AK+Kernel+Userland: Don't allow Vector::append() in the kernel

This makes it not as easy to forgot to handle OOMs in the kernel.

This commit replaces most usages of this function with
`try_append(...).release_value_but_fixme_should_propagate_errors()`.
But in some cases, using the `TRY` macro or `unchecked_append()` is
already possible.

In places where allocations should not fail or an OOM would be fatal
anyways, `MUST(try_append(...))` should be used explicitly.

Author: spholz

AK/StringView.cpp

@@ -63,7 +63,7 @@ Vector<StringView> StringView::split_view(StringView separator, SplitBehavior sp
 {
     Vector<StringView> parts;
     for_each_split_view(separator, split_behavior, [&](StringView view) {
-        parts.append(view);
+        parts.try_append(view).release_value_but_fixme_should_propagate_errors();
     });
     return parts;
 }

AK/Vector.h

@@ -271,8 +271,6 @@ requires(!IsRvalueReference<T>) class Vector {
         MUST(try_extend(other));
     }
 
-#endif
-
     ALWAYS_INLINE void append(T&& value)
     {
         if constexpr (contains_reference)
@@ -287,7 +285,6 @@ requires(!IsRvalueReference<T>) class Vector {
         MUST(try_append(T(value)));
     }
 
-#ifndef KERNEL
     void append(StorageType const* values, size_t count)
     {
         MUST(try_append(values, count));

Kernel/Arch/aarch64/InterruptManagement.cpp

@@ -36,7 +36,7 @@ void InterruptManagement::initialize()
 
 void InterruptManagement::add_recipe(DeviceTree::DeviceRecipe<NonnullLockRefPtr<IRQController>> recipe)
 {
-    s_recipes->append(move(recipe));
+    MUST(s_recipes->try_append(move(recipe)));
 }
 
 void InterruptManagement::find_controllers()
@@ -48,7 +48,7 @@ void InterruptManagement::find_controllers()
             continue;
         }
 
-        m_interrupt_controllers.append(device_or_error.release_value());
+        MUST(m_interrupt_controllers.try_append(device_or_error.release_value()));
     }
 
     if (m_interrupt_controllers.is_empty())

Kernel/Arch/riscv64/InterruptManagement.cpp

@@ -38,7 +38,7 @@ void InterruptManagement::initialize()
 
 void InterruptManagement::add_recipe(DeviceTree::DeviceRecipe<NonnullLockRefPtr<IRQController>> recipe)
 {
-    s_recipes->append(move(recipe));
+    MUST(s_recipes->try_append(move(recipe)));
 }
 
 void InterruptManagement::find_controllers()
@@ -50,7 +50,7 @@ void InterruptManagement::find_controllers()
             continue;
         }
 
-        m_interrupt_controllers.append(device_or_error.release_value());
+        MUST(m_interrupt_controllers.try_append(device_or_error.release_value()));
     }
 
     if (m_interrupt_controllers.is_empty())

Kernel/Arch/x86_64/Firmware/ACPI.cpp

@@ -33,7 +33,7 @@ Optional<PhysicalAddress> find_rsdp_in_ia_pc_specific_memory_locations()
         if (!(memory_range.type == Memory::PhysicalMemoryRangeType::ACPI_NVS || memory_range.type == Memory::PhysicalMemoryRangeType::ACPI_Reclaimable))
             return IterationDecision::Continue;
 
-        potential_ranges.append(memory_range);
+        potential_ranges.try_append(memory_range).release_value_but_fixme_should_propagate_errors();
         return IterationDecision::Continue;
     });
 

Kernel/Arch/x86_64/InterruptManagement.cpp

@@ -137,7 +137,7 @@ UNMAP_AFTER_INIT void InterruptManagement::switch_to_pic_mode()
     VERIFY(m_interrupt_controllers.is_empty());
     dmesgln("Interrupts: Switch to Legacy PIC mode");
     InterruptDisabler disabler;
-    m_interrupt_controllers.append(adopt_lock_ref(*new PIC()));
+    m_interrupt_controllers.try_append(adopt_lock_ref(*new PIC())).release_value_but_fixme_should_propagate_errors();
     SpuriousInterruptHandler::initialize(7);
     SpuriousInterruptHandler::initialize(15);
     dbgln("Interrupts: Detected {}", m_interrupt_controllers[0]->model());
@@ -186,7 +186,7 @@ UNMAP_AFTER_INIT void InterruptManagement::locate_apic_data()
     auto madt = Memory::map_typed<ACPI::Structures::MADT>(m_madt_physical_address.value()).release_value_but_fixme_should_propagate_errors();
 
     if (madt->flags & PCAT_COMPAT_FLAG)
-        m_interrupt_controllers.append(adopt_lock_ref(*new PIC()));
+        m_interrupt_controllers.try_append(adopt_lock_ref(*new PIC())).release_value_but_fixme_should_propagate_errors();
     size_t entry_index = 0;
     size_t entries_length = madt->h.length - sizeof(ACPI::Structures::MADT);
     auto* madt_entry = madt->entries;
@@ -195,7 +195,7 @@ UNMAP_AFTER_INIT void InterruptManagement::locate_apic_data()
         if (madt_entry->type == (u8)ACPI::Structures::MADTEntryType::IOAPIC) {
             auto* ioapic_entry = (const ACPI::Structures::MADTEntries::IOAPIC*)madt_entry;
             dbgln("IOAPIC found @ MADT entry {}, MMIO Registers @ {}", entry_index, PhysicalAddress(ioapic_entry->ioapic_address));
-            m_interrupt_controllers.append(adopt_lock_ref(*new IOAPIC(PhysicalAddress(ioapic_entry->ioapic_address), ioapic_entry->gsi_base)));
+            m_interrupt_controllers.try_append(adopt_lock_ref(*new IOAPIC(PhysicalAddress(ioapic_entry->ioapic_address), ioapic_entry->gsi_base))).release_value_but_fixme_should_propagate_errors();
         }
         if (madt_entry->type == (u8)ACPI::Structures::MADTEntryType::InterruptSourceOverride) {
             auto* interrupt_override_entry = (const ACPI::Structures::MADTEntries::InterruptSourceOverride*)madt_entry;

Kernel/Arch/x86_64/Time/HPET.cpp

@@ -339,7 +339,7 @@ Vector<unsigned> HPET::capable_interrupt_numbers(HPETComparator const& comparato
     u32 interrupt_bitfield = comparator_registers.interrupt_routing;
     for (size_t index = 0; index < 32; index++) {
         if (interrupt_bitfield & 1)
-            capable_interrupts.append(index);
+            capable_interrupts.try_append(index).release_value_but_fixme_should_propagate_errors();
         interrupt_bitfield >>= 1;
     }
     return capable_interrupts;
@@ -353,7 +353,7 @@ Vector<unsigned> HPET::capable_interrupt_numbers(u8 comparator_number)
     u32 interrupt_bitfield = comparator_registers.interrupt_routing;
     for (size_t index = 0; index < 32; index++) {
         if (interrupt_bitfield & 1)
-            capable_interrupts.append(index);
+            capable_interrupts.try_append(index).release_value_but_fixme_should_propagate_errors();
         interrupt_bitfield >>= 1;
     }
     return capable_interrupts;
@@ -454,8 +454,8 @@ UNMAP_AFTER_INIT HPET::HPET(PhysicalAddress acpi_hpet)
     if (regs.capabilities.attributes & (u32)HPETFlags::Attributes::LegacyReplacementRouteCapable)
         regs.configuration.low = regs.configuration.low | (u32)HPETFlags::Configuration::LegacyReplacementRoute;
 
-    m_comparators.append(HPETComparator::create(0, 0, is_periodic_capable(0), is_64bit_capable(0)));
-    m_comparators.append(HPETComparator::create(1, 8, is_periodic_capable(1), is_64bit_capable(1)));
+    m_comparators.try_append(HPETComparator::create(0, 0, is_periodic_capable(0), is_64bit_capable(0))).release_value_but_fixme_should_propagate_errors();
+    m_comparators.try_append(HPETComparator::create(1, 8, is_periodic_capable(1), is_64bit_capable(1))).release_value_but_fixme_should_propagate_errors();
 
     global_enable();
 }

Kernel/Boot/CommandLine.cpp

@@ -315,7 +315,7 @@ Vector<NonnullOwnPtr<KString>> CommandLine::userspace_init_args() const
     if (!init_args.is_empty())
         MUST(args.try_prepend(MUST(KString::try_create(userspace_init()))));
     for (auto& init_arg : init_args)
-        args.append(MUST(KString::try_create(init_arg)));
+        MUST(args.try_append(MUST(KString::try_create(init_arg))));
     return args;
 }
 

Kernel/Bus/PCI/Access.cpp

@@ -176,7 +176,7 @@ ErrorOr<void> Access::add_host_controller_and_scan_for_devices(NonnullOwnPtr<Hos
             dmesgln("Failed during PCI Access::rescan_hardware due to {}", device_identifier_or_error.error());
             VERIFY_NOT_REACHED();
         }
-        m_device_identifiers.append(device_identifier_or_error.release_value());
+        m_device_identifiers.try_append(device_identifier_or_error.release_value()).release_value_but_fixme_should_propagate_errors();
     });
     return {};
 }
@@ -208,7 +208,7 @@ UNMAP_AFTER_INIT void Access::rescan_hardware()
                 dmesgln("Failed during PCI Access::rescan_hardware due to {}", device_identifier_or_error.error());
                 VERIFY_NOT_REACHED();
             }
-            m_device_identifiers.append(device_identifier_or_error.release_value());
+            m_device_identifiers.try_append(device_identifier_or_error.release_value()).release_value_but_fixme_should_propagate_errors();
         });
     }
 }

Kernel/Bus/PCI/Controller/HostController.cpp

@@ -99,7 +99,7 @@ UNMAP_AFTER_INIT Vector<Capability> HostController::get_capabilities_for_functio
         u8 capability_id = capability_header & 0xff;
 
         // FIXME: Don't attach a PCI address to a capability object
-        capabilities.append({ Address(domain_number(), bus.value(), device.value(), function.value()), capability_id, capability_pointer });
+        capabilities.try_append({ Address(domain_number(), bus.value(), device.value(), function.value()), capability_id, capability_pointer }).release_value_but_fixme_should_propagate_errors();
         capability_pointer = capability_header >> 8;
     }
     return capabilities;