2005-04-21 16:53:53 +02:00
|
|
|
/* This task handles the interface between the kernel and user-level servers.
|
|
|
|
* System services can be accessed by doing a system call. System calls are
|
|
|
|
* transformed into request messages, which are handled by this task. By
|
|
|
|
* convention, a sys_call() is transformed in a SYS_CALL request message that
|
|
|
|
* is handled in a function named do_call().
|
|
|
|
*
|
|
|
|
* A private call vector is used to map all system calls to the functions that
|
|
|
|
* handle them. The actual handler functions are contained in separate files
|
|
|
|
* to keep this file clean. The call vector is used in the system task's main
|
|
|
|
* loop to handle all incoming requests.
|
|
|
|
*
|
|
|
|
* In addition to the main sys_task() entry point, which starts the main loop,
|
|
|
|
* there are several other minor entry points:
|
2005-07-26 14:48:34 +02:00
|
|
|
* get_priv: assign privilege structure to user or system process
|
2009-07-02 18:25:31 +02:00
|
|
|
* set_sendto_bit: allow a process to send messages to a new target
|
|
|
|
* unset_sendto_bit: disallow a process from sending messages to a target
|
2010-07-07 00:05:21 +02:00
|
|
|
* fill_sendto_mask: fill the target mask of a given process
|
2005-07-21 20:36:40 +02:00
|
|
|
* send_sig: send a signal directly to a system process
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
* cause_sig: take action to cause a signal to occur via a signal mgr
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
* sig_delay_done: tell PM that a process is not sending
|
2013-09-21 15:03:20 +02:00
|
|
|
* send_diag_sig: send a diagnostics signal to interested processes
|
2005-06-03 15:55:06 +02:00
|
|
|
* get_randomness: accumulate randomness in a buffer
|
2006-03-15 13:01:59 +01:00
|
|
|
* clear_endpoint: remove a process' ability to send and receive messages
|
2010-07-13 17:30:17 +02:00
|
|
|
* sched_proc: schedule a process
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
|
|
|
* Changes:
|
2009-12-11 01:08:19 +01:00
|
|
|
* Nov 22, 2009 get_priv supports static priv ids (Cristiano Giuffrida)
|
2005-10-14 11:13:52 +02:00
|
|
|
* Aug 04, 2005 check if system call is allowed (Jorrit N. Herder)
|
2005-08-04 11:26:36 +02:00
|
|
|
* Jul 20, 2005 send signal to services with message (Jorrit N. Herder)
|
|
|
|
* Jan 15, 2005 new, generalized virtual copy function (Jorrit N. Herder)
|
2005-04-21 16:53:53 +02:00
|
|
|
* Oct 10, 2004 dispatch system calls from call vector (Jorrit N. Herder)
|
|
|
|
* Sep 30, 2004 source code documentation updated (Jorrit N. Herder)
|
|
|
|
*/
|
|
|
|
|
2012-11-15 12:06:41 +01:00
|
|
|
#include "kernel/kernel.h"
|
|
|
|
#include "kernel/system.h"
|
|
|
|
#include "kernel/vm.h"
|
2010-07-13 17:30:17 +02:00
|
|
|
#include "kernel/clock.h"
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <stdlib.h>
|
2014-03-12 19:34:52 +01:00
|
|
|
#include <stddef.h>
|
2010-03-10 14:00:05 +01:00
|
|
|
#include <assert.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <signal.h>
|
|
|
|
#include <unistd.h>
|
'proc number' is process slot, 'endpoint' are generation-aware process
instance numbers, encoded and decoded using macros in <minix/endpoint.h>.
proc number -> endpoint migration
. proc_nr in the interrupt hook is now an endpoint, proc_nr_e.
. m_source for messages and notifies is now an endpoint, instead of
proc number.
. isokendpt() converts an endpoint to a process number, returns
success (but fails if the process number is out of range, the
process slot is not a living process, or the given endpoint
number does not match the endpoint number in the process slot,
indicating an old process).
. okendpt() is the same as isokendpt(), but panic()s if the conversion
fails. This is mainly used for decoding message.m_source endpoints,
and other endpoint numbers in kernel data structures, which should
always be correct.
. if DEBUG_ENABLE_IPC_WARNINGS is enabled, isokendpt() and okendpt()
get passed the __FILE__ and __LINE__ of the calling lines, and
print messages about what is wrong with the endpoint number
(out of range proc, empty proc, or inconsistent endpoint number),
with the caller, making finding where the conversion failed easy
without having to include code for every call to print where things
went wrong. Sometimes this is harmless (wrong arg to a kernel call),
sometimes it's a fatal internal inconsistency (bogus m_source).
. some process table fields have been appended an _e to indicate it's
become and endpoint.
. process endpoint is stored in p_endpoint, without generation number.
it turns out the kernel never needs the generation number, except
when fork()ing, so it's decoded then.
. kernel calls all take endpoints as arguments, not proc numbers.
the one exception is sys_fork(), which needs to know in which slot
to put the child.
2006-03-03 11:00:02 +01:00
|
|
|
#include <minix/endpoint.h>
|
2006-06-20 11:58:58 +02:00
|
|
|
#include <minix/safecopies.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2005-04-29 17:36:43 +02:00
|
|
|
/* Declaration of the call vector that defines the mapping of system calls
|
|
|
|
* to handler functions. The vector is initialized in sys_init() with map(),
|
|
|
|
* which makes sure the system call numbers are ok. No space is allocated,
|
|
|
|
* because the dummy is declared extern. If an illegal call is given, the
|
|
|
|
* array size will be negative and this won't compile.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
2012-03-25 20:25:53 +02:00
|
|
|
static int (*call_vec[NR_SYS_CALLS])(struct proc * caller, message *m_ptr);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2011-06-09 16:09:13 +02:00
|
|
|
#define map(call_nr, handler) \
|
|
|
|
{ int call_index = call_nr-KERNEL_CALL; \
|
|
|
|
assert(call_index >= 0 && call_index < NR_SYS_CALLS); \
|
|
|
|
call_vec[call_index] = (handler) ; }
|
2005-04-29 17:36:43 +02:00
|
|
|
|
2012-03-25 20:25:53 +02:00
|
|
|
static void kernel_call_finish(struct proc * caller, message *msg, int result)
|
2010-02-09 16:20:09 +01:00
|
|
|
{
|
|
|
|
if(result == VMSUSPEND) {
|
|
|
|
/* Special case: message has to be saved for handling
|
|
|
|
* until VM tells us it's allowed. VM has been notified
|
|
|
|
* and we must wait for its reply to restart the call.
|
|
|
|
*/
|
2010-03-10 14:00:05 +01:00
|
|
|
assert(RTS_ISSET(caller, RTS_VMREQUEST));
|
|
|
|
assert(caller->p_vmrequest.type == VMSTYPE_KERNELCALL);
|
2010-02-09 16:20:09 +01:00
|
|
|
caller->p_vmrequest.saved.reqmsg = *msg;
|
|
|
|
caller->p_misc_flags |= MF_KCALL_RESUME;
|
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* call is finished, we could have been suspended because of VM,
|
|
|
|
* remove the request message
|
|
|
|
*/
|
|
|
|
caller->p_vmrequest.saved.reqmsg.m_source = NONE;
|
|
|
|
if (result != EDONTREPLY) {
|
|
|
|
/* copy the result as a message to the original user buffer */
|
|
|
|
msg->m_source = SYSTEM;
|
|
|
|
msg->m_type = result; /* report status of call */
|
2011-02-08 14:54:33 +01:00
|
|
|
#if DEBUG_IPC_HOOK
|
|
|
|
hook_ipc_msgkresult(msg, caller);
|
2010-06-24 15:31:40 +02:00
|
|
|
#endif
|
No more intel/minix segments.
This commit removes all traces of Minix segments (the text/data/stack
memory map abstraction in the kernel) and significance of Intel segments
(hardware segments like CS, DS that add offsets to all addressing before
page table translation). This ultimately simplifies the memory layout
and addressing and makes the same layout possible on non-Intel
architectures.
There are only two types of addresses in the world now: virtual
and physical; even the kernel and processes have the same virtual
address space. Kernel and user processes can be distinguished at a
glance as processes won't use 0xF0000000 and above.
No static pre-allocated memory sizes exist any more.
Changes to booting:
. The pre_init.c leaves the kernel and modules exactly as
they were left by the bootloader in physical memory
. The kernel starts running using physical addressing,
loaded at a fixed location given in its linker script by the
bootloader. All code and data in this phase are linked to
this fixed low location.
. It makes a bootstrap pagetable to map itself to a
fixed high location (also in linker script) and jumps to
the high address. All code and data then use this high addressing.
. All code/data symbols linked at the low addresses is prefixed by
an objcopy step with __k_unpaged_*, so that that code cannot
reference highly-linked symbols (which aren't valid yet) or vice
versa (symbols that aren't valid any more).
. The two addressing modes are separated in the linker script by
collecting the unpaged_*.o objects and linking them with low
addresses, and linking the rest high. Some objects are linked
twice, once low and once high.
. The bootstrap phase passes a lot of information (e.g. free memory
list, physical location of the modules, etc.) using the kinfo
struct.
. After this bootstrap the low-linked part is freed.
. The kernel maps in VM into the bootstrap page table so that VM can
begin executing. Its first job is to make page tables for all other
boot processes. So VM runs before RS, and RS gets a fully dynamic,
VM-managed address space. VM gets its privilege info from RS as usual
but that happens after RS starts running.
. Both the kernel loading VM and VM organizing boot processes happen
using the libexec logic. This removes the last reason for VM to
still know much about exec() and vm/exec.c is gone.
Further Implementation:
. All segments are based at 0 and have a 4 GB limit.
. The kernel is mapped in at the top of the virtual address
space so as not to constrain the user processes.
. Processes do not use segments from the LDT at all; there are
no segments in the LDT any more, so no LLDT is needed.
. The Minix segments T/D/S are gone and so none of the
user-space or in-kernel copy functions use them. The copy
functions use a process endpoint of NONE to realize it's
a physical address, virtual otherwise.
. The umap call only makes sense to translate a virtual address
to a physical address now.
. Segments-related calls like newmap and alloc_segments are gone.
. All segments-related translation in VM is gone (vir2map etc).
. Initialization in VM is simpler as no moving around is necessary.
. VM and all other boot processes can be linked wherever they wish
and will be mapped in at the right location by the kernel and VM
respectively.
Other changes:
. The multiboot code is less special: it does not use mb_print
for its diagnostics any more but uses printf() as normal, saving
the output into the diagnostics buffer, only printing to the
screen using the direct print functions if a panic() occurs.
. The multiboot code uses the flexible 'free memory map list'
style to receive the list of free memory if available.
. The kernel determines the memory layout of the processes to
a degree: it tells VM where the kernel starts and ends and
where the kernel wants the top of the process to be. VM then
uses this entire range, i.e. the stack is right at the top,
and mmap()ped bits of memory are placed below that downwards,
and the break grows upwards.
Other Consequences:
. Every process gets its own page table as address spaces
can't be separated any more by segments.
. As all segments are 0-based, there is no distinction between
virtual and linear addresses, nor between userspace and
kernel addresses.
. Less work is done when context switching, leading to a net
performance increase. (8% faster on my machine for 'make servers'.)
. The layout and configuration of the GDT makes sysenter and syscall
possible.
2012-05-07 16:03:35 +02:00
|
|
|
if (copy_msg_to_user(msg, (message *)caller->p_delivermsg_vir)) {
|
2010-03-03 16:45:01 +01:00
|
|
|
printf("WARNING wrong user pointer 0x%08x from "
|
2010-02-09 16:20:09 +01:00
|
|
|
"process %s / %d\n",
|
|
|
|
caller->p_delivermsg_vir,
|
|
|
|
caller->p_name,
|
|
|
|
caller->p_endpoint);
|
2011-12-05 02:08:48 +01:00
|
|
|
cause_sig(proc_nr(caller), SIGSEGV);
|
2010-02-09 16:20:09 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2012-03-25 20:25:53 +02:00
|
|
|
static int kernel_call_dispatch(struct proc * caller, message *msg)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
2010-02-09 16:20:09 +01:00
|
|
|
int result = OK;
|
2006-06-20 11:58:58 +02:00
|
|
|
int call_nr;
|
2010-06-24 15:31:40 +02:00
|
|
|
|
2011-02-08 14:54:33 +01:00
|
|
|
#if DEBUG_IPC_HOOK
|
|
|
|
hook_ipc_msgkcall(msg, caller);
|
2010-06-24 15:31:40 +02:00
|
|
|
#endif
|
2010-02-09 16:20:09 +01:00
|
|
|
call_nr = msg->m_type - KERNEL_CALL;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-09 16:20:09 +01:00
|
|
|
/* See if the caller made a valid request and try to handle it. */
|
|
|
|
if (call_nr < 0 || call_nr >= NR_SYS_CALLS) { /* check call number */
|
2010-03-03 16:45:01 +01:00
|
|
|
printf("SYSTEM: illegal request %d from %d.\n",
|
2010-02-09 16:20:09 +01:00
|
|
|
call_nr,msg->m_source);
|
2005-04-21 16:53:53 +02:00
|
|
|
result = EBADREQUEST; /* illegal message type */
|
2016-03-16 19:00:06 +01:00
|
|
|
// } /* We have to allow user processes to send messages to kernel */
|
|
|
|
// else if (!GET_BIT(priv(caller)->s_k_call_mask, call_nr)) {
|
|
|
|
// printf("SYSTEM: denied request %d from %d.\n",
|
|
|
|
// call_nr,msg->m_source);
|
|
|
|
// result = ECALLDENIED; /* illegal message type */
|
2010-02-09 16:20:09 +01:00
|
|
|
} else {
|
2010-02-03 10:04:48 +01:00
|
|
|
/* handle the system call */
|
2010-06-01 10:54:31 +02:00
|
|
|
if (call_vec[call_nr])
|
|
|
|
result = (*call_vec[call_nr])(caller, msg);
|
|
|
|
else {
|
|
|
|
printf("Unused kernel call %d from %d\n",
|
|
|
|
call_nr, caller->p_endpoint);
|
|
|
|
result = EBADREQUEST;
|
|
|
|
}
|
2010-02-09 16:20:09 +01:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-09 16:20:09 +01:00
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* kernel_call *
|
|
|
|
*===========================================================================*/
|
|
|
|
/*
|
|
|
|
* this function checks the basic syscall parameters and if accepted it
|
|
|
|
* dispatches its handling to the right handler
|
|
|
|
*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void kernel_call(message *m_user, struct proc * caller)
|
2010-02-09 16:20:09 +01:00
|
|
|
{
|
|
|
|
int result = OK;
|
|
|
|
message msg;
|
|
|
|
|
|
|
|
caller->p_delivermsg_vir = (vir_bytes) m_user;
|
|
|
|
/*
|
|
|
|
* the ldt and cr3 of the caller process is loaded because it just've trapped
|
2010-05-18 15:00:39 +02:00
|
|
|
* into the kernel or was already set in switch_to_user() before we resume
|
2010-02-09 16:20:09 +01:00
|
|
|
* execution of an interrupted kernel call
|
|
|
|
*/
|
No more intel/minix segments.
This commit removes all traces of Minix segments (the text/data/stack
memory map abstraction in the kernel) and significance of Intel segments
(hardware segments like CS, DS that add offsets to all addressing before
page table translation). This ultimately simplifies the memory layout
and addressing and makes the same layout possible on non-Intel
architectures.
There are only two types of addresses in the world now: virtual
and physical; even the kernel and processes have the same virtual
address space. Kernel and user processes can be distinguished at a
glance as processes won't use 0xF0000000 and above.
No static pre-allocated memory sizes exist any more.
Changes to booting:
. The pre_init.c leaves the kernel and modules exactly as
they were left by the bootloader in physical memory
. The kernel starts running using physical addressing,
loaded at a fixed location given in its linker script by the
bootloader. All code and data in this phase are linked to
this fixed low location.
. It makes a bootstrap pagetable to map itself to a
fixed high location (also in linker script) and jumps to
the high address. All code and data then use this high addressing.
. All code/data symbols linked at the low addresses is prefixed by
an objcopy step with __k_unpaged_*, so that that code cannot
reference highly-linked symbols (which aren't valid yet) or vice
versa (symbols that aren't valid any more).
. The two addressing modes are separated in the linker script by
collecting the unpaged_*.o objects and linking them with low
addresses, and linking the rest high. Some objects are linked
twice, once low and once high.
. The bootstrap phase passes a lot of information (e.g. free memory
list, physical location of the modules, etc.) using the kinfo
struct.
. After this bootstrap the low-linked part is freed.
. The kernel maps in VM into the bootstrap page table so that VM can
begin executing. Its first job is to make page tables for all other
boot processes. So VM runs before RS, and RS gets a fully dynamic,
VM-managed address space. VM gets its privilege info from RS as usual
but that happens after RS starts running.
. Both the kernel loading VM and VM organizing boot processes happen
using the libexec logic. This removes the last reason for VM to
still know much about exec() and vm/exec.c is gone.
Further Implementation:
. All segments are based at 0 and have a 4 GB limit.
. The kernel is mapped in at the top of the virtual address
space so as not to constrain the user processes.
. Processes do not use segments from the LDT at all; there are
no segments in the LDT any more, so no LLDT is needed.
. The Minix segments T/D/S are gone and so none of the
user-space or in-kernel copy functions use them. The copy
functions use a process endpoint of NONE to realize it's
a physical address, virtual otherwise.
. The umap call only makes sense to translate a virtual address
to a physical address now.
. Segments-related calls like newmap and alloc_segments are gone.
. All segments-related translation in VM is gone (vir2map etc).
. Initialization in VM is simpler as no moving around is necessary.
. VM and all other boot processes can be linked wherever they wish
and will be mapped in at the right location by the kernel and VM
respectively.
Other changes:
. The multiboot code is less special: it does not use mb_print
for its diagnostics any more but uses printf() as normal, saving
the output into the diagnostics buffer, only printing to the
screen using the direct print functions if a panic() occurs.
. The multiboot code uses the flexible 'free memory map list'
style to receive the list of free memory if available.
. The kernel determines the memory layout of the processes to
a degree: it tells VM where the kernel starts and ends and
where the kernel wants the top of the process to be. VM then
uses this entire range, i.e. the stack is right at the top,
and mmap()ped bits of memory are placed below that downwards,
and the break grows upwards.
Other Consequences:
. Every process gets its own page table as address spaces
can't be separated any more by segments.
. As all segments are 0-based, there is no distinction between
virtual and linear addresses, nor between userspace and
kernel addresses.
. Less work is done when context switching, leading to a net
performance increase. (8% faster on my machine for 'make servers'.)
. The layout and configuration of the GDT makes sysenter and syscall
possible.
2012-05-07 16:03:35 +02:00
|
|
|
if (copy_msg_from_user(m_user, &msg) == 0) {
|
2010-02-09 16:20:09 +01:00
|
|
|
msg.m_source = caller->p_endpoint;
|
|
|
|
result = kernel_call_dispatch(caller, &msg);
|
|
|
|
}
|
|
|
|
else {
|
2010-03-03 16:45:01 +01:00
|
|
|
printf("WARNING wrong user pointer 0x%08x from process %s / %d\n",
|
2010-02-09 16:20:09 +01:00
|
|
|
m_user, caller->p_name, caller->p_endpoint);
|
2011-12-05 02:08:48 +01:00
|
|
|
cause_sig(proc_nr(caller), SIGSEGV);
|
|
|
|
return;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2010-02-09 16:20:09 +01:00
|
|
|
|
2011-02-08 14:58:32 +01:00
|
|
|
|
|
|
|
/* remember who invoked the kcall so we can bill it its time */
|
|
|
|
kbill_kcall = caller;
|
|
|
|
|
2010-02-09 16:20:09 +01:00
|
|
|
kernel_call_finish(caller, &msg, result);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2005-09-11 18:44:06 +02:00
|
|
|
* initialize *
|
2005-04-21 16:53:53 +02:00
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void system_init(void)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
2005-07-14 17:12:12 +02:00
|
|
|
register struct priv *sp;
|
2005-04-21 16:53:53 +02:00
|
|
|
int i;
|
|
|
|
|
2005-05-02 16:30:04 +02:00
|
|
|
/* Initialize IRQ handler hooks. Mark all hooks available. */
|
|
|
|
for (i=0; i<NR_IRQ_HOOKS; i++) {
|
'proc number' is process slot, 'endpoint' are generation-aware process
instance numbers, encoded and decoded using macros in <minix/endpoint.h>.
proc number -> endpoint migration
. proc_nr in the interrupt hook is now an endpoint, proc_nr_e.
. m_source for messages and notifies is now an endpoint, instead of
proc number.
. isokendpt() converts an endpoint to a process number, returns
success (but fails if the process number is out of range, the
process slot is not a living process, or the given endpoint
number does not match the endpoint number in the process slot,
indicating an old process).
. okendpt() is the same as isokendpt(), but panic()s if the conversion
fails. This is mainly used for decoding message.m_source endpoints,
and other endpoint numbers in kernel data structures, which should
always be correct.
. if DEBUG_ENABLE_IPC_WARNINGS is enabled, isokendpt() and okendpt()
get passed the __FILE__ and __LINE__ of the calling lines, and
print messages about what is wrong with the endpoint number
(out of range proc, empty proc, or inconsistent endpoint number),
with the caller, making finding where the conversion failed easy
without having to include code for every call to print where things
went wrong. Sometimes this is harmless (wrong arg to a kernel call),
sometimes it's a fatal internal inconsistency (bogus m_source).
. some process table fields have been appended an _e to indicate it's
become and endpoint.
. process endpoint is stored in p_endpoint, without generation number.
it turns out the kernel never needs the generation number, except
when fork()ing, so it's decoded then.
. kernel calls all take endpoints as arguments, not proc numbers.
the one exception is sys_fork(), which needs to know in which slot
to put the child.
2006-03-03 11:00:02 +01:00
|
|
|
irq_hooks[i].proc_nr_e = NONE;
|
2005-05-02 16:30:04 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Initialize all alarm timers for all processes. */
|
2005-07-14 17:12:12 +02:00
|
|
|
for (sp=BEG_PRIV_ADDR; sp < END_PRIV_ADDR; sp++) {
|
|
|
|
tmr_inittimer(&(sp->s_alarm_timer));
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2005-04-29 17:36:43 +02:00
|
|
|
|
|
|
|
/* Initialize the call vector to a safe default handler. Some system calls
|
2013-10-09 17:28:23 +02:00
|
|
|
* may be disabled or nonexistant. Then explicitly map known calls to their
|
2005-04-29 17:36:43 +02:00
|
|
|
* handler functions. This is done with a macro that gives a compile error
|
|
|
|
* if an illegal call number is used. The ordering is not important here.
|
|
|
|
*/
|
|
|
|
for (i=0; i<NR_SYS_CALLS; i++) {
|
2010-06-01 10:54:31 +02:00
|
|
|
call_vec[i] = NULL;
|
2005-04-29 17:36:43 +02:00
|
|
|
}
|
|
|
|
|
2005-08-04 11:26:36 +02:00
|
|
|
/* Process management. */
|
2005-07-14 17:12:12 +02:00
|
|
|
map(SYS_FORK, do_fork); /* a process forked a new process */
|
|
|
|
map(SYS_EXEC, do_exec); /* update process after execute */
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
map(SYS_CLEAR, do_clear); /* clean up after process exit */
|
|
|
|
map(SYS_EXIT, do_exit); /* a system process wants to exit */
|
2005-08-04 11:26:36 +02:00
|
|
|
map(SYS_PRIVCTL, do_privctl); /* system privileges control */
|
2005-07-14 17:12:12 +02:00
|
|
|
map(SYS_TRACE, do_trace); /* request a trace operation */
|
2006-06-23 17:35:05 +02:00
|
|
|
map(SYS_SETGRANT, do_setgrant); /* get/set own parameters */
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
map(SYS_RUNCTL, do_runctl); /* set/clear stop flag of a process */
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
map(SYS_UPDATE, do_update); /* update a process into another */
|
2010-04-08 15:41:35 +02:00
|
|
|
map(SYS_STATECTL, do_statectl); /* let a process control its state */
|
2005-04-29 17:36:43 +02:00
|
|
|
|
|
|
|
/* Signal handling. */
|
|
|
|
map(SYS_KILL, do_kill); /* cause a process to be signaled */
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
map(SYS_GETKSIG, do_getksig); /* signal manager checks for signals */
|
|
|
|
map(SYS_ENDKSIG, do_endksig); /* signal manager finished signal */
|
2005-04-29 17:36:43 +02:00
|
|
|
map(SYS_SIGSEND, do_sigsend); /* start POSIX-style signal */
|
|
|
|
map(SYS_SIGRETURN, do_sigreturn); /* return from POSIX-style signal */
|
|
|
|
|
|
|
|
/* Device I/O. */
|
|
|
|
map(SYS_IRQCTL, do_irqctl); /* interrupt control operations */
|
2012-10-08 03:38:03 +02:00
|
|
|
#if defined(__i386__)
|
2005-04-29 17:36:43 +02:00
|
|
|
map(SYS_DEVIO, do_devio); /* inb, inw, inl, outb, outw, outl */
|
|
|
|
map(SYS_VDEVIO, do_vdevio); /* vector with devio requests */
|
2012-10-08 03:38:03 +02:00
|
|
|
#endif
|
2005-04-29 17:36:43 +02:00
|
|
|
|
2005-08-04 11:26:36 +02:00
|
|
|
/* Memory management. */
|
|
|
|
map(SYS_MEMSET, do_memset); /* write char to memory area */
|
2008-11-19 13:26:10 +01:00
|
|
|
map(SYS_VMCTL, do_vmctl); /* various VM process settings */
|
2005-04-29 17:36:43 +02:00
|
|
|
|
|
|
|
/* Copying. */
|
|
|
|
map(SYS_UMAP, do_umap); /* map virtual to physical address */
|
2011-06-10 16:28:20 +02:00
|
|
|
map(SYS_UMAP_REMOTE, do_umap_remote); /* do_umap for non-caller process */
|
2012-03-21 23:51:18 +01:00
|
|
|
map(SYS_VUMAP, do_vumap); /* vectored virtual to physical map */
|
2005-05-02 16:30:04 +02:00
|
|
|
map(SYS_VIRCOPY, do_vircopy); /* use pure virtual addressing */
|
2008-11-19 13:26:10 +01:00
|
|
|
map(SYS_PHYSCOPY, do_copy); /* use physical addressing */
|
2010-06-01 10:51:37 +02:00
|
|
|
map(SYS_SAFECOPYFROM, do_safecopy_from);/* copy with pre-granted permission */
|
|
|
|
map(SYS_SAFECOPYTO, do_safecopy_to); /* copy with pre-granted permission */
|
2006-06-23 13:54:03 +02:00
|
|
|
map(SYS_VSAFECOPY, do_vsafecopy); /* vectored safecopy */
|
2005-08-04 11:26:36 +02:00
|
|
|
|
2012-09-22 22:01:05 +02:00
|
|
|
/* safe memset */
|
|
|
|
map(SYS_SAFEMEMSET, do_safememset); /* safememset */
|
|
|
|
|
2005-08-04 11:26:36 +02:00
|
|
|
/* Clock functionality. */
|
|
|
|
map(SYS_TIMES, do_times); /* get uptime and process times */
|
|
|
|
map(SYS_SETALARM, do_setalarm); /* schedule a synchronous alarm */
|
2007-08-07 14:21:40 +02:00
|
|
|
map(SYS_STIME, do_stime); /* set the boottime */
|
2013-03-30 17:59:21 +01:00
|
|
|
map(SYS_SETTIME, do_settime); /* set the system time (realtime) */
|
2009-08-15 23:37:26 +02:00
|
|
|
map(SYS_VTIMER, do_vtimer); /* set or retrieve a virtual timer */
|
2005-08-04 11:26:36 +02:00
|
|
|
|
|
|
|
/* System control. */
|
|
|
|
map(SYS_ABORT, do_abort); /* abort MINIX */
|
|
|
|
map(SYS_GETINFO, do_getinfo); /* request system information */
|
2013-09-21 00:58:46 +02:00
|
|
|
map(SYS_DIAGCTL, do_diagctl); /* diagnostics-related functionality */
|
2006-10-30 16:53:38 +01:00
|
|
|
|
|
|
|
/* Profiling. */
|
|
|
|
map(SYS_SPROF, do_sprofile); /* start/stop statistical profiling */
|
Split of architecture-dependent and -independent functions for i386,
mainly in the kernel and headers. This split based on work by
Ingmar Alting <iaalting@cs.vu.nl> done for his Minix PowerPC architecture
port.
. kernel does not program the interrupt controller directly, do any
other architecture-dependent operations, or contain assembly any more,
but uses architecture-dependent functions in arch/$(ARCH)/.
. architecture-dependent constants and types defined in arch/$(ARCH)/include.
. <ibm/portio.h> moved to <minix/portio.h>, as they have become, for now,
architecture-independent functions.
. int86, sdevio, readbios, and iopenable are now i386-specific kernel calls
and live in arch/i386/do_* now.
. i386 arch now supports even less 86 code; e.g. mpx86.s and klib86.s have
gone, and 'machine.protected' is gone (and always taken to be 1 in i386).
If 86 support is to return, it should be a new architecture.
. prototypes for the architecture-dependent functions defined in
kernel/arch/$(ARCH)/*.c but used in kernel/ are in kernel/proto.h
. /etc/make.conf included in makefiles and shell scripts that need to
know the building architecture; it defines ARCH=<arch>, currently only
i386.
. some basic per-architecture build support outside of the kernel (lib)
. in clock.c, only dequeue a process if it was ready
. fixes for new include files
files deleted:
. mpx/klib.s - only for choosing between mpx/klib86 and -386
. klib86.s - only for 86
i386-specific files files moved (or arch-dependent stuff moved) to arch/i386/:
. mpx386.s (entry point)
. klib386.s
. sconst.h
. exception.c
. protect.c
. protect.h
. i8269.c
2006-12-22 16:22:27 +01:00
|
|
|
|
2013-08-28 06:43:45 +02:00
|
|
|
/* arm-specific. */
|
|
|
|
#if defined(__arm__)
|
|
|
|
map(SYS_PADCONF, do_padconf); /* configure pinmux */
|
|
|
|
#endif
|
|
|
|
|
Split of architecture-dependent and -independent functions for i386,
mainly in the kernel and headers. This split based on work by
Ingmar Alting <iaalting@cs.vu.nl> done for his Minix PowerPC architecture
port.
. kernel does not program the interrupt controller directly, do any
other architecture-dependent operations, or contain assembly any more,
but uses architecture-dependent functions in arch/$(ARCH)/.
. architecture-dependent constants and types defined in arch/$(ARCH)/include.
. <ibm/portio.h> moved to <minix/portio.h>, as they have become, for now,
architecture-independent functions.
. int86, sdevio, readbios, and iopenable are now i386-specific kernel calls
and live in arch/i386/do_* now.
. i386 arch now supports even less 86 code; e.g. mpx86.s and klib86.s have
gone, and 'machine.protected' is gone (and always taken to be 1 in i386).
If 86 support is to return, it should be a new architecture.
. prototypes for the architecture-dependent functions defined in
kernel/arch/$(ARCH)/*.c but used in kernel/ are in kernel/proto.h
. /etc/make.conf included in makefiles and shell scripts that need to
know the building architecture; it defines ARCH=<arch>, currently only
i386.
. some basic per-architecture build support outside of the kernel (lib)
. in clock.c, only dequeue a process if it was ready
. fixes for new include files
files deleted:
. mpx/klib.s - only for choosing between mpx/klib86 and -386
. klib86.s - only for 86
i386-specific files files moved (or arch-dependent stuff moved) to arch/i386/:
. mpx386.s (entry point)
. klib386.s
. sconst.h
. exception.c
. protect.c
. protect.h
. i8269.c
2006-12-22 16:22:27 +01:00
|
|
|
/* i386-specific. */
|
2012-08-06 12:55:50 +02:00
|
|
|
#if defined(__i386__)
|
Split of architecture-dependent and -independent functions for i386,
mainly in the kernel and headers. This split based on work by
Ingmar Alting <iaalting@cs.vu.nl> done for his Minix PowerPC architecture
port.
. kernel does not program the interrupt controller directly, do any
other architecture-dependent operations, or contain assembly any more,
but uses architecture-dependent functions in arch/$(ARCH)/.
. architecture-dependent constants and types defined in arch/$(ARCH)/include.
. <ibm/portio.h> moved to <minix/portio.h>, as they have become, for now,
architecture-independent functions.
. int86, sdevio, readbios, and iopenable are now i386-specific kernel calls
and live in arch/i386/do_* now.
. i386 arch now supports even less 86 code; e.g. mpx86.s and klib86.s have
gone, and 'machine.protected' is gone (and always taken to be 1 in i386).
If 86 support is to return, it should be a new architecture.
. prototypes for the architecture-dependent functions defined in
kernel/arch/$(ARCH)/*.c but used in kernel/ are in kernel/proto.h
. /etc/make.conf included in makefiles and shell scripts that need to
know the building architecture; it defines ARCH=<arch>, currently only
i386.
. some basic per-architecture build support outside of the kernel (lib)
. in clock.c, only dequeue a process if it was ready
. fixes for new include files
files deleted:
. mpx/klib.s - only for choosing between mpx/klib86 and -386
. klib86.s - only for 86
i386-specific files files moved (or arch-dependent stuff moved) to arch/i386/:
. mpx386.s (entry point)
. klib386.s
. sconst.h
. exception.c
. protect.c
. protect.h
. i8269.c
2006-12-22 16:22:27 +01:00
|
|
|
map(SYS_READBIOS, do_readbios); /* read from BIOS locations */
|
|
|
|
map(SYS_IOPENABLE, do_iopenable); /* Enable I/O */
|
|
|
|
map(SYS_SDEVIO, do_sdevio); /* phys_insb, _insw, _outsb, _outsw */
|
2012-10-08 03:38:03 +02:00
|
|
|
#endif
|
2010-03-12 16:58:41 +01:00
|
|
|
|
|
|
|
/* Machine state switching. */
|
|
|
|
map(SYS_SETMCONTEXT, do_setmcontext); /* set machine context */
|
|
|
|
map(SYS_GETMCONTEXT, do_getmcontext); /* get machine context */
|
2005-04-21 16:53:53 +02:00
|
|
|
|
Userspace scheduling
- cotributed by Bjorn Swift
- In this first phase, scheduling is moved from the kernel to the PM
server. The next steps are to a) moving scheduling to its own server
and b) include useful information in the "out of quantum" message,
so that the scheduler can make use of this information.
- The kernel process table now keeps record of who is responsible for
scheduling each process (p_scheduler). When this pointer is NULL,
the process will be scheduled by the kernel. If such a process runs
out of quantum, the kernel will simply renew its quantum an requeue
it.
- When PM loads, it will take over scheduling of all running
processes, except system processes, using sys_schedctl().
Essentially, this only results in taking over init. As children
inherit a scheduler from their parent, user space programs forked by
init will inherit PM (for now) as their scheduler.
- Once a process has been assigned a scheduler, and runs out of
quantum, its RTS_NO_QUANTUM flag will be set and the process
dequeued. The kernel will send a message to the scheduler, on the
process' behalf, informing the scheduler that it has run out of
quantum. The scheduler can take what ever action it pleases, based
on its policy, and then reschedule the process using the
sys_schedule() system call.
- Balance queues does not work as before. While the old in-kernel
function used to renew the quantum of processes in the highest
priority run queue, the user-space implementation only acts on
processes that have been bumped down to a lower priority queue.
This approach reacts slower to changes than the old one, but saves
us sending a sys_schedule message for each process every time we
balance the queues. Currently, when processes are moved up a
priority queue, their quantum is also renewed, but this can be
fiddled with.
- do_nice has been removed from kernel. PM answers to get- and
setpriority calls, updates it's own nice variable as well as the
max_run_queue. This will be refactored once scheduling is moved to a
separate server. We will probably have PM update it's local nice
value and then send a message to whoever is scheduling the process.
- changes to fix an issue in do_fork() where processes could run out
of quantum but bypassing the code path that handles it correctly.
The future plan is to remove the policy from do_fork() and implement
it in userspace too.
2010-03-29 13:07:20 +02:00
|
|
|
/* Scheduling */
|
|
|
|
map(SYS_SCHEDULE, do_schedule); /* reschedule a process */
|
|
|
|
map(SYS_SCHEDCTL, do_schedctl); /* change process scheduler */
|
|
|
|
|
2016-02-29 16:13:07 +01:00
|
|
|
/* User space IPC */
|
|
|
|
map(SYS_MQ_OPEN, do_mq_open); /* open a message queue */
|
|
|
|
map(SYS_MQ_CLOSE, do_mq_close); /* close a message queue */
|
|
|
|
map(SYS_MQ_SEND, do_mq_send); /* send to a message queue */
|
|
|
|
map(SYS_MQ_REC, do_mq_rec); /* receive from a message queue */
|
2016-03-22 11:27:53 +01:00
|
|
|
map(SYS_MQ_SET_ATTR, do_mq_set_attr); /* set message queue attributes */
|
|
|
|
map(SYS_MQ_GET_ATTR, do_mq_get_attr); /* get message queue attributes */
|
2016-03-22 13:21:09 +01:00
|
|
|
map(SYS_MQ_REQ_NOTIFY, do_mq_request_notify); /* request notification for receive */
|
2016-02-29 16:13:07 +01:00
|
|
|
|
Userspace scheduling
- cotributed by Bjorn Swift
- In this first phase, scheduling is moved from the kernel to the PM
server. The next steps are to a) moving scheduling to its own server
and b) include useful information in the "out of quantum" message,
so that the scheduler can make use of this information.
- The kernel process table now keeps record of who is responsible for
scheduling each process (p_scheduler). When this pointer is NULL,
the process will be scheduled by the kernel. If such a process runs
out of quantum, the kernel will simply renew its quantum an requeue
it.
- When PM loads, it will take over scheduling of all running
processes, except system processes, using sys_schedctl().
Essentially, this only results in taking over init. As children
inherit a scheduler from their parent, user space programs forked by
init will inherit PM (for now) as their scheduler.
- Once a process has been assigned a scheduler, and runs out of
quantum, its RTS_NO_QUANTUM flag will be set and the process
dequeued. The kernel will send a message to the scheduler, on the
process' behalf, informing the scheduler that it has run out of
quantum. The scheduler can take what ever action it pleases, based
on its policy, and then reschedule the process using the
sys_schedule() system call.
- Balance queues does not work as before. While the old in-kernel
function used to renew the quantum of processes in the highest
priority run queue, the user-space implementation only acts on
processes that have been bumped down to a lower priority queue.
This approach reacts slower to changes than the old one, but saves
us sending a sys_schedule message for each process every time we
balance the queues. Currently, when processes are moved up a
priority queue, their quantum is also renewed, but this can be
fiddled with.
- do_nice has been removed from kernel. PM answers to get- and
setpriority calls, updates it's own nice variable as well as the
max_run_queue. This will be refactored once scheduling is moved to a
separate server. We will probably have PM update it's local nice
value and then send a message to whoever is scheduling the process.
- changes to fix an issue in do_fork() where processes could run out
of quantum but bypassing the code path that handles it correctly.
The future plan is to remove the policy from do_fork() and implement
it in userspace too.
2010-03-29 13:07:20 +02:00
|
|
|
}
|
2005-07-14 17:12:12 +02:00
|
|
|
/*===========================================================================*
|
2005-09-11 18:44:06 +02:00
|
|
|
* get_priv *
|
2005-07-14 17:12:12 +02:00
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
int get_priv(rc, priv_id)
|
2005-07-20 17:25:38 +02:00
|
|
|
register struct proc *rc; /* new (child) process pointer */
|
2009-12-11 01:08:19 +01:00
|
|
|
int priv_id; /* privilege id */
|
2005-07-14 17:12:12 +02:00
|
|
|
{
|
2009-12-11 01:08:19 +01:00
|
|
|
/* Allocate a new privilege structure for a system process. Privilege ids
|
|
|
|
* can be assigned either statically or dynamically.
|
2005-07-21 20:36:40 +02:00
|
|
|
*/
|
2009-12-11 01:08:19 +01:00
|
|
|
register struct priv *sp; /* privilege structure */
|
|
|
|
|
|
|
|
if(priv_id == NULL_PRIV_ID) { /* allocate slot dynamically */
|
|
|
|
for (sp = BEG_DYN_PRIV_ADDR; sp < END_DYN_PRIV_ADDR; ++sp)
|
|
|
|
if (sp->s_proc_nr == NONE) break;
|
|
|
|
if (sp >= END_DYN_PRIV_ADDR) return(ENOSPC);
|
|
|
|
}
|
|
|
|
else { /* allocate slot from id */
|
|
|
|
if(!is_static_priv_id(priv_id)) {
|
|
|
|
return EINVAL; /* invalid static priv id */
|
|
|
|
}
|
|
|
|
if(priv[priv_id].s_proc_nr != NONE) {
|
|
|
|
return EBUSY; /* slot already in use */
|
|
|
|
}
|
|
|
|
sp = &priv[priv_id];
|
2005-05-30 13:05:42 +02:00
|
|
|
}
|
2009-12-11 01:08:19 +01:00
|
|
|
rc->p_priv = sp; /* assign new slot */
|
|
|
|
rc->p_priv->s_proc_nr = proc_nr(rc); /* set association */
|
|
|
|
|
2005-07-21 20:36:40 +02:00
|
|
|
return(OK);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
2009-07-02 18:25:31 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* set_sendto_bit *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void set_sendto_bit(const struct proc *rp, int id)
|
2009-07-02 18:25:31 +02:00
|
|
|
{
|
|
|
|
/* Allow a process to send messages to the process(es) associated with the
|
|
|
|
* system privilege structure with the given ID.
|
|
|
|
*/
|
|
|
|
|
2009-12-11 01:08:19 +01:00
|
|
|
/* Disallow the process from sending to a process privilege structure with no
|
2009-07-02 18:25:31 +02:00
|
|
|
* associated process, and disallow the process from sending to itself.
|
|
|
|
*/
|
2009-12-11 01:08:19 +01:00
|
|
|
if (id_to_nr(id) == NONE || priv_id(rp) == id) {
|
|
|
|
unset_sys_bit(priv(rp)->s_ipc_to, id);
|
2009-07-02 18:25:31 +02:00
|
|
|
return;
|
2009-12-11 01:08:19 +01:00
|
|
|
}
|
2009-07-02 18:25:31 +02:00
|
|
|
|
|
|
|
set_sys_bit(priv(rp)->s_ipc_to, id);
|
|
|
|
|
2009-12-11 01:08:19 +01:00
|
|
|
/* The process that this process can now send to, must be able to reply (or
|
|
|
|
* vice versa). Therefore, its send mask should be updated as well. Ignore
|
|
|
|
* receivers that don't support traps other than RECEIVE, they can't reply
|
|
|
|
* or send messages anyway.
|
2009-07-02 18:25:31 +02:00
|
|
|
*/
|
2009-12-11 01:08:19 +01:00
|
|
|
if (priv_addr(id)->s_trap_mask & ~((1 << RECEIVE)))
|
|
|
|
set_sys_bit(priv_addr(id)->s_ipc_to, priv_id(rp));
|
2009-07-02 18:25:31 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* unset_sendto_bit *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void unset_sendto_bit(const struct proc *rp, int id)
|
2009-07-02 18:25:31 +02:00
|
|
|
{
|
|
|
|
/* Prevent a process from sending to another process. Retain the send mask
|
|
|
|
* symmetry by also unsetting the bit for the other direction.
|
|
|
|
*/
|
|
|
|
|
|
|
|
unset_sys_bit(priv(rp)->s_ipc_to, id);
|
|
|
|
|
|
|
|
unset_sys_bit(priv_addr(id)->s_ipc_to, priv_id(rp));
|
|
|
|
}
|
|
|
|
|
2010-07-07 00:05:21 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* fill_sendto_mask *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void fill_sendto_mask(const struct proc *rp, sys_map_t *map)
|
2010-07-07 00:05:21 +02:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i=0; i < NR_SYS_PROCS; i++) {
|
2010-12-07 11:32:42 +01:00
|
|
|
if (get_sys_bit(*map, i))
|
2010-07-07 00:05:21 +02:00
|
|
|
set_sendto_bit(rp, i);
|
|
|
|
else
|
|
|
|
unset_sendto_bit(rp, i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2005-07-19 14:21:36 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* send_sig *
|
|
|
|
*===========================================================================*/
|
2012-03-28 18:23:12 +02:00
|
|
|
int send_sig(endpoint_t ep, int sig_nr)
|
2005-07-19 14:21:36 +02:00
|
|
|
{
|
|
|
|
/* Notify a system process about a signal. This is straightforward. Simply
|
|
|
|
* set the signal that is to be delivered in the pending signals map and
|
|
|
|
* send a notification with source SYSTEM.
|
|
|
|
*/
|
|
|
|
register struct proc *rp;
|
No more intel/minix segments.
This commit removes all traces of Minix segments (the text/data/stack
memory map abstraction in the kernel) and significance of Intel segments
(hardware segments like CS, DS that add offsets to all addressing before
page table translation). This ultimately simplifies the memory layout
and addressing and makes the same layout possible on non-Intel
architectures.
There are only two types of addresses in the world now: virtual
and physical; even the kernel and processes have the same virtual
address space. Kernel and user processes can be distinguished at a
glance as processes won't use 0xF0000000 and above.
No static pre-allocated memory sizes exist any more.
Changes to booting:
. The pre_init.c leaves the kernel and modules exactly as
they were left by the bootloader in physical memory
. The kernel starts running using physical addressing,
loaded at a fixed location given in its linker script by the
bootloader. All code and data in this phase are linked to
this fixed low location.
. It makes a bootstrap pagetable to map itself to a
fixed high location (also in linker script) and jumps to
the high address. All code and data then use this high addressing.
. All code/data symbols linked at the low addresses is prefixed by
an objcopy step with __k_unpaged_*, so that that code cannot
reference highly-linked symbols (which aren't valid yet) or vice
versa (symbols that aren't valid any more).
. The two addressing modes are separated in the linker script by
collecting the unpaged_*.o objects and linking them with low
addresses, and linking the rest high. Some objects are linked
twice, once low and once high.
. The bootstrap phase passes a lot of information (e.g. free memory
list, physical location of the modules, etc.) using the kinfo
struct.
. After this bootstrap the low-linked part is freed.
. The kernel maps in VM into the bootstrap page table so that VM can
begin executing. Its first job is to make page tables for all other
boot processes. So VM runs before RS, and RS gets a fully dynamic,
VM-managed address space. VM gets its privilege info from RS as usual
but that happens after RS starts running.
. Both the kernel loading VM and VM organizing boot processes happen
using the libexec logic. This removes the last reason for VM to
still know much about exec() and vm/exec.c is gone.
Further Implementation:
. All segments are based at 0 and have a 4 GB limit.
. The kernel is mapped in at the top of the virtual address
space so as not to constrain the user processes.
. Processes do not use segments from the LDT at all; there are
no segments in the LDT any more, so no LLDT is needed.
. The Minix segments T/D/S are gone and so none of the
user-space or in-kernel copy functions use them. The copy
functions use a process endpoint of NONE to realize it's
a physical address, virtual otherwise.
. The umap call only makes sense to translate a virtual address
to a physical address now.
. Segments-related calls like newmap and alloc_segments are gone.
. All segments-related translation in VM is gone (vir2map etc).
. Initialization in VM is simpler as no moving around is necessary.
. VM and all other boot processes can be linked wherever they wish
and will be mapped in at the right location by the kernel and VM
respectively.
Other changes:
. The multiboot code is less special: it does not use mb_print
for its diagnostics any more but uses printf() as normal, saving
the output into the diagnostics buffer, only printing to the
screen using the direct print functions if a panic() occurs.
. The multiboot code uses the flexible 'free memory map list'
style to receive the list of free memory if available.
. The kernel determines the memory layout of the processes to
a degree: it tells VM where the kernel starts and ends and
where the kernel wants the top of the process to be. VM then
uses this entire range, i.e. the stack is right at the top,
and mmap()ped bits of memory are placed below that downwards,
and the break grows upwards.
Other Consequences:
. Every process gets its own page table as address spaces
can't be separated any more by segments.
. As all segments are 0-based, there is no distinction between
virtual and linear addresses, nor between userspace and
kernel addresses.
. Less work is done when context switching, leading to a net
performance increase. (8% faster on my machine for 'make servers'.)
. The layout and configuration of the GDT makes sysenter and syscall
possible.
2012-05-07 16:03:35 +02:00
|
|
|
struct priv *priv;
|
2010-07-07 00:05:21 +02:00
|
|
|
int proc_nr;
|
'proc number' is process slot, 'endpoint' are generation-aware process
instance numbers, encoded and decoded using macros in <minix/endpoint.h>.
proc number -> endpoint migration
. proc_nr in the interrupt hook is now an endpoint, proc_nr_e.
. m_source for messages and notifies is now an endpoint, instead of
proc number.
. isokendpt() converts an endpoint to a process number, returns
success (but fails if the process number is out of range, the
process slot is not a living process, or the given endpoint
number does not match the endpoint number in the process slot,
indicating an old process).
. okendpt() is the same as isokendpt(), but panic()s if the conversion
fails. This is mainly used for decoding message.m_source endpoints,
and other endpoint numbers in kernel data structures, which should
always be correct.
. if DEBUG_ENABLE_IPC_WARNINGS is enabled, isokendpt() and okendpt()
get passed the __FILE__ and __LINE__ of the calling lines, and
print messages about what is wrong with the endpoint number
(out of range proc, empty proc, or inconsistent endpoint number),
with the caller, making finding where the conversion failed easy
without having to include code for every call to print where things
went wrong. Sometimes this is harmless (wrong arg to a kernel call),
sometimes it's a fatal internal inconsistency (bogus m_source).
. some process table fields have been appended an _e to indicate it's
become and endpoint.
. process endpoint is stored in p_endpoint, without generation number.
it turns out the kernel never needs the generation number, except
when fork()ing, so it's decoded then.
. kernel calls all take endpoints as arguments, not proc numbers.
the one exception is sys_fork(), which needs to know in which slot
to put the child.
2006-03-03 11:00:02 +01:00
|
|
|
|
2010-07-07 00:05:21 +02:00
|
|
|
if(!isokendpt(ep, &proc_nr) || isemptyn(proc_nr))
|
2012-03-28 18:23:12 +02:00
|
|
|
return EINVAL;
|
2005-07-19 14:21:36 +02:00
|
|
|
|
|
|
|
rp = proc_addr(proc_nr);
|
No more intel/minix segments.
This commit removes all traces of Minix segments (the text/data/stack
memory map abstraction in the kernel) and significance of Intel segments
(hardware segments like CS, DS that add offsets to all addressing before
page table translation). This ultimately simplifies the memory layout
and addressing and makes the same layout possible on non-Intel
architectures.
There are only two types of addresses in the world now: virtual
and physical; even the kernel and processes have the same virtual
address space. Kernel and user processes can be distinguished at a
glance as processes won't use 0xF0000000 and above.
No static pre-allocated memory sizes exist any more.
Changes to booting:
. The pre_init.c leaves the kernel and modules exactly as
they were left by the bootloader in physical memory
. The kernel starts running using physical addressing,
loaded at a fixed location given in its linker script by the
bootloader. All code and data in this phase are linked to
this fixed low location.
. It makes a bootstrap pagetable to map itself to a
fixed high location (also in linker script) and jumps to
the high address. All code and data then use this high addressing.
. All code/data symbols linked at the low addresses is prefixed by
an objcopy step with __k_unpaged_*, so that that code cannot
reference highly-linked symbols (which aren't valid yet) or vice
versa (symbols that aren't valid any more).
. The two addressing modes are separated in the linker script by
collecting the unpaged_*.o objects and linking them with low
addresses, and linking the rest high. Some objects are linked
twice, once low and once high.
. The bootstrap phase passes a lot of information (e.g. free memory
list, physical location of the modules, etc.) using the kinfo
struct.
. After this bootstrap the low-linked part is freed.
. The kernel maps in VM into the bootstrap page table so that VM can
begin executing. Its first job is to make page tables for all other
boot processes. So VM runs before RS, and RS gets a fully dynamic,
VM-managed address space. VM gets its privilege info from RS as usual
but that happens after RS starts running.
. Both the kernel loading VM and VM organizing boot processes happen
using the libexec logic. This removes the last reason for VM to
still know much about exec() and vm/exec.c is gone.
Further Implementation:
. All segments are based at 0 and have a 4 GB limit.
. The kernel is mapped in at the top of the virtual address
space so as not to constrain the user processes.
. Processes do not use segments from the LDT at all; there are
no segments in the LDT any more, so no LLDT is needed.
. The Minix segments T/D/S are gone and so none of the
user-space or in-kernel copy functions use them. The copy
functions use a process endpoint of NONE to realize it's
a physical address, virtual otherwise.
. The umap call only makes sense to translate a virtual address
to a physical address now.
. Segments-related calls like newmap and alloc_segments are gone.
. All segments-related translation in VM is gone (vir2map etc).
. Initialization in VM is simpler as no moving around is necessary.
. VM and all other boot processes can be linked wherever they wish
and will be mapped in at the right location by the kernel and VM
respectively.
Other changes:
. The multiboot code is less special: it does not use mb_print
for its diagnostics any more but uses printf() as normal, saving
the output into the diagnostics buffer, only printing to the
screen using the direct print functions if a panic() occurs.
. The multiboot code uses the flexible 'free memory map list'
style to receive the list of free memory if available.
. The kernel determines the memory layout of the processes to
a degree: it tells VM where the kernel starts and ends and
where the kernel wants the top of the process to be. VM then
uses this entire range, i.e. the stack is right at the top,
and mmap()ped bits of memory are placed below that downwards,
and the break grows upwards.
Other Consequences:
. Every process gets its own page table as address spaces
can't be separated any more by segments.
. As all segments are 0-based, there is no distinction between
virtual and linear addresses, nor between userspace and
kernel addresses.
. Less work is done when context switching, leading to a net
performance increase. (8% faster on my machine for 'make servers'.)
. The layout and configuration of the GDT makes sysenter and syscall
possible.
2012-05-07 16:03:35 +02:00
|
|
|
priv = priv(rp);
|
|
|
|
if(!priv) return ENOENT;
|
|
|
|
sigaddset(&priv->s_sig_pending, sig_nr);
|
2010-02-09 16:26:58 +01:00
|
|
|
mini_notify(proc_addr(SYSTEM), rp->p_endpoint);
|
2012-03-28 18:23:12 +02:00
|
|
|
|
|
|
|
return OK;
|
2005-07-19 14:21:36 +02:00
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* cause_sig *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void cause_sig(proc_nr, sig_nr)
|
2010-01-26 13:26:06 +01:00
|
|
|
proc_nr_t proc_nr; /* process to be signalled */
|
2009-11-28 14:20:50 +01:00
|
|
|
int sig_nr; /* signal to be sent */
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
2005-06-17 11:09:54 +02:00
|
|
|
/* A system process wants to send a signal to a process. Examples are:
|
2005-07-14 17:12:12 +02:00
|
|
|
* - HARDWARE wanting to cause a SIGSEGV after a CPU exception
|
|
|
|
* - TTY wanting to cause SIGINT upon getting a DEL
|
|
|
|
* - FS wanting to cause SIGPIPE for a broken pipe
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
* Signals are handled by sending a message to the signal manager assigned to
|
|
|
|
* the process. This function handles the signals and makes sure the signal
|
|
|
|
* manager gets them by sending a notification. The process being signaled
|
|
|
|
* is blocked while the signal manager has not finished all signals for it.
|
2005-07-19 14:21:36 +02:00
|
|
|
* Race conditions between calls to this function and the system calls that
|
|
|
|
* process pending kernel signals cannot exist. Signal related functions are
|
|
|
|
* only called when a user process causes a CPU exception and from the kernel
|
|
|
|
* process level, which runs to completion.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
2010-07-07 00:05:21 +02:00
|
|
|
register struct proc *rp, *sig_mgr_rp;
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
endpoint_t sig_mgr;
|
2010-07-07 00:05:21 +02:00
|
|
|
int sig_mgr_proc_nr;
|
2013-10-22 17:08:15 +02:00
|
|
|
int s;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
/* Lookup signal manager. */
|
|
|
|
rp = proc_addr(proc_nr);
|
|
|
|
sig_mgr = priv(rp)->s_sig_mgr;
|
2010-07-07 00:05:21 +02:00
|
|
|
if(sig_mgr == SELF) sig_mgr = rp->p_endpoint;
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
|
|
|
|
/* If the target is the signal manager of itself, send the signal directly. */
|
|
|
|
if(rp->p_endpoint == sig_mgr) {
|
|
|
|
if(SIGS_IS_LETHAL(sig_nr)) {
|
2010-07-07 00:05:21 +02:00
|
|
|
/* If the signal is lethal, see if a backup signal manager exists. */
|
|
|
|
sig_mgr = priv(rp)->s_bak_sig_mgr;
|
|
|
|
if(sig_mgr != NONE && isokendpt(sig_mgr, &sig_mgr_proc_nr)) {
|
|
|
|
priv(rp)->s_sig_mgr = sig_mgr;
|
|
|
|
priv(rp)->s_bak_sig_mgr = NONE;
|
|
|
|
sig_mgr_rp = proc_addr(sig_mgr_proc_nr);
|
|
|
|
RTS_UNSET(sig_mgr_rp, RTS_NO_PRIV);
|
|
|
|
cause_sig(proc_nr, sig_nr); /* try again with the new sig mgr. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
/* We are out of luck. Time to panic. */
|
2010-04-14 11:06:34 +02:00
|
|
|
proc_stacktrace(rp);
|
2010-07-07 00:05:21 +02:00
|
|
|
panic("cause_sig: sig manager %d gets lethal signal %d for itself",
|
|
|
|
rp->p_endpoint, sig_nr);
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
}
|
2012-01-16 12:42:29 +01:00
|
|
|
sigaddset(&priv(rp)->s_sig_pending, sig_nr);
|
2012-03-28 18:23:12 +02:00
|
|
|
if(OK != send_sig(rp->p_endpoint, SIGKSIGSM))
|
|
|
|
panic("send_sig failed");
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
return;
|
|
|
|
}
|
2007-04-23 16:23:37 +02:00
|
|
|
|
2013-10-22 17:08:15 +02:00
|
|
|
if((s = sigismember(&rp->p_pending, sig_nr)) < 0)
|
|
|
|
panic("sigismember failed");
|
2005-06-24 18:24:40 +02:00
|
|
|
/* Check if the signal is already pending. Process it otherwise. */
|
2013-10-22 17:08:15 +02:00
|
|
|
if (!s) {
|
2012-01-16 12:42:29 +01:00
|
|
|
sigaddset(&rp->p_pending, sig_nr);
|
2009-11-10 10:11:13 +01:00
|
|
|
if (! (RTS_ISSET(rp, RTS_SIGNALED))) { /* other pending */
|
2010-02-09 16:26:58 +01:00
|
|
|
RTS_SET(rp, RTS_SIGNALED | RTS_SIG_PENDING);
|
2012-03-28 18:23:12 +02:00
|
|
|
if(OK != send_sig(sig_mgr, SIGKSIG))
|
|
|
|
panic("send_sig failed");
|
2005-06-30 17:55:19 +02:00
|
|
|
}
|
2005-06-24 18:24:40 +02:00
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* sig_delay_done *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void sig_delay_done(struct proc *rp)
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
{
|
|
|
|
/* A process is now known not to send any direct messages.
|
2009-10-01 12:36:09 +02:00
|
|
|
* Tell PM that the stop delay has ended, by sending a signal to the process.
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
* Used for actual signal delivery.
|
|
|
|
*/
|
|
|
|
|
|
|
|
rp->p_misc_flags &= ~MF_SIG_DELAY;
|
|
|
|
|
2010-03-31 10:55:12 +02:00
|
|
|
cause_sig(proc_nr(rp), SIGSNDELAY);
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
}
|
|
|
|
|
2013-09-21 15:03:20 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* send_diag_sig *
|
|
|
|
*===========================================================================*/
|
|
|
|
void send_diag_sig(void)
|
|
|
|
{
|
|
|
|
/* Send a SIGKMESS signal to all processes in receiving updates about new
|
|
|
|
* diagnostics messages.
|
|
|
|
*/
|
|
|
|
struct priv *privp;
|
|
|
|
endpoint_t ep;
|
|
|
|
|
|
|
|
for (privp = BEG_PRIV_ADDR; privp < END_PRIV_ADDR; privp++) {
|
|
|
|
if (privp->s_proc_nr != NONE && privp->s_diag_sig == TRUE) {
|
|
|
|
ep = proc_addr(privp->s_proc_nr)->p_endpoint;
|
|
|
|
send_sig(ep, SIGKMESS);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2015-07-12 07:58:07 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* clear_memreq *
|
|
|
|
*===========================================================================*/
|
|
|
|
static void clear_memreq(struct proc *rp)
|
|
|
|
{
|
|
|
|
struct proc **rpp;
|
|
|
|
|
|
|
|
if (!RTS_ISSET(rp, RTS_VMREQUEST))
|
|
|
|
return; /* nothing to do */
|
|
|
|
|
|
|
|
for (rpp = &vmrequest; *rpp != NULL;
|
|
|
|
rpp = &(*rpp)->p_vmrequest.nextrequestor) {
|
|
|
|
if (*rpp == rp) {
|
|
|
|
*rpp = rp->p_vmrequest.nextrequestor;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
RTS_UNSET(rp, RTS_VMREQUEST);
|
|
|
|
}
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* clear_ipc *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
static void clear_ipc(
|
2010-04-22 09:49:40 +02:00
|
|
|
register struct proc *rc /* slot of process to clean up */
|
|
|
|
)
|
2010-04-08 15:41:35 +02:00
|
|
|
{
|
|
|
|
/* Clear IPC data for a given process slot. */
|
|
|
|
struct proc **xpp; /* iterate over caller queue */
|
|
|
|
|
2009-11-10 10:11:13 +01:00
|
|
|
if (RTS_ISSET(rc, RTS_SENDING)) {
|
2006-03-15 13:01:59 +01:00
|
|
|
int target_proc;
|
|
|
|
|
|
|
|
okendpt(rc->p_sendto_e, &target_proc);
|
|
|
|
xpp = &proc_addr(target_proc)->p_caller_q; /* destination's queue */
|
2010-03-28 11:54:32 +02:00
|
|
|
while (*xpp) { /* check entire queue */
|
2006-03-15 13:01:59 +01:00
|
|
|
if (*xpp == rc) { /* process is on the queue */
|
|
|
|
*xpp = (*xpp)->p_q_link; /* replace by next process */
|
|
|
|
#if DEBUG_ENABLE_IPC_WARNINGS
|
2010-03-03 16:45:01 +01:00
|
|
|
printf("endpoint %d / %s removed from queue at %d\n",
|
2009-01-14 09:52:50 +01:00
|
|
|
rc->p_endpoint, rc->p_name, rc->p_sendto_e);
|
2006-03-15 13:01:59 +01:00
|
|
|
#endif
|
|
|
|
break; /* can only be queued once */
|
|
|
|
}
|
|
|
|
xpp = &(*xpp)->p_q_link; /* proceed to next queued */
|
|
|
|
}
|
2011-01-18 11:18:08 +01:00
|
|
|
RTS_UNSET(rc, RTS_SENDING);
|
2006-03-15 13:01:59 +01:00
|
|
|
}
|
2011-01-18 11:18:08 +01:00
|
|
|
RTS_UNSET(rc, RTS_RECEIVING);
|
2010-04-08 15:41:35 +02:00
|
|
|
}
|
|
|
|
|
2010-04-22 09:49:40 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* clear_endpoint *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void clear_endpoint(rc)
|
2010-04-22 09:49:40 +02:00
|
|
|
register struct proc *rc; /* slot of process to clean up */
|
|
|
|
{
|
|
|
|
if(isemptyp(rc)) panic("clear_proc: empty process: %d", rc->p_endpoint);
|
|
|
|
|
2011-02-08 14:54:33 +01:00
|
|
|
|
|
|
|
#if DEBUG_IPC_HOOK
|
|
|
|
hook_ipc_clear(rc);
|
|
|
|
#endif
|
|
|
|
|
2010-04-22 09:49:40 +02:00
|
|
|
/* Make sure that the exiting process is no longer scheduled. */
|
|
|
|
RTS_SET(rc, RTS_NO_ENDPOINT);
|
|
|
|
if (priv(rc)->s_flags & SYS_PROC)
|
|
|
|
{
|
|
|
|
priv(rc)->s_asynsize= 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* If the process happens to be queued trying to send a
|
|
|
|
* message, then it must be removed from the message queues.
|
|
|
|
*/
|
|
|
|
clear_ipc(rc);
|
|
|
|
|
|
|
|
/* Likewise, if another process was sending or receive a message to or from
|
|
|
|
* the exiting process, it must be alerted that process no longer is alive.
|
|
|
|
* Check all processes.
|
|
|
|
*/
|
|
|
|
clear_ipc_refs(rc, EDEADSRCDST);
|
|
|
|
|
2015-07-12 07:58:07 +02:00
|
|
|
/* Finally, if the process was blocked on a VM request, remove it from the
|
|
|
|
* queue of processes waiting to be processed by VM.
|
|
|
|
*/
|
|
|
|
clear_memreq(rc);
|
2010-04-22 09:49:40 +02:00
|
|
|
}
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* clear_ipc_refs *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void clear_ipc_refs(rc, caller_ret)
|
2010-04-08 15:41:35 +02:00
|
|
|
register struct proc *rc; /* slot of process to clean up */
|
|
|
|
int caller_ret; /* code to return on callers */
|
|
|
|
{
|
|
|
|
/* Clear IPC references for a given process slot. */
|
|
|
|
struct proc *rp; /* iterate over process table */
|
2011-04-08 17:14:48 +02:00
|
|
|
int src_id;
|
|
|
|
|
|
|
|
/* Tell processes that sent asynchronous messages to 'rc' they are not
|
|
|
|
* going to be delivered */
|
2011-10-31 16:21:08 +01:00
|
|
|
while ((src_id = has_pending_asend(rc, ANY)) != NULL_PRIV_ID)
|
2011-04-08 17:14:48 +02:00
|
|
|
cancel_async(proc_addr(id_to_nr(src_id)), rc);
|
2006-03-15 13:01:59 +01:00
|
|
|
|
|
|
|
for (rp = BEG_PROC_ADDR; rp < END_PROC_ADDR; rp++) {
|
|
|
|
if(isemptyp(rp))
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Unset pending notification bits. */
|
|
|
|
unset_sys_bit(priv(rp)->s_notify_pending, priv(rc)->s_id);
|
|
|
|
|
2011-04-08 17:03:33 +02:00
|
|
|
/* Unset pending asynchronous messages */
|
|
|
|
unset_sys_bit(priv(rp)->s_asyn_pending, priv(rc)->s_id);
|
2010-04-08 15:41:35 +02:00
|
|
|
|
|
|
|
/* Check if process depends on given process. */
|
2010-03-03 16:32:26 +01:00
|
|
|
if (P_BLOCKEDON(rp) == rc->p_endpoint) {
|
2010-04-08 15:41:35 +02:00
|
|
|
rp->p_reg.retreg = caller_ret; /* return requested code */
|
2011-01-18 11:18:08 +01:00
|
|
|
clear_ipc(rp);
|
2010-04-08 15:41:35 +02:00
|
|
|
}
|
2006-03-15 13:01:59 +01:00
|
|
|
}
|
2008-11-19 13:26:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2010-02-09 16:20:09 +01:00
|
|
|
* kernel_call_resume *
|
2008-11-19 13:26:10 +01:00
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
void kernel_call_resume(struct proc *caller)
|
2008-11-19 13:26:10 +01:00
|
|
|
{
|
2010-02-09 16:20:09 +01:00
|
|
|
int result;
|
|
|
|
|
2010-03-10 14:00:05 +01:00
|
|
|
assert(!RTS_ISSET(caller, RTS_SLOT_FREE));
|
|
|
|
assert(!RTS_ISSET(caller, RTS_VMREQUEST));
|
2010-02-09 16:20:09 +01:00
|
|
|
|
2010-03-10 14:00:05 +01:00
|
|
|
assert(caller->p_vmrequest.saved.reqmsg.m_source == caller->p_endpoint);
|
2010-02-09 16:20:09 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
printf("KERNEL_CALL restart from %s / %d rts 0x%08x misc 0x%08x\n",
|
|
|
|
caller->p_name, caller->p_endpoint,
|
|
|
|
caller->p_rts_flags, caller->p_misc_flags);
|
|
|
|
*/
|
|
|
|
|
2010-07-05 01:09:24 +02:00
|
|
|
/* re-execute the kernel call, with MF_KCALL_RESUME still set so
|
|
|
|
* the call knows this is a retry.
|
|
|
|
*/
|
|
|
|
result = kernel_call_dispatch(caller, &caller->p_vmrequest.saved.reqmsg);
|
2010-02-09 16:20:09 +01:00
|
|
|
/*
|
|
|
|
* we are resuming the kernel call so we have to remove this flag so it
|
|
|
|
* can be set again
|
|
|
|
*/
|
|
|
|
caller->p_misc_flags &= ~MF_KCALL_RESUME;
|
|
|
|
kernel_call_finish(caller, &caller->p_vmrequest.saved.reqmsg, result);
|
2006-03-15 13:01:59 +01:00
|
|
|
}
|
2010-07-13 17:30:17 +02:00
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* sched_proc *
|
|
|
|
*===========================================================================*/
|
2012-03-25 20:25:53 +02:00
|
|
|
int sched_proc(struct proc *p,
|
2010-09-15 16:10:42 +02:00
|
|
|
int priority,
|
|
|
|
int quantum,
|
|
|
|
int cpu)
|
2010-07-13 17:30:17 +02:00
|
|
|
{
|
2010-09-15 16:10:42 +02:00
|
|
|
/* Make sure the values given are within the allowed range.*/
|
|
|
|
if ((priority < TASK_Q && priority != -1) || priority > NR_SCHED_QUEUES)
|
|
|
|
return(EINVAL);
|
2010-07-13 17:30:17 +02:00
|
|
|
|
2010-09-15 16:10:42 +02:00
|
|
|
if (quantum < 1 && quantum != -1)
|
|
|
|
return(EINVAL);
|
|
|
|
|
2010-09-15 16:11:03 +02:00
|
|
|
#ifdef CONFIG_SMP
|
2010-09-15 16:10:42 +02:00
|
|
|
if ((cpu < 0 && cpu != -1) || (cpu > 0 && (unsigned) cpu >= ncpus))
|
|
|
|
return(EINVAL);
|
2010-09-15 16:11:21 +02:00
|
|
|
if (cpu != -1 && !(cpu_is_ready(cpu)))
|
|
|
|
return EBADCPU;
|
2010-09-15 16:11:03 +02:00
|
|
|
#endif
|
2010-07-13 17:30:17 +02:00
|
|
|
|
|
|
|
/* In some cases, we might be rescheduling a runnable process. In such
|
|
|
|
* a case (i.e. if we are updating the priority) we set the NO_QUANTUM
|
|
|
|
* flag before the generic unset to dequeue/enqueue the process
|
|
|
|
*/
|
|
|
|
|
2010-09-15 16:10:42 +02:00
|
|
|
/* FIXME this preempts the process, do we really want to do that ?*/
|
|
|
|
|
|
|
|
/* FIXME this is a problem for SMP if the processes currently runs on a
|
|
|
|
* different CPU */
|
2010-09-15 16:10:51 +02:00
|
|
|
if (proc_is_runnable(p)) {
|
2010-09-15 16:11:03 +02:00
|
|
|
#ifdef CONFIG_SMP
|
2010-09-15 16:10:51 +02:00
|
|
|
if (p->p_cpu != cpuid && cpu != -1 && cpu != p->p_cpu) {
|
2010-09-15 16:11:25 +02:00
|
|
|
smp_schedule_migrate_proc(p, cpu);
|
2010-09-15 16:10:51 +02:00
|
|
|
}
|
2010-09-15 16:11:03 +02:00
|
|
|
#endif
|
2010-09-15 16:10:51 +02:00
|
|
|
|
|
|
|
RTS_SET(p, RTS_NO_QUANTUM);
|
2010-09-15 16:10:42 +02:00
|
|
|
}
|
2010-07-13 17:30:17 +02:00
|
|
|
|
2010-09-15 16:10:42 +02:00
|
|
|
if (proc_is_runnable(p))
|
|
|
|
RTS_SET(p, RTS_NO_QUANTUM);
|
|
|
|
|
|
|
|
if (priority != -1)
|
|
|
|
p->p_priority = priority;
|
|
|
|
if (quantum != -1) {
|
|
|
|
p->p_quantum_size_ms = quantum;
|
|
|
|
p->p_cpu_time_left = ms_2_cpu_time(quantum);
|
|
|
|
}
|
2010-09-15 16:11:03 +02:00
|
|
|
#ifdef CONFIG_SMP
|
2010-09-15 16:10:42 +02:00
|
|
|
if (cpu != -1)
|
|
|
|
p->p_cpu = cpu;
|
2010-09-15 16:11:03 +02:00
|
|
|
#endif
|
2010-09-15 16:10:42 +02:00
|
|
|
|
|
|
|
/* Clear the scheduling bit and enqueue the process */
|
|
|
|
RTS_UNSET(p, RTS_NO_QUANTUM);
|
2010-07-13 17:30:17 +02:00
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
2014-03-12 19:34:52 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* add_ipc_filter *
|
|
|
|
*===========================================================================*/
|
|
|
|
int add_ipc_filter(struct proc *rp, int type, vir_bytes address,
|
|
|
|
size_t length)
|
|
|
|
{
|
|
|
|
int num_elements, r;
|
|
|
|
ipc_filter_t *ipcf, **ipcfp;
|
|
|
|
|
|
|
|
/* Validate arguments. */
|
|
|
|
if (type != IPCF_BLACKLIST && type != IPCF_WHITELIST)
|
|
|
|
return EINVAL;
|
|
|
|
|
|
|
|
if (length % sizeof(ipc_filter_el_t) != 0)
|
|
|
|
return EINVAL;
|
|
|
|
|
|
|
|
num_elements = length / sizeof(ipc_filter_el_t);
|
|
|
|
if (num_elements <= 0 || num_elements > IPCF_MAX_ELEMENTS)
|
|
|
|
return E2BIG;
|
|
|
|
|
|
|
|
/* Allocate a new IPC filter slot. */
|
|
|
|
IPCF_POOL_ALLOCATE_SLOT(type, &ipcf);
|
|
|
|
if (ipcf == NULL)
|
|
|
|
return ENOMEM;
|
|
|
|
|
|
|
|
/* Fill details. */
|
|
|
|
ipcf->num_elements = num_elements;
|
|
|
|
ipcf->next = NULL;
|
|
|
|
r = data_copy(rp->p_endpoint, address,
|
|
|
|
KERNEL, (vir_bytes)ipcf->elements, length);
|
|
|
|
if (r == OK)
|
|
|
|
r = check_ipc_filter(ipcf, TRUE /*fill_flags*/);
|
|
|
|
if (r != OK) {
|
|
|
|
IPCF_POOL_FREE_SLOT(ipcf);
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Add the new filter at the end of the IPC filter chain. */
|
|
|
|
for (ipcfp = &priv(rp)->s_ipcf; *ipcfp != NULL;
|
|
|
|
ipcfp = &(*ipcfp)->next)
|
|
|
|
;
|
|
|
|
*ipcfp = ipcf;
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* clear_ipc_filters *
|
|
|
|
*===========================================================================*/
|
|
|
|
void clear_ipc_filters(struct proc *rp)
|
|
|
|
{
|
|
|
|
ipc_filter_t *curr_ipcf, *ipcf;
|
|
|
|
|
|
|
|
ipcf = priv(rp)->s_ipcf;
|
|
|
|
while (ipcf != NULL) {
|
|
|
|
curr_ipcf = ipcf;
|
|
|
|
ipcf = ipcf->next;
|
|
|
|
IPCF_POOL_FREE_SLOT(curr_ipcf);
|
|
|
|
}
|
|
|
|
|
|
|
|
priv(rp)->s_ipcf = NULL;
|
2015-07-12 07:58:07 +02:00
|
|
|
|
|
|
|
/* VM is a special case here: since the cleared IPC filter may have
|
|
|
|
* blocked memory handling requests, we may now have to tell VM that
|
|
|
|
* there are "new" requests pending.
|
|
|
|
*/
|
|
|
|
if (rp->p_endpoint == VM_PROC_NR && vmrequest != NULL)
|
|
|
|
if (send_sig(VM_PROC_NR, SIGKMEM) != OK)
|
|
|
|
panic("send_sig failed");
|
2014-03-12 19:34:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* check_ipc_filter *
|
|
|
|
*===========================================================================*/
|
|
|
|
int check_ipc_filter(ipc_filter_t *ipcf, int fill_flags)
|
|
|
|
{
|
|
|
|
ipc_filter_el_t *ipcf_el;
|
|
|
|
int i, num_elements, flags;
|
|
|
|
|
|
|
|
if (ipcf == NULL)
|
|
|
|
return OK;
|
|
|
|
|
|
|
|
num_elements = ipcf->num_elements;
|
|
|
|
flags = 0;
|
|
|
|
for (i = 0; i < num_elements; i++) {
|
|
|
|
ipcf_el = &ipcf->elements[i];
|
|
|
|
if (!IPCF_EL_CHECK(ipcf_el))
|
|
|
|
return EINVAL;
|
|
|
|
flags |= ipcf_el->flags;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fill_flags)
|
|
|
|
ipcf->flags = flags;
|
|
|
|
else if (ipcf->flags != flags)
|
|
|
|
return EINVAL;
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* allow_ipc_filtered_msg *
|
|
|
|
*===========================================================================*/
|
|
|
|
int allow_ipc_filtered_msg(struct proc *rp, endpoint_t src_e,
|
|
|
|
vir_bytes m_src_v, message *m_src_p)
|
|
|
|
{
|
|
|
|
int i, r, num_elements, get_mtype, allow;
|
|
|
|
ipc_filter_t *ipcf;
|
|
|
|
ipc_filter_el_t *ipcf_el;
|
|
|
|
message m_buff;
|
|
|
|
|
|
|
|
ipcf = priv(rp)->s_ipcf;
|
|
|
|
if (ipcf == NULL)
|
|
|
|
return TRUE; /* no IPC filters, always allow */
|
|
|
|
|
|
|
|
if (m_src_p == NULL) {
|
|
|
|
assert(m_src_v != 0);
|
|
|
|
|
|
|
|
/* Should we copy in the message type? */
|
|
|
|
get_mtype = FALSE;
|
|
|
|
do {
|
|
|
|
#if DEBUG_DUMPIPCF
|
|
|
|
if (TRUE) {
|
|
|
|
#else
|
|
|
|
if (ipcf->flags & IPCF_MATCH_M_TYPE) {
|
|
|
|
#endif
|
|
|
|
get_mtype = TRUE;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
ipcf = ipcf->next;
|
|
|
|
} while (ipcf);
|
|
|
|
ipcf = priv(rp)->s_ipcf; /* reset to start */
|
|
|
|
|
|
|
|
/* If so, copy it in from the process. */
|
|
|
|
if (get_mtype) {
|
|
|
|
r = data_copy(src_e,
|
|
|
|
m_src_v + offsetof(message, m_type), KERNEL,
|
|
|
|
(vir_bytes)&m_buff.m_type, sizeof(m_buff.m_type));
|
|
|
|
if (r != OK) {
|
|
|
|
/* allow for now, this will fail later anyway */
|
|
|
|
#if DEBUG_DUMPIPCF
|
|
|
|
printf("KERNEL: allow_ipc_filtered_msg: data "
|
|
|
|
"copy error %d, allowing message...\n", r);
|
|
|
|
#endif
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
m_src_p = &m_buff;
|
|
|
|
}
|
|
|
|
|
|
|
|
m_src_p->m_source = src_e;
|
|
|
|
|
|
|
|
/* See if the message is allowed. */
|
|
|
|
allow = (ipcf->type == IPCF_BLACKLIST);
|
|
|
|
do {
|
|
|
|
if (allow != (ipcf->type == IPCF_WHITELIST)) {
|
|
|
|
num_elements = ipcf->num_elements;
|
|
|
|
for (i = 0; i < num_elements; i++) {
|
|
|
|
ipcf_el = &ipcf->elements[i];
|
|
|
|
if (IPCF_EL_MATCH(ipcf_el, m_src_p)) {
|
|
|
|
allow = (ipcf->type == IPCF_WHITELIST);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ipcf = ipcf->next;
|
|
|
|
} while (ipcf);
|
|
|
|
|
|
|
|
#if DEBUG_DUMPIPCF
|
|
|
|
printmsg(m_src_p, proc_addr(_ENDPOINT_P(src_e)), rp, allow ? '+' : '-',
|
|
|
|
TRUE /*printparams*/);
|
|
|
|
#endif
|
|
|
|
|
|
|
|
return allow;
|
|
|
|
}
|
|
|
|
|
2015-07-12 07:58:07 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* allow_ipc_filtered_memreq *
|
|
|
|
*===========================================================================*/
|
|
|
|
int allow_ipc_filtered_memreq(struct proc *src_rp, struct proc *dst_rp)
|
|
|
|
{
|
|
|
|
/* Determine whether VM should receive a request to handle memory
|
|
|
|
* that is the result of process 'src_rp' trying to access currently
|
|
|
|
* unavailable memory in process 'dst_rp'. Return TRUE if VM should
|
|
|
|
* be given the request, FALSE otherwise.
|
|
|
|
*/
|
|
|
|
|
|
|
|
struct proc *vmp;
|
|
|
|
message m_buf;
|
|
|
|
int allow_src, allow_dst;
|
|
|
|
|
|
|
|
vmp = proc_addr(VM_PROC_NR);
|
|
|
|
|
|
|
|
/* If VM has no filter in place, all requests should go through. */
|
|
|
|
if (priv(vmp)->s_ipcf == NULL)
|
|
|
|
return TRUE;
|
|
|
|
|
|
|
|
/* VM obtains memory requests in response to a SIGKMEM signal, which
|
|
|
|
* is a notification sent from SYSTEM. Thus, if VM blocks such
|
|
|
|
* notifications, it also should not get any memory requests. Of
|
|
|
|
* course, VM should not be asking for requests in that case either,
|
|
|
|
* but the extra check doesn't hurt.
|
|
|
|
*/
|
|
|
|
m_buf.m_type = NOTIFY_MESSAGE;
|
|
|
|
if (!allow_ipc_filtered_msg(vmp, SYSTEM, 0, &m_buf))
|
|
|
|
return FALSE;
|
|
|
|
|
|
|
|
/* A more refined policy may be implemented here, for example to
|
|
|
|
* ensure that both the source and the destination (if different)
|
|
|
|
* are in the group of processes that VM wants to talk to. Since VM
|
|
|
|
* is basically not able to handle any memory requests during an
|
|
|
|
* update, we will not get here, and none of that is needed.
|
|
|
|
*/
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2014-03-11 17:56:03 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* priv_add_irq *
|
|
|
|
*===========================================================================*/
|
|
|
|
int priv_add_irq(struct proc *rp, int irq)
|
|
|
|
{
|
|
|
|
struct priv *priv = priv(rp);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
priv->s_flags |= CHECK_IRQ; /* Check IRQ */
|
|
|
|
|
|
|
|
/* When restarting a driver, check if it already has the permission */
|
|
|
|
for (i = 0; i < priv->s_nr_irq; i++) {
|
|
|
|
if (priv->s_irq_tab[i] == irq)
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
i= priv->s_nr_irq;
|
|
|
|
if (i >= NR_IRQ) {
|
|
|
|
printf("do_privctl: %d already has %d irq's.\n",
|
|
|
|
rp->p_endpoint, i);
|
|
|
|
return ENOMEM;
|
|
|
|
}
|
|
|
|
priv->s_irq_tab[i]= irq;
|
|
|
|
priv->s_nr_irq++;
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* priv_add_io *
|
|
|
|
*===========================================================================*/
|
|
|
|
int priv_add_io(struct proc *rp, struct io_range *ior)
|
|
|
|
{
|
|
|
|
struct priv *priv = priv(rp);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
priv->s_flags |= CHECK_IO_PORT; /* Check I/O accesses */
|
|
|
|
|
|
|
|
for (i = 0; i < priv->s_nr_io_range; i++) {
|
|
|
|
if (priv->s_io_tab[i].ior_base == ior->ior_base &&
|
|
|
|
priv->s_io_tab[i].ior_limit == ior->ior_limit)
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
i= priv->s_nr_io_range;
|
|
|
|
if (i >= NR_IO_RANGE) {
|
|
|
|
printf("do_privctl: %d already has %d i/o ranges.\n",
|
|
|
|
rp->p_endpoint, i);
|
|
|
|
return ENOMEM;
|
|
|
|
}
|
|
|
|
|
|
|
|
priv->s_io_tab[i] = *ior;
|
|
|
|
priv->s_nr_io_range++;
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* priv_add_mem *
|
|
|
|
*===========================================================================*/
|
|
|
|
int priv_add_mem(struct proc *rp, struct minix_mem_range *memr)
|
|
|
|
{
|
|
|
|
struct priv *priv = priv(rp);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
priv->s_flags |= CHECK_MEM; /* Check memory mappings */
|
|
|
|
|
|
|
|
/* When restarting a driver, check if it already has the permission */
|
|
|
|
for (i = 0; i < priv->s_nr_mem_range; i++) {
|
|
|
|
if (priv->s_mem_tab[i].mr_base == memr->mr_base &&
|
|
|
|
priv->s_mem_tab[i].mr_limit == memr->mr_limit)
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
i= priv->s_nr_mem_range;
|
|
|
|
if (i >= NR_MEM_RANGE) {
|
|
|
|
printf("do_privctl: %d already has %d mem ranges.\n",
|
|
|
|
rp->p_endpoint, i);
|
|
|
|
return ENOMEM;
|
|
|
|
}
|
|
|
|
priv->s_mem_tab[i]= *memr;
|
|
|
|
priv->s_nr_mem_range++;
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|