This makes it so exit() traps with a known error; an embedder (wasm.cpp)
can simply match this format and handle the request accordingly.
(cherry picked from commit 16dd8d4d3ba0017383df86739b1d1507593dd682)
The LibELF validate_program_headers method tried to do too many things
at once, and as a result, we had an awkward return type from it.
To be able to simplify it, we no longer allow passing a StringBuilder*
but instead we require to pass an Optional<Elf_Phdr> by reference so
it could be filled with actual ELF program header that corresponds to
an INTERP header if such found.
As a result, we ensure that only certain implementations that actually
care about the ELF interpreter path will actually try to load it on
their own and if they fail, they can have better diagnostics for an
invalid INTERP header.
This change also fixes a bug that on which we failed to execute an ELF
program if the INTERP header is located outside the first 4KiB page of
the ELF file, as the kernel previously didn't have support for looking
beyond that for that header.
Together with a first JSON file for bringing up a fully functional
BuggieBox container, we allow users to take advantage of the kernel
unsharing features that were introduced in earlier commits.
This new syscall will be used by the upcoming runc (run-container)
utility.
In addition to that, this syscall allows userspace to neatly copy RAMFS
instances to other places, which was not possible in the past.
The whole concept of Jails was far more complicated than I actually want
it to be, so let's reduce the complexity of how it works from now on.
Please note that we always leaked the attach count of a Jail object in
the fork syscall if it failed midway.
Instead, we should have attach to the jail just before registering the
new Process, so we don't need to worry about unsuccessful Process
creation.
The reduction of complexity in regard to jails means that instead of
relying on jails to provide PID isolation, we could simplify the whole
idea of them to be a simple SetOnce, and let the ProcessList (now called
ScopedProcessList) to be responsible for this type of isolation.
Therefore, we apply the following changes to do so:
- We make the Jail concept no longer a class of its own. Instead, we
simplify the idea of being jailed to a simple ProtectedValues boolean
flag. This means that we no longer check of matching jail pointers
anywhere in the Kernel code.
To set a process as jailed, a new prctl option was added to set a
Kernel SetOnce boolean flag (so it cannot change ever again).
- We provide Process & Thread methods to iterate over process lists.
A process can either iterate on the global process list, or if it's
attached to a scoped process list, then only over that list.
This essentially replaces the need of checking the Jail pointer of a
process when iterating over process lists.
Expose some initial interfaces in the mount-related syscalls to select
the desired VFSRootContext, by specifying the VFSRootContext index
number.
For now there's still no way to create a different VFSRootContext, so
the only valid IDs are -1 (for currently attached VFSRootContext) or 1
for the first userspace VFSRootContext.
The main intention of this change is to have a consistent look and
behavior across all scrollbars, including elements with
`overflow: scroll` and `overflow: auto`, iframes, and a page.
Before:
- Page's scrollbar is painted by Browser (Qt/AppKit) using the
corresponding UI framework style,
- Both WebContent and Browser know the scroll position offset.
- WebContent uses did_request_scroll_to() IPC call to send updates.
- Browser uses set_viewport_rect() to send updates.
After:
- Page's scrollbar is painted on WebContent side using the same style as
currently used for elements with `overflow: scroll` and
`overflow: auto`. A nice side effects: scrollbars are now painted for
iframes, and page's scrollbar respects scrollbar-width CSS property.
- Only WebContent knows scroll position offset.
- did_request_scroll_to() is no longer used.
- set_viewport_rect() is changed to set_viewport_size().
(cherry picked from commit 5285e22f2aa09152365179865f135e7bc5d254a5)
Co-authored-by: Jamie Mansfield <jmansfield@cadixdev.org>
Co-authored-by: Nico Weber <thakis@chromium.org>
This utility lists all devices' major number allocations, for character
and block devices. It can help the user to figure out the DeviceMapper
service manages spawning of device nodes in /dev and other associated
files under the /tmp/system/devicemap directory.
The new mechanism is basically adding or removing symbolic links to
device nodes in /dev. These symbolic links are located in the directory
of /tmp/system/devicemap/nodes/{block,char} which contain subdirectories
for major number allocation, which then hold these symbolic links.
An interested userspace program could then open an inode watcher on the
subdirectories which hold the symbolic link for added or removed links
to indicate hotplug events of insertion or removal of a device.
This change is in preparation for implementing audio codecs into the
library and using audio as timing for video playback.
(cherry picked from commit 7c10e1a08d7a109b63c9258578eb98aa9dcc1425)
In case the user requests this, init can drop directly to a shell
without trying to spawn SystemServer.
To test this on x86-64, run:
```
Meta/serenity.sh run x86_64 GNU "init_args=emergency"
```
Also, init will drop to emergency shell if mounting filesystems with
`mount -a` failed for some reason.
This functionality can be useful in many cases.
For example, if the user needs to perform a command that must not alter
a corrupted filesystem state, then this mode is useful as the filesystem
should be mounted in read-only mode.
Another example is the ability to get a functioning system in case
SystemServer behaves badly or inconsistently, or the user specified a
wrong fstab entry, so proceeding to boot is probably a bad option.
Let's make SystemServer simpler by not involving it with the basic
system initialization sequence.
That initialization sequence can be done in another program that
theoretically can be put in another filesystem.
Co-authored-by: Tim Schumacher <timschumi@gmx.de>
If the user only wants to get the byte count of a set of files, then for
each file we can simply seek it to get the byte count instead of
iterating over all the bytes.
Similarly to OpenBSD nc, an option to just connect without transmitting
any actual data is added.
However, we don't allow UDP-mode when testing a remote service, as it
will always succeed and has no technical meaning for the user if they're
not able to view the traffic on the remote machine.
Instead, let's create a new class called AvailablePortDatabase that will
handle updating (from the Internet, by using our repository) of the list
and instantiating an object that could be used for querying.
These options supplements the original threshold option, because it's
now possible to specify a threshold and add either minimum/maximum size
for additional filtering.
It's also possible to not use the old threshold option (that Tim
Schumacher told me it was inherited from coreutils) and only specify the
2 new options to create a filtering.
No longer just for response headers! The same type is obviously useful
and ergonomic when making requests as well.
(cherry picked from commit 260c5c50ad19f19d0d4c30984e512f56c055ecff)
Updated various SerenityOS components to make it build.
Instead of using a HashMap<ByteString, ByteString, CaseInsensitive...>
everywhere, we now encapsulate this in a class.
Even better, the new class also allows keeping track of multiple headers
with the same name! This will make it possible for HTTP responses to
actually retain all their headers on the perilous journey from
RequestServer to LibWeb.
(cherry picked from commit e636851481eabdf00953573a5eb459ee52feeacc)
Updated various SerenityOS components to make it build.
Fetch: Make sure we iterate over HeaderMap's headers()
This fixes a build failure when built with CMake option
'-DENABLE_ALL_THE_DEBUG_MACROS=ON'.
(cherry picked from commit c51d01bea712d75f9b2cd700be942935044e49b4)
There was an issue with Clang that causes `consteval` function calls
from default initializers of fields to be made at run-time. This
manifested itself in the case of `ByteString::formatted` as an undefined
reference to `check_format_parameter_consistency` once format string
checking was enabled for Clang builds. The workaround is simple (just
move it to the member initializer list), and unblocks a useful change.
LibWeb will need to use unbuffered requests to support server-sent
events. Connection for such events remain open and the remote end sends
data as HTTP bodies at its leisure. The browser needs to be able to
handle this data as it arrives, as the request essentially never
finishes.
To support this, this make Protocol::Request operate in one of two
modes: buffered or unbuffered. The existing mechanism for setting up a
buffered request was a bit awkward; you had to set specific callbacks,
but be sure not to set some others, and then set a flag. The new
mechanism is to set the mode and the callbacks that the mode needs in
one API.
This actually allows us to re-introduce the ldd utility as a symlink to
our dynamic loader, so now ldd behaves exactly like on Linux - it will
load all dynamic dependencies for an ELF exectuable.
This has the advantage that running ldd on an ELF executable will
provide an exact preview of how the order in which the dynamic loader
loads the executable and its dependencies.
As a preparation to introducing ldd as a symlink to /usr/lib/Loader.so
we rename the ldd utility to be elfdeps, at its sole purpose is to list
ELF object dependencies, and not how the dynamic loader loads them.
Now both /bin/zcat and /bin/gunzip are symlinks to /bin/gzip, and we
essentially running it in decompression mode through these symlinks.
This ensures we don't maintain 2 versions of code to decompress Gzipped
data anymore, and handle the use case of gzipped-streaming input only
once in the codebase.
For example, for 7z7c.gif, we now store one 500x500 frame and then
a 94x78 frame at (196, 208) and a 91x78 frame at (198, 208).
This reduces how much data we have to store.
We currently store all pixels in the rect with changed pixels.
We could in the future store pixels that are equal in that rect
as transparent pixels. When inputs are gif files, this would
guaranteee that new frames only have at most 256 distinct colors
(since GIFs require that), which would help a future color indexing
transform. For now, we don't do that though.
The API I'm adding here is a bit ugly:
* WebPs can only store x/y offsets that are a multiple of 2. This
currently leaks into the AnimationWriter base class.
(Since we potentially have to make a webp frame 1 pixel wider
and higher due to this, it's possible to have a frame that has
<= 256 colors in a gif input but > 256 colors in the webp,
if we do the technique above.)
* Every client writing animations has to have logic to track
previous frames, decide which of the two functions to call, etc.
This also adds an opt-out flag to `animation`, because:
1. Some clients apparently assume the size of the last VP8L
chunk is the size of the image
(see https://github.com/discord/lilliput/issues/159).
2. Having incremental frames is good for filesize and for
playing the animation start-to-end, but it makes it hard
to extract arbitrary frames (have to extract all frames
from start to target frame) -- but this is mean tto be a
delivery codec, not an editing codec. It's also more vulnerable to
corrupted bytes in the middle of the file -- but transport
protocols are good these days.
(It'd also be an idea to write a full frame every N frames.)
For https://giphy.com/gifs/XT9HMdwmpHqqOu1f1a (an 184K gif),
output webp size goes from 21M to 11M.
For 7z7c.gif (an 11K gif), output webp size goes from 2.1M to 775K.
(The webp image data still isn't compressed at all.)
