2006-10-25 15:40:36 +02:00
|
|
|
#include "fs.h"
|
|
|
|
|
#include <minix/com.h>
|
|
|
|
|
#include <minix/endpoint.h>
|
|
|
|
|
#include <minix/safecopies.h>
|
2006-11-27 15:21:43 +01:00
|
|
|
#include <minix/u64.h>
|
2006-10-25 15:40:36 +02:00
|
|
|
#include <string.h>
|
|
|
|
|
#include "inode.h"
|
|
|
|
|
#include "super.h"
|
|
|
|
|
#include "const.h"
|
|
|
|
|
#include "drivers.h"
|
|
|
|
|
|
|
|
|
|
#include <minix/vfsif.h>
|
|
|
|
|
|
2010-06-01 14:35:33 +02:00
|
|
|
FORWARD _PROTOTYPE( int safe_io_conversion, (endpoint_t driver,
|
|
|
|
|
cp_grant_id_t *gid, int *op, cp_grant_id_t *gids, endpoint_t *io_ept,
|
|
|
|
|
void **buffer, int *vec_grants, size_t bytes));
|
2006-10-25 15:40:36 +02:00
|
|
|
FORWARD _PROTOTYPE( void safe_io_cleanup, (cp_grant_id_t, cp_grant_id_t *,
|
|
|
|
|
int));
|
2007-08-07 14:38:35 +02:00
|
|
|
FORWARD _PROTOTYPE( int gen_opcl, (endpoint_t driver_e, int op,
|
2010-06-01 14:35:33 +02:00
|
|
|
dev_t dev, endpoint_t proc_e, int flags) );
|
2010-03-30 16:07:15 +02:00
|
|
|
FORWARD _PROTOTYPE( int gen_io, (endpoint_t task_nr, message *mess_ptr) );
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* fs_new_driver *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int fs_new_driver(void)
|
|
|
|
|
{
|
|
|
|
|
/* New driver endpoint for this device */
|
2010-06-01 14:35:33 +02:00
|
|
|
dev_t dev;
|
|
|
|
|
dev = (dev_t) fs_m_in.REQ_DEV;
|
|
|
|
|
driver_endpoints[major(dev)].driver_e = (endpoint_t) fs_m_in.REQ_DRIVER_E;
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
return(OK);
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* safe_io_conversion *
|
|
|
|
|
*===========================================================================*/
|
2010-06-01 14:35:33 +02:00
|
|
|
PRIVATE int safe_io_conversion(driver, gid, op, gids, io_ept, buffer,
|
|
|
|
|
vec_grants, bytes)
|
2006-10-25 15:40:36 +02:00
|
|
|
endpoint_t driver;
|
|
|
|
|
cp_grant_id_t *gid;
|
|
|
|
|
int *op;
|
|
|
|
|
cp_grant_id_t *gids;
|
|
|
|
|
endpoint_t *io_ept;
|
2010-06-01 14:35:33 +02:00
|
|
|
void **buffer;
|
2006-10-25 15:40:36 +02:00
|
|
|
int *vec_grants;
|
2010-06-01 14:35:33 +02:00
|
|
|
size_t bytes;
|
2006-10-25 15:40:36 +02:00
|
|
|
{
|
2010-06-01 14:35:33 +02:00
|
|
|
unsigned int j;
|
|
|
|
|
int access;
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
iovec_t *v;
|
|
|
|
|
static iovec_t *new_iovec;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
STATICINIT(new_iovec, NR_IOREQS);
|
|
|
|
|
|
|
|
|
|
/* Number of grants allocated in vector I/O. */
|
|
|
|
|
*vec_grants = 0;
|
|
|
|
|
|
|
|
|
|
/* Driver can handle it - change request to a safe one. */
|
|
|
|
|
|
|
|
|
|
*gid = GRANT_INVALID;
|
|
|
|
|
|
|
|
|
|
switch(*op) {
|
|
|
|
|
case MFS_DEV_READ:
|
|
|
|
|
case MFS_DEV_WRITE:
|
|
|
|
|
/* Change to safe op. */
|
|
|
|
|
*op = *op == MFS_DEV_READ ? DEV_READ_S : DEV_WRITE_S;
|
2010-06-01 14:35:33 +02:00
|
|
|
*gid = cpf_grant_direct(driver, (vir_bytes) *buffer, bytes,
|
|
|
|
|
*op == DEV_READ_S ? CPF_WRITE : CPF_READ);
|
|
|
|
|
if(*gid == GRANT_INVALID) {
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("cpf_grant_magic of buffer failed");
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
break;
|
|
|
|
|
case MFS_DEV_GATHER:
|
|
|
|
|
case MFS_DEV_SCATTER:
|
|
|
|
|
/* Change to safe op. */
|
|
|
|
|
*op = *op == MFS_DEV_GATHER ? DEV_GATHER_S : DEV_SCATTER_S;
|
|
|
|
|
|
|
|
|
|
/* Grant access to my new i/o vector. */
|
2010-06-01 14:35:33 +02:00
|
|
|
*gid = cpf_grant_direct(driver, (vir_bytes) new_iovec,
|
|
|
|
|
bytes * sizeof(iovec_t), CPF_READ|CPF_WRITE);
|
|
|
|
|
if(*gid == GRANT_INVALID) {
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("cpf_grant_direct of vector failed");
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
}
|
2010-06-01 14:35:33 +02:00
|
|
|
|
|
|
|
|
v = (iovec_t *) *buffer;
|
|
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
/* Grant access to i/o buffers. */
|
|
|
|
|
for(j = 0; j < bytes; j++) {
|
|
|
|
|
if(j >= NR_IOREQS)
|
2010-06-01 14:35:33 +02:00
|
|
|
panic("vec too big: %u", bytes);
|
|
|
|
|
access = (*op == DEV_GATHER_S) ? CPF_WRITE : CPF_READ;
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
new_iovec[j].iov_addr = gids[j] =
|
2010-06-01 14:35:33 +02:00
|
|
|
cpf_grant_direct(driver, (vir_bytes) v[j].iov_addr,
|
|
|
|
|
(size_t) v[j].iov_size, access);
|
|
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
if(!GRANT_VALID(gids[j])) {
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("mfs: grant to iovec buf failed");
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
}
|
|
|
|
|
new_iovec[j].iov_size = v[j].iov_size;
|
|
|
|
|
(*vec_grants)++;
|
|
|
|
|
}
|
2006-10-25 15:40:36 +02:00
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
/* Set user's vector to the new one. */
|
2010-06-01 14:35:33 +02:00
|
|
|
*buffer = new_iovec;
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
panic("Illegal operation %d\n", *op);
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If we have converted to a safe operation, I/O
|
|
|
|
|
* endpoint becomes FS if it wasn't already.
|
|
|
|
|
*/
|
|
|
|
|
if(GRANT_VALID(*gid)) {
|
|
|
|
|
*io_ept = SELF_E;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Not converted to a safe operation (because there is no
|
|
|
|
|
* copying involved in this operation).
|
|
|
|
|
*/
|
|
|
|
|
return 0;
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* safe_io_cleanup *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PRIVATE void safe_io_cleanup(gid, gids, gids_size)
|
|
|
|
|
cp_grant_id_t gid;
|
|
|
|
|
cp_grant_id_t *gids;
|
|
|
|
|
int gids_size;
|
|
|
|
|
{
|
|
|
|
|
/* Free resources (specifically, grants) allocated by safe_io_conversion(). */
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
int j;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
2010-06-01 14:35:33 +02:00
|
|
|
(void) cpf_revoke(gid);
|
2006-10-25 15:40:36 +02:00
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
for(j = 0; j < gids_size; j++)
|
2010-06-01 14:35:33 +02:00
|
|
|
(void) cpf_revoke(gids[j]);
|
2006-10-25 15:40:36 +02:00
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
return;
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* block_dev_io *
|
|
|
|
|
*===========================================================================*/
|
2010-04-13 12:58:41 +02:00
|
|
|
PUBLIC int block_dev_io(
|
|
|
|
|
int op, /* MFS_DEV_READ, MFS_DEV_WRITE, etc. */
|
|
|
|
|
dev_t dev, /* major-minor device number */
|
2010-06-01 14:35:33 +02:00
|
|
|
endpoint_t proc_e, /* in whose address space is buf? */
|
|
|
|
|
void *buffer, /* virtual address of the buffer */
|
2010-04-13 12:58:41 +02:00
|
|
|
u64_t pos, /* byte position */
|
2010-06-01 14:35:33 +02:00
|
|
|
size_t bytes /* how many bytes to transfer */
|
2010-04-13 12:58:41 +02:00
|
|
|
)
|
2006-10-25 15:40:36 +02:00
|
|
|
{
|
|
|
|
|
/* Read or write from a device. The parameter 'dev' tells which one. */
|
|
|
|
|
int r, safe;
|
|
|
|
|
message m;
|
|
|
|
|
cp_grant_id_t gid = GRANT_INVALID;
|
|
|
|
|
int vec_grants;
|
|
|
|
|
int op_used;
|
|
|
|
|
void *buf_used;
|
2008-11-19 13:26:10 +01:00
|
|
|
static cp_grant_id_t *gids;
|
2006-10-25 15:40:36 +02:00
|
|
|
endpoint_t driver_e;
|
2006-11-27 15:21:43 +01:00
|
|
|
|
2008-11-19 13:26:10 +01:00
|
|
|
STATICINIT(gids, NR_IOREQS);
|
|
|
|
|
|
2006-10-25 15:40:36 +02:00
|
|
|
/* Determine driver endpoint for this device */
|
2010-06-01 14:35:33 +02:00
|
|
|
driver_e = driver_endpoints[major(dev)].driver_e;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
/* See if driver is roughly valid. */
|
|
|
|
|
if (driver_e == NONE) {
|
2010-06-01 14:35:33 +02:00
|
|
|
printf("MFS(%d) block_dev_io: no driver for dev %x\n", SELF_E, dev);
|
2010-06-24 09:37:26 +02:00
|
|
|
return(EDEADEPT);
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* The io vector copying relies on this I/O being for FS itself. */
|
|
|
|
|
if(proc_e != SELF_E) {
|
2010-06-01 14:35:33 +02:00
|
|
|
printf("MFS(%d) doing block_dev_io for non-self %d\n", SELF_E, proc_e);
|
|
|
|
|
panic("doing block_dev_io for non-self: %d", proc_e);
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* By default, these are right. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
m.USER_ENDPT = proc_e;
|
2010-06-01 14:35:33 +02:00
|
|
|
m.ADDRESS = buffer;
|
|
|
|
|
buf_used = buffer;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
/* Convert parameters to 'safe mode'. */
|
|
|
|
|
op_used = op;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
safe = safe_io_conversion(driver_e, &gid, &op_used, gids, &m.USER_ENDPT,
|
2010-06-01 14:35:33 +02:00
|
|
|
&buf_used, &vec_grants, bytes);
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
/* Set up rest of the message. */
|
|
|
|
|
if (safe) m.IO_GRANT = (char *) gid;
|
|
|
|
|
|
|
|
|
|
m.m_type = op_used;
|
2010-06-01 14:35:33 +02:00
|
|
|
m.DEVICE = minor(dev);
|
2006-11-27 15:21:43 +01:00
|
|
|
m.POSITION = ex64lo(pos);
|
2006-10-25 15:40:36 +02:00
|
|
|
m.COUNT = bytes;
|
2006-11-27 15:21:43 +01:00
|
|
|
m.HIGHPOS = ex64hi(pos);
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
/* Call the task. */
|
|
|
|
|
r = sendrec(driver_e, &m);
|
2010-06-24 09:37:26 +02:00
|
|
|
if(r == OK && m.REP_STATUS == ERESTART) r = EDEADEPT;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
/* As block I/O never SUSPENDs, safe cleanup must be done whether
|
|
|
|
|
* the I/O succeeded or not. */
|
|
|
|
|
if (safe) safe_io_cleanup(gid, gids, vec_grants);
|
|
|
|
|
|
|
|
|
|
/* RECOVERY:
|
|
|
|
|
* - send back dead driver number
|
|
|
|
|
* - VFS unmaps it, waits for new driver
|
2007-02-12 13:27:43 +01:00
|
|
|
* - VFS sends the new driver endp for the FS proc and the request again
|
2006-10-25 15:40:36 +02:00
|
|
|
*/
|
|
|
|
|
if (r != OK) {
|
2010-06-24 09:37:26 +02:00
|
|
|
if (r == EDEADSRCDST || r == EDEADEPT) {
|
2010-06-01 14:35:33 +02:00
|
|
|
printf("MFS(%d) dead driver %d\n", SELF_E, driver_e);
|
|
|
|
|
driver_endpoints[major(dev)].driver_e = NONE;
|
|
|
|
|
return(r);
|
|
|
|
|
} else if (r == ELOCKED) {
|
|
|
|
|
printf("MFS(%d) ELOCKED talking to %d\n", SELF_E, driver_e);
|
|
|
|
|
return(r);
|
|
|
|
|
} else
|
|
|
|
|
panic("call_task: can't send/receive: %d", r);
|
|
|
|
|
} else {
|
|
|
|
|
/* Did the process we did the sendrec() for get a result? */
|
|
|
|
|
if (m.REP_ENDPT != proc_e) {
|
|
|
|
|
printf("MFS(%d) strange device reply from %d, type = %d, proc "
|
|
|
|
|
"= %d (not %d) (2) ignored\n", SELF_E, m.m_source,
|
|
|
|
|
m.m_type, proc_e, m.REP_ENDPT);
|
|
|
|
|
r = EIO;
|
|
|
|
|
}
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Task has completed. See if call completed. */
|
|
|
|
|
if (m.REP_STATUS == SUSPEND) {
|
2010-06-01 14:35:33 +02:00
|
|
|
panic("MFS block_dev_io: driver returned SUSPEND");
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
2010-06-01 14:35:33 +02:00
|
|
|
if(buffer != buf_used && r == OK) {
|
|
|
|
|
memcpy(buffer, buf_used, bytes * sizeof(iovec_t));
|
2006-10-25 15:40:36 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return(m.REP_STATUS);
|
|
|
|
|
}
|
|
|
|
|
|
2007-08-07 14:38:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* dev_open *
|
|
|
|
|
*===========================================================================*/
|
2010-04-13 12:58:41 +02:00
|
|
|
PUBLIC int dev_open(
|
|
|
|
|
endpoint_t driver_e,
|
|
|
|
|
dev_t dev, /* device to open */
|
2010-06-01 14:35:33 +02:00
|
|
|
endpoint_t proc_e, /* process to open for */
|
2010-04-13 12:58:41 +02:00
|
|
|
int flags /* mode bits and flags */
|
|
|
|
|
)
|
2007-08-07 14:38:35 +02:00
|
|
|
{
|
|
|
|
|
int major, r;
|
|
|
|
|
|
|
|
|
|
/* Determine the major device number call the device class specific
|
|
|
|
|
* open/close routine. (This is the only routine that must check the
|
|
|
|
|
* device number for being in range. All others can trust this check.)
|
|
|
|
|
*/
|
2010-06-01 14:35:33 +02:00
|
|
|
major = major(dev);
|
|
|
|
|
if (major >= NR_DEVICES) {
|
|
|
|
|
printf("Major device number %d not in range\n", major(dev));
|
|
|
|
|
return(EIO);
|
|
|
|
|
}
|
|
|
|
|
r = gen_opcl(driver_e, DEV_OPEN, dev, proc_e, flags);
|
2010-03-05 16:05:11 +01:00
|
|
|
if (r == SUSPEND) panic("suspend on open from");
|
2007-08-07 14:38:35 +02:00
|
|
|
return(r);
|
|
|
|
|
}
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
|
2007-08-07 14:38:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* dev_close *
|
|
|
|
|
*===========================================================================*/
|
2010-04-13 12:58:41 +02:00
|
|
|
PUBLIC void dev_close(
|
|
|
|
|
endpoint_t driver_e,
|
|
|
|
|
dev_t dev /* device to close */
|
|
|
|
|
)
|
2007-08-07 14:38:35 +02:00
|
|
|
{
|
|
|
|
|
(void) gen_opcl(driver_e, DEV_CLOSE, dev, 0, 0);
|
|
|
|
|
}
|
2006-10-25 15:40:36 +02:00
|
|
|
|
|
|
|
|
|
2007-08-07 14:38:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* gen_opcl *
|
|
|
|
|
*===========================================================================*/
|
2010-04-13 12:58:41 +02:00
|
|
|
PRIVATE int gen_opcl(
|
|
|
|
|
endpoint_t driver_e,
|
|
|
|
|
int op, /* operation, DEV_OPEN or DEV_CLOSE */
|
|
|
|
|
dev_t dev, /* device to open or close */
|
2010-06-01 14:35:33 +02:00
|
|
|
endpoint_t proc_e, /* process to open/close for */
|
2010-04-13 12:58:41 +02:00
|
|
|
int flags /* mode bits and flags */
|
|
|
|
|
)
|
2007-08-07 14:38:35 +02:00
|
|
|
{
|
|
|
|
|
/* Called from the dmap struct in table.c on opens & closes of special files.*/
|
|
|
|
|
message dev_mess;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
2007-08-07 14:38:35 +02:00
|
|
|
dev_mess.m_type = op;
|
2010-06-01 14:35:33 +02:00
|
|
|
dev_mess.DEVICE = minor(dev);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
dev_mess.USER_ENDPT = proc_e;
|
2007-08-07 14:38:35 +02:00
|
|
|
dev_mess.COUNT = flags;
|
2006-10-25 15:40:36 +02:00
|
|
|
|
2007-08-07 14:38:35 +02:00
|
|
|
/* Call the task. */
|
2010-06-01 14:35:33 +02:00
|
|
|
(void) gen_io(driver_e, &dev_mess);
|
2007-08-07 14:38:35 +02:00
|
|
|
|
|
|
|
|
return(dev_mess.REP_STATUS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* gen_io *
|
|
|
|
|
*===========================================================================*/
|
2010-03-30 16:07:15 +02:00
|
|
|
PRIVATE int gen_io(
|
|
|
|
|
endpoint_t task_nr, /* which task to call */
|
|
|
|
|
message *mess_ptr /* pointer to message for task */
|
|
|
|
|
)
|
2007-08-07 14:38:35 +02:00
|
|
|
{
|
|
|
|
|
/* All file system I/O ultimately comes down to I/O on major/minor device
|
|
|
|
|
* pairs. These lead to calls on the following routines via the dmap table.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
int r, proc_e;
|
|
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
proc_e = mess_ptr->USER_ENDPT;
|
2007-08-07 14:38:35 +02:00
|
|
|
|
|
|
|
|
r = sendrec(task_nr, mess_ptr);
|
2010-06-01 14:35:33 +02:00
|
|
|
if(r == OK && mess_ptr->REP_STATUS == ERESTART)
|
2010-06-24 09:37:26 +02:00
|
|
|
r = EDEADEPT;
|
2007-08-07 14:38:35 +02:00
|
|
|
|
2010-06-01 14:35:33 +02:00
|
|
|
if (r != OK) {
|
2010-06-24 09:37:26 +02:00
|
|
|
if (r == EDEADSRCDST || r == EDEADEPT) {
|
2010-06-01 14:35:33 +02:00
|
|
|
printf("fs: dead driver %d\n", task_nr);
|
|
|
|
|
panic("should handle crashed drivers");
|
|
|
|
|
return(r);
|
2007-08-07 14:38:35 +02:00
|
|
|
}
|
2010-06-01 14:35:33 +02:00
|
|
|
if (r == ELOCKED) {
|
|
|
|
|
printf("fs: ELOCKED talking to %d\n", task_nr);
|
|
|
|
|
return(r);
|
|
|
|
|
}
|
|
|
|
|
panic("call_task: can't send/receive: %d", r);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Did the process we did the sendrec() for get a result? */
|
|
|
|
|
if (mess_ptr->REP_ENDPT != proc_e) {
|
|
|
|
|
printf("fs: strange device reply from %d, type = %d, proc = %d (not "
|
|
|
|
|
"%d) (2) ignored\n", mess_ptr->m_source, mess_ptr->m_type,
|
|
|
|
|
proc_e,
|
|
|
|
|
mess_ptr->REP_ENDPT);
|
|
|
|
|
return(EIO);
|
|
|
|
|
}
|
2007-08-07 14:38:35 +02:00
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
return(OK);
|
2007-08-07 14:38:35 +02:00
|
|
|
}
|
2006-10-25 15:40:36 +02:00
|
|
|
|
