
Kernel/Syscalls/link.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$link(Userspace<const Syscall::SC_link_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto params = TRY(copy_typed_from_user(user_params));
auto old_path = TRY(try_copy_kstring_from_user(params.old_path));
auto new_path = TRY(try_copy_kstring_from_user(params.new_path));
@ -24,7 +24,7 @@ ErrorOr<FlatPtr> Process::sys$link(Userspace<const Syscall::SC_link_params*> use
ErrorOr<FlatPtr> Process::sys$symlink(Userspace<const Syscall::SC_symlink_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto params = TRY(copy_typed_from_user(user_params));
auto target = TRY(get_syscall_path_argument(params.target));

2
Kernel/Syscalls/lseek.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$lseek(int fd, Userspace<off_t*> userspace_offset, int whence)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
off_t offset;
TRY(copy_from_user(&offset, userspace_offset));

2
Kernel/Syscalls/mkdir.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$mkdir(Userspace<const char*> user_path, size_t path_length, mode_t mode)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
TRY(VirtualFileSystem::the().mkdir(path->view(), mode & ~umask(), current_directory()));
return 0;

2
Kernel/Syscalls/mknod.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$mknod(Userspace<const Syscall::SC_mknod_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::dpath);
TRY(require_promise(Pledge::dpath));
auto params = TRY(copy_typed_from_user(user_params));
if (!is_superuser() && !is_regular_file(params.mode) && !is_fifo(params.mode) && !is_socket(params.mode))

20
Kernel/Syscalls/mmap.cpp
View file

@ -120,7 +120,7 @@ static bool validate_inode_mmap_prot(const Process& process, int prot, const Ino
ErrorOr<FlatPtr> Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto params = TRY(copy_typed_from_user(user_params));
auto addr = (FlatPtr)params.addr;
@ -132,11 +132,11 @@ ErrorOr<FlatPtr> Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> use
auto offset = params.offset;
if (prot & PROT_EXEC) {
require_promise(Pledge::prot_exec);
TRY(require_promise(Pledge::prot_exec));
}
if (prot & MAP_FIXED || prot & MAP_FIXED_NOREPLACE) {
require_promise(Pledge::map_fixed);
TRY(require_promise(Pledge::map_fixed));
}
if (alignment & ~PAGE_MASK)
@ -253,10 +253,10 @@ ErrorOr<FlatPtr> Process::sys$mmap(Userspace<const Syscall::SC_mmap_params*> use
ErrorOr<FlatPtr> Process::sys$mprotect(Userspace<void*> addr, size_t size, int prot)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (prot & PROT_EXEC) {
require_promise(Pledge::prot_exec);
TRY(require_promise(Pledge::prot_exec));
}
auto range_to_mprotect = TRY(Memory::expand_range_to_page_boundaries(addr.ptr(), size));
@ -395,7 +395,7 @@ ErrorOr<FlatPtr> Process::sys$mprotect(Userspace<void*> addr, size_t size, int p
ErrorOr<FlatPtr> Process::sys$madvise(Userspace<void*> address, size_t size, int advice)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto range_to_madvise = TRY(Memory::expand_range_to_page_boundaries(address.ptr(), size));
@ -426,7 +426,7 @@ ErrorOr<FlatPtr> Process::sys$madvise(Userspace<void*> address, size_t size, int
ErrorOr<FlatPtr> Process::sys$set_mmap_name(Userspace<const Syscall::SC_set_mmap_name_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto params = TRY(copy_typed_from_user(user_params));
if (params.name.length > PATH_MAX)
@ -450,7 +450,7 @@ ErrorOr<FlatPtr> Process::sys$set_mmap_name(Userspace<const Syscall::SC_set_mmap
ErrorOr<FlatPtr> Process::sys$munmap(Userspace<void*> addr, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
TRY(address_space().unmap_mmap_range(addr.vaddr(), size));
return 0;
}
@ -458,7 +458,7 @@ ErrorOr<FlatPtr> Process::sys$munmap(Userspace<void*> addr, size_t size)
ErrorOr<FlatPtr> Process::sys$mremap(Userspace<const Syscall::SC_mremap_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto params = TRY(copy_typed_from_user(user_params));
auto old_range = TRY(Memory::expand_range_to_page_boundaries((FlatPtr)params.old_address, params.old_size));
@ -495,7 +495,7 @@ ErrorOr<FlatPtr> Process::sys$mremap(Userspace<const Syscall::SC_mremap_params*>
ErrorOr<FlatPtr> Process::sys$allocate_tls(Userspace<const char*> initial_data, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (!size || size % PAGE_SIZE != 0)
return EINVAL;

4
Kernel/Syscalls/mount.cpp
View file

@ -21,7 +21,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$mount(Userspace<const Syscall::SC_mount_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_no_promises();
TRY(require_no_promises());
if (!is_superuser())
return EPERM;
@ -120,7 +120,7 @@ ErrorOr<FlatPtr> Process::sys$umount(Userspace<const char*> user_mountpoint, siz
if (!is_superuser())
return EPERM;
require_no_promises();
TRY(require_no_promises());
auto mountpoint = TRY(get_syscall_path_argument(user_mountpoint, mountpoint_length));
auto custody = TRY(VirtualFileSystem::the().resolve_path(mountpoint->view(), current_directory()));

8
Kernel/Syscalls/open.cpp
View file

@ -27,12 +27,12 @@ ErrorOr<FlatPtr> Process::sys$open(Userspace<const Syscall::SC_open_params*> use
return EINVAL;
if (options & O_WRONLY)
require_promise(Pledge::wpath);
TRY(require_promise(Pledge::wpath));
else if (options & O_RDONLY)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
if (options & O_CREAT)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
// Ignore everything except permission bits.
mode &= 0777;
@ -67,7 +67,7 @@ ErrorOr<FlatPtr> Process::sys$open(Userspace<const Syscall::SC_open_params*> use
ErrorOr<FlatPtr> Process::sys$close(int fd)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
auto result = description->close();
m_fds[fd] = {};

2
Kernel/Syscalls/pipe.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$pipe(int pipefd[2], int flags)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (fds().open_count() + 2 > OpenFileDescriptions::max_open())
return EMFILE;
// Reject flags other than O_CLOEXEC, O_NONBLOCK

2
Kernel/Syscalls/poll.cpp
View file

@ -17,7 +17,7 @@ using BlockFlags = Thread::FileBlocker::BlockFlags;
ErrorOr<FlatPtr> Process::sys$poll(Userspace<const Syscall::SC_poll_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto params = TRY(copy_typed_from_user(user_params));

8
Kernel/Syscalls/process.cpp
View file

@ -12,21 +12,21 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$getpid()
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return pid().value();
}
ErrorOr<FlatPtr> Process::sys$getppid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return m_protected_values.ppid.value();
}
ErrorOr<FlatPtr> Process::sys$get_process_name(Userspace<char*> buffer, size_t buffer_size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (m_name->length() + 1 > buffer_size)
return ENAMETOOLONG;
@ -37,7 +37,7 @@ ErrorOr<FlatPtr> Process::sys$get_process_name(Userspace<char*> buffer, size_t b
ErrorOr<FlatPtr> Process::sys$set_process_name(Userspace<const char*> user_name, size_t user_name_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
if (user_name_length > 256)
return ENAMETOOLONG;
auto name = TRY(try_copy_kstring_from_user(user_name, user_name_length));

6
Kernel/Syscalls/profiling.cpp
View file

@ -19,7 +19,7 @@ u64 g_profiling_event_mask;
ErrorOr<FlatPtr> Process::sys$profiling_enable(pid_t pid, u64 event_mask)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_no_promises();
TRY(require_no_promises());
if (pid == -1) {
if (!is_superuser())
@ -69,7 +69,7 @@ ErrorOr<FlatPtr> Process::sys$profiling_enable(pid_t pid, u64 event_mask)
ErrorOr<FlatPtr> Process::sys$profiling_disable(pid_t pid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_no_promises();
TRY(require_no_promises());
if (pid == -1) {
if (!is_superuser())
@ -99,7 +99,7 @@ ErrorOr<FlatPtr> Process::sys$profiling_disable(pid_t pid)
ErrorOr<FlatPtr> Process::sys$profiling_free_buffer(pid_t pid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_no_promises();
TRY(require_no_promises());
if (pid == -1) {
if (!is_superuser())

2
Kernel/Syscalls/ptrace.cpp
View file

@ -159,7 +159,7 @@ static ErrorOr<FlatPtr> handle_ptrace(const Kernel::Syscall::SC_ptrace_params& p
ErrorOr<FlatPtr> Process::sys$ptrace(Userspace<const Syscall::SC_ptrace_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::ptrace);
TRY(require_promise(Pledge::ptrace));
auto params = TRY(copy_typed_from_user(user_params));
return handle_ptrace(params, *this);

2
Kernel/Syscalls/purge.cpp
View file

@ -15,7 +15,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$purge(int mode)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_no_promises();
TRY(require_no_promises());
if (!is_superuser())
return EPERM;
size_t purged_page_count = 0;

6
Kernel/Syscalls/read.cpp
View file

@ -40,7 +40,7 @@ static ErrorOr<void> check_blocked_read(OpenFileDescription* description)
ErrorOr<FlatPtr> Process::sys$readv(int fd, Userspace<const struct iovec*> iov, int iov_count)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (iov_count < 0)
return EINVAL;
@ -74,7 +74,7 @@ ErrorOr<FlatPtr> Process::sys$readv(int fd, Userspace<const struct iovec*> iov,
ErrorOr<FlatPtr> Process::sys$read(int fd, Userspace<u8*> buffer, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (size == 0)
return 0;
if (size > NumericLimits<ssize_t>::max())
@ -91,7 +91,7 @@ ErrorOr<FlatPtr> Process::sys$read(int fd, Userspace<u8*> buffer, size_t size)
ErrorOr<FlatPtr> Process::sys$pread(int fd, Userspace<u8*> buffer, size_t size, Userspace<off_t const*> userspace_offset)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (size == 0)
return 0;
if (size > NumericLimits<ssize_t>::max())

2
Kernel/Syscalls/readlink.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$readlink(Userspace<const Syscall::SC_readlink_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto params = TRY(copy_typed_from_user(user_params));
auto path = TRY(get_syscall_path_argument(params.path));

2
Kernel/Syscalls/realpath.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$realpath(Userspace<const Syscall::SC_realpath_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto params = TRY(copy_typed_from_user(user_params));
auto path = TRY(get_syscall_path_argument(params.path));

2
Kernel/Syscalls/rename.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$rename(Userspace<const Syscall::SC_rename_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto params = TRY(copy_typed_from_user(user_params));
auto old_path = TRY(get_syscall_path_argument(params.old_path));
auto new_path = TRY(get_syscall_path_argument(params.new_path));

2
Kernel/Syscalls/rmdir.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$rmdir(Userspace<const char*> user_path, size_t path_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
TRY(VirtualFileSystem::the().rmdir(path->view(), current_directory()));
return 0;

6
Kernel/Syscalls/sched.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$yield()
{
VERIFY_NO_PROCESS_BIG_LOCK(this);
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
Thread::current()->yield_without_releasing_big_lock();
return 0;
}
@ -19,7 +19,7 @@ ErrorOr<FlatPtr> Process::sys$yield()
ErrorOr<FlatPtr> Process::sys$sched_setparam(int pid, Userspace<const struct sched_param*> user_param)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
auto param = TRY(copy_typed_from_user(user_param));
if (param.sched_priority < THREAD_PRIORITY_MIN || param.sched_priority > THREAD_PRIORITY_MAX)
@ -43,7 +43,7 @@ ErrorOr<FlatPtr> Process::sys$sched_setparam(int pid, Userspace<const struct sch
ErrorOr<FlatPtr> Process::sys$sched_getparam(pid_t pid, Userspace<struct sched_param*> user_param)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
int priority;
{
auto* peer = Thread::current();

4
Kernel/Syscalls/sendfd.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$sendfd(int sockfd, int fd)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::sendfd);
TRY(require_promise(Pledge::sendfd));
auto socket_description = TRY(fds().open_file_description(sockfd));
if (!socket_description->is_socket())
return ENOTSOCK;
@ -32,7 +32,7 @@ ErrorOr<FlatPtr> Process::sys$sendfd(int sockfd, int fd)
ErrorOr<FlatPtr> Process::sys$recvfd(int sockfd, int options)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::recvfd);
TRY(require_promise(Pledge::recvfd));
auto socket_description = TRY(fds().open_file_description(sockfd));
if (!socket_description->is_socket())
return ENOTSOCK;

10
Kernel/Syscalls/setpgid.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$getsid(pid_t pid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
if (pid == 0)
return sid().value();
auto process = Process::from_pid(pid);
@ -27,7 +27,7 @@ ErrorOr<FlatPtr> Process::sys$getsid(pid_t pid)
ErrorOr<FlatPtr> Process::sys$setsid()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
InterruptDisabler disabler;
bool found_process_with_same_pgid_as_my_pid = false;
Process::for_each_in_pgrp(pid().value(), [&](auto&) {
@ -48,7 +48,7 @@ ErrorOr<FlatPtr> Process::sys$setsid()
ErrorOr<FlatPtr> Process::sys$getpgid(pid_t pid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
if (pid == 0)
return pgid().value();
auto process = Process::from_pid(pid);
@ -60,7 +60,7 @@ ErrorOr<FlatPtr> Process::sys$getpgid(pid_t pid)
ErrorOr<FlatPtr> Process::sys$getpgrp()
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return pgid().value();
}
@ -80,7 +80,7 @@ SessionID Process::get_sid_from_pgid(ProcessGroupID pgid)
ErrorOr<FlatPtr> Process::sys$setpgid(pid_t specified_pid, pid_t specified_pgid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
ProcessID pid = specified_pid ? ProcessID(specified_pid) : this->pid();
if (specified_pgid < 0) {
// The value of the pgid argument is less than 0, or is not a value supported by the implementation.

16
Kernel/Syscalls/setuid.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_euid == (uid_t)-1)
return EINVAL;
@ -31,7 +31,7 @@ ErrorOr<FlatPtr> Process::sys$seteuid(UserID new_euid)
ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_egid == (uid_t)-1)
return EINVAL;
@ -50,7 +50,7 @@ ErrorOr<FlatPtr> Process::sys$setegid(GroupID new_egid)
ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_uid == (uid_t)-1)
return EINVAL;
@ -71,7 +71,7 @@ ErrorOr<FlatPtr> Process::sys$setuid(UserID new_uid)
ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_gid == (uid_t)-1)
return EINVAL;
@ -92,7 +92,7 @@ ErrorOr<FlatPtr> Process::sys$setgid(GroupID new_gid)
ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_ruid == (uid_t)-1)
new_ruid = uid();
@ -118,7 +118,7 @@ ErrorOr<FlatPtr> Process::sys$setreuid(UserID new_ruid, UserID new_euid)
ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID new_suid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_ruid == (uid_t)-1)
new_ruid = uid();
@ -144,7 +144,7 @@ ErrorOr<FlatPtr> Process::sys$setresuid(UserID new_ruid, UserID new_euid, UserID
ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, GroupID new_sgid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (new_rgid == (gid_t)-1)
new_rgid = gid();
@ -170,7 +170,7 @@ ErrorOr<FlatPtr> Process::sys$setresgid(GroupID new_rgid, GroupID new_egid, Grou
ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<const gid_t*> user_gids)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::id);
TRY(require_promise(Pledge::id));
if (!is_superuser())
return EPERM;

12
Kernel/Syscalls/sigaction.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$sigprocmask(int how, Userspace<const sigset_t*> set, Userspace<sigset_t*> old_set)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::sigaction);
TRY(require_promise(Pledge::sigaction));
auto* current_thread = Thread::current();
u32 previous_signal_mask;
if (set) {
@ -44,7 +44,7 @@ ErrorOr<FlatPtr> Process::sys$sigprocmask(int how, Userspace<const sigset_t*> se
ErrorOr<FlatPtr> Process::sys$sigpending(Userspace<sigset_t*> set)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto pending_signals = Thread::current()->pending_signals();
TRY(copy_to_user(set, &pending_signals));
return 0;
@ -53,7 +53,7 @@ ErrorOr<FlatPtr> Process::sys$sigpending(Userspace<sigset_t*> set)
ErrorOr<FlatPtr> Process::sys$sigaction(int signum, Userspace<const sigaction*> user_act, Userspace<sigaction*> user_old_act)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::sigaction);
TRY(require_promise(Pledge::sigaction));
if (signum < 1 || signum >= 32 || signum == SIGKILL || signum == SIGSTOP)
return EINVAL;
@ -76,7 +76,7 @@ ErrorOr<FlatPtr> Process::sys$sigaction(int signum, Userspace<const sigaction*>
ErrorOr<FlatPtr> Process::sys$sigreturn([[maybe_unused]] RegisterState& registers)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
SmapDisabler disabler;
#if ARCH(I386)
@ -258,7 +258,7 @@ ErrorOr<void> Process::remap_range_as_stack(FlatPtr address, size_t size)
ErrorOr<FlatPtr> Process::sys$sigaltstack(Userspace<const stack_t*> user_ss, Userspace<stack_t*> user_old_ss)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::sigaction);
TRY(require_promise(Pledge::sigaction));
if (user_old_ss) {
stack_t old_ss_value {};
@ -307,7 +307,7 @@ ErrorOr<FlatPtr> Process::sys$sigaltstack(Userspace<const stack_t*> user_ss, Use
ErrorOr<FlatPtr> Process::sys$sigtimedwait(Userspace<const sigset_t*> set, Userspace<siginfo_t*> info, Userspace<const timespec*> timeout)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::sigaction);
TRY(require_promise(Pledge::sigaction));
sigset_t set_value;
TRY(copy_from_user(&set_value, set));

12
Kernel/Syscalls/socket.cpp
View file

@ -14,9 +14,9 @@ namespace Kernel {
#define REQUIRE_PROMISE_FOR_SOCKET_DOMAIN(domain) \
do { \
if (domain == AF_INET) \
require_promise(Pledge::inet); \
TRY(require_promise(Pledge::inet)); \
else if (domain == AF_LOCAL) \
require_promise(Pledge::unix); \
TRY(require_promise(Pledge::unix)); \
} while (0)
void Process::setup_socket_fd(int fd, NonnullRefPtr<OpenFileDescription> description, int type)
@ -76,7 +76,7 @@ ErrorOr<FlatPtr> Process::sys$listen(int sockfd, int backlog)
ErrorOr<FlatPtr> Process::sys$accept4(Userspace<const Syscall::SC_accept4_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::accept);
TRY(require_promise(Pledge::accept));
auto params = TRY(copy_typed_from_user(user_params));
int accepting_socket_fd = params.sockfd;
@ -146,7 +146,7 @@ ErrorOr<FlatPtr> Process::sys$connect(int sockfd, Userspace<const sockaddr*> use
ErrorOr<FlatPtr> Process::sys$shutdown(int sockfd, int how)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (how & ~SHUT_RDWR)
return EINVAL;
auto description = TRY(fds().open_file_description(sockfd));
@ -161,7 +161,7 @@ ErrorOr<FlatPtr> Process::sys$shutdown(int sockfd, int how)
ErrorOr<FlatPtr> Process::sys$sendmsg(int sockfd, Userspace<const struct msghdr*> user_msg, int flags)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto msg = TRY(copy_typed_from_user(user_msg));
if (msg.msg_iovlen != 1)
@ -189,7 +189,7 @@ ErrorOr<FlatPtr> Process::sys$sendmsg(int sockfd, Userspace<const struct msghdr*
ErrorOr<FlatPtr> Process::sys$recvmsg(int sockfd, Userspace<struct msghdr*> user_msg, int flags)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
struct msghdr msg;
TRY(copy_from_user(&msg, user_msg));

4
Kernel/Syscalls/stat.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$fstat(int fd, Userspace<stat*> user_statbuf)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
auto buffer = TRY(description->stat());
TRY(copy_to_user(user_statbuf, &buffer));
@ -24,7 +24,7 @@ ErrorOr<FlatPtr> Process::sys$fstat(int fd, Userspace<stat*> user_statbuf)
ErrorOr<FlatPtr> Process::sys$stat(Userspace<const Syscall::SC_stat_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto params = TRY(copy_typed_from_user(user_params));
auto path = TRY(get_syscall_path_argument(params.path));

4
Kernel/Syscalls/statvfs.cpp
View file

@ -40,7 +40,7 @@ ErrorOr<FlatPtr> Process::do_statvfs(FileSystem const& fs, Custody const* custod
ErrorOr<FlatPtr> Process::sys$statvfs(Userspace<const Syscall::SC_statvfs_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::rpath);
TRY(require_promise(Pledge::rpath));
auto params = TRY(copy_typed_from_user(user_params));
auto path = TRY(get_syscall_path_argument(params.path));
@ -55,7 +55,7 @@ ErrorOr<FlatPtr> Process::sys$statvfs(Userspace<const Syscall::SC_statvfs_params
ErrorOr<FlatPtr> Process::sys$fstatvfs(int fd, statvfs* buf)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto description = TRY(fds().open_file_description(fd));
auto const* inode = description->inode();

2
Kernel/Syscalls/sync.cpp
View file

@ -12,7 +12,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$sync()
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
VirtualFileSystem::sync();
return 0;
}

21
Kernel/Syscalls/thread.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$create_thread(void* (*entry)(void*), Userspace<const Syscall::SC_create_thread_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
TRY(require_promise(Pledge::thread));
auto params = TRY(copy_typed_from_user(user_params));
unsigned detach_state = params.detach_state;
@ -74,7 +74,12 @@ ErrorOr<FlatPtr> Process::sys$create_thread(void* (*entry)(void*), Userspace<con
void Process::sys$exit_thread(Userspace<void*> exit_value, Userspace<void*> stack_location, size_t stack_size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
auto result = require_promise(Pledge::thread);
if (result.is_error()) {
// Crash now, as we will never reach back to the syscall handler.
crash(SIGABRT, 0);
}
if (this->thread_count() == 1) {
// If this is the last thread, instead kill the process.
@ -98,7 +103,7 @@ void Process::sys$exit_thread(Userspace<void*> exit_value, Userspace<void*> stac
ErrorOr<FlatPtr> Process::sys$detach_thread(pid_t tid)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
TRY(require_promise(Pledge::thread));
auto thread = Thread::from_tid(tid);
if (!thread || thread->pid() != pid())
return ESRCH;
@ -113,7 +118,7 @@ ErrorOr<FlatPtr> Process::sys$detach_thread(pid_t tid)
ErrorOr<FlatPtr> Process::sys$join_thread(pid_t tid, Userspace<void**> exit_value)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
TRY(require_promise(Pledge::thread));
auto thread = Thread::from_tid(tid);
if (!thread || thread->pid() != pid())
@ -148,7 +153,7 @@ ErrorOr<FlatPtr> Process::sys$join_thread(pid_t tid, Userspace<void**> exit_valu
ErrorOr<FlatPtr> Process::sys$kill_thread(pid_t tid, int signal)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
TRY(require_promise(Pledge::thread));
if (signal < 0 || signal >= 32)
return EINVAL;
@ -166,7 +171,7 @@ ErrorOr<FlatPtr> Process::sys$kill_thread(pid_t tid, int signal)
ErrorOr<FlatPtr> Process::sys$set_thread_name(pid_t tid, Userspace<const char*> user_name, size_t user_name_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto name = TRY(try_copy_kstring_from_user(user_name, user_name_length));
@ -185,7 +190,7 @@ ErrorOr<FlatPtr> Process::sys$set_thread_name(pid_t tid, Userspace<const char*>
ErrorOr<FlatPtr> Process::sys$get_thread_name(pid_t tid, Userspace<char*> buffer, size_t buffer_size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::thread);
TRY(require_promise(Pledge::thread));
if (buffer_size == 0)
return EINVAL;
@ -212,7 +217,7 @@ ErrorOr<FlatPtr> Process::sys$get_thread_name(pid_t tid, Userspace<char*> buffer
ErrorOr<FlatPtr> Process::sys$gettid()
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
return Thread::current()->tid().value();
}

2
Kernel/Syscalls/times.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$times(Userspace<tms*> user_times)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
tms times = {};
times.tms_utime = m_ticks_in_user;
times.tms_stime = m_ticks_in_kernel;

4
Kernel/Syscalls/ttyname.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$ttyname(int fd, Userspace<char*> buffer, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::tty);
TRY(require_promise(Pledge::tty));
auto description = TRY(fds().open_file_description(fd));
if (!description->is_tty())
return ENOTTY;
@ -28,7 +28,7 @@ ErrorOr<FlatPtr> Process::sys$ttyname(int fd, Userspace<char*> buffer, size_t si
ErrorOr<FlatPtr> Process::sys$ptsname(int fd, Userspace<char*> buffer, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::tty);
TRY(require_promise(Pledge::tty));
auto description = TRY(fds().open_file_description(fd));
auto* master_pty = description->master_pty();
if (!master_pty)

2
Kernel/Syscalls/umask.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$umask(mode_t mask)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
auto old_mask = m_protected_values.umask;
ProtectedDataMutationScope scope { *this };
m_protected_values.umask = mask & 0777;

2
Kernel/Syscalls/uname.cpp
View file

@ -11,7 +11,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$uname(Userspace<utsname*> user_buf)
{
VERIFY_NO_PROCESS_BIG_LOCK(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
utsname buf {};
memcpy(buf.sysname, "SerenityOS", 11);

2
Kernel/Syscalls/unlink.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$unlink(Userspace<const char*> user_path, size_t path_length)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::cpath);
TRY(require_promise(Pledge::cpath));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
TRY(VirtualFileSystem::the().unlink(path->view(), current_directory()));
return 0;

2
Kernel/Syscalls/utime.cpp
View file

@ -13,7 +13,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$utime(Userspace<const char*> user_path, size_t path_length, Userspace<const struct utimbuf*> user_buf)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::fattr);
TRY(require_promise(Pledge::fattr));
auto path = TRY(get_syscall_path_argument(user_path, path_length));
utimbuf buf;
if (user_buf) {

2
Kernel/Syscalls/waitid.cpp
View file

@ -22,7 +22,7 @@ ErrorOr<siginfo_t> Process::do_waitid(Variant<Empty, NonnullRefPtr<Process>, Non
ErrorOr<FlatPtr> Process::sys$waitid(Userspace<const Syscall::SC_waitid_params*> user_params)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::proc);
TRY(require_promise(Pledge::proc));
auto params = TRY(copy_typed_from_user(user_params));
Variant<Empty, NonnullRefPtr<Process>, NonnullRefPtr<ProcessGroup>> waitee;

4
Kernel/Syscalls/write.cpp
View file

@ -14,7 +14,7 @@ namespace Kernel {
ErrorOr<FlatPtr> Process::sys$writev(int fd, Userspace<const struct iovec*> iov, int iov_count)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (iov_count < 0)
return EINVAL;
@ -90,7 +90,7 @@ ErrorOr<FlatPtr> Process::do_write(OpenFileDescription& description, const UserO
ErrorOr<FlatPtr> Process::sys$write(int fd, Userspace<const u8*> data, size_t size)
{
VERIFY_PROCESS_BIG_LOCK_ACQUIRED(this)
require_promise(Pledge::stdio);
TRY(require_promise(Pledge::stdio));
if (size == 0)
return 0;
if (size > NumericLimits<ssize_t>::max())

2
Kernel/TTY/MasterPTY.cpp
View file

@ -122,7 +122,7 @@ ErrorOr<void> MasterPTY::close()
ErrorOr<void> MasterPTY::ioctl(OpenFileDescription& description, unsigned request, Userspace<void*> arg)
{
Process::current().require_promise(Pledge::tty);
TRY(Process::current().require_promise(Pledge::tty));
if (!m_slave)
return EIO;
if (request == TIOCSWINSZ || request == TIOCGPGRP)

2
Kernel/TTY/TTY.cpp
View file

@ -475,7 +475,7 @@ ErrorOr<void> TTY::set_termios(const termios& t)
ErrorOr<void> TTY::ioctl(OpenFileDescription&, unsigned request, Userspace<void*> arg)
{
auto& current_process = Process::current();
current_process.require_promise(Pledge::tty);
TRY(current_process.require_promise(Pledge::tty));
#if 0
// FIXME: When should we block things?
// How do we make this work together with MasterPTY forwarding to us?