system/serenity
system/serenity
1
0
Fork 0
mirror of https://github.com/SerenityOS/serenity synced 2024-07-21 18:15:58 +00:00
Code Issues Actions 7 Packages Projects Releases Wiki Activity

AK+Kernel: OOM-harden most parts of Trie

Browse source 
The only part of Unveil that can't handle OOM gracefully is the
String::formatted() use in the node metadata.
This commit is contained in:
Ali Mohammad Pur 2022-02-14 16:49:53 +03:30 committed by Idan Horowitz
parent 80e6198563
commit a1cb2c371a
9 changed files with 145 additions and 99 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

171
AK/Trie.h
View file

@ -6,6 +6,7 @@
#pragma once
#include <AK/Concepts.h>
#include <AK/Forward.h>
#include <AK/HashMap.h>
#include <AK/OwnPtr.h>
@ -29,62 +30,6 @@ template<typename DeclaredBaseType, typename DefaultBaseType, typename ValueType
class Trie {
using BaseType = typename SubstituteIfVoid<DeclaredBaseType, DefaultBaseType>::Type;
class ConstIterator {
public:
static ConstIterator end() { return {}; }
bool operator==(const ConstIterator& other) const { return m_current_node == other.m_current_node; }
const BaseType& operator*() const { return static_cast<const BaseType&>(*m_current_node); }
const BaseType* operator->() const { return static_cast<const BaseType*>(m_current_node); }
void operator++() { skip_to_next(); }
explicit ConstIterator(const Trie& node)
{
m_current_node = &node;
// FIXME: Figure out how to OOM harden this iterator.
MUST(m_state.try_empend(false, node.m_children.begin(), node.m_children.end()));
}
private:
void skip_to_next()
{
auto& current_state = m_state.last();
if (current_state.did_generate_root)
++current_state.it;
else
current_state.did_generate_root = true;
if (current_state.it == current_state.end)
return pop_and_get_next();
m_current_node = &*(*current_state.it).value;
// FIXME: Figure out how to OOM harden this iterator.
MUST(m_state.try_empend(false, m_current_node->m_children.begin(), m_current_node->m_children.end()));
}
void pop_and_get_next()
{
m_state.take_last();
if (m_state.is_empty()) {
m_current_node = nullptr;
return;
}
skip_to_next();
}
ConstIterator() = default;
struct State {
bool did_generate_root { false };
typename HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits>::ConstIteratorType it;
typename HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits>::ConstIteratorType end;
};
Vector<State> m_state;
const Trie* m_current_node { nullptr };
};
public:
using MetadataType = MetadataT;
@ -127,48 +72,56 @@ public:
Optional<MetadataType> metadata() const requires(!IsNullPointer<MetadataType>) { return m_metadata; }
void set_metadata(MetadataType metadata) requires(!IsNullPointer<MetadataType>) { m_metadata = move(metadata); }
const MetadataType& metadata_value() const requires(!IsNullPointer<MetadataType>) { return m_metadata.value(); }
MetadataType& metadata_value() requires(!IsNullPointer<MetadataType>) { return m_metadata.value(); }
const ValueType& value() const { return m_value; }
ValueType& value() { return m_value; }
Trie& ensure_child(ValueType value, Optional<MetadataType> metadata = {})
ErrorOr<Trie*> ensure_child(ValueType value, Optional<MetadataType> metadata = {})
{
auto it = m_children.find(value);
if (it == m_children.end()) {
auto node = adopt_nonnull_own_or_enomem(new (nothrow) Trie(value, move(metadata))).release_value_but_fixme_should_propagate_errors();
auto node = TRY(adopt_nonnull_own_or_enomem(new (nothrow) Trie(value, move(metadata))));
auto& node_ref = *node;
m_children.set(move(value), move(node));
return static_cast<BaseType&>(node_ref);
TRY(m_children.try_set(move(value), move(node)));
return &static_cast<BaseType&>(node_ref);
}
auto& node_ref = *it->value;
if (metadata.has_value())
node_ref.m_metadata = move(metadata);
return static_cast<BaseType&>(node_ref);
return &static_cast<BaseType&>(node_ref);
}
template<typename It, typename ProvideMetadataFunction>
BaseType& insert(
ErrorOr<BaseType*> insert(
It& it, const It& end, MetadataType metadata, ProvideMetadataFunction provide_missing_metadata) requires(!IsNullPointer<MetadataType>)
{
Trie* last_root_node = &traverse_until_last_accessible_node(it, end);
auto invoke_provide_missing_metadata = [&]<typename... Ts>(Ts && ... args)->ErrorOr<Optional<MetadataType>>
{
if constexpr (SameAs<MetadataType, decltype(provide_missing_metadata(forward<Ts>(args)...))>)
return Optional<MetadataType>(provide_missing_metadata(forward<Ts>(args)...));
else
return provide_missing_metadata(forward<Ts>(args)...);
};
for (; it != end; ++it)
last_root_node = static_cast<Trie*>(&last_root_node->ensure_child(*it, provide_missing_metadata(static_cast<BaseType&>(*last_root_node), it)));
last_root_node = static_cast<Trie*>(TRY(last_root_node->ensure_child(*it, TRY(invoke_provide_missing_metadata(static_cast<BaseType&>(*last_root_node), it)))));
last_root_node->set_metadata(move(metadata));
return static_cast<BaseType&>(*last_root_node);
return static_cast<BaseType*>(last_root_node);
}
template<typename It>
BaseType& insert(It& it, const It& end) requires(IsNullPointer<MetadataType>)
ErrorOr<BaseType*> insert(It& it, const It& end) requires(IsNullPointer<MetadataType>)
{
Trie* last_root_node = &traverse_until_last_accessible_node(it, end);
for (; it != end; ++it)
last_root_node = static_cast<Trie*>(&last_root_node->ensure_child(*it, {}));
return static_cast<BaseType&>(*last_root_node);
last_root_node = static_cast<Trie*>(TRY(last_root_node->ensure_child(*it, {})));
return static_cast<BaseType*>(last_root_node);
}
template<typename It, typename ProvideMetadataFunction>
BaseType& insert(
ErrorOr<BaseType*> insert(
const It& begin, const It& end, MetadataType metadata, ProvideMetadataFunction provide_missing_metadata) requires(!IsNullPointer<MetadataType>)
{
auto it = begin;
@ -176,7 +129,7 @@ public:
}
template<typename It>
BaseType& insert(const It& begin, const It& end) requires(IsNullPointer<MetadataType>)
ErrorOr<BaseType*> insert(const It& begin, const It& end) requires(IsNullPointer<MetadataType>)
{
auto it = begin;
return insert(it, end);
@ -185,21 +138,91 @@ public:
HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits>& children() { return m_children; }
HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits> const& children() const { return m_children; }
ConstIterator begin() const { return ConstIterator(*this); }
ConstIterator end() const { return ConstIterator::end(); }
template<typename Fn>
ErrorOr<void> for_each_node_in_tree_order(Fn callback) const
{
struct State {
bool did_generate_root { false };
typename HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits>::ConstIteratorType it;
typename HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits>::ConstIteratorType end;
};
Vector<State> state;
TRY(state.try_empend(false, m_children.begin(), m_children.end()));
auto invoke = [&](auto& current_node) -> ErrorOr<IterationDecision> {
if constexpr (VoidFunction<Fn, const BaseType&>) {
callback(static_cast<const BaseType&>(current_node));
return IterationDecision::Continue;
} else if constexpr (IsSpecializationOf<decltype(callback(declval<const BaseType&>())), ErrorOr>) {
return callback(static_cast<const BaseType&>(current_node));
} else if constexpr (IteratorFunction<Fn, const BaseType&>) {
return callback(static_cast<const BaseType&>(current_node));
} else {
static_assert(DependentFalse<Fn>, "Invalid iterator function type signature");
}
return IterationDecision::Continue;
};
for (auto* current_node = this; current_node != nullptr;) {
if (TRY(invoke(*current_node)) == IterationDecision::Break)
break;
TRY(skip_to_next_iterator(state, current_node));
}
return {};
}
[[nodiscard]] bool is_empty() const { return m_children.is_empty(); }
void clear() { m_children.clear(); }
BaseType deep_copy()
ErrorOr<BaseType> deep_copy()
{
Trie root(m_value, m_metadata);
Trie root(m_value, TRY(copy_metadata(m_metadata)));
for (auto& it : m_children)
root.m_children.set(it.key, adopt_nonnull_own_or_enomem(new (nothrow) Trie(it.value->deep_copy())).release_value_but_fixme_should_propagate_errors());
TRY(root.m_children.try_set(it.key, TRY(adopt_nonnull_own_or_enomem(new (nothrow) Trie(TRY(it.value->deep_copy()))))));
return static_cast<BaseType&&>(move(root));
}
private:
static ErrorOr<Optional<MetadataType>> copy_metadata(Optional<MetadataType> const& metadata)
{
if (!metadata.has_value())
return Optional<MetadataType> {};
if constexpr (requires(MetadataType t) { { t.copy() } -> SpecializationOf<ErrorOr>; })
return Optional<MetadataType> { TRY(metadata->copy()) };
#ifndef KERNEL
else
return Optional<MetadataType> { MetadataType(metadata.value()) };
#endif
}
static ErrorOr<void> skip_to_next_iterator(auto& state, auto& current_node)
{
auto& current_state = state.last();
if (current_state.did_generate_root)
++current_state.it;
else
current_state.did_generate_root = true;
if (current_state.it == current_state.end)
return pop_and_get_next_iterator(state, current_node);
current_node = &*(*current_state.it).value;
TRY(state.try_empend(false, current_node->m_children.begin(), current_node->m_children.end()));
return {};
}
static ErrorOr<void> pop_and_get_next_iterator(auto& state, auto& current_node)
{
state.take_last();
if (state.is_empty()) {
current_node = nullptr;
return {};
}
return skip_to_next_iterator(state, current_node);
}
ValueType m_value;
Optional<MetadataType> m_metadata;
HashMap<ValueType, NonnullOwnPtr<Trie>, ValueTraits> m_children;

24
Kernel/FileSystem/UnveilNode.h
View file

@ -24,9 +24,29 @@ enum UnveilAccess {
struct UnveilNode;
struct UnveilMetadata {
String full_path;
NonnullOwnPtr<KString> full_path;
UnveilAccess permissions { None };
bool explicitly_unveiled { false };
UnveilMetadata(UnveilMetadata const&) = delete;
UnveilMetadata(UnveilMetadata&&) = default;
// Note: Intentionally not explicit.
UnveilMetadata(NonnullOwnPtr<KString>&& full_path, UnveilAccess permissions = None, bool explicitly_unveiled = false)
: full_path(move(full_path))
, permissions(permissions)
, explicitly_unveiled(explicitly_unveiled)
{
}
ErrorOr<UnveilMetadata> copy() const
{
return UnveilMetadata {
TRY(full_path->try_clone()),
permissions,
explicitly_unveiled,
};
}
};
struct UnveilNode final : public Trie<String, UnveilMetadata, Traits<String>, UnveilNode> {
@ -34,7 +54,7 @@ struct UnveilNode final : public Trie<String, UnveilMetadata, Traits<String>, Un
bool was_explicitly_unveiled() const { return this->metadata_value().explicitly_unveiled; }
UnveilAccess permissions() const { return this->metadata_value().permissions; }
const String& path() const { return this->metadata_value().full_path; }
StringView path() const { return this->metadata_value().full_path->view(); }
};
}

5
Kernel/Process.cpp
View file

@ -218,17 +218,18 @@ void Process::unprotect_data()
ErrorOr<NonnullRefPtr<Process>> Process::try_create(RefPtr<Thread>& first_thread, NonnullOwnPtr<KString> name, UserID uid, GroupID gid, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd, RefPtr<Custody> executable, TTY* tty, Process* fork_parent)
{
auto space = TRY(Memory::AddressSpace::try_create(fork_parent ? &fork_parent->address_space() : nullptr));
auto process = TRY(adopt_nonnull_ref_or_enomem(new (nothrow) Process(move(name), uid, gid, ppid, is_kernel_process, move(cwd), move(executable), tty)));
auto process = TRY(adopt_nonnull_ref_or_enomem(new (nothrow) Process(move(name), uid, gid, ppid, is_kernel_process, move(cwd), move(executable), tty, UnveilNode { "/"sv, UnveilMetadata(TRY(KString::try_create("/"sv))) })));
TRY(process->attach_resources(move(space), first_thread, fork_parent));
return process;
}
Process::Process(NonnullOwnPtr<KString> name, UserID uid, GroupID gid, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd, RefPtr<Custody> executable, TTY* tty)
Process::Process(NonnullOwnPtr<KString> name, UserID uid, GroupID gid, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd, RefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree)
: m_name(move(name))
, m_is_kernel_process(is_kernel_process)
, m_executable(move(executable))
, m_cwd(move(cwd))
, m_tty(tty)
, m_unveiled_paths(move(unveil_tree))
, m_wait_blocker_set(*this)
{
// Ensure that we protect the process data when exiting the constructor.

4
Kernel/Process.h
View file

@ -521,7 +521,7 @@ private:
bool add_thread(Thread&);
bool remove_thread(Thread&);
Process(NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd, RefPtr<Custody> executable, TTY* tty);
Process(NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd, RefPtr<Custody> executable, TTY* tty, UnveilNode unveil_tree);
static ErrorOr<NonnullRefPtr<Process>> try_create(RefPtr<Thread>& first_thread, NonnullOwnPtr<KString> name, UserID, GroupID, ProcessID ppid, bool is_kernel_process, RefPtr<Custody> cwd = nullptr, RefPtr<Custody> executable = nullptr, TTY* = nullptr, Process* fork_parent = nullptr);
ErrorOr<void> attach_resources(NonnullOwnPtr<Memory::AddressSpace>&&, RefPtr<Thread>& first_thread, Process* fork_parent);
static ProcessID allocate_pid();
@ -800,7 +800,7 @@ private:
RefPtr<Timer> m_alarm_timer;
VeilState m_veil_state { VeilState::None };
UnveilNode m_unveiled_paths { "/", { .full_path = "/" } };
UnveilNode m_unveiled_paths;
OwnPtr<PerformanceEventBuffer> m_perf_event_buffer;

6
Kernel/ProcessSpecificExposed.cpp
View file

@ -145,9 +145,9 @@ ErrorOr<void> Process::procfs_get_pledge_stats(KBufferBuilder& builder) const
ErrorOr<void> Process::procfs_get_unveil_stats(KBufferBuilder& builder) const
{
JsonArraySerializer array { builder };
for (auto const& unveiled_path : unveiled_paths()) {
TRY(unveiled_paths().for_each_node_in_tree_order([&](auto const& unveiled_path) {
if (!unveiled_path.was_explicitly_unveiled())
continue;
return;
auto obj = array.add_object();
obj.add("path", unveiled_path.path());
StringBuilder permissions_builder;
@ -162,7 +162,7 @@ ErrorOr<void> Process::procfs_get_unveil_stats(KBufferBuilder& builder) const
if (unveiled_path.permissions() & UnveilAccess::Browse)
permissions_builder.append('b');
obj.add("permissions", permissions_builder.string_view());
}
}));
array.finish();
return {};
}

2
Kernel/Syscalls/execve.cpp
View file

@ -525,7 +525,7 @@ ErrorOr<void> Process::do_exec(NonnullRefPtr<OpenFileDescription> main_program_d
m_veil_state = VeilState::None;
m_unveiled_paths.clear();
m_unveiled_paths.set_metadata({ "/", UnveilAccess::None, false });
m_unveiled_paths.set_metadata({ TRY(KString::try_create("/"sv)), UnveilAccess::None, false });
for (auto& property : m_coredump_properties)
property = {};

2
Kernel/Syscalls/fork.cpp
View file

@ -21,7 +21,7 @@ ErrorOr<FlatPtr> Process::sys$fork(RegisterState& regs)
auto child_name = TRY(m_name->try_clone());
auto child = TRY(Process::try_create(child_first_thread, move(child_name), uid(), gid(), pid(), m_is_kernel_process, m_cwd, m_executable, m_tty, this));
child->m_veil_state = m_veil_state;
child->m_unveiled_paths = m_unveiled_paths.deep_copy();
child->m_unveiled_paths = TRY(m_unveiled_paths.deep_copy());
TRY(child->m_fds.with_exclusive([&](auto& child_fds) {
return m_fds.with_exclusive([&](auto& parent_fds) {

17
Kernel/Syscalls/unveil.cpp
View file

@ -19,7 +19,7 @@ static void update_intermediate_node_permissions(UnveilNode& root_node, UnveilAc
auto& node = static_cast<UnveilNode&>(*entry.value);
if (node.was_explicitly_unveiled())
continue;
node.set_metadata({ node.path(), new_permissions, node.was_explicitly_unveiled() });
node.metadata_value().permissions = new_permissions;
update_intermediate_node_permissions(node, new_permissions);
}
}
@ -109,19 +109,20 @@ ErrorOr<FlatPtr> Process::sys$unveil(Userspace<const Syscall::SC_unveil_params*>
if (matching_node.permissions() != new_permissions)
update_intermediate_node_permissions(matching_node, (UnveilAccess)new_permissions);
matching_node.set_metadata({ matching_node.path(), (UnveilAccess)new_permissions, true });
matching_node.metadata_value().explicitly_unveiled = true;
matching_node.metadata_value().permissions = (UnveilAccess)new_permissions;
m_veil_state = VeilState::Dropped;
return 0;
}
matching_node.insert(
TRY(matching_node.insert(
it,
path_parts.end(),
{ new_unveiled_path->view(), (UnveilAccess)new_permissions, true },
[](auto& parent, auto& it) -> Optional<UnveilMetadata> {
auto path = String::formatted("{}/{}", parent.path(), *it);
return UnveilMetadata { path, parent.permissions(), false };
});
{ new_unveiled_path.release_nonnull(), (UnveilAccess)new_permissions, true },
[](auto& parent, auto& it) -> ErrorOr<Optional<UnveilMetadata>> {
auto path = TRY(KString::formatted("{}/{}", parent.path(), *it));
return UnveilMetadata(move(path), parent.permissions(), false);
}));
VERIFY(m_veil_state != VeilState::Locked);
m_veil_state = VeilState::Dropped;

13
Tests/AK/TestTrie.cpp
View file

@ -16,12 +16,13 @@ TEST_CASE(normal_behavior)
constexpr size_t total_chars = 18; // root (1), 'test' (4), 'example' (7), 'foo' (3), 'foobar' (3, "foo" already stored).
for (auto& view : data) {
auto it = view.begin();
dictionary.insert(it, view.end(), view, [](auto& parent, auto& it) -> Optional<String> { return String::formatted("{}{}", parent.metadata_value(), *it); });
MUST(dictionary.insert(it, view.end(), view, [](auto& parent, auto& it) -> Optional<String> { return String::formatted("{}{}", parent.metadata_value(), *it); }));
}
size_t i = 0;
for ([[maybe_unused]] auto& node : dictionary)
MUST(dictionary.for_each_node_in_tree_order([&](auto&) {
++i;
}));
EXPECT_EQ(i, total_chars);
for (auto& view : data) {
@ -49,18 +50,18 @@ TEST_CASE(iterate)
for (size_t i = 0; i < input.size(); ++i)
input[i] = i;
bunch_of_numbers.insert(input.begin(), input.end());
MUST(bunch_of_numbers.insert(input.begin(), input.end()));
// Iteration order is preorder (order between adjacent nodes is not defined, but parents come before children)
// in this case, the tree is linear.
size_t i = 0;
bool is_root = true;
for (auto& node : bunch_of_numbers) {
MUST(bunch_of_numbers.for_each_node_in_tree_order([&](auto& node) {
if (is_root) {
is_root = false;
continue;
return;
}
EXPECT_EQ(input[i], node.value());
++i;
}
}));
}