This change imports the ports collection from the former porttix and srctix
repositories and converts them to port(5) files with metadata pointing to
the upstream release tarballs with patches checked into this repository.
Ports are now developed and versioned along with the operating system and
are automatically built per the PACKAGES environment variable. The patches
are licensed under the same license as the relevant ports.
Tix has gained support for the new port(5) format. tix-port(8) is the new
high level ports build even point that handles downloading pstream releases
into the new mirror cache directory, applying the patches, building the port
with the lower-level tix-build(8), and finally installing the binary
package. The new tix-vars(8) program parses port(5) files and the new
tix-rmdiff(8) program produces input for tix-rmpatch(8).
The old doc/ directory is discontinued in favor of manual pages documenting
the new ports system.
The obsolete porttix-create(8) and srctix-create(8) programs are removed.
Previously, sys_dup() would do dtable->Get() on the passed in-file
descriptor and then pass the result directly to dtable->Allocate(). If
the file descriptor is not valid, dtable->Get() returns a NULL reference
and sets errno to mark the error. Since sys_dup() did not check the
return value of dtable->Get() and dtable->Allocate() does not check
whether the passed in Ref<Descriptor> is a NULL reference, dup(2) with
invalid file descriptor would succesfully allocate a new file descriptor
with garbage contents.
This commit changes sys_dup() to use a variant of dtable->Allocate()
that takes in a file descriptor as an integer and properly validates it
before use.
The .init section for global constructors in the kernel is unused at the
moment as the _init function is never invoked, but its existence means
it got linked at 128 MiB on i686. This address isn't mapped by the
kernel and the bootloader requires the machine to have that much
physical memory. Unfortunately that meant the i686 build didn't work on
machines with less than 129 MiB of memory.
Previously Sortix would initialize SSE unconditionally as part of the
boot process. Since earlier i686 CPUs like Pentium 2 did not include
SSE, Sortix would not run on them. With this SSE is only enabled for
CPUs that include it, which should theoretically allow Sortix to boot on
all i686 CPUs. Additionally, this removes -msse -msse2 compiler flags
from trianglix/Makefile.
This change refactors the Unix socket / pipe backend to have a ring buffer
containing segments, where each segment has an optional leading ancillary
buffer containing control messages followed by a normal data buffer.
The SCM_RIGHTS control message has been implemented which transfers file
descriptors to the receiving process. File descriptors are reference counted
and cycles are prevented using the following restrictions:
1) Unix sockets cannot be sent on themselves (on either end).
2) Unix sockets themselves being sent cannot be sent on.
3) Unix sockets cannot send a Unix socket being sent on.
This is a compatible ABI change.
The file descriptor table now allows reserving room for multiple file
descriptors without assigning their numbers. This functionality means
any error conditions happen up front and the subsequent number
assignment will never fail.
This change uses the new functionality to fix troublesome error handling
when allocating multiple file descriptors. One pty allocation error path
was even wrong.
There were subtle race conditions where one (kernel) thread may have
allocated one file descriptor, and another thread spuciously replaces it
with something else, and then the second file descriptor allocation
failed in the first thread, and it closes the first file descriptor now
pointing to a different file description. This case seems harmless but
it's not a great class of bugs to exist in the first place. The new
behavior means the file descriptions appear in the file descriptor table
without fail and never needs to be cleaned up midway and is certainly
immune to shenangians from other threads.
Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
Heapsort has O(n·log(n)) worst case runtime and O(1) space usage, which
is better than current implementation's best case, while still keeping
the code simple.
Co-authored-by: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Firstly, lots of places in editor(1) would do a move from (x₀,y₀) to
(x,y) by first moving to (x,y₀) or (x₀,y) and only then (x,y). If the
intermediate positions were not valid cursor positions, this might cause
out of bounds access. Categorically fixed this by removing functions for
moving only horizontally or only vertically.
Secondly, editor_select_set() would set the column before setting the
line. Since the code for setting the column accesses the currently set
line at the new cursor position, it might cause out of bounds access
even on valid cursor positions. Fixed this by swapping the order in
which column and row are set.
Thirdly, the order of arguments passed to row_column_smallest() and
row_column_biggest() was wrong, with column being passed before the row,
even though they were defined the other way. However, this did not
result in out of bounds memory accesses due to the parameters to
editor_cursor_set() also being swapped at relevant callsites.
Finally, the boundary condition for control-down was off by one.
A line longer than 2G might overflow the size_t containing the buffer
length on 32-bit platform. Fix is to use reallocarray with second
parameter twice the size of the element to double the buffer size, since
it will error out if there was an overflow.