2005-04-21 16:53:53 +02:00
|
|
|
/* This file contains device independent device driver interface.
|
2005-07-26 14:50:25 +02:00
|
|
|
*
|
2005-04-21 16:53:53 +02:00
|
|
|
* Changes:
|
2005-08-02 17:30:36 +02:00
|
|
|
* Jul 25, 2005 added SYS_SIG type for signals (Jorrit N. Herder)
|
2005-04-21 16:53:53 +02:00
|
|
|
* Sep 15, 2004 added SYN_ALARM type for timeouts (Jorrit N. Herder)
|
|
|
|
* Jul 23, 2004 removed kernel dependencies (Jorrit N. Herder)
|
2005-07-26 14:50:25 +02:00
|
|
|
* Apr 02, 1992 constructed from AT wini and floppy driver (Kees J. Bot)
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
|
|
|
*
|
|
|
|
* The drivers support the following operations (using message format m2):
|
|
|
|
*
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
* m_type DEVICE USER_ENDPT COUNT POSITION HIGHPOS IO_GRANT
|
2009-12-02 10:57:48 +01:00
|
|
|
* ----------------------------------------------------------------------------
|
|
|
|
* | DEV_OPEN | device | proc nr | | | | |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_CLOSE | device | proc nr | | | | |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_READ_S | device | proc nr | bytes | off lo | off hi i buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_WRITE_S | device | proc nr | bytes | off lo | off hi | buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_GATHER_S | device | proc nr | iov len | off lo | off hi | iov grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_SCATTER_S | device | proc nr | iov len | off lo | off hi | iov grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | DEV_IOCTL_S | device | proc nr | request | | | buf grant |
|
|
|
|
* |---------------+--------+---------+---------+--------+--------+-----------|
|
|
|
|
* | CANCEL | device | proc nr | r/w | | | |
|
|
|
|
* ----------------------------------------------------------------------------
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
2009-12-02 10:57:48 +01:00
|
|
|
* The file contains the following entry points:
|
2005-04-21 16:53:53 +02:00
|
|
|
*
|
2010-04-08 15:41:35 +02:00
|
|
|
* driver_announce: called by a device driver to announce it is up
|
|
|
|
* driver_receive: receive() interface for drivers
|
|
|
|
* driver_receive_mq: receive() interface for drivers with message queueing
|
2005-04-21 16:53:53 +02:00
|
|
|
* driver_task: called by the device dependent task entry
|
2010-04-08 15:41:35 +02:00
|
|
|
* driver_init_buffer: initialize a DMA buffer
|
|
|
|
* driver_mq_queue: queue an incoming message for later processing
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
|
|
|
|
2010-03-22 22:25:22 +01:00
|
|
|
#include <minix/drivers.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include <sys/ioc_disk.h>
|
2007-01-12 14:33:12 +01:00
|
|
|
#include <minix/mq.h>
|
2009-09-29 20:47:56 +02:00
|
|
|
#include <minix/endpoint.h>
|
2010-03-22 22:25:22 +01:00
|
|
|
#include <minix/driver.h>
|
2010-04-08 15:41:35 +02:00
|
|
|
#include <minix/ds.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Claim space for variables. */
|
2009-12-02 10:57:48 +01:00
|
|
|
u8_t *tmp_buf = NULL; /* the DMA buffer eventually */
|
2005-04-21 16:53:53 +02:00
|
|
|
phys_bytes tmp_phys; /* phys address of DMA buffer */
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
FORWARD _PROTOTYPE( void clear_open_devs, (void) );
|
|
|
|
FORWARD _PROTOTYPE( int is_open_dev, (int device) );
|
|
|
|
FORWARD _PROTOTYPE( void set_open_dev, (int device) );
|
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
FORWARD _PROTOTYPE( void asyn_reply, (message *mess, int r) );
|
2010-04-08 15:41:35 +02:00
|
|
|
FORWARD _PROTOTYPE( int driver_reply, (endpoint_t caller_e, int caller_status,
|
|
|
|
message *m_ptr) );
|
|
|
|
FORWARD _PROTOTYPE( int driver_spurious_reply, (endpoint_t caller_e,
|
|
|
|
int caller_status, message *m_ptr) );
|
2009-12-02 10:57:48 +01:00
|
|
|
FORWARD _PROTOTYPE( int do_rdwt, (struct driver *dr, message *mp) );
|
|
|
|
FORWARD _PROTOTYPE( int do_vrdwt, (struct driver *dr, message *mp) );
|
2005-04-21 16:53:53 +02:00
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
PRIVATE endpoint_t device_caller;
|
|
|
|
PUBLIC endpoint_t device_endpt; /* used externally by log driver */
|
2007-01-12 14:33:12 +01:00
|
|
|
PRIVATE mq_t *queue_head = NULL;
|
2010-04-08 15:41:35 +02:00
|
|
|
PRIVATE int open_devs[MAX_NR_OPEN_DEVICES];
|
|
|
|
PRIVATE int next_open_devs_slot = 0;
|
2010-08-02 00:07:46 +02:00
|
|
|
PRIVATE int driver_running;
|
2010-04-08 15:41:35 +02:00
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* clear_open_devs *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void clear_open_devs()
|
|
|
|
{
|
|
|
|
next_open_devs_slot = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* is_open_dev *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int is_open_dev(int device)
|
|
|
|
{
|
|
|
|
int i, open_dev_found;
|
|
|
|
|
|
|
|
open_dev_found = FALSE;
|
|
|
|
for(i=0;i<next_open_devs_slot;i++) {
|
|
|
|
if(open_devs[i] == device) {
|
|
|
|
open_dev_found = TRUE;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return open_dev_found;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* set_open_dev *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE void set_open_dev(int device)
|
|
|
|
{
|
|
|
|
if(next_open_devs_slot >= MAX_NR_OPEN_DEVICES) {
|
|
|
|
panic("out of slots for open devices");
|
|
|
|
}
|
|
|
|
open_devs[next_open_devs_slot] = device;
|
|
|
|
next_open_devs_slot++;
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* asyn_reply *
|
|
|
|
*===========================================================================*/
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
PRIVATE void asyn_reply(mess, r)
|
2009-12-02 10:57:48 +01:00
|
|
|
message *mess;
|
|
|
|
int r;
|
|
|
|
{
|
|
|
|
/* Send a reply using the new asynchronous character device protocol.
|
|
|
|
*/
|
|
|
|
message reply_mess;
|
|
|
|
|
|
|
|
switch (mess->m_type) {
|
|
|
|
case DEV_OPEN:
|
|
|
|
reply_mess.m_type = DEV_REVIVE;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
reply_mess.REP_ENDPT = device_endpt;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DEV_CLOSE:
|
|
|
|
reply_mess.m_type = DEV_CLOSE_REPL;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
reply_mess.REP_ENDPT = device_endpt;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case DEV_READ_S:
|
|
|
|
case DEV_WRITE_S:
|
2010-10-08 11:33:18 +02:00
|
|
|
case DEV_IOCTL_S:
|
2009-12-02 10:57:48 +01:00
|
|
|
if (r == SUSPEND)
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
printf("driver_task: reviving %d (%d) with SUSPEND\n",
|
|
|
|
device_caller, device_endpt);
|
2009-12-02 10:57:48 +01:00
|
|
|
|
|
|
|
reply_mess.m_type = DEV_REVIVE;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
reply_mess.REP_ENDPT = device_endpt;
|
2009-12-02 10:57:48 +01:00
|
|
|
reply_mess.REP_IO_GRANT = (cp_grant_id_t) mess->IO_GRANT;
|
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
case CANCEL:
|
|
|
|
/* The original request should send a reply. */
|
|
|
|
return;
|
|
|
|
|
|
|
|
case DEV_SELECT:
|
|
|
|
reply_mess.m_type = DEV_SEL_REPL1;
|
|
|
|
reply_mess.DEV_MINOR = mess->DEVICE;
|
|
|
|
reply_mess.DEV_SEL_OPS = r;
|
|
|
|
break;
|
|
|
|
|
|
|
|
default:
|
|
|
|
reply_mess.m_type = TASK_REPLY;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
reply_mess.REP_ENDPT = device_endpt;
|
2009-12-02 10:57:48 +01:00
|
|
|
/* Status is # of bytes transferred or error code. */
|
|
|
|
reply_mess.REP_STATUS = r;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
r= asynsend(device_caller, &reply_mess);
|
|
|
|
if (r != OK)
|
|
|
|
{
|
|
|
|
printf("driver_task: unable to asynsend to %d: %d\n",
|
|
|
|
device_caller, r);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* driver_reply *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int driver_reply(caller_e, caller_status, m_ptr)
|
|
|
|
endpoint_t caller_e;
|
|
|
|
int caller_status;
|
|
|
|
message *m_ptr;
|
|
|
|
{
|
|
|
|
/* Reply to a message sent to the driver. */
|
|
|
|
int r;
|
|
|
|
|
|
|
|
/* Use sendnb if caller is guaranteed to be blocked, asynsend otherwise. */
|
|
|
|
if(IPC_STATUS_CALL(caller_status) == SENDREC) {
|
|
|
|
r = sendnb(caller_e, m_ptr);
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
r = asynsend(caller_e, m_ptr);
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* driver_spurious_reply *
|
|
|
|
*===========================================================================*/
|
|
|
|
PRIVATE int driver_spurious_reply(caller_e, caller_status, m_ptr)
|
|
|
|
endpoint_t caller_e;
|
|
|
|
int caller_status;
|
|
|
|
message *m_ptr;
|
|
|
|
{
|
|
|
|
/* Reply to a spurious message pretending to be dead. */
|
|
|
|
int r;
|
|
|
|
|
|
|
|
m_ptr->m_type = TASK_REPLY;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
m_ptr->REP_ENDPT = m_ptr->USER_ENDPT;
|
2010-04-08 15:41:35 +02:00
|
|
|
m_ptr->REP_STATUS = ERESTART;
|
|
|
|
|
|
|
|
r = driver_reply(caller_e, caller_status, m_ptr);
|
|
|
|
if(r != OK) {
|
|
|
|
printf("unable to reply to spurious message from %d\n",
|
|
|
|
caller_e);
|
|
|
|
}
|
|
|
|
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* driver_announce *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void driver_announce()
|
|
|
|
{
|
|
|
|
/* Announce we are up after a fresh start or restart. */
|
|
|
|
int r;
|
|
|
|
char key[DS_MAX_KEYLEN];
|
|
|
|
char label[DS_MAX_KEYLEN];
|
|
|
|
char *driver_prefix = "drv.vfs.";
|
|
|
|
|
|
|
|
/* Callers are allowed to use sendrec to communicate with drivers.
|
|
|
|
* For this reason, there may blocked callers when a driver restarts.
|
|
|
|
* Ask the kernel to unblock them (if any).
|
|
|
|
*/
|
2011-09-02 16:57:22 +02:00
|
|
|
#if USE_STATECTL
|
2010-04-08 15:41:35 +02:00
|
|
|
r = sys_statectl(SYS_STATE_CLEAR_IPC_REFS);
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: sys_statectl failed: %d\n", r);
|
|
|
|
}
|
2011-09-02 16:57:22 +02:00
|
|
|
#endif
|
2010-04-08 15:41:35 +02:00
|
|
|
|
|
|
|
/* Publish a driver up event. */
|
|
|
|
r = ds_retrieve_label_name(label, getprocnr());
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: unable to get own label: %d\n", r);
|
|
|
|
}
|
|
|
|
snprintf(key, DS_MAX_KEYLEN, "%s%s", driver_prefix, label);
|
|
|
|
r = ds_publish_u32(key, DS_DRIVER_UP, DSF_OVERWRITE);
|
|
|
|
if (r != OK) {
|
|
|
|
panic("driver_announce: unable to publish driver up event: %d\n", r);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Expect a DEV_OPEN for any device before serving regular driver requests. */
|
|
|
|
clear_open_devs();
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* driver_receive *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int driver_receive(src, m_ptr, status_ptr)
|
|
|
|
endpoint_t src;
|
|
|
|
message *m_ptr;
|
|
|
|
int *status_ptr;
|
|
|
|
{
|
|
|
|
/* receive() interface for drivers. */
|
|
|
|
int r;
|
|
|
|
int ipc_status;
|
|
|
|
|
|
|
|
while (TRUE) {
|
|
|
|
/* Wait for a request. */
|
|
|
|
r = sef_receive_status(src, m_ptr, &ipc_status);
|
|
|
|
*status_ptr = ipc_status;
|
|
|
|
if (r != OK) {
|
|
|
|
return r;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* See if only DEV_OPEN is to be expected for this device. */
|
|
|
|
if(IS_DEV_MINOR_RQ(m_ptr->m_type) && !is_open_dev(m_ptr->DEVICE)) {
|
|
|
|
if(m_ptr->m_type != DEV_OPEN) {
|
|
|
|
if(!is_ipc_asynch(ipc_status)) {
|
|
|
|
driver_spurious_reply(m_ptr->m_source,
|
|
|
|
ipc_status, m_ptr);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
set_open_dev(m_ptr->DEVICE);
|
|
|
|
}
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* driver_receive_mq *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int driver_receive_mq(m_ptr, status_ptr)
|
|
|
|
message *m_ptr;
|
|
|
|
int *status_ptr;
|
|
|
|
{
|
|
|
|
/* receive() interface for drivers with message queueing. */
|
|
|
|
int ipc_status;
|
|
|
|
|
|
|
|
/* Any queued messages? Oldest are at the head. */
|
|
|
|
while(queue_head) {
|
|
|
|
mq_t *mq;
|
|
|
|
mq = queue_head;
|
|
|
|
memcpy(m_ptr, &mq->mq_mess, sizeof(mq->mq_mess));
|
|
|
|
ipc_status = mq->mq_mess_status;
|
|
|
|
*status_ptr = ipc_status;
|
|
|
|
queue_head = queue_head->mq_next;
|
|
|
|
mq_free(mq);
|
|
|
|
|
|
|
|
/* See if only DEV_OPEN is to be expected for this device. */
|
|
|
|
if(IS_DEV_MINOR_RQ(m_ptr->m_type) && !is_open_dev(m_ptr->DEVICE)) {
|
|
|
|
if(m_ptr->m_type != DEV_OPEN) {
|
|
|
|
if(!is_ipc_asynch(ipc_status)) {
|
|
|
|
driver_spurious_reply(m_ptr->m_source,
|
|
|
|
ipc_status, m_ptr);
|
|
|
|
}
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
set_open_dev(m_ptr->DEVICE);
|
|
|
|
}
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Fall back to standard receive() interface for drivers. */
|
|
|
|
return driver_receive(ANY, m_ptr, status_ptr);
|
|
|
|
}
|
|
|
|
|
2010-08-02 00:07:46 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* driver_terminate *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void driver_terminate(void)
|
|
|
|
{
|
|
|
|
/* Break out of the main driver loop after finishing the current request.
|
|
|
|
*/
|
|
|
|
|
|
|
|
driver_running = FALSE;
|
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* driver_task *
|
|
|
|
*===========================================================================*/
|
2009-12-02 10:57:48 +01:00
|
|
|
PUBLIC void driver_task(dp, type)
|
2005-04-21 16:53:53 +02:00
|
|
|
struct driver *dp; /* Device dependent entry points. */
|
2009-12-02 10:57:48 +01:00
|
|
|
int type; /* Driver type (DRIVER_STD or DRIVER_ASYN) */
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Main program of any device driver task. */
|
|
|
|
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
int r, ipc_status;
|
2005-04-21 16:53:53 +02:00
|
|
|
message mess;
|
|
|
|
|
2010-08-02 00:07:46 +02:00
|
|
|
driver_running = TRUE;
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/* Here is the main loop of the disk task. It waits for a message, carries
|
|
|
|
* it out, and sends a reply.
|
|
|
|
*/
|
2010-08-02 00:07:46 +02:00
|
|
|
while (driver_running) {
|
2010-11-17 16:10:20 +01:00
|
|
|
if ((r=driver_receive_mq(&mess, &ipc_status)) != OK) {
|
2010-04-08 15:41:35 +02:00
|
|
|
panic("driver_receive_mq failed: %d", r);
|
2010-11-17 16:10:20 +01:00
|
|
|
}
|
|
|
|
driver_handle_msg(dp, type, &mess, ipc_status);
|
|
|
|
}
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-11-17 16:10:20 +01:00
|
|
|
/*===========================================================================*
|
|
|
|
* driver_handle_msg *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int driver_handle_msg(dp, type, m_ptr, ipc_status)
|
|
|
|
struct driver *dp; /* Device dependent entry points. */
|
|
|
|
int type; /* Driver type (DRIVER_STD or DRIVER_ASYN) */
|
|
|
|
message *m_ptr; /* Pointer to message to handle */
|
|
|
|
int ipc_status;
|
|
|
|
{
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
int r;
|
2010-11-17 16:10:20 +01:00
|
|
|
|
|
|
|
device_caller = m_ptr->m_source;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
device_endpt = m_ptr->USER_ENDPT;
|
2010-11-17 16:10:20 +01:00
|
|
|
if (is_ipc_notify(ipc_status)) {
|
|
|
|
switch (_ENDPOINT_P(m_ptr->m_source)) {
|
|
|
|
case HARDWARE:
|
|
|
|
/* leftover interrupt or expired timer. */
|
|
|
|
if(dp->dr_hw_int) {
|
|
|
|
(*dp->dr_hw_int)(dp, m_ptr);
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case CLOCK:
|
|
|
|
(*dp->dr_alarm)(dp, m_ptr);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
if(dp->dr_other)
|
|
|
|
r = (*dp->dr_other)(dp, m_ptr);
|
|
|
|
else
|
|
|
|
r = EINVAL;
|
|
|
|
goto send_reply;
|
2009-09-29 20:47:56 +02:00
|
|
|
}
|
2010-11-17 16:10:20 +01:00
|
|
|
return 0;
|
|
|
|
}
|
2010-04-08 15:41:35 +02:00
|
|
|
|
2010-11-17 16:10:20 +01:00
|
|
|
switch(m_ptr->m_type) {
|
|
|
|
case DEV_OPEN: r = (*dp->dr_open)(dp, m_ptr); break;
|
|
|
|
case DEV_CLOSE: r = (*dp->dr_close)(dp, m_ptr); break;
|
|
|
|
case DEV_IOCTL_S: r = (*dp->dr_ioctl)(dp, m_ptr); break;
|
|
|
|
case CANCEL: r = (*dp->dr_cancel)(dp, m_ptr);break;
|
|
|
|
case DEV_SELECT: r = (*dp->dr_select)(dp, m_ptr);break;
|
2006-06-20 10:49:51 +02:00
|
|
|
case DEV_READ_S:
|
2010-11-17 16:10:20 +01:00
|
|
|
case DEV_WRITE_S: r = do_rdwt(dp, m_ptr); break;
|
2006-06-20 10:49:51 +02:00
|
|
|
case DEV_GATHER_S:
|
2010-11-17 16:10:20 +01:00
|
|
|
case DEV_SCATTER_S: r = do_vrdwt(dp, m_ptr); break;
|
2005-07-08 19:23:44 +02:00
|
|
|
default:
|
|
|
|
if(dp->dr_other)
|
2010-11-17 16:10:20 +01:00
|
|
|
r = (*dp->dr_other)(dp, m_ptr);
|
2005-07-08 19:23:44 +02:00
|
|
|
else
|
|
|
|
r = EINVAL;
|
|
|
|
break;
|
2010-11-17 16:10:20 +01:00
|
|
|
}
|
|
|
|
|
2009-09-29 20:47:56 +02:00
|
|
|
send_reply:
|
2010-11-17 16:10:20 +01:00
|
|
|
/* Clean up leftover state. */
|
|
|
|
(*dp->dr_cleanup)();
|
|
|
|
|
2011-02-02 15:53:49 +01:00
|
|
|
/* Finally, prepare and send the reply message. */
|
2010-11-17 16:10:20 +01:00
|
|
|
if (r == EDONTREPLY)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
switch (type) {
|
2009-12-02 10:57:48 +01:00
|
|
|
case DRIVER_STD:
|
2010-11-17 16:10:20 +01:00
|
|
|
m_ptr->m_type = TASK_REPLY;
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
m_ptr->REP_ENDPT = device_endpt;
|
2005-07-21 20:29:52 +02:00
|
|
|
/* Status is # of bytes transferred or error code. */
|
2010-11-17 16:10:20 +01:00
|
|
|
m_ptr->REP_STATUS = r;
|
2009-12-02 10:57:48 +01:00
|
|
|
|
2010-11-17 16:10:20 +01:00
|
|
|
r = driver_reply(device_caller, ipc_status, m_ptr);
|
|
|
|
|
|
|
|
if (r != OK) {
|
2009-12-02 10:57:48 +01:00
|
|
|
printf("driver_task: unable to send reply to %d: %d\n",
|
2010-11-17 16:10:20 +01:00
|
|
|
device_caller, r);
|
2008-02-22 16:52:13 +01:00
|
|
|
}
|
2010-11-17 16:10:20 +01:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
break;
|
|
|
|
|
|
|
|
case DRIVER_ASYN:
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
asyn_reply(m_ptr, r);
|
2009-12-02 10:57:48 +01:00
|
|
|
|
|
|
|
break;
|
2010-11-17 16:10:20 +01:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
default:
|
2010-03-05 16:05:11 +01:00
|
|
|
panic("unknown driver type: %d", type);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2010-11-17 16:10:20 +01:00
|
|
|
return 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
2010-04-08 15:41:35 +02:00
|
|
|
* driver_init_buffer *
|
2005-04-21 16:53:53 +02:00
|
|
|
*===========================================================================*/
|
2010-04-08 15:41:35 +02:00
|
|
|
PUBLIC void driver_init_buffer(void)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Select a buffer that can safely be used for DMA transfers. It may also
|
|
|
|
* be used to read partition tables and such. Its absolute address is
|
|
|
|
* 'tmp_phys', the normal address is 'tmp_buf'.
|
|
|
|
*/
|
2010-06-13 12:40:22 +02:00
|
|
|
vir_bytes size;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-06-13 12:40:22 +02:00
|
|
|
if (tmp_buf == NULL) {
|
|
|
|
size = MAX(2*DMA_BUF_SIZE, CD_SECTOR_SIZE);
|
|
|
|
|
|
|
|
if(!(tmp_buf = alloc_contig(size, AC_ALIGN4K, &tmp_phys)))
|
|
|
|
panic("can't allocate tmp_buf: %lu", size);
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* do_rdwt *
|
|
|
|
*===========================================================================*/
|
2009-12-02 10:57:48 +01:00
|
|
|
PRIVATE int do_rdwt(dp, mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
struct driver *dp; /* device dependent entry points */
|
|
|
|
message *mp; /* pointer to read or write message */
|
|
|
|
{
|
|
|
|
/* Carry out a single read or write request. */
|
|
|
|
iovec_t iovec1;
|
|
|
|
int r, opcode;
|
2006-11-27 15:21:43 +01:00
|
|
|
u64_t position;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Disk address? Address and length of the user buffer? */
|
|
|
|
if (mp->COUNT < 0) return(EINVAL);
|
|
|
|
|
|
|
|
/* Prepare for I/O. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((*dp->dr_prepare)(mp->DEVICE) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Create a one element scatter/gather vector for the buffer. */
|
2009-12-02 10:57:48 +01:00
|
|
|
if(mp->m_type == DEV_READ_S) opcode = DEV_GATHER_S;
|
2007-02-07 17:22:19 +01:00
|
|
|
else opcode = DEV_SCATTER_S;
|
2006-06-20 10:49:51 +02:00
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
iovec1.iov_addr = (vir_bytes) mp->IO_GRANT;
|
2005-04-21 16:53:53 +02:00
|
|
|
iovec1.iov_size = mp->COUNT;
|
|
|
|
|
|
|
|
/* Transfer bytes from/to the device. */
|
2006-11-27 15:21:43 +01:00
|
|
|
position= make64(mp->POSITION, mp->HIGHPOS);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = (*dp->dr_transfer)(mp->m_source, opcode, position, &iovec1, 1);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Return the number of bytes transferred or an error code. */
|
|
|
|
return(r == OK ? (mp->COUNT - iovec1.iov_size) : r);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*==========================================================================*
|
|
|
|
* do_vrdwt *
|
|
|
|
*==========================================================================*/
|
2009-12-02 10:57:48 +01:00
|
|
|
PRIVATE int do_vrdwt(dp, mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
struct driver *dp; /* device dependent entry points */
|
|
|
|
message *mp; /* pointer to read or write message */
|
|
|
|
{
|
|
|
|
/* Carry out an device read or write to/from a vector of user addresses.
|
|
|
|
* The "user addresses" are assumed to be safe, i.e. FS transferring to/from
|
|
|
|
* its own buffers, so they are not checked.
|
|
|
|
*/
|
|
|
|
static iovec_t iovec[NR_IOREQS];
|
|
|
|
phys_bytes iovec_size;
|
|
|
|
unsigned nr_req;
|
2010-01-22 23:01:08 +01:00
|
|
|
int r, opcode;
|
2006-11-27 15:21:43 +01:00
|
|
|
u64_t position;
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
nr_req = mp->COUNT; /* Length of I/O vector */
|
|
|
|
|
2009-12-02 10:57:48 +01:00
|
|
|
/* Copy the vector from the caller to kernel space. */
|
|
|
|
if (nr_req > NR_IOREQS) nr_req = NR_IOREQS;
|
|
|
|
iovec_size = (phys_bytes) (nr_req * sizeof(iovec[0]));
|
|
|
|
|
|
|
|
if (OK != sys_safecopyfrom(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
|
|
|
0, (vir_bytes) iovec, iovec_size, D)) {
|
2010-07-07 13:04:33 +02:00
|
|
|
printf("bad I/O vector by: %d\n", mp->m_source);
|
|
|
|
return(EINVAL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/* Prepare for I/O. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((*dp->dr_prepare)(mp->DEVICE) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Transfer bytes from/to the device. */
|
2006-06-20 10:49:51 +02:00
|
|
|
opcode = mp->m_type;
|
2006-11-27 15:21:43 +01:00
|
|
|
position= make64(mp->POSITION, mp->HIGHPOS);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
r = (*dp->dr_transfer)(mp->m_source, opcode, position, iovec, nr_req);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Copy the I/O vector back to the caller. */
|
2009-12-02 10:57:48 +01:00
|
|
|
if (OK != sys_safecopyto(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
|
|
|
0, (vir_bytes) iovec, iovec_size, D)) {
|
2010-07-07 13:04:33 +02:00
|
|
|
printf("couldn't return I/O vector: %d\n", mp->m_source);
|
|
|
|
return(EINVAL);
|
2006-06-20 10:49:51 +02:00
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
return(r);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* no_name *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC char *no_name()
|
|
|
|
{
|
|
|
|
/* Use this default name if there is no specific name for the device. This was
|
|
|
|
* originally done by fetching the name from the task table for this process:
|
|
|
|
* "return(tasktab[proc_number(proc_ptr) + NR_TASKS].name);", but currently a
|
|
|
|
* real "noname" is returned. Perhaps, some system information service can be
|
|
|
|
* queried for a name at a later time.
|
|
|
|
*/
|
|
|
|
static char name[] = "noname";
|
|
|
|
return name;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*============================================================================*
|
|
|
|
* do_nop *
|
|
|
|
*============================================================================*/
|
|
|
|
PUBLIC int do_nop(dp, mp)
|
|
|
|
struct driver *dp;
|
|
|
|
message *mp;
|
|
|
|
{
|
|
|
|
/* Nothing there, or nothing to do. */
|
|
|
|
|
|
|
|
switch (mp->m_type) {
|
|
|
|
case DEV_OPEN: return(ENODEV);
|
|
|
|
case DEV_CLOSE: return(OK);
|
2007-02-07 17:22:19 +01:00
|
|
|
case DEV_IOCTL_S:
|
2009-12-02 10:57:48 +01:00
|
|
|
default: printf("nop: ignoring code %d\n", mp->m_type);
|
|
|
|
return(EIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2006-06-20 10:49:51 +02:00
|
|
|
/*============================================================================*
|
|
|
|
* nop_ioctl *
|
|
|
|
*============================================================================*/
|
2009-12-02 10:57:48 +01:00
|
|
|
PUBLIC int nop_ioctl(dp, mp)
|
2006-06-20 10:49:51 +02:00
|
|
|
struct driver *dp;
|
|
|
|
message *mp;
|
|
|
|
{
|
|
|
|
return(ENOTTY);
|
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*============================================================================*
|
|
|
|
* nop_alarm *
|
|
|
|
*============================================================================*/
|
2005-07-26 14:50:25 +02:00
|
|
|
PUBLIC void nop_alarm(dp, mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
struct driver *dp;
|
2005-07-26 14:50:25 +02:00
|
|
|
message *mp;
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Ignore the leftover alarm. */
|
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_prepare *
|
|
|
|
*===========================================================================*/
|
2010-04-01 15:25:05 +02:00
|
|
|
PUBLIC struct device *nop_prepare(int device)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
/* Nothing to prepare for. */
|
2010-05-10 15:26:00 +02:00
|
|
|
return(NULL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_cleanup *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC void nop_cleanup()
|
|
|
|
{
|
|
|
|
/* Nothing to clean up. */
|
|
|
|
}
|
|
|
|
|
2005-07-08 19:23:44 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
* nop_cancel *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int nop_cancel(struct driver *dr, message *m)
|
|
|
|
{
|
|
|
|
/* Nothing to do for cancel. */
|
2005-08-25 14:50:11 +02:00
|
|
|
return(OK);
|
2005-07-08 19:23:44 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
* nop_select *
|
|
|
|
*===========================================================================*/
|
|
|
|
PUBLIC int nop_select(struct driver *dr, message *m)
|
|
|
|
{
|
|
|
|
/* Nothing to do for select. */
|
2005-08-25 14:50:11 +02:00
|
|
|
return(OK);
|
2005-07-08 19:23:44 +02:00
|
|
|
}
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*============================================================================*
|
|
|
|
* do_diocntl *
|
|
|
|
*============================================================================*/
|
2009-12-02 10:57:48 +01:00
|
|
|
PUBLIC int do_diocntl(dp, mp)
|
2005-04-21 16:53:53 +02:00
|
|
|
struct driver *dp;
|
|
|
|
message *mp; /* pointer to ioctl request */
|
|
|
|
{
|
|
|
|
/* Carry out a partition setting/getting request. */
|
|
|
|
struct device *dv;
|
|
|
|
struct partition entry;
|
|
|
|
int s;
|
|
|
|
|
2005-07-13 16:58:21 +02:00
|
|
|
if (mp->REQUEST != DIOCSETP && mp->REQUEST != DIOCGETP) {
|
|
|
|
if(dp->dr_other) {
|
2009-12-02 10:57:48 +01:00
|
|
|
return dp->dr_other(dp, mp);
|
2005-07-13 16:58:21 +02:00
|
|
|
} else return(ENOTTY);
|
|
|
|
}
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
/* Decode the message parameters. */
|
2010-05-10 15:26:00 +02:00
|
|
|
if ((dv = (*dp->dr_prepare)(mp->DEVICE)) == NULL) return(ENXIO);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
if (mp->REQUEST == DIOCSETP) {
|
|
|
|
/* Copy just this one partition table entry. */
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
s=sys_safecopyfrom(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
2009-12-02 10:57:48 +01:00
|
|
|
0, (vir_bytes) &entry, sizeof(entry), D);
|
2006-06-20 10:49:51 +02:00
|
|
|
if(s != OK)
|
2005-04-21 16:53:53 +02:00
|
|
|
return s;
|
|
|
|
dv->dv_base = entry.base;
|
|
|
|
dv->dv_size = entry.size;
|
|
|
|
} else {
|
|
|
|
/* Return a partition table entry and the geometry of the drive. */
|
|
|
|
entry.base = dv->dv_base;
|
|
|
|
entry.size = dv->dv_size;
|
|
|
|
(*dp->dr_geometry)(&entry);
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
s=sys_safecopyto(mp->m_source, (vir_bytes) mp->IO_GRANT,
|
2009-12-02 10:57:48 +01:00
|
|
|
0, (vir_bytes) &entry, sizeof(entry), D);
|
2006-06-20 10:49:51 +02:00
|
|
|
if (OK != s)
|
2005-04-21 16:53:53 +02:00
|
|
|
return s;
|
|
|
|
}
|
|
|
|
return(OK);
|
|
|
|
}
|
2007-01-12 14:33:12 +01:00
|
|
|
|
|
|
|
/*===========================================================================*
|
2010-04-08 15:41:35 +02:00
|
|
|
* driver_mq_queue *
|
2007-01-12 14:33:12 +01:00
|
|
|
*===========================================================================*/
|
2010-04-08 15:41:35 +02:00
|
|
|
PUBLIC int driver_mq_queue(message *m, int status)
|
2007-01-12 14:33:12 +01:00
|
|
|
{
|
|
|
|
mq_t *mq, *mi;
|
2010-04-08 15:41:35 +02:00
|
|
|
static int mq_initialized = FALSE;
|
|
|
|
|
|
|
|
if(!mq_initialized) {
|
|
|
|
/* Init MQ library. */
|
|
|
|
mq_init();
|
|
|
|
mq_initialized = TRUE;
|
|
|
|
}
|
2007-01-12 14:33:12 +01:00
|
|
|
|
|
|
|
if(!(mq = mq_get()))
|
2010-04-08 15:41:35 +02:00
|
|
|
panic("driver_mq_queue: mq_get failed");
|
2007-01-12 14:33:12 +01:00
|
|
|
memcpy(&mq->mq_mess, m, sizeof(mq->mq_mess));
|
2010-04-08 15:41:35 +02:00
|
|
|
mq->mq_mess_status = status;
|
2007-01-12 14:33:12 +01:00
|
|
|
mq->mq_next = NULL;
|
|
|
|
if(!queue_head) {
|
|
|
|
queue_head = mq;
|
|
|
|
} else {
|
|
|
|
for(mi = queue_head; mi->mq_next; mi = mi->mq_next)
|
|
|
|
;
|
|
|
|
mi->mq_next = mq;
|
|
|
|
}
|
|
|
|
|
|
|
|
return OK;
|
|
|
|
}
|
|
|
|
|