2011-11-02 17:31:38 +01:00
|
|
|
/* This file contains the common part of the device driver interface.
|
|
|
|
* In addition, callers get to choose between the singlethreaded API
|
|
|
|
* (in driver_st.c) and the multithreaded API (in driver_mt.c).
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
|
|
|
* The drivers support the following operations (using message format m2):
|
|
|
|
*
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
* m_type DEVICE USER_ENDPT COUNT POSITION HIGHPOS IO_GRANT
|
2009-12-02 10:57:48 +01:00
|
|
|
* ----------------------------------------------------------------------------
|
2011-11-02 17:31:38 +01:00
|
|
|
* | DEV_OPEN | device | proc nr | mode | | | |
|
2009-12-02 10:57:48 +01:00
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_CLOSE | device | proc nr | | | | |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_READ_S | device | proc nr | bytes | off lo | off hi i buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_WRITE_S | device | proc nr | bytes | off lo | off hi | buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_GATHER_S | device | proc nr | iov len | off lo | off hi | iov grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_SCATTER_S | device | proc nr | iov len | off lo | off hi | iov grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_IOCTL_S | device | proc nr | request | | | buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
2011-11-02 17:31:38 +01:00
|
|
|
* | CANCEL | device | proc nr | r/w | | | grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_SELECT | device | ops | | | | |
|
2009-12-02 10:57:48 +01:00
|
|
|
* ----------------------------------------------------------------------------
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
2011-11-02 17:31:38 +01:00
|
|
|
* Changes:
|
|
|
|
* Aug 27, 2011 split common functions into driver_common.c (A. Welzel)
|
|
|
|
* Jul 25, 2005 added SYS_SIG type for signals (Jorrit N. Herder)
|
|
|
|
* Sep 15, 2004 added SYN_ALARM type for timeouts (Jorrit N. Herder)
|
|
|
|
* Jul 23, 2004 removed kernel dependencies (Jorrit N. Herder)
|
|
|
|
* Apr 02, 1992 constructed from AT wini and floppy driver (Kees J. Bot)
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
|
|
|
|
2010-03-22 22:25:22 +01:00
|
|
|
#include <minix/drivers.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <sys/ioc_disk.h>
|
2010-03-22 22:25:22 +01:00
|
|
|
#include <minix/driver.h>
|
2010-04-08 15:41:35 +02:00
|
|
|
#include <minix/ds.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
#include "driver.h"
|
|
|
|
#include "mq.h"
|
|
|
|
|
|
|
|
/* Management data for opened devices. */
|
2010-04-08 15:41:35 +02:00
|
|
|
PRIVATE int open_devs[MAX_NR_OPEN_DEVICES];
|
|
|
|
PRIVATE int next_open_devs_slot = 0;
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* clear_open_devs *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PRIVATE void clear_open_devs(void)
|
2010-04-08 15:41:35 +02:00
|
|
|
{
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Reset the set of previously opened minor devices. */
|
2010-04-08 15:41:35 +02:00
|
|
|
next_open_devs_slot = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* is_open_dev *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int is_open_dev(int device)
|
|
|
|
{
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Check whether the given minor device has previously been opened. */
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < next_open_devs_slot; i++)
|
|
|
|
if (open_devs[i] == device)
|
|
|
|
return TRUE;
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
return FALSE;
|
2010-04-08 15:41:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* set_open_dev *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void set_open_dev(int device)
|
|
|
|
{
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Mark the given minor device as having been opened. */
|
|
|
|
|
|
|
|
if (next_open_devs_slot >= MAX_NR_OPEN_DEVICES)
|
|
|
|
panic("out of slots for open devices");
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
open_devs[next_open_devs_slot] = device;
|
|
|
|
next_open_devs_slot++;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* asyn_reply *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PRIVATE void asyn_reply(message *mess, int r)
|
2009-12-02 10:57:48 +01:00
|
|
|
{
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Send a reply using the asynchronous character device protocol. */
|
2009-12-02 10:57:48 +01:00
|
|
|
message reply_mess;
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Do not reply with ERESTART in this protocol. The only possible caller,
|
|
|
|
* VFS, will find out through other means when we have restarted, and is not
|
|
|
|
* (fully) ready to deal with ERESTART errors.
|
|
|
|
*/
|
|
|
|
if (r == ERESTART)
|
|
|
|
return;
|
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
switch (mess->m_type) {
|
|
|
|
case DEV_OPEN:
|
|
|
|
reply_mess.m_type = DEV_REVIVE;
|
2011-11-02 17:31:38 +01:00
|
|
|
reply_mess.REP_ENDPT = mess->USER_ENDPT;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DEV_CLOSE:
|
|
|
|
reply_mess.m_type = DEV_CLOSE_REPL;
|
2011-11-02 17:31:38 +01:00
|
|
|
reply_mess.REP_ENDPT = mess->USER_ENDPT;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DEV_READ_S:
|
|
|
|
case DEV_WRITE_S:
|
2010-10-08 11:33:18 +02:00
|
|
|
case DEV_IOCTL_S:
|
2009-12-02 10:57:48 +01:00
|
|
|
if (r == SUSPEND)
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
printf("driver_task: reviving %d (%d) with SUSPEND\n",
|
2011-11-02 17:31:38 +01:00
|
|
|
mess->m_source, mess->USER_ENDPT);
|
2009-12-02 10:57:48 +01:00
|
|
|
|
|
|
|
reply_mess.m_type = DEV_REVIVE;
|
2011-11-02 17:31:38 +01:00
|
|
|
reply_mess.REP_ENDPT = mess->USER_ENDPT;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_IO_GRANT = (cp_grant_id_t) mess->IO_GRANT;
|
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case CANCEL:
|
|
|
|
/* The original request should send a reply. */
|
|
|
|
return;
|
|
|
|
|
|
|
|
case DEV_SELECT:
|
|
|
|
reply_mess.m_type = DEV_SEL_REPL1;
|
|
|
|
reply_mess.DEV_MINOR = mess->DEVICE;
|
|
|
|
reply_mess.DEV_SEL_OPS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
reply_mess.m_type = TASK_REPLY;
|
2011-11-02 17:31:38 +01:00
|
|
|
reply_mess.REP_ENDPT = mess->USER_ENDPT;
|
2009-12-02 10:57:48 +01:00
|
|
|
/* Status is # of bytes transferred or error code. */
|
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
r = asynsend(mess->m_source, &reply_mess);
|
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
if (r != OK)
|
2011-11-02 17:31:38 +01:00
|
|
|
printf("asyn_reply: unable to asynsend reply to %d: %d\n",
|
|
|
|
mess->m_source, r);
|
2009-12-02 10:57:48 +01:00
|
|
|
}
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* standard_reply *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PRIVATE void standard_reply(message *m_ptr, int ipc_status, int reply)
|
2010-04-08 15:41:35 +02:00
|
|
|
{
|
|
|
|
/* Reply to a message sent to the driver. */
|
2011-11-02 17:31:38 +01:00
|
|
|
endpoint_t caller_e, user_e;
|
2010-04-08 15:41:35 +02:00
|
|
|
int r;
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
caller_e = m_ptr->m_source;
|
|
|
|
user_e = m_ptr->USER_ENDPT;
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
m_ptr->m_type = TASK_REPLY;
|
|
|
|
m_ptr->REP_ENDPT = user_e;
|
|
|
|
m_ptr->REP_STATUS = reply;
|
|
|
|
|
|
|
|
/* If we would block sending the message, send it asynchronously. */
|
|
|
|
if (IPC_STATUS_CALL(ipc_status) == SENDREC)
|
|
|
|
r = sendnb(caller_e, m_ptr);
|
|
|
|
else
|
|
|
|
r = asynsend(caller_e, m_ptr);
|
|
|
|
|
|
|
|
if (r != OK)
|
|
|
|
printf("driver_reply: unable to send reply to %d: %d\n", caller_e, r);
|
2010-04-08 15:41:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* driver_reply *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC void driver_reply(int driver_type, message *m_ptr, int ipc_status,
|
|
|
|
int reply)
|
2010-04-08 15:41:35 +02:00
|
|
|
{
|
2011-11-02 17:31:38 +01:00
|
|
|
/* Prepare and send a reply message. */
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
if (reply == EDONTREPLY)
|
|
|
|
return;
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
switch (driver_type) {
|
|
|
|
case DRIVER_STD:
|
|
|
|
standard_reply(m_ptr, ipc_status, reply);
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case DRIVER_ASYN:
|
|
|
|
asyn_reply(m_ptr, reply);
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
panic("unknown driver type: %d", driver_type);
|
|
|
|
}
|
2010-04-08 15:41:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2011-11-02 17:31:38 +01:00
|
|
|
* driver_announce *
|
2010-04-08 15:41:35 +02:00
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC void driver_announce(void)
|
2010-04-08 15:41:35 +02:00
|
|
|
{
|
|
|
|
/* Announce we are up after a fresh start or restart. */
|
|
|
|
int r;
|
|
|
|
char key[DS_MAX_KEYLEN];
|
|
|
|
char label[DS_MAX_KEYLEN];
|
|
|
|
char *driver_prefix = "drv.vfs.";
|
|
|
|
|
|
|
|
/* Callers are allowed to use sendrec to communicate with drivers.
|
|
|
|
* For this reason, there may blocked callers when a driver restarts.
|
|
|
|
* Ask the kernel to unblock them (if any).
|
|
|
|
*/
|
2011-09-02 16:57:22 +02:00
|
|
|
#if USE_STATECTL
|
2010-04-08 15:41:35 +02:00
|
|
|
r = sys_statectl(SYS_STATE_CLEAR_IPC_REFS);
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: sys_statectl failed: %d\n", r);
|
|
|
|
}
|
2011-09-02 16:57:22 +02:00
|
|
|
#endif
|
2010-04-08 15:41:35 +02:00
|
|
|
|
|
|
|
/* Publish a driver up event. */
|
|
|
|
r = ds_retrieve_label_name(label, getprocnr());
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: unable to get own label: %d\n", r);
|
|
|
|
}
|
|
|
|
snprintf(key, DS_MAX_KEYLEN, "%s%s", driver_prefix, label);
|
|
|
|
r = ds_publish_u32(key, DS_DRIVER_UP, DSF_OVERWRITE);
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: unable to publish driver up event: %d\n", r);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Expect a DEV_OPEN for any device before serving regular driver requests. */
|
|
|
|
clear_open_devs();
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
driver_mq_init();
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_rdwt *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PRIVATE int do_rdwt(struct driver *dp, message *mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Carry out a single read or write request. */
|
|
|
|
iovec_t iovec1;
|
|
|
|
int r, opcode;
|
2006-11-27 15:21:43 +01:00
|
|
|
u64_t position;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Disk address? Address and length of the user buffer? */
|
|
|
|
if (mp->COUNT < 0) return(EINVAL);
|
|
|
|
|
|
|
|
/* Prepare for I/O. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((*dp->dr_prepare)(mp->DEVICE) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Create a one element scatter/gather vector for the buffer. */
|
2009-12-02 10:57:48 +01:00
|
|
|
if(mp->m_type == DEV_READ_S) opcode = DEV_GATHER_S;
|
2007-02-07 17:22:19 +01:00
|
|
|
else opcode = DEV_SCATTER_S;
|
2006-06-20 10:49:51 +02:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
iovec1.iov_addr = (vir_bytes) mp->IO_GRANT;
|
2005-04-21 16:53:53 +02:00
|
|
|
iovec1.iov_size = mp->COUNT;
|
|
|
|
|
|
|
|
/* Transfer bytes from/to the device. */
|
2006-11-27 15:21:43 +01:00
|
|
|
position= make64(mp->POSITION, mp->HIGHPOS);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = (*dp->dr_transfer)(mp->m_source, opcode, position, &iovec1, 1);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Return the number of bytes transferred or an error code. */
|
2011-11-02 17:31:38 +01:00
|
|
|
return(r == OK ? (int) (mp->COUNT - iovec1.iov_size) : r);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* do_vrdwt *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int do_vrdwt(struct driver *dp, message *mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Carry out an device read or write to/from a vector of user addresses.
|
|
|
|
* The "user addresses" are assumed to be safe, i.e. FS transferring to/from
|
|
|
|
* its own buffers, so they are not checked.
|
|
|
|
*/
|
2011-11-02 17:31:38 +01:00
|
|
|
iovec_t iovec[NR_IOREQS];
|
2005-04-21 16:53:53 +02:00
|
|
|
phys_bytes iovec_size;
|
|
|
|
unsigned nr_req;
|
2010-01-22 23:01:08 +01:00
|
|
|
int r, opcode;
|
2006-11-27 15:21:43 +01:00
|
|
|
u64_t position;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
nr_req = mp->COUNT; /* Length of I/O vector */
|
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
/* Copy the vector from the caller to kernel space. */
|
|
|
|
if (nr_req > NR_IOREQS) nr_req = NR_IOREQS;
|
|
|
|
iovec_size = (phys_bytes) (nr_req * sizeof(iovec[0]));
|
|
|
|
|
|
|
|
if (OK != sys_safecopyfrom(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
|
|
|
0, (vir_bytes) iovec, iovec_size, D)) {
|
2010-07-07 13:04:33 +02:00
|
|
|
printf("bad I/O vector by: %d\n", mp->m_source);
|
|
|
|
return(EINVAL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Prepare for I/O. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((*dp->dr_prepare)(mp->DEVICE) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Transfer bytes from/to the device. */
|
2006-06-20 10:49:51 +02:00
|
|
|
opcode = mp->m_type;
|
2006-11-27 15:21:43 +01:00
|
|
|
position= make64(mp->POSITION, mp->HIGHPOS);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = (*dp->dr_transfer)(mp->m_source, opcode, position, iovec, nr_req);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Copy the I/O vector back to the caller. */
|
2009-12-02 10:57:48 +01:00
|
|
|
if (OK != sys_safecopyto(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
|
|
|
0, (vir_bytes) iovec, iovec_size, D)) {
|
2010-07-07 13:04:33 +02:00
|
|
|
printf("couldn't return I/O vector: %d\n", mp->m_source);
|
|
|
|
return(EINVAL);
|
2006-06-20 10:49:51 +02:00
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
return(r);
|
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* driver_handle_notify *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void driver_handle_notify(struct driver *dp, message *m_ptr)
|
|
|
|
{
|
|
|
|
/* Take care of the notifications (interrupt and clock messages) by calling the
|
|
|
|
* appropiate callback functions. Never send a reply.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Call the appropriate function for this notification. */
|
|
|
|
switch (_ENDPOINT_P(m_ptr->m_source)) {
|
|
|
|
case HARDWARE:
|
|
|
|
if (dp->dr_hw_int)
|
|
|
|
dp->dr_hw_int(dp, m_ptr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case CLOCK:
|
|
|
|
if (dp->dr_alarm)
|
|
|
|
dp->dr_alarm(dp, m_ptr);
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
if (dp->dr_other)
|
|
|
|
(void) dp->dr_other(dp, m_ptr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* driver_handle_request *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int driver_handle_request(struct driver *dp, message *m_ptr)
|
|
|
|
{
|
|
|
|
/* Call the appropiate driver function, based on the type of request. Return
|
|
|
|
* the result code that is to be sent back to the caller, or EDONTREPLY if no
|
|
|
|
* reply is to be sent.
|
|
|
|
*/
|
|
|
|
int r;
|
|
|
|
|
|
|
|
/* We might get spurious requests if the driver has been restarted. Deny any
|
|
|
|
* requests on devices that have not previously been opened, signaling the
|
|
|
|
* caller that something went wrong.
|
|
|
|
*/
|
|
|
|
if (IS_DEV_MINOR_RQ(m_ptr->m_type) && !is_open_dev(m_ptr->DEVICE)) {
|
|
|
|
/* Reply ERESTART to spurious requests for unopened devices. */
|
|
|
|
if (m_ptr->m_type != DEV_OPEN)
|
|
|
|
return ERESTART;
|
|
|
|
|
|
|
|
/* Mark the device as opened otherwise. */
|
|
|
|
set_open_dev(m_ptr->DEVICE);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Call the appropriate function(s) for this request. */
|
|
|
|
switch (m_ptr->m_type) {
|
|
|
|
case DEV_OPEN: r = (*dp->dr_open)(dp, m_ptr); break;
|
|
|
|
case DEV_CLOSE: r = (*dp->dr_close)(dp, m_ptr); break;
|
|
|
|
case DEV_IOCTL_S: r = (*dp->dr_ioctl)(dp, m_ptr); break;
|
|
|
|
case CANCEL: r = (*dp->dr_cancel)(dp, m_ptr); break;
|
|
|
|
case DEV_SELECT: r = (*dp->dr_select)(dp, m_ptr); break;
|
|
|
|
case DEV_READ_S:
|
|
|
|
case DEV_WRITE_S: r = do_rdwt(dp, m_ptr); break;
|
|
|
|
case DEV_GATHER_S:
|
|
|
|
case DEV_SCATTER_S: r = do_vrdwt(dp, m_ptr); break;
|
|
|
|
default:
|
|
|
|
if (dp->dr_other)
|
|
|
|
r = dp->dr_other(dp, m_ptr);
|
|
|
|
else
|
|
|
|
r = EINVAL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Let the driver perform any cleanup. */
|
|
|
|
(*dp->dr_cleanup)();
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* no_name *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC char *no_name(void)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Use this default name if there is no specific name for the device. This was
|
|
|
|
* originally done by fetching the name from the task table for this process:
|
|
|
|
* "return(tasktab[proc_number(proc_ptr) + NR_TASKS].name);", but currently a
|
|
|
|
* real "noname" is returned. Perhaps, some system information service can be
|
|
|
|
* queried for a name at a later time.
|
|
|
|
*/
|
|
|
|
static char name[] = "noname";
|
|
|
|
return name;
|
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* do_nop *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int do_nop(struct driver *UNUSED(dp), message *mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Nothing there, or nothing to do. */
|
|
|
|
|
|
|
|
switch (mp->m_type) {
|
|
|
|
case DEV_OPEN: return(ENODEV);
|
|
|
|
case DEV_CLOSE: return(OK);
|
2007-02-07 17:22:19 +01:00
|
|
|
case DEV_IOCTL_S:
|
2009-12-02 10:57:48 +01:00
|
|
|
default: printf("nop: ignoring code %d\n", mp->m_type);
|
|
|
|
return(EIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* nop_ioctl *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int nop_ioctl(struct driver *UNUSED(dp), message *UNUSED(mp))
|
2006-06-20 10:49:51 +02:00
|
|
|
{
|
|
|
|
return(ENOTTY);
|
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* nop_alarm *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void nop_alarm(struct driver *UNUSED(dp), message *UNUSED(mp))
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Ignore the leftover alarm. */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_prepare *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC struct device *nop_prepare(int UNUSED(device))
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Nothing to prepare for. */
|
2010-05-10 15:26:00 +02:00
|
|
|
return(NULL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_cleanup *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC void nop_cleanup(void)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Nothing to clean up. */
|
|
|
|
}
|
|
|
|
|
2005-07-08 19:23:44 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* nop_cancel *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC int nop_cancel(struct driver *UNUSED(dr), message *UNUSED(m))
|
2005-07-08 19:23:44 +02:00
|
|
|
{
|
|
|
|
/* Nothing to do for cancel. */
|
2005-08-25 14:50:11 +02:00
|
|
|
return(OK);
|
2005-07-08 19:23:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_select *
|
|
|
|
*===========================================================================*/
|
2011-11-02 17:31:38 +01:00
|
|
|
PUBLIC int nop_select(struct driver *UNUSED(dr), message *UNUSED(m))
|
2005-07-08 19:23:44 +02:00
|
|
|
{
|
|
|
|
/* Nothing to do for select. */
|
2005-08-25 14:50:11 +02:00
|
|
|
return(OK);
|
2005-07-08 19:23:44 +02:00
|
|
|
}
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* do_diocntl *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int do_diocntl(struct driver *dp, message *mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Carry out a partition setting/getting request. */
|
|
|
|
struct device *dv;
|
|
|
|
struct partition entry;
|
2011-11-02 17:31:38 +01:00
|
|
|
unsigned int request;
|
2005-04-21 16:53:53 +02:00
|
|
|
int s;
|
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
request = mp->REQUEST;
|
|
|
|
|
|
|
|
if (request != DIOCSETP && request != DIOCGETP) {
|
|
|
|
if(dp->dr_other)
|
|
|
|
return dp->dr_other(dp, mp);
|
|
|
|
else
|
|
|
|
return(ENOTTY);
|
2005-07-13 16:58:21 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Decode the message parameters. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((dv = (*dp->dr_prepare)(mp->DEVICE)) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2011-11-02 17:31:38 +01:00
|
|
|
if (request == DIOCSETP) {
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Copy just this one partition table entry. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
s=sys_safecopyfrom(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
2009-12-02 10:57:48 +01:00
|
|
|
0, (vir_bytes) &entry, sizeof(entry), D);
|
2006-06-20 10:49:51 +02:00
|
|
|
if(s != OK)
|
2005-04-21 16:53:53 +02:00
|
|
|
return s;
|
|
|
|
dv->dv_base = entry.base;
|
|
|
|
dv->dv_size = entry.size;
|
|
|
|
} else {
|
|
|
|
/* Return a partition table entry and the geometry of the drive. */
|
|
|
|
entry.base = dv->dv_base;
|
|
|
|
entry.size = dv->dv_size;
|
|
|
|
(*dp->dr_geometry)(&entry);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
s=sys_safecopyto(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
2009-12-02 10:57:48 +01:00
|
|
|
0, (vir_bytes) &entry, sizeof(entry), D);
|
2006-06-20 10:49:51 +02:00
|
|
|
if (OK != s)
|
2005-04-21 16:53:53 +02:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
return(OK);
|
|
|
|
}
|