2005-09-22 23:18:02 +02:00
|
|
|
/* This file contains the terminal driver, both for the IBM console and regular
|
2005-04-21 16:53:53 +02:00
|
|
|
* ASCII terminals. It handles only the device-independent part of a TTY, the
|
|
|
|
* device dependent parts are in console.c, rs232.c, etc. This file contains
|
|
|
|
* two main entry points, tty_task() and tty_wakeup(), and several minor entry
|
|
|
|
* points for use by the device-dependent code.
|
|
|
|
*
|
|
|
|
* The device-independent part accepts "keyboard" input from the device-
|
|
|
|
* dependent part, performs input processing (special key interpretation),
|
|
|
|
* and sends the input to a process reading from the TTY. Output to a TTY
|
|
|
|
* is sent to the device-dependent code for output processing and "screen"
|
|
|
|
* display. Input processing is done by the device by calling 'in_process'
|
|
|
|
* on the input characters, output processing may be done by the device itself
|
|
|
|
* or by calling 'out_process'. The TTY takes care of input queuing, the
|
|
|
|
* device does the output queuing. If a device receives an external signal,
|
|
|
|
* like an interrupt, then it causes tty_wakeup() to be run by the CLOCK task
|
|
|
|
* to, you guessed it, wake up the TTY to check if input or output can
|
|
|
|
* continue.
|
|
|
|
*
|
|
|
|
* The valid messages and their parameters are:
|
|
|
|
*
|
2009-09-29 20:47:56 +02:00
|
|
|
* notify from HARDWARE: output has been completed or input has arrived
|
|
|
|
* notify from SYSTEM : e.g., MINIX wants to shutdown; run code to
|
|
|
|
* cleanly stop
|
2005-06-17 15:37:41 +02:00
|
|
|
* DEV_READ: a process wants to read from a terminal
|
|
|
|
* DEV_WRITE: a process wants to write on a terminal
|
|
|
|
* DEV_IOCTL: a process wants to change a terminal's parameters
|
|
|
|
* DEV_OPEN: a tty line has been opened
|
|
|
|
* DEV_CLOSE: a tty line has been closed
|
|
|
|
* DEV_SELECT: start select notification request
|
2005-07-27 16:32:16 +02:00
|
|
|
* DEV_STATUS: FS wants to know status for SELECT or REVIVE
|
2005-06-17 15:37:41 +02:00
|
|
|
* CANCEL: terminate a previous incomplete system call immediately
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
* m_type TTY_LINE USER_ENDPT COUNT TTY_SPEKS IO_GRANT
|
2006-06-20 11:02:54 +02:00
|
|
|
* -----------------------------------------------------------------
|
|
|
|
* | HARD_INT | | | | | |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | SYS_SIG | sig set | | | | |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
2011-03-25 11:43:24 +01:00
|
|
|
* | DEV_READ |minor dev| proc nr | count | | grant |
|
2006-06-20 11:02:54 +02:00
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
2011-03-25 11:43:24 +01:00
|
|
|
* | DEV_WRITE |minor dev| proc nr | count | | grant |
|
2006-06-20 11:02:54 +02:00
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | DEV_IOCTL |minor dev| proc nr |func code|erase etc| |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | DEV_OPEN |minor dev| proc nr | O_NOCTTY| | |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | DEV_CLOSE |minor dev| proc nr | | | |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | DEV_STATUS | | | | | |
|
|
|
|
* |-------------+---------+---------+---------+---------+---------|
|
|
|
|
* | CANCEL |minor dev| proc nr | | | |
|
|
|
|
* -----------------------------------------------------------------
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
|
|
|
* Changes:
|
|
|
|
* Jan 20, 2004 moved TTY driver to user-space (Jorrit N. Herder)
|
|
|
|
* Sep 20, 2004 local timer management/ sync alarms (Jorrit N. Herder)
|
|
|
|
* Jul 13, 2004 support for function key observers (Jorrit N. Herder)
|
|
|
|
*/
|
|
|
|
|
2010-03-22 22:25:22 +01:00
|
|
|
#include <minix/drivers.h>
|
2010-04-08 15:41:35 +02:00
|
|
|
#include <minix/driver.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <termios.h>
|
|
|
|
#include <sys/ioc_tty.h>
|
|
|
|
#include <signal.h>
|
|
|
|
#include <minix/callnr.h>
|
2008-11-19 13:26:10 +01:00
|
|
|
#include <minix/sys_config.h>
|
|
|
|
#include <minix/tty.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <minix/keymap.h>
|
2009-09-29 20:47:56 +02:00
|
|
|
#include <minix/endpoint.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include "tty.h"
|
|
|
|
|
2005-06-17 15:37:41 +02:00
|
|
|
#include <sys/time.h>
|
|
|
|
#include <sys/select.h>
|
|
|
|
|
2005-07-29 17:22:58 +02:00
|
|
|
unsigned long kbd_irq_set = 0;
|
|
|
|
unsigned long rs_irq_set = 0;
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Address of a tty structure. */
|
|
|
|
#define tty_addr(line) (&tty_table[line])
|
|
|
|
|
|
|
|
/* Macros for magic tty types. */
|
|
|
|
#define isconsole(tp) ((tp) < tty_addr(NR_CONS))
|
2005-08-05 15:50:58 +02:00
|
|
|
#define ispty(tp) ((tp) >= tty_addr(NR_CONS+NR_RS_LINES))
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Macros for magic tty structure pointers. */
|
|
|
|
#define FIRST_TTY tty_addr(0)
|
|
|
|
#define END_TTY tty_addr(sizeof(tty_table) / sizeof(tty_table[0]))
|
|
|
|
|
|
|
|
/* A device exists if at least its 'devread' function is defined. */
|
|
|
|
#define tty_active(tp) ((tp)->tty_devread != NULL)
|
|
|
|
|
|
|
|
/* RS232 lines or pseudo terminals can be completely configured out. */
|
|
|
|
#if NR_RS_LINES == 0
|
|
|
|
#define rs_init(tp) ((void) 0)
|
|
|
|
#endif
|
2008-11-19 13:26:10 +01:00
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
#if NR_PTYS == 0
|
|
|
|
#define pty_init(tp) ((void) 0)
|
|
|
|
#define do_pty(tp, mp) ((void) 0)
|
|
|
|
#endif
|
|
|
|
|
2005-09-30 15:01:34 +02:00
|
|
|
struct kmessages kmess;
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
FORWARD _PROTOTYPE( void tty_timed_out, (timer_t *tp) );
|
|
|
|
FORWARD _PROTOTYPE( void settimer, (tty_t *tty_ptr, int enable) );
|
|
|
|
FORWARD _PROTOTYPE( void do_cancel, (tty_t *tp, message *m_ptr) );
|
2011-03-25 11:43:24 +01:00
|
|
|
FORWARD _PROTOTYPE( void do_ioctl, (tty_t *tp, message *m_ptr) );
|
2005-04-21 16:53:53 +02:00
|
|
|
FORWARD _PROTOTYPE( void do_open, (tty_t *tp, message *m_ptr) );
|
|
|
|
FORWARD _PROTOTYPE( void do_close, (tty_t *tp, message *m_ptr) );
|
2011-03-25 11:43:24 +01:00
|
|
|
FORWARD _PROTOTYPE( void do_read, (tty_t *tp, message *m_ptr) );
|
|
|
|
FORWARD _PROTOTYPE( void do_write, (tty_t *tp, message *m_ptr) );
|
2005-06-17 15:37:41 +02:00
|
|
|
FORWARD _PROTOTYPE( void do_select, (tty_t *tp, message *m_ptr) );
|
2005-07-27 16:32:16 +02:00
|
|
|
FORWARD _PROTOTYPE( void do_status, (message *m_ptr) );
|
2005-04-21 16:53:53 +02:00
|
|
|
FORWARD _PROTOTYPE( void in_transfer, (tty_t *tp) );
|
2005-05-27 15:57:00 +02:00
|
|
|
FORWARD _PROTOTYPE( int tty_echo, (tty_t *tp, int ch) );
|
2005-04-21 16:53:53 +02:00
|
|
|
FORWARD _PROTOTYPE( void rawecho, (tty_t *tp, int ch) );
|
|
|
|
FORWARD _PROTOTYPE( int back_over, (tty_t *tp) );
|
|
|
|
FORWARD _PROTOTYPE( void reprint, (tty_t *tp) );
|
|
|
|
FORWARD _PROTOTYPE( void dev_ioctl, (tty_t *tp) );
|
|
|
|
FORWARD _PROTOTYPE( void setattr, (tty_t *tp) );
|
|
|
|
FORWARD _PROTOTYPE( void tty_icancel, (tty_t *tp) );
|
2005-06-24 18:21:54 +02:00
|
|
|
FORWARD _PROTOTYPE( void tty_init, (void) );
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Default attributes. */
|
|
|
|
PRIVATE struct termios termios_defaults = {
|
|
|
|
TINPUT_DEF, TOUTPUT_DEF, TCTRL_DEF, TLOCAL_DEF, TSPEED_DEF, TSPEED_DEF,
|
|
|
|
{
|
|
|
|
TEOF_DEF, TEOL_DEF, TERASE_DEF, TINTR_DEF, TKILL_DEF, TMIN_DEF,
|
|
|
|
TQUIT_DEF, TTIME_DEF, TSUSP_DEF, TSTART_DEF, TSTOP_DEF,
|
|
|
|
TREPRINT_DEF, TLNEXT_DEF, TDISCARD_DEF,
|
|
|
|
},
|
|
|
|
};
|
|
|
|
PRIVATE struct winsize winsize_defaults; /* = all zeroes */
|
|
|
|
|
|
|
|
/* Global variables for the TTY task (declared extern in tty.h). */
|
|
|
|
PUBLIC tty_t tty_table[NR_CONS+NR_RS_LINES+NR_PTYS];
|
|
|
|
PUBLIC int ccurrent; /* currently active console */
|
2005-04-29 17:36:43 +02:00
|
|
|
PUBLIC struct machine machine; /* kernel environment variables */
|
2008-12-08 17:40:29 +01:00
|
|
|
PUBLIC u32_t system_hz;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
2009-12-21 15:12:21 +01:00
|
|
|
/* SEF functions and variables. */
|
|
|
|
FORWARD _PROTOTYPE( void sef_local_startup, (void) );
|
Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 02:20:42 +01:00
|
|
|
FORWARD _PROTOTYPE( int sef_cb_init_fresh, (int type, sef_init_info_t *info) );
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
FORWARD _PROTOTYPE( void sef_cb_signal_handler, (int signo) );
|
2008-11-19 13:26:10 +01:00
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* tty_task *
|
|
|
|
*===========================================================================*/
|
2008-11-19 13:26:10 +01:00
|
|
|
PUBLIC int main(void)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Main routine of the terminal task. */
|
|
|
|
|
|
|
|
message tty_mess; /* buffer for all incoming messages */
|
2010-04-08 15:41:35 +02:00
|
|
|
int ipc_status;
|
2005-04-21 16:53:53 +02:00
|
|
|
unsigned line;
|
Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 02:20:42 +01:00
|
|
|
int r;
|
2005-06-24 18:21:54 +02:00
|
|
|
register tty_t *tp;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
2009-12-21 15:12:21 +01:00
|
|
|
/* SEF local startup. */
|
|
|
|
sef_local_startup();
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
while (TRUE) {
|
|
|
|
/* Check for and handle any events on any of the ttys. */
|
|
|
|
for (tp = FIRST_TTY; tp < END_TTY; tp++) {
|
|
|
|
if (tp->tty_events) handle_events(tp);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Get a request message. */
|
2010-04-08 15:41:35 +02:00
|
|
|
r= driver_receive(ANY, &tty_mess, &ipc_status);
|
2005-09-30 15:01:34 +02:00
|
|
|
if (r != 0)
|
2010-04-08 15:41:35 +02:00
|
|
|
panic("driver_receive failed with: %d", r);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* First handle all kernel notification types that the TTY supports.
|
|
|
|
* - An alarm went off, expire all timers and handle the events.
|
|
|
|
* - A hardware interrupt also is an invitation to check for events.
|
|
|
|
* - A new kernel message is available for printing.
|
|
|
|
* - Reset the console on system shutdown.
|
|
|
|
* Then see if this message is different from a normal device driver
|
|
|
|
* request and should be handled separately. These extra functions
|
|
|
|
* do not operate on a device, in constrast to the driver requests.
|
|
|
|
*/
|
2009-09-29 20:47:56 +02:00
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
if (is_ipc_notify(ipc_status)) {
|
2009-09-29 20:47:56 +02:00
|
|
|
switch (_ENDPOINT_P(tty_mess.m_source)) {
|
|
|
|
case CLOCK:
|
|
|
|
/* run watchdogs of expired timers */
|
2010-07-09 14:58:18 +02:00
|
|
|
expire_timers(tty_mess.NOTIFY_TIMESTAMP);
|
2009-09-29 20:47:56 +02:00
|
|
|
break;
|
|
|
|
case HARDWARE:
|
|
|
|
/* hardware interrupt notification */
|
|
|
|
|
|
|
|
/* fetch chars from keyboard */
|
|
|
|
if (tty_mess.NOTIFY_ARG & kbd_irq_set)
|
|
|
|
kbd_interrupt(&tty_mess);
|
2005-09-04 20:16:44 +02:00
|
|
|
#if NR_RS_LINES > 0
|
2009-09-29 20:47:56 +02:00
|
|
|
/* serial I/O */
|
|
|
|
if (tty_mess.NOTIFY_ARG & rs_irq_set)
|
|
|
|
rs_interrupt(&tty_mess);
|
2005-09-04 20:16:44 +02:00
|
|
|
#endif
|
2009-09-29 20:47:56 +02:00
|
|
|
/* run watchdogs of expired timers */
|
2010-07-09 14:58:18 +02:00
|
|
|
expire_timers(tty_mess.NOTIFY_TIMESTAMP);
|
2009-09-29 20:47:56 +02:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* do nothing */
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* done, get new message */
|
2005-07-20 17:28:05 +02:00
|
|
|
continue;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2009-09-29 20:47:56 +02:00
|
|
|
|
|
|
|
switch (tty_mess.m_type) {
|
2005-04-21 16:53:53 +02:00
|
|
|
case FKEY_CONTROL: /* (un)register a fkey observer */
|
|
|
|
do_fkey_ctl(&tty_mess);
|
|
|
|
continue;
|
2010-11-17 15:53:07 +01:00
|
|
|
case INPUT_EVENT:
|
|
|
|
do_kb_inject(&tty_mess);
|
|
|
|
continue;
|
2005-04-21 16:53:53 +02:00
|
|
|
default: /* should be a driver request */
|
|
|
|
; /* do nothing; end switch */
|
|
|
|
}
|
|
|
|
|
2005-07-27 16:32:16 +02:00
|
|
|
/* Only device requests should get to this point. All requests,
|
|
|
|
* except DEV_STATUS, have a minor device number. Check this
|
|
|
|
* exception and get the minor device number otherwise.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
2005-07-27 16:32:16 +02:00
|
|
|
if (tty_mess.m_type == DEV_STATUS) {
|
|
|
|
do_status(&tty_mess);
|
|
|
|
continue;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
line = tty_mess.TTY_LINE;
|
2005-10-24 15:57:19 +02:00
|
|
|
if (line == KBD_MINOR) {
|
|
|
|
do_kbd(&tty_mess);
|
|
|
|
continue;
|
|
|
|
} else if (line == KBDAUX_MINOR) {
|
|
|
|
do_kbdaux(&tty_mess);
|
|
|
|
continue;
|
2005-11-09 16:45:48 +01:00
|
|
|
} else if (line == VIDEO_MINOR) {
|
|
|
|
do_video(&tty_mess);
|
|
|
|
continue;
|
2005-10-24 15:57:19 +02:00
|
|
|
} else if ((line - CONS_MINOR) < NR_CONS) {
|
2005-04-21 16:53:53 +02:00
|
|
|
tp = tty_addr(line - CONS_MINOR);
|
|
|
|
} else if (line == LOG_MINOR) {
|
|
|
|
tp = tty_addr(0);
|
|
|
|
} else if ((line - RS232_MINOR) < NR_RS_LINES) {
|
|
|
|
tp = tty_addr(line - RS232_MINOR + NR_CONS);
|
|
|
|
} else if ((line - TTYPX_MINOR) < NR_PTYS) {
|
|
|
|
tp = tty_addr(line - TTYPX_MINOR + NR_CONS + NR_RS_LINES);
|
|
|
|
} else if ((line - PTYPX_MINOR) < NR_PTYS) {
|
|
|
|
tp = tty_addr(line - PTYPX_MINOR + NR_CONS + NR_RS_LINES);
|
2007-02-07 17:22:19 +01:00
|
|
|
if (tty_mess.m_type != DEV_IOCTL_S) {
|
2005-04-21 16:53:53 +02:00
|
|
|
do_pty(tp, &tty_mess);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
tp = NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If the device doesn't exist or is not configured return ENXIO. */
|
|
|
|
if (tp == NULL || ! tty_active(tp)) {
|
2005-05-27 14:44:14 +02:00
|
|
|
printf("Warning, TTY got illegal request %d from %d\n",
|
|
|
|
tty_mess.m_type, tty_mess.m_source);
|
2005-09-30 15:01:34 +02:00
|
|
|
if (tty_mess.m_source != LOG_PROC_NR)
|
|
|
|
{
|
|
|
|
tty_reply(TASK_REPLY, tty_mess.m_source,
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_mess.USER_ENDPT, ENXIO);
|
2005-09-30 15:01:34 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Execute the requested device driver function. */
|
|
|
|
switch (tty_mess.m_type) {
|
2011-03-25 11:43:24 +01:00
|
|
|
case DEV_READ_S: do_read(tp, &tty_mess); break;
|
|
|
|
case DEV_WRITE_S: do_write(tp, &tty_mess); break;
|
|
|
|
case DEV_IOCTL_S: do_ioctl(tp, &tty_mess); break;
|
2005-06-17 15:37:41 +02:00
|
|
|
case DEV_OPEN: do_open(tp, &tty_mess); break;
|
|
|
|
case DEV_CLOSE: do_close(tp, &tty_mess); break;
|
|
|
|
case DEV_SELECT: do_select(tp, &tty_mess); break;
|
|
|
|
case CANCEL: do_cancel(tp, &tty_mess); break;
|
2005-05-27 14:44:14 +02:00
|
|
|
default:
|
2005-10-13 10:49:42 +02:00
|
|
|
printf("Warning, TTY got unexpected request %d from %d\n",
|
|
|
|
tty_mess.m_type, tty_mess.m_source);
|
2005-05-27 14:44:14 +02:00
|
|
|
tty_reply(TASK_REPLY, tty_mess.m_source,
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_mess.USER_ENDPT, EINVAL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
}
|
2008-11-19 13:26:10 +01:00
|
|
|
|
|
|
|
return 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
2009-12-21 15:12:21 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* sef_local_startup *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void sef_local_startup()
|
|
|
|
{
|
Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 02:20:42 +01:00
|
|
|
/* Register init callbacks. */
|
|
|
|
sef_setcb_init_fresh(sef_cb_init_fresh);
|
|
|
|
sef_setcb_init_restart(sef_cb_init_fresh);
|
|
|
|
|
Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
2009-12-21 15:12:21 +01:00
|
|
|
/* No live update support for now. */
|
|
|
|
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
/* Register signal callbacks. */
|
|
|
|
sef_setcb_signal_handler(sef_cb_signal_handler);
|
|
|
|
|
Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
2009-12-21 15:12:21 +01:00
|
|
|
/* Let SEF perform startup. */
|
|
|
|
sef_startup();
|
|
|
|
}
|
|
|
|
|
Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 02:20:42 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* sef_cb_init_fresh *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
|
|
|
|
{
|
|
|
|
/* Initialize the tty driver. */
|
|
|
|
int r;
|
|
|
|
|
|
|
|
/* Get kernel environment (protected_mode, pc_at and ega are needed). */
|
|
|
|
if (OK != (r=sys_getmachine(&machine))) {
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("Couldn't obtain kernel environment: %d", r);
|
Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 02:20:42 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Initialize the TTY driver. */
|
|
|
|
tty_init();
|
|
|
|
|
|
|
|
/* Final one-time keyboard initialization. */
|
|
|
|
kb_init_once();
|
|
|
|
|
|
|
|
return(OK);
|
|
|
|
}
|
|
|
|
|
2009-12-22 00:19:01 +01:00
|
|
|
/*===========================================================================*
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
* sef_cb_signal_handler *
|
2009-12-22 00:19:01 +01:00
|
|
|
*===========================================================================*/
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
PRIVATE void sef_cb_signal_handler(int signo)
|
2009-12-22 00:19:01 +01:00
|
|
|
{
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
/* Check for known signals, ignore anything else. */
|
|
|
|
switch(signo) {
|
|
|
|
/* There is a pending message from the kernel. */
|
|
|
|
case SIGKMESS:
|
|
|
|
do_new_kmess();
|
|
|
|
break;
|
|
|
|
/* Switch to primary console on termination. */
|
|
|
|
case SIGTERM:
|
|
|
|
cons_stop();
|
|
|
|
break;
|
|
|
|
}
|
2009-12-22 00:19:01 +01:00
|
|
|
}
|
|
|
|
|
2005-07-27 16:32:16 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* do_status *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void do_status(m_ptr)
|
|
|
|
message *m_ptr;
|
|
|
|
{
|
|
|
|
register struct tty *tp;
|
|
|
|
int event_found;
|
|
|
|
int status;
|
|
|
|
int ops;
|
|
|
|
|
|
|
|
/* Check for select or revive events on any of the ttys. If we found an,
|
|
|
|
* event return a single status message for it. The FS will make another
|
|
|
|
* call to see if there is more.
|
|
|
|
*/
|
|
|
|
event_found = 0;
|
|
|
|
for (tp = FIRST_TTY; tp < END_TTY; tp++) {
|
|
|
|
if ((ops = select_try(tp, tp->tty_select_ops)) &&
|
|
|
|
tp->tty_select_proc == m_ptr->m_source) {
|
|
|
|
|
|
|
|
/* I/O for a selected minor device is ready. */
|
|
|
|
m_ptr->m_type = DEV_IO_READY;
|
2005-10-04 14:04:00 +02:00
|
|
|
m_ptr->DEV_MINOR = tp->tty_minor;
|
2005-07-27 16:32:16 +02:00
|
|
|
m_ptr->DEV_SEL_OPS = ops;
|
|
|
|
|
|
|
|
tp->tty_select_ops &= ~ops; /* unmark select event */
|
|
|
|
event_found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (tp->tty_inrevived && tp->tty_incaller == m_ptr->m_source) {
|
|
|
|
|
|
|
|
/* Suspended request finished. Send a REVIVE. */
|
|
|
|
m_ptr->m_type = DEV_REVIVE;
|
2006-03-03 11:21:45 +01:00
|
|
|
m_ptr->REP_ENDPT = tp->tty_inproc;
|
2011-03-25 11:43:24 +01:00
|
|
|
m_ptr->REP_IO_GRANT = tp->tty_ingrant;
|
2005-07-27 16:32:16 +02:00
|
|
|
m_ptr->REP_STATUS = tp->tty_incum;
|
|
|
|
|
|
|
|
tp->tty_inleft = tp->tty_incum = 0;
|
|
|
|
tp->tty_inrevived = 0; /* unmark revive event */
|
|
|
|
event_found = 1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
else if (tp->tty_outrevived && tp->tty_outcaller == m_ptr->m_source) {
|
|
|
|
|
|
|
|
/* Suspended request finished. Send a REVIVE. */
|
|
|
|
m_ptr->m_type = DEV_REVIVE;
|
2006-03-03 11:21:45 +01:00
|
|
|
m_ptr->REP_ENDPT = tp->tty_outproc;
|
2011-03-25 11:43:24 +01:00
|
|
|
m_ptr->REP_IO_GRANT = tp->tty_outgrant;
|
2005-07-27 16:32:16 +02:00
|
|
|
m_ptr->REP_STATUS = tp->tty_outcum;
|
|
|
|
|
|
|
|
tp->tty_outcum = 0;
|
|
|
|
tp->tty_outrevived = 0; /* unmark revive event */
|
|
|
|
event_found = 1;
|
|
|
|
break;
|
|
|
|
}
|
2006-06-20 11:02:54 +02:00
|
|
|
else if (tp->tty_iorevived && tp->tty_iocaller == m_ptr->m_source) {
|
|
|
|
/* Suspended request finished. Send a REVIVE. */
|
|
|
|
m_ptr->m_type = DEV_REVIVE;
|
|
|
|
m_ptr->REP_ENDPT = tp->tty_ioproc;
|
2011-03-25 11:43:24 +01:00
|
|
|
m_ptr->REP_IO_GRANT = tp->tty_iogrant;
|
2006-06-20 11:02:54 +02:00
|
|
|
m_ptr->REP_STATUS = tp->tty_iostatus;
|
|
|
|
tp->tty_iorevived = 0; /* unmark revive event */
|
|
|
|
event_found = 1;
|
|
|
|
break;
|
|
|
|
}
|
2005-07-27 16:32:16 +02:00
|
|
|
}
|
|
|
|
|
2005-09-04 20:16:44 +02:00
|
|
|
#if NR_PTYS > 0
|
2005-08-01 16:40:21 +02:00
|
|
|
if (!event_found)
|
|
|
|
event_found = pty_status(m_ptr);
|
2005-09-04 20:16:44 +02:00
|
|
|
#endif
|
2005-10-24 15:57:19 +02:00
|
|
|
if (!event_found)
|
|
|
|
event_found= kbd_status(m_ptr);
|
2005-08-01 16:40:21 +02:00
|
|
|
|
2005-07-27 16:32:16 +02:00
|
|
|
if (! event_found) {
|
|
|
|
/* No events of interest were found. Return an empty message. */
|
|
|
|
m_ptr->m_type = DEV_NO_STATUS;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Almost done. Send back the reply message to the caller. */
|
2008-02-22 17:03:00 +01:00
|
|
|
status = sendnb(m_ptr->m_source, m_ptr);
|
|
|
|
if (status != OK) {
|
|
|
|
printf("tty`do_status: send to %d failed: %d\n",
|
|
|
|
m_ptr->m_source, status);
|
2005-07-27 16:32:16 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* do_read *
|
|
|
|
*===========================================================================*/
|
2011-03-25 11:43:24 +01:00
|
|
|
PRIVATE void do_read(tp, m_ptr)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp; /* pointer to tty struct */
|
|
|
|
register message *m_ptr; /* pointer to message sent to the task */
|
|
|
|
{
|
|
|
|
/* A process wants to read from a terminal. */
|
2008-11-19 13:26:10 +01:00
|
|
|
int r;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Check if there is already a process hanging in a read, check if the
|
|
|
|
* parameters are correct, do I/O.
|
|
|
|
*/
|
|
|
|
if (tp->tty_inleft > 0) {
|
|
|
|
r = EIO;
|
|
|
|
} else
|
|
|
|
if (m_ptr->COUNT <= 0) {
|
|
|
|
r = EINVAL;
|
|
|
|
} else {
|
|
|
|
/* Copy information from the message to the tty struct. */
|
|
|
|
tp->tty_inrepcode = TASK_REPLY;
|
|
|
|
tp->tty_incaller = m_ptr->m_source;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tp->tty_inproc = m_ptr->USER_ENDPT;
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_ingrant = (cp_grant_id_t) m_ptr->IO_GRANT;
|
|
|
|
tp->tty_inoffset = 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_inleft = m_ptr->COUNT;
|
|
|
|
|
|
|
|
if (!(tp->tty_termios.c_lflag & ICANON)
|
|
|
|
&& tp->tty_termios.c_cc[VTIME] > 0) {
|
|
|
|
if (tp->tty_termios.c_cc[VMIN] == 0) {
|
|
|
|
/* MIN & TIME specify a read timer that finishes the
|
|
|
|
* read in TIME/10 seconds if no bytes are available.
|
|
|
|
*/
|
|
|
|
settimer(tp, TRUE);
|
|
|
|
tp->tty_min = 1;
|
|
|
|
} else {
|
|
|
|
/* MIN & TIME specify an inter-byte timer that may
|
|
|
|
* have to be cancelled if there are no bytes yet.
|
|
|
|
*/
|
|
|
|
if (tp->tty_eotct == 0) {
|
|
|
|
settimer(tp, FALSE);
|
|
|
|
tp->tty_min = tp->tty_termios.c_cc[VMIN];
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Anything waiting in the input buffer? Clear it out... */
|
|
|
|
in_transfer(tp);
|
|
|
|
/* ...then go back for more. */
|
2005-05-02 16:30:04 +02:00
|
|
|
handle_events(tp);
|
2005-06-17 15:37:41 +02:00
|
|
|
if (tp->tty_inleft == 0) {
|
2005-09-11 19:09:11 +02:00
|
|
|
if (tp->tty_select_ops)
|
2005-06-17 15:37:41 +02:00
|
|
|
select_retry(tp);
|
2005-04-21 16:53:53 +02:00
|
|
|
return; /* already done */
|
2005-06-17 15:37:41 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2006-06-20 11:02:54 +02:00
|
|
|
/* There were no bytes in the input queue available, so suspend
|
|
|
|
* the caller.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
2006-06-20 11:02:54 +02:00
|
|
|
r = SUSPEND; /* suspend the caller */
|
|
|
|
tp->tty_inrepcode = TTY_REVIVE;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, r);
|
2005-09-11 19:09:11 +02:00
|
|
|
if (tp->tty_select_ops)
|
2005-06-17 15:37:41 +02:00
|
|
|
select_retry(tp);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_write *
|
|
|
|
*===========================================================================*/
|
2011-03-25 11:43:24 +01:00
|
|
|
PRIVATE void do_write(tp, m_ptr)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp;
|
|
|
|
register message *m_ptr; /* pointer to message sent to the task */
|
|
|
|
{
|
|
|
|
/* A process wants to write on a terminal. */
|
|
|
|
int r;
|
|
|
|
|
|
|
|
/* Check if there is already a process hanging in a write, check if the
|
|
|
|
* parameters are correct, do I/O.
|
|
|
|
*/
|
|
|
|
if (tp->tty_outleft > 0) {
|
|
|
|
r = EIO;
|
|
|
|
} else
|
|
|
|
if (m_ptr->COUNT <= 0) {
|
|
|
|
r = EINVAL;
|
|
|
|
} else {
|
|
|
|
/* Copy message parameters to the tty structure. */
|
|
|
|
tp->tty_outrepcode = TASK_REPLY;
|
|
|
|
tp->tty_outcaller = m_ptr->m_source;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tp->tty_outproc = m_ptr->USER_ENDPT;
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_outgrant = (cp_grant_id_t) m_ptr->IO_GRANT;
|
|
|
|
tp->tty_outoffset = 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_outleft = m_ptr->COUNT;
|
|
|
|
|
|
|
|
/* Try to write. */
|
|
|
|
handle_events(tp);
|
2005-08-05 15:50:58 +02:00
|
|
|
if (tp->tty_outleft == 0)
|
|
|
|
return; /* already done */
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2006-06-20 11:02:54 +02:00
|
|
|
/* None or not all the bytes could be written, so suspend the
|
|
|
|
* caller.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
2006-06-20 11:02:54 +02:00
|
|
|
r = SUSPEND; /* suspend the caller */
|
|
|
|
tp->tty_outrepcode = TTY_REVIVE;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, r);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_ioctl *
|
|
|
|
*===========================================================================*/
|
2011-03-25 11:43:24 +01:00
|
|
|
PRIVATE void do_ioctl(tp, m_ptr)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp;
|
|
|
|
message *m_ptr; /* pointer to message sent to task */
|
|
|
|
{
|
|
|
|
/* Perform an IOCTL on this terminal. Posix termios calls are handled
|
|
|
|
* by the IOCTL system call
|
|
|
|
*/
|
|
|
|
|
|
|
|
int r;
|
|
|
|
union {
|
|
|
|
int i;
|
|
|
|
} param;
|
|
|
|
size_t size;
|
|
|
|
|
|
|
|
/* Size of the ioctl parameter. */
|
|
|
|
switch (m_ptr->TTY_REQUEST) {
|
|
|
|
case TCGETS: /* Posix tcgetattr function */
|
|
|
|
case TCSETS: /* Posix tcsetattr function, TCSANOW option */
|
|
|
|
case TCSETSW: /* Posix tcsetattr function, TCSADRAIN option */
|
|
|
|
case TCSETSF: /* Posix tcsetattr function, TCSAFLUSH option */
|
|
|
|
size = sizeof(struct termios);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCSBRK: /* Posix tcsendbreak function */
|
|
|
|
case TCFLOW: /* Posix tcflow function */
|
|
|
|
case TCFLSH: /* Posix tcflush function */
|
|
|
|
case TIOCGPGRP: /* Posix tcgetpgrp function */
|
|
|
|
case TIOCSPGRP: /* Posix tcsetpgrp function */
|
|
|
|
size = sizeof(int);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TIOCGWINSZ: /* get window size (not Posix) */
|
|
|
|
case TIOCSWINSZ: /* set window size (not Posix) */
|
|
|
|
size = sizeof(struct winsize);
|
|
|
|
break;
|
|
|
|
|
|
|
|
#if (MACHINE == IBM_PC)
|
|
|
|
case KIOCSMAP: /* load keymap (Minix extension) */
|
|
|
|
size = sizeof(keymap_t);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TIOCSFON: /* load font (Minix extension) */
|
|
|
|
size = sizeof(u8_t [8192]);
|
|
|
|
break;
|
|
|
|
|
|
|
|
#endif
|
|
|
|
case TCDRAIN: /* Posix tcdrain function -- no parameter */
|
|
|
|
default: size = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
r = OK;
|
|
|
|
switch (m_ptr->TTY_REQUEST) {
|
|
|
|
case TCGETS:
|
|
|
|
/* Get the termios attributes. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyto(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT, 0,
|
2006-06-20 11:02:54 +02:00
|
|
|
(vir_bytes) &tp->tty_termios, (vir_bytes) size, D);
|
2005-04-21 16:53:53 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
case TCSETSW:
|
|
|
|
case TCSETSF:
|
|
|
|
case TCDRAIN:
|
|
|
|
if (tp->tty_outleft > 0) {
|
|
|
|
/* Wait for all ongoing output processing to finish. */
|
|
|
|
tp->tty_iocaller = m_ptr->m_source;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tp->tty_ioproc = m_ptr->USER_ENDPT;
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_ioreq = m_ptr->REQUEST;
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_iogrant = (cp_grant_id_t) m_ptr->IO_GRANT;
|
2005-04-21 16:53:53 +02:00
|
|
|
r = SUSPEND;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (m_ptr->TTY_REQUEST == TCDRAIN) break;
|
|
|
|
if (m_ptr->TTY_REQUEST == TCSETSF) tty_icancel(tp);
|
|
|
|
/*FALL THROUGH*/
|
|
|
|
case TCSETS:
|
|
|
|
/* Set the termios attributes. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyfrom(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT,
|
2011-03-25 11:43:24 +01:00
|
|
|
0, (vir_bytes) &tp->tty_termios, (vir_bytes) size, D);
|
2005-04-21 16:53:53 +02:00
|
|
|
if (r != OK) break;
|
|
|
|
setattr(tp);
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCFLSH:
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyfrom(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT,
|
2011-03-25 11:43:24 +01:00
|
|
|
0, (vir_bytes) ¶m.i, (vir_bytes) size, D);
|
2005-04-21 16:53:53 +02:00
|
|
|
if (r != OK) break;
|
|
|
|
switch (param.i) {
|
2005-09-11 19:09:11 +02:00
|
|
|
case TCIFLUSH: tty_icancel(tp); break;
|
|
|
|
case TCOFLUSH: (*tp->tty_ocancel)(tp, 0); break;
|
|
|
|
case TCIOFLUSH: tty_icancel(tp); (*tp->tty_ocancel)(tp, 0); break;
|
2005-04-21 16:53:53 +02:00
|
|
|
default: r = EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCFLOW:
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyfrom(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT,
|
2011-03-25 11:43:24 +01:00
|
|
|
0, (vir_bytes) ¶m.i, (vir_bytes) size, D);
|
2005-04-21 16:53:53 +02:00
|
|
|
if (r != OK) break;
|
|
|
|
switch (param.i) {
|
|
|
|
case TCOOFF:
|
|
|
|
case TCOON:
|
|
|
|
tp->tty_inhibited = (param.i == TCOOFF);
|
|
|
|
tp->tty_events = 1;
|
|
|
|
break;
|
|
|
|
case TCIOFF:
|
|
|
|
(*tp->tty_echo)(tp, tp->tty_termios.c_cc[VSTOP]);
|
|
|
|
break;
|
|
|
|
case TCION:
|
|
|
|
(*tp->tty_echo)(tp, tp->tty_termios.c_cc[VSTART]);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
r = EINVAL;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case TCSBRK:
|
2005-06-17 15:37:41 +02:00
|
|
|
if (tp->tty_break != NULL) (*tp->tty_break)(tp,0);
|
2005-04-21 16:53:53 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
case TIOCGWINSZ:
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyto(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT, 0,
|
2006-06-20 11:02:54 +02:00
|
|
|
(vir_bytes) &tp->tty_winsize, (vir_bytes) size, D);
|
2005-04-21 16:53:53 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
case TIOCSWINSZ:
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = sys_safecopyfrom(m_ptr->m_source, (cp_grant_id_t) m_ptr->IO_GRANT,
|
2011-03-25 11:43:24 +01:00
|
|
|
0, (vir_bytes) &tp->tty_winsize, (vir_bytes) size, D);
|
2009-04-06 11:39:42 +02:00
|
|
|
sigchar(tp, SIGWINCH, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
break;
|
|
|
|
|
|
|
|
#if (MACHINE == IBM_PC)
|
|
|
|
case KIOCSMAP:
|
|
|
|
/* Load a new keymap (only /dev/console). */
|
2011-03-25 11:43:24 +01:00
|
|
|
if (isconsole(tp)) r = kbd_loadmap(m_ptr);
|
2005-04-21 16:53:53 +02:00
|
|
|
break;
|
|
|
|
|
2006-07-25 11:41:40 +02:00
|
|
|
case TIOCSFON_OLD:
|
|
|
|
printf("TTY: old TIOCSFON ignored.\n");
|
|
|
|
break;
|
2005-04-21 16:53:53 +02:00
|
|
|
case TIOCSFON:
|
|
|
|
/* Load a font into an EGA or VGA card (hs@hck.hr) */
|
|
|
|
if (isconsole(tp)) r = con_loadfont(m_ptr);
|
|
|
|
break;
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* These Posix functions are allowed to fail if _POSIX_JOB_CONTROL is
|
|
|
|
* not defined.
|
|
|
|
*/
|
|
|
|
case TIOCGPGRP:
|
|
|
|
case TIOCSPGRP:
|
|
|
|
default:
|
|
|
|
r = ENOTTY;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Send the reply. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, r);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_open *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void do_open(tp, m_ptr)
|
|
|
|
register tty_t *tp;
|
|
|
|
message *m_ptr; /* pointer to message sent to task */
|
|
|
|
{
|
|
|
|
/* A tty line has been opened. Make it the callers controlling tty if
|
|
|
|
* O_NOCTTY is *not* set and it is not the log device. 1 is returned if
|
|
|
|
* the tty is made the controlling tty, otherwise OK or an error code.
|
|
|
|
*/
|
|
|
|
int r = OK;
|
|
|
|
|
|
|
|
if (m_ptr->TTY_LINE == LOG_MINOR) {
|
|
|
|
/* The log device is a write-only diagnostics device. */
|
|
|
|
if (m_ptr->COUNT & R_BIT) r = EACCES;
|
|
|
|
} else {
|
|
|
|
if (!(m_ptr->COUNT & O_NOCTTY)) {
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tp->tty_pgrp = m_ptr->USER_ENDPT;
|
2005-04-21 16:53:53 +02:00
|
|
|
r = 1;
|
|
|
|
}
|
|
|
|
tp->tty_openct++;
|
|
|
|
}
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, r);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_close *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void do_close(tp, m_ptr)
|
|
|
|
register tty_t *tp;
|
|
|
|
message *m_ptr; /* pointer to message sent to task */
|
|
|
|
{
|
|
|
|
/* A tty line has been closed. Clean up the line if it is the last close. */
|
|
|
|
|
|
|
|
if (m_ptr->TTY_LINE != LOG_MINOR && --tp->tty_openct == 0) {
|
|
|
|
tp->tty_pgrp = 0;
|
|
|
|
tty_icancel(tp);
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_ocancel)(tp, 0);
|
|
|
|
(*tp->tty_close)(tp, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_termios = termios_defaults;
|
|
|
|
tp->tty_winsize = winsize_defaults;
|
|
|
|
setattr(tp);
|
|
|
|
}
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, OK);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_cancel *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void do_cancel(tp, m_ptr)
|
|
|
|
register tty_t *tp;
|
|
|
|
message *m_ptr; /* pointer to message sent to task */
|
|
|
|
{
|
|
|
|
/* A signal has been sent to a process that is hanging trying to read or write.
|
|
|
|
* The pending read or write must be finished off immediately.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int proc_nr;
|
|
|
|
int mode;
|
2006-06-20 11:02:54 +02:00
|
|
|
int r = EINTR;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Check the parameters carefully, to avoid cancelling twice. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
proc_nr = m_ptr->USER_ENDPT;
|
2005-04-21 16:53:53 +02:00
|
|
|
mode = m_ptr->COUNT;
|
2006-06-20 11:02:54 +02:00
|
|
|
if ((mode & R_BIT) && tp->tty_inleft != 0 && proc_nr == tp->tty_inproc &&
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_ingrant == (cp_grant_id_t) m_ptr->IO_GRANT) {
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Process was reading when killed. Clean up input. */
|
2006-06-20 11:02:54 +02:00
|
|
|
tty_icancel(tp);
|
|
|
|
r = tp->tty_incum > 0 ? tp->tty_incum : EAGAIN;
|
|
|
|
tp->tty_inleft = tp->tty_incum = tp->tty_inrevived = 0;
|
|
|
|
}
|
|
|
|
if ((mode & W_BIT) && tp->tty_outleft != 0 && proc_nr == tp->tty_outproc &&
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_outgrant == (cp_grant_id_t) m_ptr->IO_GRANT) {
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Process was writing when killed. Clean up output. */
|
2006-06-20 11:02:54 +02:00
|
|
|
r = tp->tty_outcum > 0 ? tp->tty_outcum : EAGAIN;
|
|
|
|
tp->tty_outleft = tp->tty_outcum = tp->tty_outrevived = 0;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
if (tp->tty_ioreq != 0 && proc_nr == tp->tty_ioproc) {
|
|
|
|
/* Process was waiting for output to drain. */
|
|
|
|
tp->tty_ioreq = 0;
|
|
|
|
}
|
|
|
|
tp->tty_events = 1;
|
2006-06-20 11:02:54 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, proc_nr, r);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
2005-06-17 15:37:41 +02:00
|
|
|
PUBLIC int select_try(struct tty *tp, int ops)
|
|
|
|
{
|
|
|
|
int ready_ops = 0;
|
|
|
|
|
2005-07-27 16:32:16 +02:00
|
|
|
/* Special case. If line is hung up, no operations will block.
|
2005-06-17 15:37:41 +02:00
|
|
|
* (and it can be seen as an exceptional condition.)
|
|
|
|
*/
|
|
|
|
if (tp->tty_termios.c_ospeed == B0) {
|
|
|
|
ready_ops |= ops;
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
if (ops & SEL_RD) {
|
2005-06-17 15:37:41 +02:00
|
|
|
/* will i/o not block on read? */
|
|
|
|
if (tp->tty_inleft > 0) {
|
|
|
|
ready_ops |= SEL_RD; /* EIO - no blocking */
|
2005-09-11 19:09:11 +02:00
|
|
|
} else if (tp->tty_incount > 0) {
|
2005-08-05 15:50:58 +02:00
|
|
|
/* Is a regular read possible? tty_incount
|
|
|
|
* says there is data. But a read will only succeed
|
2005-06-17 15:37:41 +02:00
|
|
|
* in canonical mode if a newline has been seen.
|
|
|
|
*/
|
2005-09-11 19:09:11 +02:00
|
|
|
if (!(tp->tty_termios.c_lflag & ICANON) ||
|
2005-06-17 15:37:41 +02:00
|
|
|
tp->tty_eotct > 0) {
|
|
|
|
ready_ops |= SEL_RD;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
if (ops & SEL_WR) {
|
2005-08-05 15:50:58 +02:00
|
|
|
if (tp->tty_outleft > 0) ready_ops |= SEL_WR;
|
2005-09-11 19:09:11 +02:00
|
|
|
else if ((*tp->tty_devwrite)(tp, 1)) ready_ops |= SEL_WR;
|
2005-06-17 15:37:41 +02:00
|
|
|
}
|
|
|
|
return ready_ops;
|
|
|
|
}
|
|
|
|
|
|
|
|
PUBLIC int select_retry(struct tty *tp)
|
|
|
|
{
|
2005-10-24 15:57:19 +02:00
|
|
|
if (tp->tty_select_ops && select_try(tp, tp->tty_select_ops))
|
2005-07-29 17:00:22 +02:00
|
|
|
notify(tp->tty_select_proc);
|
2005-06-17 15:37:41 +02:00
|
|
|
return OK;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* handle_events *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void handle_events(tp)
|
|
|
|
tty_t *tp; /* TTY to check for events. */
|
|
|
|
{
|
|
|
|
/* Handle any events pending on a TTY. These events are usually device
|
|
|
|
* interrupts.
|
|
|
|
*
|
|
|
|
* Two kinds of events are prominent:
|
|
|
|
* - a character has been received from the console or an RS232 line.
|
|
|
|
* - an RS232 line has completed a write request (on behalf of a user).
|
|
|
|
* The interrupt handler may delay the interrupt message at its discretion
|
|
|
|
* to avoid swamping the TTY task. Messages may be overwritten when the
|
|
|
|
* lines are fast or when there are races between different lines, input
|
|
|
|
* and output, because MINIX only provides single buffering for interrupt
|
|
|
|
* messages (in proc.c). This is handled by explicitly checking each line
|
|
|
|
* for fresh input and completed output on each interrupt.
|
|
|
|
*/
|
|
|
|
|
|
|
|
do {
|
|
|
|
tp->tty_events = 0;
|
|
|
|
|
|
|
|
/* Read input and perform input processing. */
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_devread)(tp, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Perform output processing and write output. */
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_devwrite)(tp, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Ioctl waiting for some event? */
|
|
|
|
if (tp->tty_ioreq != 0) dev_ioctl(tp);
|
|
|
|
} while (tp->tty_events);
|
|
|
|
|
|
|
|
/* Transfer characters from the input queue to a waiting process. */
|
|
|
|
in_transfer(tp);
|
|
|
|
|
|
|
|
/* Reply if enough bytes are available. */
|
|
|
|
if (tp->tty_incum >= tp->tty_min && tp->tty_inleft > 0) {
|
2006-06-20 11:02:54 +02:00
|
|
|
if (tp->tty_inrepcode == TTY_REVIVE) {
|
2005-07-29 17:00:22 +02:00
|
|
|
notify(tp->tty_incaller);
|
2005-07-27 16:32:16 +02:00
|
|
|
tp->tty_inrevived = 1;
|
|
|
|
} else {
|
|
|
|
tty_reply(tp->tty_inrepcode, tp->tty_incaller,
|
|
|
|
tp->tty_inproc, tp->tty_incum);
|
|
|
|
tp->tty_inleft = tp->tty_incum = 0;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2005-09-11 19:09:11 +02:00
|
|
|
if (tp->tty_select_ops)
|
2005-10-24 15:57:19 +02:00
|
|
|
{
|
2005-08-05 15:50:58 +02:00
|
|
|
select_retry(tp);
|
2005-10-24 15:57:19 +02:00
|
|
|
}
|
2005-09-04 20:16:44 +02:00
|
|
|
#if NR_PTYS > 0
|
2005-09-11 19:09:11 +02:00
|
|
|
if (ispty(tp))
|
2005-08-05 15:50:58 +02:00
|
|
|
select_retry_pty(tp);
|
2005-09-04 20:16:44 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* in_transfer *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void in_transfer(tp)
|
|
|
|
register tty_t *tp; /* pointer to terminal to read from */
|
|
|
|
{
|
|
|
|
/* Transfer bytes from the input queue to a process reading from a terminal. */
|
|
|
|
|
|
|
|
int ch;
|
|
|
|
int count;
|
|
|
|
char buf[64], *bp;
|
|
|
|
|
|
|
|
/* Force read to succeed if the line is hung up, looks like EOF to reader. */
|
|
|
|
if (tp->tty_termios.c_ospeed == B0) tp->tty_min = 0;
|
|
|
|
|
|
|
|
/* Anything to do? */
|
|
|
|
if (tp->tty_inleft == 0 || tp->tty_eotct < tp->tty_min) return;
|
|
|
|
|
|
|
|
bp = buf;
|
|
|
|
while (tp->tty_inleft > 0 && tp->tty_eotct > 0) {
|
|
|
|
ch = *tp->tty_intail;
|
|
|
|
|
|
|
|
if (!(ch & IN_EOF)) {
|
|
|
|
/* One character to be delivered to the user. */
|
|
|
|
*bp = ch & IN_CHAR;
|
|
|
|
tp->tty_inleft--;
|
|
|
|
if (++bp == bufend(buf)) {
|
|
|
|
/* Temp buffer full, copy to user space. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
sys_safecopyto(tp->tty_incaller,
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_ingrant, tp->tty_inoffset,
|
|
|
|
(vir_bytes) buf,
|
|
|
|
(vir_bytes) buflen(buf), D);
|
|
|
|
tp->tty_inoffset += buflen(buf);
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_incum += buflen(buf);
|
|
|
|
bp = buf;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Remove the character from the input queue. */
|
|
|
|
if (++tp->tty_intail == bufend(tp->tty_inbuf))
|
|
|
|
tp->tty_intail = tp->tty_inbuf;
|
|
|
|
tp->tty_incount--;
|
|
|
|
if (ch & IN_EOT) {
|
|
|
|
tp->tty_eotct--;
|
|
|
|
/* Don't read past a line break in canonical mode. */
|
|
|
|
if (tp->tty_termios.c_lflag & ICANON) tp->tty_inleft = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bp > buf) {
|
|
|
|
/* Leftover characters in the buffer. */
|
|
|
|
count = bp - buf;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
sys_safecopyto(tp->tty_incaller,
|
2011-03-25 11:43:24 +01:00
|
|
|
tp->tty_ingrant, tp->tty_inoffset,
|
|
|
|
(vir_bytes) buf, (vir_bytes) count, D);
|
|
|
|
tp->tty_inoffset += count;
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_incum += count;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Usually reply to the reader, possibly even if incum == 0 (EOF). */
|
|
|
|
if (tp->tty_inleft == 0) {
|
2006-06-20 11:02:54 +02:00
|
|
|
if (tp->tty_inrepcode == TTY_REVIVE) {
|
2005-07-29 17:00:22 +02:00
|
|
|
notify(tp->tty_incaller);
|
2005-07-27 16:32:16 +02:00
|
|
|
tp->tty_inrevived = 1;
|
|
|
|
} else {
|
|
|
|
tty_reply(tp->tty_inrepcode, tp->tty_incaller,
|
|
|
|
tp->tty_inproc, tp->tty_incum);
|
|
|
|
tp->tty_inleft = tp->tty_incum = 0;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* in_process *
|
|
|
|
*===========================================================================*/
|
2010-04-22 15:59:34 +02:00
|
|
|
PRIVATE void in_process_send_byte(
|
|
|
|
tty_t *tp, /* terminal on which character has arrived */
|
|
|
|
int ch /* input character */
|
|
|
|
)
|
2010-04-15 08:55:42 +02:00
|
|
|
{
|
|
|
|
/* Save the character in the input queue. */
|
|
|
|
*tp->tty_inhead++ = ch;
|
|
|
|
if (tp->tty_inhead == bufend(tp->tty_inbuf))
|
|
|
|
tp->tty_inhead = tp->tty_inbuf;
|
|
|
|
tp->tty_incount++;
|
|
|
|
if (ch & IN_EOT) tp->tty_eotct++;
|
|
|
|
|
|
|
|
/* Try to finish input if the queue threatens to overflow. */
|
|
|
|
if (tp->tty_incount == buflen(tp->tty_inbuf)) in_transfer(tp);
|
|
|
|
}
|
|
|
|
|
|
|
|
PUBLIC int in_process(tp, buf, count, scode)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp; /* terminal on which character has arrived */
|
|
|
|
char *buf; /* buffer with input characters */
|
|
|
|
int count; /* number of input characters */
|
2010-04-15 08:55:42 +02:00
|
|
|
int scode; /* scan code */
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Characters have just been typed in. Process, save, and echo them. Return
|
|
|
|
* the number of characters processed.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int ch, sig, ct;
|
|
|
|
int timeset = FALSE;
|
|
|
|
|
2010-04-15 08:55:42 +02:00
|
|
|
/* Send scancode if requested */
|
|
|
|
if (tp->tty_termios.c_iflag & SCANCODES) {
|
|
|
|
in_process_send_byte(tp, (scode & BYTE) | IN_EOT);
|
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
for (ct = 0; ct < count; ct++) {
|
|
|
|
/* Take one character. */
|
|
|
|
ch = *buf++ & BYTE;
|
|
|
|
|
|
|
|
/* Strip to seven bits? */
|
|
|
|
if (tp->tty_termios.c_iflag & ISTRIP) ch &= 0x7F;
|
|
|
|
|
|
|
|
/* Input extensions? */
|
|
|
|
if (tp->tty_termios.c_lflag & IEXTEN) {
|
|
|
|
|
|
|
|
/* Previous character was a character escape? */
|
|
|
|
if (tp->tty_escaped) {
|
|
|
|
tp->tty_escaped = NOT_ESCAPED;
|
|
|
|
ch |= IN_ESC; /* protect character */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* LNEXT (^V) to escape the next character? */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VLNEXT]) {
|
|
|
|
tp->tty_escaped = ESCAPED;
|
|
|
|
rawecho(tp, '^');
|
|
|
|
rawecho(tp, '\b');
|
|
|
|
continue; /* do not store the escape */
|
|
|
|
}
|
|
|
|
|
|
|
|
/* REPRINT (^R) to reprint echoed characters? */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VREPRINT]) {
|
|
|
|
reprint(tp);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* _POSIX_VDISABLE is a normal character value, so better escape it. */
|
|
|
|
if (ch == _POSIX_VDISABLE) ch |= IN_ESC;
|
|
|
|
|
|
|
|
/* Map CR to LF, ignore CR, or map LF to CR. */
|
|
|
|
if (ch == '\r') {
|
|
|
|
if (tp->tty_termios.c_iflag & IGNCR) continue;
|
|
|
|
if (tp->tty_termios.c_iflag & ICRNL) ch = '\n';
|
|
|
|
} else
|
|
|
|
if (ch == '\n') {
|
|
|
|
if (tp->tty_termios.c_iflag & INLCR) ch = '\r';
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Canonical mode? */
|
|
|
|
if (tp->tty_termios.c_lflag & ICANON) {
|
|
|
|
|
|
|
|
/* Erase processing (rub out of last character). */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VERASE]) {
|
|
|
|
(void) back_over(tp);
|
|
|
|
if (!(tp->tty_termios.c_lflag & ECHOE)) {
|
2005-05-27 15:57:00 +02:00
|
|
|
(void) tty_echo(tp, ch);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Kill processing (remove current line). */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VKILL]) {
|
|
|
|
while (back_over(tp)) {}
|
|
|
|
if (!(tp->tty_termios.c_lflag & ECHOE)) {
|
2005-05-27 15:57:00 +02:00
|
|
|
(void) tty_echo(tp, ch);
|
2005-04-21 16:53:53 +02:00
|
|
|
if (tp->tty_termios.c_lflag & ECHOK)
|
|
|
|
rawecho(tp, '\n');
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* EOF (^D) means end-of-file, an invisible "line break". */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VEOF]) ch |= IN_EOT | IN_EOF;
|
|
|
|
|
|
|
|
/* The line may be returned to the user after an LF. */
|
|
|
|
if (ch == '\n') ch |= IN_EOT;
|
|
|
|
|
|
|
|
/* Same thing with EOL, whatever it may be. */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VEOL]) ch |= IN_EOT;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Start/stop input control? */
|
|
|
|
if (tp->tty_termios.c_iflag & IXON) {
|
|
|
|
|
|
|
|
/* Output stops on STOP (^S). */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VSTOP]) {
|
|
|
|
tp->tty_inhibited = STOPPED;
|
|
|
|
tp->tty_events = 1;
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Output restarts on START (^Q) or any character if IXANY. */
|
|
|
|
if (tp->tty_inhibited) {
|
|
|
|
if (ch == tp->tty_termios.c_cc[VSTART]
|
|
|
|
|| (tp->tty_termios.c_iflag & IXANY)) {
|
|
|
|
tp->tty_inhibited = RUNNING;
|
|
|
|
tp->tty_events = 1;
|
|
|
|
if (ch == tp->tty_termios.c_cc[VSTART])
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tp->tty_termios.c_lflag & ISIG) {
|
|
|
|
/* Check for INTR (^?) and QUIT (^\) characters. */
|
|
|
|
if (ch == tp->tty_termios.c_cc[VINTR]
|
|
|
|
|| ch == tp->tty_termios.c_cc[VQUIT]) {
|
|
|
|
sig = SIGINT;
|
|
|
|
if (ch == tp->tty_termios.c_cc[VQUIT]) sig = SIGQUIT;
|
2009-04-06 11:39:42 +02:00
|
|
|
sigchar(tp, sig, 1);
|
2005-05-27 15:57:00 +02:00
|
|
|
(void) tty_echo(tp, ch);
|
2005-04-21 16:53:53 +02:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Is there space in the input buffer? */
|
|
|
|
if (tp->tty_incount == buflen(tp->tty_inbuf)) {
|
|
|
|
/* No space; discard in canonical mode, keep in raw mode. */
|
|
|
|
if (tp->tty_termios.c_lflag & ICANON) continue;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(tp->tty_termios.c_lflag & ICANON)) {
|
|
|
|
/* In raw mode all characters are "line breaks". */
|
|
|
|
ch |= IN_EOT;
|
|
|
|
|
|
|
|
/* Start an inter-byte timer? */
|
|
|
|
if (!timeset && tp->tty_termios.c_cc[VMIN] > 0
|
|
|
|
&& tp->tty_termios.c_cc[VTIME] > 0) {
|
|
|
|
settimer(tp, TRUE);
|
|
|
|
timeset = TRUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Perform the intricate function of echoing. */
|
2005-05-27 15:57:00 +02:00
|
|
|
if (tp->tty_termios.c_lflag & (ECHO|ECHONL)) ch = tty_echo(tp, ch);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-04-15 08:55:42 +02:00
|
|
|
/* Send processed byte of input unless scancodes sent instead */
|
|
|
|
if (!(tp->tty_termios.c_iflag & SCANCODES)) {
|
|
|
|
in_process_send_byte(tp, ch);
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
return ct;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* echo *
|
|
|
|
*===========================================================================*/
|
2005-05-27 15:57:00 +02:00
|
|
|
PRIVATE int tty_echo(tp, ch)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp; /* terminal on which to echo */
|
|
|
|
register int ch; /* pointer to character to echo */
|
|
|
|
{
|
|
|
|
/* Echo the character if echoing is on. Some control characters are echoed
|
|
|
|
* with their normal effect, other control characters are echoed as "^X",
|
|
|
|
* normal characters are echoed normally. EOF (^D) is echoed, but immediately
|
|
|
|
* backspaced over. Return the character with the echoed length added to its
|
|
|
|
* attributes.
|
|
|
|
*/
|
|
|
|
int len, rp;
|
|
|
|
|
|
|
|
ch &= ~IN_LEN;
|
|
|
|
if (!(tp->tty_termios.c_lflag & ECHO)) {
|
|
|
|
if (ch == ('\n' | IN_EOT) && (tp->tty_termios.c_lflag
|
|
|
|
& (ICANON|ECHONL)) == (ICANON|ECHONL))
|
|
|
|
(*tp->tty_echo)(tp, '\n');
|
|
|
|
return(ch);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* "Reprint" tells if the echo output has been messed up by other output. */
|
|
|
|
rp = tp->tty_incount == 0 ? FALSE : tp->tty_reprint;
|
|
|
|
|
|
|
|
if ((ch & IN_CHAR) < ' ') {
|
|
|
|
switch (ch & (IN_ESC|IN_EOF|IN_EOT|IN_CHAR)) {
|
|
|
|
case '\t':
|
|
|
|
len = 0;
|
|
|
|
do {
|
|
|
|
(*tp->tty_echo)(tp, ' ');
|
|
|
|
len++;
|
|
|
|
} while (len < TAB_SIZE && (tp->tty_position & TAB_MASK) != 0);
|
|
|
|
break;
|
|
|
|
case '\r' | IN_EOT:
|
|
|
|
case '\n' | IN_EOT:
|
|
|
|
(*tp->tty_echo)(tp, ch & IN_CHAR);
|
|
|
|
len = 0;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
(*tp->tty_echo)(tp, '^');
|
|
|
|
(*tp->tty_echo)(tp, '@' + (ch & IN_CHAR));
|
|
|
|
len = 2;
|
|
|
|
}
|
|
|
|
} else
|
|
|
|
if ((ch & IN_CHAR) == '\177') {
|
|
|
|
/* A DEL prints as "^?". */
|
|
|
|
(*tp->tty_echo)(tp, '^');
|
|
|
|
(*tp->tty_echo)(tp, '?');
|
|
|
|
len = 2;
|
|
|
|
} else {
|
|
|
|
(*tp->tty_echo)(tp, ch & IN_CHAR);
|
|
|
|
len = 1;
|
|
|
|
}
|
|
|
|
if (ch & IN_EOF) while (len > 0) { (*tp->tty_echo)(tp, '\b'); len--; }
|
|
|
|
|
|
|
|
tp->tty_reprint = rp;
|
|
|
|
return(ch | (len << IN_LSHIFT));
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* rawecho *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PRIVATE void rawecho(tp, ch)
|
|
|
|
register tty_t *tp;
|
|
|
|
int ch;
|
|
|
|
{
|
|
|
|
/* Echo without interpretation if ECHO is set. */
|
|
|
|
int rp = tp->tty_reprint;
|
|
|
|
if (tp->tty_termios.c_lflag & ECHO) (*tp->tty_echo)(tp, ch);
|
|
|
|
tp->tty_reprint = rp;
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* back_over *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PRIVATE int back_over(tp)
|
|
|
|
register tty_t *tp;
|
|
|
|
{
|
|
|
|
/* Backspace to previous character on screen and erase it. */
|
|
|
|
u16_t *head;
|
|
|
|
int len;
|
|
|
|
|
|
|
|
if (tp->tty_incount == 0) return(0); /* queue empty */
|
|
|
|
head = tp->tty_inhead;
|
|
|
|
if (head == tp->tty_inbuf) head = bufend(tp->tty_inbuf);
|
|
|
|
if (*--head & IN_EOT) return(0); /* can't erase "line breaks" */
|
|
|
|
if (tp->tty_reprint) reprint(tp); /* reprint if messed up */
|
|
|
|
tp->tty_inhead = head;
|
|
|
|
tp->tty_incount--;
|
|
|
|
if (tp->tty_termios.c_lflag & ECHOE) {
|
|
|
|
len = (*head & IN_LEN) >> IN_LSHIFT;
|
|
|
|
while (len > 0) {
|
|
|
|
rawecho(tp, '\b');
|
|
|
|
rawecho(tp, ' ');
|
|
|
|
rawecho(tp, '\b');
|
|
|
|
len--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return(1); /* one character erased */
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* reprint *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PRIVATE void reprint(tp)
|
|
|
|
register tty_t *tp; /* pointer to tty struct */
|
|
|
|
{
|
|
|
|
/* Restore what has been echoed to screen before if the user input has been
|
|
|
|
* messed up by output, or if REPRINT (^R) is typed.
|
|
|
|
*/
|
|
|
|
int count;
|
|
|
|
u16_t *head;
|
|
|
|
|
|
|
|
tp->tty_reprint = FALSE;
|
|
|
|
|
|
|
|
/* Find the last line break in the input. */
|
|
|
|
head = tp->tty_inhead;
|
|
|
|
count = tp->tty_incount;
|
|
|
|
while (count > 0) {
|
|
|
|
if (head == tp->tty_inbuf) head = bufend(tp->tty_inbuf);
|
|
|
|
if (head[-1] & IN_EOT) break;
|
|
|
|
head--;
|
|
|
|
count--;
|
|
|
|
}
|
|
|
|
if (count == tp->tty_incount) return; /* no reason to reprint */
|
|
|
|
|
|
|
|
/* Show REPRINT (^R) and move to a new line. */
|
2005-05-27 15:57:00 +02:00
|
|
|
(void) tty_echo(tp, tp->tty_termios.c_cc[VREPRINT] | IN_ESC);
|
2005-04-21 16:53:53 +02:00
|
|
|
rawecho(tp, '\r');
|
|
|
|
rawecho(tp, '\n');
|
|
|
|
|
|
|
|
/* Reprint from the last break onwards. */
|
|
|
|
do {
|
|
|
|
if (head == bufend(tp->tty_inbuf)) head = tp->tty_inbuf;
|
2005-05-27 15:57:00 +02:00
|
|
|
*head = tty_echo(tp, *head);
|
2005-04-21 16:53:53 +02:00
|
|
|
head++;
|
|
|
|
count++;
|
|
|
|
} while (count < tp->tty_incount);
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* out_process *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PUBLIC void out_process(tp, bstart, bpos, bend, icount, ocount)
|
|
|
|
tty_t *tp;
|
|
|
|
char *bstart, *bpos, *bend; /* start/pos/end of circular buffer */
|
|
|
|
int *icount; /* # input chars / input chars used */
|
|
|
|
int *ocount; /* max output chars / output chars used */
|
|
|
|
{
|
|
|
|
/* Perform output processing on a circular buffer. *icount is the number of
|
|
|
|
* bytes to process, and the number of bytes actually processed on return.
|
|
|
|
* *ocount is the space available on input and the space used on output.
|
|
|
|
* (Naturally *icount < *ocount.) The column position is updated modulo
|
|
|
|
* the TAB size, because we really only need it for tabs.
|
|
|
|
*/
|
|
|
|
|
|
|
|
int tablen;
|
|
|
|
int ict = *icount;
|
|
|
|
int oct = *ocount;
|
|
|
|
int pos = tp->tty_position;
|
|
|
|
|
|
|
|
while (ict > 0) {
|
|
|
|
switch (*bpos) {
|
|
|
|
case '\7':
|
|
|
|
break;
|
|
|
|
case '\b':
|
|
|
|
pos--;
|
|
|
|
break;
|
|
|
|
case '\r':
|
|
|
|
pos = 0;
|
|
|
|
break;
|
|
|
|
case '\n':
|
|
|
|
if ((tp->tty_termios.c_oflag & (OPOST|ONLCR))
|
|
|
|
== (OPOST|ONLCR)) {
|
|
|
|
/* Map LF to CR+LF if there is space. Note that the
|
|
|
|
* next character in the buffer is overwritten, so
|
|
|
|
* we stop at this point.
|
|
|
|
*/
|
|
|
|
if (oct >= 2) {
|
|
|
|
*bpos = '\r';
|
|
|
|
if (++bpos == bend) bpos = bstart;
|
|
|
|
*bpos = '\n';
|
|
|
|
pos = 0;
|
|
|
|
ict--;
|
|
|
|
oct -= 2;
|
|
|
|
}
|
|
|
|
goto out_done; /* no space or buffer got changed */
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case '\t':
|
|
|
|
/* Best guess for the tab length. */
|
|
|
|
tablen = TAB_SIZE - (pos & TAB_MASK);
|
|
|
|
|
|
|
|
if ((tp->tty_termios.c_oflag & (OPOST|XTABS))
|
|
|
|
== (OPOST|XTABS)) {
|
|
|
|
/* Tabs must be expanded. */
|
|
|
|
if (oct >= tablen) {
|
|
|
|
pos += tablen;
|
|
|
|
ict--;
|
|
|
|
oct -= tablen;
|
|
|
|
do {
|
|
|
|
*bpos = ' ';
|
|
|
|
if (++bpos == bend) bpos = bstart;
|
|
|
|
} while (--tablen != 0);
|
|
|
|
}
|
|
|
|
goto out_done;
|
|
|
|
}
|
|
|
|
/* Tabs are output directly. */
|
|
|
|
pos += tablen;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
/* Assume any other character prints as one character. */
|
|
|
|
pos++;
|
|
|
|
}
|
|
|
|
if (++bpos == bend) bpos = bstart;
|
|
|
|
ict--;
|
|
|
|
oct--;
|
|
|
|
}
|
|
|
|
out_done:
|
|
|
|
tp->tty_position = pos & TAB_MASK;
|
|
|
|
|
|
|
|
*icount -= ict; /* [io]ct are the number of chars not used */
|
|
|
|
*ocount -= oct; /* *[io]count are the number of chars that are used */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* dev_ioctl *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void dev_ioctl(tp)
|
|
|
|
tty_t *tp;
|
|
|
|
{
|
|
|
|
/* The ioctl's TCSETSW, TCSETSF and TCDRAIN wait for output to finish to make
|
|
|
|
* sure that an attribute change doesn't affect the processing of current
|
|
|
|
* output. Once output finishes the ioctl is executed as in do_ioctl().
|
|
|
|
*/
|
2008-11-19 13:26:10 +01:00
|
|
|
int result = EINVAL;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
if (tp->tty_outleft > 0) return; /* output not finished */
|
|
|
|
|
|
|
|
if (tp->tty_ioreq != TCDRAIN) {
|
|
|
|
if (tp->tty_ioreq == TCSETSF) tty_icancel(tp);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
result = sys_safecopyfrom(tp->tty_iocaller, tp->tty_iogrant, 0,
|
2006-06-20 11:02:54 +02:00
|
|
|
(vir_bytes) &tp->tty_termios,
|
|
|
|
(vir_bytes) sizeof(tp->tty_termios), D);
|
2011-03-25 11:43:24 +01:00
|
|
|
if (result == OK) setattr(tp);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
tp->tty_ioreq = 0;
|
2006-06-20 11:02:54 +02:00
|
|
|
notify(tp->tty_iocaller);
|
|
|
|
tp->tty_iorevived = 1;
|
|
|
|
tp->tty_iostatus = result;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* setattr *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void setattr(tp)
|
|
|
|
tty_t *tp;
|
|
|
|
{
|
|
|
|
/* Apply the new line attributes (raw/canonical, line speed, etc.) */
|
|
|
|
u16_t *inp;
|
|
|
|
int count;
|
|
|
|
|
|
|
|
if (!(tp->tty_termios.c_lflag & ICANON)) {
|
|
|
|
/* Raw mode; put a "line break" on all characters in the input queue.
|
|
|
|
* It is undefined what happens to the input queue when ICANON is
|
|
|
|
* switched off, a process should use TCSAFLUSH to flush the queue.
|
|
|
|
* Keeping the queue to preserve typeahead is the Right Thing, however
|
|
|
|
* when a process does use TCSANOW to switch to raw mode.
|
|
|
|
*/
|
|
|
|
count = tp->tty_eotct = tp->tty_incount;
|
|
|
|
inp = tp->tty_intail;
|
|
|
|
while (count > 0) {
|
|
|
|
*inp |= IN_EOT;
|
|
|
|
if (++inp == bufend(tp->tty_inbuf)) inp = tp->tty_inbuf;
|
|
|
|
--count;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Inspect MIN and TIME. */
|
|
|
|
settimer(tp, FALSE);
|
|
|
|
if (tp->tty_termios.c_lflag & ICANON) {
|
|
|
|
/* No MIN & TIME in canonical mode. */
|
|
|
|
tp->tty_min = 1;
|
|
|
|
} else {
|
|
|
|
/* In raw mode MIN is the number of chars wanted, and TIME how long
|
|
|
|
* to wait for them. With interesting exceptions if either is zero.
|
|
|
|
*/
|
|
|
|
tp->tty_min = tp->tty_termios.c_cc[VMIN];
|
|
|
|
if (tp->tty_min == 0 && tp->tty_termios.c_cc[VTIME] > 0)
|
|
|
|
tp->tty_min = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(tp->tty_termios.c_iflag & IXON)) {
|
|
|
|
/* No start/stop output control, so don't leave output inhibited. */
|
|
|
|
tp->tty_inhibited = RUNNING;
|
|
|
|
tp->tty_events = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Setting the output speed to zero hangs up the phone. */
|
2009-04-06 11:39:42 +02:00
|
|
|
if (tp->tty_termios.c_ospeed == B0) sigchar(tp, SIGHUP, 1);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-04-15 08:55:42 +02:00
|
|
|
/* SCANCODES is supported only for the console */
|
|
|
|
if (!isconsole(tp)) tp->tty_termios.c_iflag &= ~SCANCODES;
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Set new line speed, character size, etc at the device level. */
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_ioctl)(tp, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* tty_reply *
|
|
|
|
*===========================================================================*/
|
2006-06-20 11:02:54 +02:00
|
|
|
PUBLIC void
|
|
|
|
tty_reply_f(
|
|
|
|
file, line, code, replyee, proc_nr, status)
|
|
|
|
char *file;
|
|
|
|
int line;
|
2005-04-21 16:53:53 +02:00
|
|
|
int code; /* TASK_REPLY or REVIVE */
|
|
|
|
int replyee; /* destination address for the reply */
|
|
|
|
int proc_nr; /* to whom should the reply go? */
|
|
|
|
int status; /* reply code */
|
|
|
|
{
|
|
|
|
/* Send a reply to a process that wanted to read or write data. */
|
|
|
|
message tty_mess;
|
|
|
|
|
|
|
|
tty_mess.m_type = code;
|
2006-03-03 11:21:45 +01:00
|
|
|
tty_mess.REP_ENDPT = proc_nr;
|
2005-04-21 16:53:53 +02:00
|
|
|
tty_mess.REP_STATUS = status;
|
2005-07-27 16:32:16 +02:00
|
|
|
|
2006-06-20 11:02:54 +02:00
|
|
|
/* TTY is not supposed to send a TTY_REVIVE message. The
|
|
|
|
* REVIVE message is gone, TTY_REVIVE is only used as an internal
|
|
|
|
* placeholder for something that is not supposed to be a message.
|
|
|
|
*/
|
|
|
|
if(code == TTY_REVIVE) {
|
|
|
|
printf("%s:%d: ", file, line);
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("tty_reply sending TTY_REVIVE");
|
2006-06-20 11:02:54 +02:00
|
|
|
}
|
|
|
|
|
2008-02-22 17:03:00 +01:00
|
|
|
status = sendnb(replyee, &tty_mess);
|
|
|
|
if (status != OK)
|
|
|
|
printf("tty`tty_reply: send to %d failed: %d\n", replyee, status);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* sigchar *
|
|
|
|
*===========================================================================*/
|
2009-04-06 11:39:42 +02:00
|
|
|
PUBLIC void sigchar(tp, sig, mayflush)
|
2005-04-21 16:53:53 +02:00
|
|
|
register tty_t *tp;
|
|
|
|
int sig; /* SIGINT, SIGQUIT, SIGKILL or SIGHUP */
|
2009-04-06 11:39:42 +02:00
|
|
|
int mayflush;
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Process a SIGINT, SIGQUIT or SIGKILL char from the keyboard or SIGHUP from
|
2010-06-10 16:04:46 +02:00
|
|
|
* a tty close, "stty 0", or a real RS-232 hangup. PM will send the signal to
|
2005-04-21 16:53:53 +02:00
|
|
|
* the process group (INT, QUIT), all processes (KILL), or the session leader
|
|
|
|
* (HUP).
|
|
|
|
*/
|
|
|
|
int status;
|
|
|
|
|
2006-06-20 11:02:54 +02:00
|
|
|
if (tp->tty_pgrp != 0) {
|
|
|
|
if (OK != (status = sys_kill(tp->tty_pgrp, sig))) {
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("Error; call to sys_kill failed: %d", status);
|
2006-06-20 11:02:54 +02:00
|
|
|
}
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2009-04-06 11:39:42 +02:00
|
|
|
if (mayflush && !(tp->tty_termios.c_lflag & NOFLSH)) {
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_incount = tp->tty_eotct = 0; /* kill earlier input */
|
|
|
|
tp->tty_intail = tp->tty_inhead;
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_ocancel)(tp, 0); /* kill all output */
|
2005-04-21 16:53:53 +02:00
|
|
|
tp->tty_inhibited = RUNNING;
|
|
|
|
tp->tty_events = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* tty_icancel *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PRIVATE void tty_icancel(tp)
|
|
|
|
register tty_t *tp;
|
|
|
|
{
|
|
|
|
/* Discard all pending input, tty buffer or device. */
|
|
|
|
|
|
|
|
tp->tty_incount = tp->tty_eotct = 0;
|
|
|
|
tp->tty_intail = tp->tty_inhead;
|
2005-06-17 15:37:41 +02:00
|
|
|
(*tp->tty_icancel)(tp, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
2010-02-09 16:23:38 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* tty_devnop *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int tty_devnop(tty_t *tp, int try)
|
|
|
|
{
|
|
|
|
/* Some functions need not be implemented at the device level. */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* tty_init *
|
|
|
|
*===========================================================================*/
|
2005-06-24 18:21:54 +02:00
|
|
|
PRIVATE void tty_init()
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Initialize tty structure and call device initialization routines. */
|
|
|
|
|
2005-06-24 18:21:54 +02:00
|
|
|
register tty_t *tp;
|
|
|
|
int s;
|
|
|
|
|
2008-12-08 17:40:29 +01:00
|
|
|
system_hz = sys_hz();
|
|
|
|
|
2005-06-24 18:21:54 +02:00
|
|
|
/* Initialize the terminal lines. */
|
|
|
|
for (tp = FIRST_TTY,s=0; tp < END_TTY; tp++,s++) {
|
|
|
|
|
|
|
|
tp->tty_index = s;
|
|
|
|
|
2010-07-09 14:58:18 +02:00
|
|
|
init_timer(&tp->tty_tmr);
|
2005-06-24 18:21:54 +02:00
|
|
|
|
|
|
|
tp->tty_intail = tp->tty_inhead = tp->tty_inbuf;
|
|
|
|
tp->tty_min = 1;
|
|
|
|
tp->tty_termios = termios_defaults;
|
|
|
|
tp->tty_icancel = tp->tty_ocancel = tp->tty_ioctl = tp->tty_close =
|
2005-04-21 16:53:53 +02:00
|
|
|
tty_devnop;
|
2005-06-24 18:21:54 +02:00
|
|
|
if (tp < tty_addr(NR_CONS)) {
|
|
|
|
scr_init(tp);
|
2005-10-24 15:57:19 +02:00
|
|
|
|
|
|
|
/* Initialize the keyboard driver. */
|
|
|
|
kb_init(tp);
|
|
|
|
|
2005-08-05 15:50:58 +02:00
|
|
|
tp->tty_minor = CONS_MINOR + s;
|
2005-06-24 18:21:54 +02:00
|
|
|
} else
|
|
|
|
if (tp < tty_addr(NR_CONS+NR_RS_LINES)) {
|
|
|
|
rs_init(tp);
|
2005-08-05 15:50:58 +02:00
|
|
|
tp->tty_minor = RS232_MINOR + s-NR_CONS;
|
2005-06-24 18:21:54 +02:00
|
|
|
} else {
|
|
|
|
pty_init(tp);
|
2005-10-11 19:04:56 +02:00
|
|
|
tp->tty_minor = s - (NR_CONS+NR_RS_LINES) + TTYPX_MINOR;
|
2005-06-24 18:21:54 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2008-12-08 17:40:29 +01:00
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* tty_timed_out *
|
|
|
|
*===========================================================================*/
|
2005-04-21 16:53:53 +02:00
|
|
|
PRIVATE void tty_timed_out(timer_t *tp)
|
|
|
|
{
|
|
|
|
/* This timer has expired. Set the events flag, to force processing. */
|
|
|
|
tty_t *tty_ptr;
|
|
|
|
tty_ptr = &tty_table[tmr_arg(tp)->ta_int];
|
|
|
|
tty_ptr->tty_min = 0; /* force read to succeed */
|
|
|
|
tty_ptr->tty_events = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* settimer *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void settimer(tty_ptr, enable)
|
|
|
|
tty_t *tty_ptr; /* line to set or unset a timer on */
|
|
|
|
int enable; /* set timer if true, otherwise unset */
|
|
|
|
{
|
2010-07-09 14:58:18 +02:00
|
|
|
clock_t ticks;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
if (enable) {
|
2010-07-09 14:58:18 +02:00
|
|
|
ticks = tty_ptr->tty_termios.c_cc[VTIME] * (system_hz/10);
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Set a new timer for enabling the TTY events flags. */
|
2010-07-09 14:58:18 +02:00
|
|
|
set_timer(&tty_ptr->tty_tmr, ticks, tty_timed_out, 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
} else {
|
|
|
|
/* Remove the timer from the active and expired lists. */
|
2010-07-09 14:58:18 +02:00
|
|
|
cancel_timer(&tty_ptr->tty_tmr);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-06-17 15:37:41 +02:00
|
|
|
/*===========================================================================*
|
2005-09-11 19:09:11 +02:00
|
|
|
* do_select *
|
2005-06-17 15:37:41 +02:00
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void do_select(tp, m_ptr)
|
|
|
|
register tty_t *tp; /* pointer to tty struct */
|
|
|
|
register message *m_ptr; /* pointer to message sent to the task */
|
|
|
|
{
|
|
|
|
int ops, ready_ops = 0, watch;
|
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
ops = m_ptr->USER_ENDPT & (SEL_RD|SEL_WR|SEL_ERR);
|
|
|
|
watch = (m_ptr->USER_ENDPT & SEL_NOTIFY) ? 1 : 0;
|
2005-06-17 15:37:41 +02:00
|
|
|
|
|
|
|
ready_ops = select_try(tp, ops);
|
|
|
|
|
2005-09-11 19:09:11 +02:00
|
|
|
if (!ready_ops && ops && watch) {
|
2005-06-17 15:37:41 +02:00
|
|
|
tp->tty_select_ops |= ops;
|
|
|
|
tp->tty_select_proc = m_ptr->m_source;
|
2005-08-05 15:50:58 +02:00
|
|
|
}
|
2005-06-17 15:37:41 +02:00
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
tty_reply(TASK_REPLY, m_ptr->m_source, m_ptr->USER_ENDPT, ready_ops);
|
2005-06-17 15:37:41 +02:00
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|