hrev53363 adds 6 changesets to branch 'master'
old head: 8a0c9d52c62918442ede4cc8361bdbfb9560e713
new head: da73ed96dd833549c0d24544a5113e942f7e6be6
overview:
https://git.haiku-os.org/haiku/log/?qt=range&q=da73ed96dd83+%5E8a0c9d52c629
----------------------------------------------------------------------------
23121bac3be6: app_server: Set B_CLONEABLE_AREA where applicable.
This is all that is needed to boot a minimum image with userland
area cloning protections enabled (media_server is not included
in such builds.)
964cab461539: media: Set B_CLONEABLE_AREA where applicable.
Cloning cloned buffers seems especially strange, but
apparently it is actually done. The buffer management
code really needs to be cleaned up...
40b0fbbb5d79: runtime_loader: Set B_CLONEABLE_AREA on the debug area.
The debug_server uses it for symbol lookup.
329866d1d09d: kernel/vm: Set CLONEABLE_AREA before cloning areas for transfer.
126d639908ff: libroot: Set B_CLONEABLE_AREA under BeOS ABI.
As you can see, we already did the same for B_EXECUTE_AREA.
da73ed96dd83: kernel/vm: Enable area-cloning protection for userland areas, too.
We allow teams to clone areas within themselves, but I'm not sure
exactly what use that has. The kernel can of course clone anything
it wants to, still.
Hopefully this will prove substantially less disruptive than the
reverse change last year, as the preceding commits are likely the
only major consumers of this API, rather than a variety of drivers
that need to be individually tested.
[ Augustin Cavalier <waddlesplash@xxxxxxxxx> ]
----------------------------------------------------------------------------
12 files changed, 23 insertions(+), 15 deletions(-)
src/kits/media/BufferGroup.cpp | 2 +-
src/kits/media/MediaRoster.cpp | 2 +-
src/kits/media/SharedBufferList.cpp | 3 ++-
src/kits/media/TimeSource.cpp | 2 +-
src/servers/app/ClientMemoryAllocator.cpp | 2 +-
src/servers/app/Desktop.cpp | 2 +-
src/servers/app/DirectWindowInfo.cpp | 2 +-
src/servers/app/EventStream.cpp | 2 +-
src/servers/media/BufferManager.cpp | 2 +-
src/system/kernel/vm/vm.cpp | 15 +++++++++++----
src/system/libroot/os/area.c | 2 +-
src/system/runtime_loader/elf.cpp | 2 +-
############################################################################
Commit: 23121bac3be69870f911ccbc7da4798cd8cffb77
URL: https://git.haiku-os.org/haiku/commit/?id=23121bac3be6
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 20:11:00 2019 UTC
app_server: Set B_CLONEABLE_AREA where applicable.
This is all that is needed to boot a minimum image with userland
area cloning protections enabled (media_server is not included
in such builds.)
----------------------------------------------------------------------------
diff --git a/src/servers/app/ClientMemoryAllocator.cpp
b/src/servers/app/ClientMemoryAllocator.cpp
index 0693ce8f85..746f12cfd9 100644
--- a/src/servers/app/ClientMemoryAllocator.cpp
+++ b/src/servers/app/ClientMemoryAllocator.cpp
@@ -274,7 +274,7 @@ ClientMemoryAllocator::_AllocateChunk(size_t size, bool&
newArea)
fApplication->ClientTeam(),
fApplication->SignatureLeaf());
#endif
area_id area = create_area(name, (void**)&address,
B_ANY_ADDRESS, size,
- B_NO_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_NO_LOCK, B_READ_AREA | B_WRITE_AREA |
B_CLONEABLE_AREA);
if (area < B_OK) {
free(block);
free(chunk);
diff --git a/src/servers/app/Desktop.cpp b/src/servers/app/Desktop.cpp
index 962a6e1647..d31ddd7eef 100644
--- a/src/servers/app/Desktop.cpp
+++ b/src/servers/app/Desktop.cpp
@@ -498,7 +498,7 @@ Desktop::Init()
char name[B_OS_NAME_LENGTH];
snprintf(name, sizeof(name), "d:%d:shared read only", fUserID);
fSharedReadOnlyArea = create_area(name, (void **)&fServerReadOnlyMemory,
- B_ANY_ADDRESS, areaSize, B_NO_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_ANY_ADDRESS, areaSize, B_NO_LOCK, B_READ_AREA | B_WRITE_AREA
| B_CLONEABLE_AREA);
if (fSharedReadOnlyArea < B_OK)
return fSharedReadOnlyArea;
diff --git a/src/servers/app/DirectWindowInfo.cpp
b/src/servers/app/DirectWindowInfo.cpp
index d005a53641..bed18dd895 100644
--- a/src/servers/app/DirectWindowInfo.cpp
+++ b/src/servers/app/DirectWindowInfo.cpp
@@ -31,7 +31,7 @@ DirectWindowInfo::DirectWindowInfo()
{
fBufferArea = create_area("direct area", (void**)&fBufferInfo,
B_ANY_ADDRESS, DIRECT_BUFFER_INFO_AREA_SIZE,
- B_NO_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_NO_LOCK, B_READ_AREA | B_WRITE_AREA | B_CLONEABLE_AREA);
memset(fBufferInfo, 0, DIRECT_BUFFER_INFO_AREA_SIZE);
fBufferInfo->buffer_state = B_DIRECT_STOP;
diff --git a/src/servers/app/EventStream.cpp b/src/servers/app/EventStream.cpp
index 9643262319..bb0f0de3e5 100644
--- a/src/servers/app/EventStream.cpp
+++ b/src/servers/app/EventStream.cpp
@@ -58,7 +58,7 @@ InputServerStream::InputServerStream(BMessenger& messenger)
message.AddInt32("remote team", BPrivate::current_team());
fCursorArea = create_area("shared cursor", (void **)&fCursorBuffer,
B_ANY_ADDRESS,
- B_PAGE_SIZE, B_LAZY_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_PAGE_SIZE, B_LAZY_LOCK, B_READ_AREA | B_WRITE_AREA |
B_CLONEABLE_AREA);
if (fCursorArea >= B_OK)
message.AddInt32("cursor area", fCursorArea);
############################################################################
Commit: 964cab46153923dd43c77ab42438af8fd36f4846
URL: https://git.haiku-os.org/haiku/commit/?id=964cab461539
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 21:55:27 2019 UTC
media: Set B_CLONEABLE_AREA where applicable.
Cloning cloned buffers seems especially strange, but
apparently it is actually done. The buffer management
code really needs to be cleaned up...
----------------------------------------------------------------------------
diff --git a/src/kits/media/BufferGroup.cpp b/src/kits/media/BufferGroup.cpp
index 552029262b..9ccc913c80 100644
--- a/src/kits/media/BufferGroup.cpp
+++ b/src/kits/media/BufferGroup.cpp
@@ -69,7 +69,7 @@ BBufferGroup::BBufferGroup(size_t size, int32 count, uint32
placement,
void* startAddress;
area_id bufferArea = create_area("some buffers area", &startAddress,
- placement, areaSize, lock, B_READ_AREA | B_WRITE_AREA);
+ placement, areaSize, lock, B_READ_AREA | B_WRITE_AREA |
B_CLONEABLE_AREA);
if (bufferArea < 0) {
ERROR("BBufferGroup: failed to allocate %ld bytes area\n",
areaSize);
fInitError = (status_t)bufferArea;
diff --git a/src/kits/media/MediaRoster.cpp b/src/kits/media/MediaRoster.cpp
index 9baae950d2..a7fdac23a3 100644
--- a/src/kits/media/MediaRoster.cpp
+++ b/src/kits/media/MediaRoster.cpp
@@ -2420,7 +2420,7 @@ BMediaRoster::GetParameterWebFor(const media_node& node,
BParameterWeb** _web)
area_id area;
void *data;
area = create_area("parameter web data", &data, B_ANY_ADDRESS,
size,
- B_NO_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_NO_LOCK, B_READ_AREA | B_WRITE_AREA |
B_CLONEABLE_AREA);
if (area < B_OK) {
ERROR("BMediaRoster::GetParameterWebFor couldn't create
area of "
"size %" B_PRId32 "\n", size);
diff --git a/src/kits/media/SharedBufferList.cpp
b/src/kits/media/SharedBufferList.cpp
index 403c708b99..fed865bbc5 100644
--- a/src/kits/media/SharedBufferList.cpp
+++ b/src/kits/media/SharedBufferList.cpp
@@ -44,7 +44,8 @@ SharedBufferList::Create(SharedBufferList** _list)
SharedBufferList* list;
area_id area = create_area("shared buffer list", (void**)&list,
- B_ANY_ADDRESS, size, B_LAZY_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_ANY_ADDRESS, size, B_LAZY_LOCK,
+ B_READ_AREA | B_WRITE_AREA | B_CLONEABLE_AREA);
if (area < 0)
return area;
diff --git a/src/kits/media/TimeSource.cpp b/src/kits/media/TimeSource.cpp
index b692ff5671..e1535d4995 100644
--- a/src/kits/media/TimeSource.cpp
+++ b/src/kits/media/TimeSource.cpp
@@ -495,7 +495,7 @@ BTimeSource::FinishCreate()
(const_cast<BPrivate::media::TimeSourceTransmit**>(&fBuf));
fArea = create_area(name, buf, B_ANY_ADDRESS, TS_AREA_SIZE,
- B_FULL_LOCK, B_READ_AREA | B_WRITE_AREA);
+ B_FULL_LOCK, B_READ_AREA | B_WRITE_AREA | B_CLONEABLE_AREA);
if (fArea <= 0) {
ERROR("BTimeSource::BTimeSource couldn't create area, node %"
B_PRId32
diff --git a/src/servers/media/BufferManager.cpp
b/src/servers/media/BufferManager.cpp
index 3341aabff7..2b49e60090 100644
--- a/src/servers/media/BufferManager.cpp
+++ b/src/servers/media/BufferManager.cpp
@@ -208,7 +208,7 @@ BufferManager::_CloneArea(area_id area)
void* address;
area_id clonedArea = clone_area("media_server cloned buffer", &address,
- B_ANY_ADDRESS, B_READ_AREA | B_WRITE_AREA, area);
+ B_ANY_ADDRESS, B_READ_AREA | B_WRITE_AREA | B_CLONEABLE_AREA,
area);
TRACE("BufferManager::_CloneArea() cloned area %" B_PRId32 ", clone id
%"
B_PRId32 "\n", area, clonedArea);
############################################################################
Commit: 40b0fbbb5d79b0820f2d222c2dc2de741cbe318d
URL: https://git.haiku-os.org/haiku/commit/?id=40b0fbbb5d79
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 21:55:47 2019 UTC
runtime_loader: Set B_CLONEABLE_AREA on the debug area.
The debug_server uses it for symbol lookup.
----------------------------------------------------------------------------
diff --git a/src/system/runtime_loader/elf.cpp
b/src/system/runtime_loader/elf.cpp
index 97855be79b..49d00cfeb2 100644
--- a/src/system/runtime_loader/elf.cpp
+++ b/src/system/runtime_loader/elf.cpp
@@ -1177,7 +1177,7 @@ rldelf_init(void)
runtime_loader_debug_area *area;
area_id areaID =
_kern_create_area(RUNTIME_LOADER_DEBUG_AREA_NAME,
(void **)&area, B_RANDOMIZED_ANY_ADDRESS, size,
B_NO_LOCK,
- B_READ_AREA | B_WRITE_AREA);
+ B_READ_AREA | B_WRITE_AREA | B_CLONEABLE_AREA);
if (areaID < B_OK) {
FATAL("Failed to create debug area.\n");
_kern_loading_app_failed(areaID);
############################################################################
Commit: 329866d1d09d577de7188bb9f81bfd621ef4684c
URL: https://git.haiku-os.org/haiku/commit/?id=329866d1d09d
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 23:45:57 2019 UTC
kernel/vm: Set CLONEABLE_AREA before cloning areas for transfer.
----------------------------------------------------------------------------
diff --git a/src/system/kernel/vm/vm.cpp b/src/system/kernel/vm/vm.cpp
index 28cb59bcdb..3d64c4d184 100644
--- a/src/system/kernel/vm/vm.cpp
+++ b/src/system/kernel/vm/vm.cpp
@@ -5992,6 +5992,11 @@ transfer_area(area_id id, void** _address, uint32
addressSpec, team_id target,
if (info.team != thread_get_current_thread()->team->id)
return B_PERMISSION_DENIED;
+ // We need to mark the area cloneable so the following operations work.
+ status = set_area_protection(id, info.protection | B_CLONEABLE_AREA);
+ if (status != B_OK)
+ return status;
+
area_id clonedArea = vm_clone_area(target, info.name, _address,
addressSpec, info.protection, REGION_NO_PRIVATE_MAP, id,
kernel);
if (clonedArea < 0)
@@ -6003,6 +6008,9 @@ transfer_area(area_id id, void** _address, uint32
addressSpec, team_id target,
return status;
}
+ // Now we can reset the protection to whatever it was before.
+ set_area_protection(clonedArea, info.protection);
+
// TODO: The clonedArea is B_SHARED_AREA, which is not really desired.
return clonedArea;
############################################################################
Commit: 126d639908ff547b90158464582762ff06e85904
URL: https://git.haiku-os.org/haiku/commit/?id=126d639908ff
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 23:47:56 2019 UTC
libroot: Set B_CLONEABLE_AREA under BeOS ABI.
As you can see, we already did the same for B_EXECUTE_AREA.
----------------------------------------------------------------------------
diff --git a/src/system/libroot/os/area.c b/src/system/libroot/os/area.c
index cfa32b018b..4229c61e40 100644
--- a/src/system/libroot/os/area.c
+++ b/src/system/libroot/os/area.c
@@ -26,7 +26,7 @@ clone_area(const char *name, void **address, uint32
addressSpec,
uint32 protection, area_id sourceArea)
{
if (__gABIVersion < B_HAIKU_ABI_GCC_2_HAIKU)
- protection |= B_EXECUTE_AREA;
+ protection |= B_EXECUTE_AREA | B_CLONEABLE_AREA;
return _kern_clone_area(name, address, addressSpec, protection,
sourceArea);
}
############################################################################
Revision: hrev53363
Commit: da73ed96dd833549c0d24544a5113e942f7e6be6
URL: https://git.haiku-os.org/haiku/commit/?id=da73ed96dd83
Author: Augustin Cavalier <waddlesplash@xxxxxxxxx>
Date: Sat Aug 10 23:49:24 2019 UTC
kernel/vm: Enable area-cloning protection for userland areas, too.
We allow teams to clone areas within themselves, but I'm not sure
exactly what use that has. The kernel can of course clone anything
it wants to, still.
Hopefully this will prove substantially less disruptive than the
reverse change last year, as the preceding commits are likely the
only major consumers of this API, rather than a variety of drivers
that need to be individually tested.
----------------------------------------------------------------------------
diff --git a/src/system/kernel/vm/vm.cpp b/src/system/kernel/vm/vm.cpp
index 3d64c4d184..2e1ce01cd4 100644
--- a/src/system/kernel/vm/vm.cpp
+++ b/src/system/kernel/vm/vm.cpp
@@ -2108,13 +2108,12 @@ vm_clone_area(team_id team, const char* name, void**
address,
VMCache* cache = vm_area_get_locked_cache(sourceArea);
- if (!kernel && sourceAddressSpace == VMAddressSpace::Kernel()
- && targetAddressSpace != VMAddressSpace::Kernel()
- && !(sourceArea->protection & B_CLONEABLE_AREA)) {
+ if (!kernel && sourceAddressSpace != targetAddressSpace
+ && (sourceArea->protection & B_CLONEABLE_AREA) == 0) {
// kernel areas must not be cloned in userland, unless
explicitly
// declared user-cloneable upon construction
#if KDEBUG
- panic("attempting to clone kernel area \"%s\" (%" B_PRId32 ")!",
+ panic("attempting to clone area \"%s\" (%" B_PRId32 ")!",
sourceArea->name, sourceID);
#endif
status = B_NOT_ALLOWED;
