2005-04-21 16:53:53 +02:00
|
|
|
/* This file contains the procedures that manipulate file descriptors.
|
|
|
|
|
*
|
|
|
|
|
* The entry points into this file are
|
2010-08-30 15:44:07 +02:00
|
|
|
* get_fd: look for free file descriptor and free filp slots
|
|
|
|
|
* get_filp: look up the filp entry for a given file descriptor
|
|
|
|
|
* find_filp: find a filp slot that points to a given vnode
|
|
|
|
|
* inval_filp: invalidate a filp and associated fd's, only let close()
|
|
|
|
|
* happen on it
|
|
|
|
|
* do_verify_fd: verify whether the given file descriptor is valid for
|
|
|
|
|
* the given endpoint.
|
|
|
|
|
* do_set_filp: marks a filp as in-flight.
|
|
|
|
|
* do_copy_filp: copies a filp to another endpoint.
|
|
|
|
|
* do_put_filp: marks a filp as not in-flight anymore.
|
|
|
|
|
* do_cancel_fd: cancel the transaction when something goes wrong for
|
|
|
|
|
* the receiver.
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
|
|
|
|
|
2006-03-09 17:00:33 +01:00
|
|
|
#include <sys/select.h>
|
2010-08-30 15:44:07 +02:00
|
|
|
#include <minix/callnr.h>
|
2006-11-27 15:21:43 +01:00
|
|
|
#include <minix/u64.h>
|
Mostly bugfixes of bugs triggered by the test set.
bugfixes:
SYSTEM:
. removed
rc->p_priv->s_flags = 0;
for the priv struct shared by all user processes in get_priv(). this
should only be done once. doing a SYS_PRIV_USER in sys_privctl()
caused the flags of all user processes to be reset, so they were no
longer PREEMPTIBLE. this happened when RS executed a policy script.
(this broke test1 in the test set)
VFS/MFS:
. chown can change the mode of a file, and chmod arguments are only
part of the full file mode so the full filemode is slightly magic.
changed these calls so that the final modes are returned to VFS, so
that the vnode can be kept up-to-date.
(this broke test11 in the test set)
MFS:
. lookup() checked for sizeof(string) instead of sizeof(user_path),
truncating long path names
(caught by test 23)
. truncate functions neglected to update ctime
(this broke test16)
VFS:
. corner case of an empty filename lookup caused fields of a request
not to be filled in in the lookup functions, not making it clear
that the lookup had failed, causing messages to garbage processes,
causing strange failures.
(caught by test 30)
. trust v_size in vnode when doing reads or writes on non-special
files, truncating i/o where necessary; this is necessary for pipes,
as MFS can't tell when a pipe has been truncated without it being
told explicitly each time.
when the last reader/writer on a pipe closes, tell FS about
the new size using truncate_vn().
(this broke test 25, among others)
. permission check for chdir() had disappeared; added a
forbidden() call
(caught by test 23)
new code, shouldn't change anything:
. introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
LOCK variants. These macros set and clear the p_rts_flags field,
causing a lot of duplicated logic like
old_flags = rp->p_rts_flags; /* save value of the flags */
rp->p_rts_flags &= ~NO_PRIV;
if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);
to change into the simpler
RTS_LOCK_UNSET(rp, NO_PRIV);
so the macros take care of calling dequeue() and enqueue() (or lock_*()),
as the case may be). This makes the code a bit more readable and a
bit less fragile.
. removed return code from do_clocktick in CLOCK as it currently
never replies
. removed some debug code from VFS
. fixed grant debug message in device.c
preemptive checks, tests, changes:
. added return code checks of receive() to SYSTEM and CLOCK
. O_TRUNC should never arrive at MFS (added sanity check and removed
O_TRUNC code)
. user_path declared with PATH_MAX+1 to let it be null-terminated
. checks in MFS to see if strings passed by VFS are null-terminated
IS:
. static irq name table thrown out
2007-02-01 18:50:02 +01:00
|
|
|
#include <assert.h>
|
2005-04-21 16:53:53 +02:00
|
|
|
#include "fs.h"
|
|
|
|
|
#include "file.h"
|
|
|
|
|
#include "fproc.h"
|
2006-10-25 15:40:36 +02:00
|
|
|
#include "vnode.h"
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* get_fd *
|
|
|
|
|
*===========================================================================*/
|
2005-06-23 13:07:31 +02:00
|
|
|
PUBLIC int get_fd(int start, mode_t bits, int *k, struct filp **fpt)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
|
|
|
|
/* Look for a free file descriptor and a free filp slot. Fill in the mode word
|
|
|
|
|
* in the latter, but don't claim either one yet, since the open() or creat()
|
|
|
|
|
* may yet fail.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
register struct filp *f;
|
|
|
|
|
register int i;
|
|
|
|
|
|
|
|
|
|
/* Search the fproc fp_filp table for a free file descriptor. */
|
|
|
|
|
for (i = start; i < OPEN_MAX; i++) {
|
2010-05-10 15:26:00 +02:00
|
|
|
if (fp->fp_filp[i] == NULL && !FD_ISSET(i, &fp->fp_filp_inuse)) {
|
2005-04-21 16:53:53 +02:00
|
|
|
/* A file descriptor has been located. */
|
|
|
|
|
*k = i;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check to see if a file descriptor has been found. */
|
Mostly bugfixes of bugs triggered by the test set.
bugfixes:
SYSTEM:
. removed
rc->p_priv->s_flags = 0;
for the priv struct shared by all user processes in get_priv(). this
should only be done once. doing a SYS_PRIV_USER in sys_privctl()
caused the flags of all user processes to be reset, so they were no
longer PREEMPTIBLE. this happened when RS executed a policy script.
(this broke test1 in the test set)
VFS/MFS:
. chown can change the mode of a file, and chmod arguments are only
part of the full file mode so the full filemode is slightly magic.
changed these calls so that the final modes are returned to VFS, so
that the vnode can be kept up-to-date.
(this broke test11 in the test set)
MFS:
. lookup() checked for sizeof(string) instead of sizeof(user_path),
truncating long path names
(caught by test 23)
. truncate functions neglected to update ctime
(this broke test16)
VFS:
. corner case of an empty filename lookup caused fields of a request
not to be filled in in the lookup functions, not making it clear
that the lookup had failed, causing messages to garbage processes,
causing strange failures.
(caught by test 30)
. trust v_size in vnode when doing reads or writes on non-special
files, truncating i/o where necessary; this is necessary for pipes,
as MFS can't tell when a pipe has been truncated without it being
told explicitly each time.
when the last reader/writer on a pipe closes, tell FS about
the new size using truncate_vn().
(this broke test 25, among others)
. permission check for chdir() had disappeared; added a
forbidden() call
(caught by test 23)
new code, shouldn't change anything:
. introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
LOCK variants. These macros set and clear the p_rts_flags field,
causing a lot of duplicated logic like
old_flags = rp->p_rts_flags; /* save value of the flags */
rp->p_rts_flags &= ~NO_PRIV;
if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);
to change into the simpler
RTS_LOCK_UNSET(rp, NO_PRIV);
so the macros take care of calling dequeue() and enqueue() (or lock_*()),
as the case may be). This makes the code a bit more readable and a
bit less fragile.
. removed return code from do_clocktick in CLOCK as it currently
never replies
. removed some debug code from VFS
. fixed grant debug message in device.c
preemptive checks, tests, changes:
. added return code checks of receive() to SYSTEM and CLOCK
. O_TRUNC should never arrive at MFS (added sanity check and removed
O_TRUNC code)
. user_path declared with PATH_MAX+1 to let it be null-terminated
. checks in MFS to see if strings passed by VFS are null-terminated
IS:
. static irq name table thrown out
2007-02-01 18:50:02 +01:00
|
|
|
if (i >= OPEN_MAX) return(EMFILE);
|
2005-04-21 16:53:53 +02:00
|
|
|
|
|
|
|
|
/* Now that a file descriptor has been found, look for a free filp slot. */
|
|
|
|
|
for (f = &filp[0]; f < &filp[NR_FILPS]; f++) {
|
Mostly bugfixes of bugs triggered by the test set.
bugfixes:
SYSTEM:
. removed
rc->p_priv->s_flags = 0;
for the priv struct shared by all user processes in get_priv(). this
should only be done once. doing a SYS_PRIV_USER in sys_privctl()
caused the flags of all user processes to be reset, so they were no
longer PREEMPTIBLE. this happened when RS executed a policy script.
(this broke test1 in the test set)
VFS/MFS:
. chown can change the mode of a file, and chmod arguments are only
part of the full file mode so the full filemode is slightly magic.
changed these calls so that the final modes are returned to VFS, so
that the vnode can be kept up-to-date.
(this broke test11 in the test set)
MFS:
. lookup() checked for sizeof(string) instead of sizeof(user_path),
truncating long path names
(caught by test 23)
. truncate functions neglected to update ctime
(this broke test16)
VFS:
. corner case of an empty filename lookup caused fields of a request
not to be filled in in the lookup functions, not making it clear
that the lookup had failed, causing messages to garbage processes,
causing strange failures.
(caught by test 30)
. trust v_size in vnode when doing reads or writes on non-special
files, truncating i/o where necessary; this is necessary for pipes,
as MFS can't tell when a pipe has been truncated without it being
told explicitly each time.
when the last reader/writer on a pipe closes, tell FS about
the new size using truncate_vn().
(this broke test 25, among others)
. permission check for chdir() had disappeared; added a
forbidden() call
(caught by test 23)
new code, shouldn't change anything:
. introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
LOCK variants. These macros set and clear the p_rts_flags field,
causing a lot of duplicated logic like
old_flags = rp->p_rts_flags; /* save value of the flags */
rp->p_rts_flags &= ~NO_PRIV;
if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);
to change into the simpler
RTS_LOCK_UNSET(rp, NO_PRIV);
so the macros take care of calling dequeue() and enqueue() (or lock_*()),
as the case may be). This makes the code a bit more readable and a
bit less fragile.
. removed return code from do_clocktick in CLOCK as it currently
never replies
. removed some debug code from VFS
. fixed grant debug message in device.c
preemptive checks, tests, changes:
. added return code checks of receive() to SYSTEM and CLOCK
. O_TRUNC should never arrive at MFS (added sanity check and removed
O_TRUNC code)
. user_path declared with PATH_MAX+1 to let it be null-terminated
. checks in MFS to see if strings passed by VFS are null-terminated
IS:
. static irq name table thrown out
2007-02-01 18:50:02 +01:00
|
|
|
assert(f->filp_count >= 0);
|
2005-04-21 16:53:53 +02:00
|
|
|
if (f->filp_count == 0) {
|
|
|
|
|
f->filp_mode = bits;
|
2006-11-27 15:21:43 +01:00
|
|
|
f->filp_pos = cvu64(0);
|
2005-06-17 15:41:12 +02:00
|
|
|
f->filp_selectors = 0;
|
|
|
|
|
f->filp_select_ops = 0;
|
|
|
|
|
f->filp_pipe_select_ops = 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
f->filp_flags = 0;
|
2008-02-22 15:19:23 +01:00
|
|
|
f->filp_state = FS_NORMAL;
|
|
|
|
|
f->filp_select_flags = 0;
|
2005-04-21 16:53:53 +02:00
|
|
|
*fpt = f;
|
|
|
|
|
return(OK);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If control passes here, the filp table must be full. Report that back. */
|
|
|
|
|
return(ENFILE);
|
|
|
|
|
}
|
|
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* get_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC struct filp *get_filp(fild)
|
|
|
|
|
int fild; /* file descriptor */
|
|
|
|
|
{
|
2006-05-11 16:57:23 +02:00
|
|
|
/* See if 'fild' refers to a valid file descr. If so, return its filp ptr. */
|
|
|
|
|
|
|
|
|
|
return get_filp2(fp, fild);
|
|
|
|
|
}
|
|
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
|
2006-05-11 16:57:23 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* get_filp2 *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC struct filp *get_filp2(rfp, fild)
|
|
|
|
|
register struct fproc *rfp;
|
|
|
|
|
int fild; /* file descriptor */
|
|
|
|
|
{
|
2005-04-21 16:53:53 +02:00
|
|
|
/* See if 'fild' refers to a valid file descr. If so, return its filp ptr. */
|
|
|
|
|
|
|
|
|
|
err_code = EBADF;
|
2010-05-10 15:26:00 +02:00
|
|
|
if (fild < 0 || fild >= OPEN_MAX ) return(NULL);
|
|
|
|
|
if (rfp->fp_filp[fild] == NULL && FD_ISSET(fild, &rfp->fp_filp_inuse))
|
2007-08-15 14:53:52 +02:00
|
|
|
err_code = EIO; /* The filedes is not there, but is not closed either.
|
|
|
|
|
*/
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
|
2010-05-10 15:26:00 +02:00
|
|
|
return(rfp->fp_filp[fild]); /* may also be NULL */
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
|
|
|
|
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
/*===========================================================================*
|
|
|
|
|
* find_filp *
|
|
|
|
|
*===========================================================================*/
|
2006-10-25 15:40:36 +02:00
|
|
|
PUBLIC struct filp *find_filp(register struct vnode *vp, mode_t bits)
|
2005-04-21 16:53:53 +02:00
|
|
|
{
|
Mostly bugfixes of bugs triggered by the test set.
bugfixes:
SYSTEM:
. removed
rc->p_priv->s_flags = 0;
for the priv struct shared by all user processes in get_priv(). this
should only be done once. doing a SYS_PRIV_USER in sys_privctl()
caused the flags of all user processes to be reset, so they were no
longer PREEMPTIBLE. this happened when RS executed a policy script.
(this broke test1 in the test set)
VFS/MFS:
. chown can change the mode of a file, and chmod arguments are only
part of the full file mode so the full filemode is slightly magic.
changed these calls so that the final modes are returned to VFS, so
that the vnode can be kept up-to-date.
(this broke test11 in the test set)
MFS:
. lookup() checked for sizeof(string) instead of sizeof(user_path),
truncating long path names
(caught by test 23)
. truncate functions neglected to update ctime
(this broke test16)
VFS:
. corner case of an empty filename lookup caused fields of a request
not to be filled in in the lookup functions, not making it clear
that the lookup had failed, causing messages to garbage processes,
causing strange failures.
(caught by test 30)
. trust v_size in vnode when doing reads or writes on non-special
files, truncating i/o where necessary; this is necessary for pipes,
as MFS can't tell when a pipe has been truncated without it being
told explicitly each time.
when the last reader/writer on a pipe closes, tell FS about
the new size using truncate_vn().
(this broke test 25, among others)
. permission check for chdir() had disappeared; added a
forbidden() call
(caught by test 23)
new code, shouldn't change anything:
. introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
LOCK variants. These macros set and clear the p_rts_flags field,
causing a lot of duplicated logic like
old_flags = rp->p_rts_flags; /* save value of the flags */
rp->p_rts_flags &= ~NO_PRIV;
if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);
to change into the simpler
RTS_LOCK_UNSET(rp, NO_PRIV);
so the macros take care of calling dequeue() and enqueue() (or lock_*()),
as the case may be). This makes the code a bit more readable and a
bit less fragile.
. removed return code from do_clocktick in CLOCK as it currently
never replies
. removed some debug code from VFS
. fixed grant debug message in device.c
preemptive checks, tests, changes:
. added return code checks of receive() to SYSTEM and CLOCK
. O_TRUNC should never arrive at MFS (added sanity check and removed
O_TRUNC code)
. user_path declared with PATH_MAX+1 to let it be null-terminated
. checks in MFS to see if strings passed by VFS are null-terminated
IS:
. static irq name table thrown out
2007-02-01 18:50:02 +01:00
|
|
|
/* Find a filp slot that refers to the vnode 'vp' in a way as described
|
2005-04-21 16:53:53 +02:00
|
|
|
* by the mode bit 'bits'. Used for determining whether somebody is still
|
|
|
|
|
* interested in either end of a pipe. Also used when opening a FIFO to
|
|
|
|
|
* find partners to share a filp field with (to shared the file position).
|
|
|
|
|
* Like 'get_fd' it performs its job by linear search through the filp table.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
register struct filp *f;
|
|
|
|
|
|
|
|
|
|
for (f = &filp[0]; f < &filp[NR_FILPS]; f++) {
|
2006-10-25 15:40:36 +02:00
|
|
|
if (f->filp_count != 0 && f->filp_vno == vp && (f->filp_mode & bits)){
|
2005-04-21 16:53:53 +02:00
|
|
|
return(f);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If control passes here, the filp wasn't there. Report that back. */
|
2010-05-10 15:26:00 +02:00
|
|
|
return(NULL);
|
2005-04-21 16:53:53 +02:00
|
|
|
}
|
2006-03-09 17:00:33 +01:00
|
|
|
|
|
|
|
|
/*===========================================================================*
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
* invalidate *
|
2006-03-09 17:00:33 +01:00
|
|
|
*===========================================================================*/
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
PUBLIC int invalidate(struct filp *fp)
|
2006-03-09 17:00:33 +01:00
|
|
|
{
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
/* Invalidate filp. fp_filp_inuse is not cleared, so filp can't be reused
|
|
|
|
|
until it is closed first. */
|
|
|
|
|
|
|
|
|
|
int f, fd, n = 0;
|
|
|
|
|
for(f = 0; f < NR_PROCS; f++) {
|
|
|
|
|
if(fproc[f].fp_pid == PID_FREE) continue;
|
|
|
|
|
for(fd = 0; fd < OPEN_MAX; fd++) {
|
|
|
|
|
if(fproc[f].fp_filp[fd] && fproc[f].fp_filp[fd] == fp) {
|
2010-05-10 15:26:00 +02:00
|
|
|
fproc[f].fp_filp[fd] = NULL;
|
- Introduce support for sticky bit.
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
2009-12-20 21:27:14 +01:00
|
|
|
n++;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return(n); /* Report back how often this filp has been invalidated. */
|
2006-03-09 17:00:33 +01:00
|
|
|
}
|
2010-08-30 15:44:07 +02:00
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* verify_fd *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC filp_id_t verify_fd(ep, fd)
|
|
|
|
|
endpoint_t ep;
|
|
|
|
|
int fd;
|
|
|
|
|
{
|
|
|
|
|
/*
|
|
|
|
|
* verify whether the given file descriptor 'fd' is valid for the
|
|
|
|
|
* endpoint 'ep'. When the file descriptor is valid verify_fd returns a
|
|
|
|
|
* pointer to that filp, else it returns NULL.
|
|
|
|
|
*/
|
|
|
|
|
int proc;
|
|
|
|
|
|
|
|
|
|
if (isokendpt(ep, &proc) != OK) {
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return get_filp2(&fproc[proc], fd);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* do_verify_fd *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int do_verify_fd(void)
|
|
|
|
|
{
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
m_out.ADDRESS = (void *) verify_fd(m_in.USER_ENDPT, m_in.COUNT);
|
2010-08-30 15:44:07 +02:00
|
|
|
return (m_out.ADDRESS != NULL) ? OK : EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* set_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int set_filp(sfilp)
|
|
|
|
|
filp_id_t sfilp;
|
|
|
|
|
{
|
|
|
|
|
if (sfilp == NULL) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
} else {
|
|
|
|
|
sfilp->filp_count++;
|
|
|
|
|
return OK;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* do_set_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int do_set_filp(void)
|
|
|
|
|
{
|
|
|
|
|
return set_filp((filp_id_t) m_in.ADDRESS);;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* copy_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int copy_filp(to_ep, cfilp)
|
|
|
|
|
endpoint_t to_ep;
|
|
|
|
|
filp_id_t cfilp;
|
|
|
|
|
{
|
|
|
|
|
int j;
|
|
|
|
|
int proc;
|
|
|
|
|
|
|
|
|
|
if (isokendpt(to_ep, &proc) != OK) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Find an open slot in fp_filp */
|
|
|
|
|
for (j = 0; j < OPEN_MAX; j++) {
|
|
|
|
|
if (fproc[proc].fp_filp[j] == NULL &&
|
|
|
|
|
!FD_ISSET(j, &fproc[proc].fp_filp_inuse)) {
|
|
|
|
|
|
|
|
|
|
/* Found a free slot, add descriptor */
|
|
|
|
|
FD_SET(j, &fproc[proc].fp_filp_inuse);
|
|
|
|
|
fproc[proc].fp_filp[j] = cfilp;
|
|
|
|
|
fproc[proc].fp_filp[j]->filp_count++;
|
|
|
|
|
return j;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* File Descriptor Table is Full */
|
|
|
|
|
return EMFILE;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* do_copy_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int do_copy_filp(void)
|
|
|
|
|
{
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
return copy_filp(m_in.USER_ENDPT, (filp_id_t) m_in.ADDRESS);
|
2010-08-30 15:44:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* put_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int put_filp(pfilp)
|
|
|
|
|
filp_id_t pfilp;
|
|
|
|
|
{
|
|
|
|
|
if (pfilp == NULL) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
} else {
|
|
|
|
|
close_filp(pfilp);
|
|
|
|
|
return OK;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* do_put_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int do_put_filp(void)
|
|
|
|
|
{
|
|
|
|
|
return put_filp((filp_id_t) m_in.ADDRESS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* cancel_fd *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int cancel_fd(ep, fd)
|
|
|
|
|
endpoint_t ep;
|
|
|
|
|
int fd;
|
|
|
|
|
{
|
|
|
|
|
int proc;
|
|
|
|
|
|
|
|
|
|
if (isokendpt(ep, &proc) != OK) {
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Check that the input 'fd' is valid */
|
|
|
|
|
if (verify_fd(ep, fd) != NULL) {
|
|
|
|
|
|
|
|
|
|
/* Found a valid descriptor, remove it */
|
|
|
|
|
FD_CLR(fd, &fproc[proc].fp_filp_inuse);
|
|
|
|
|
fproc[proc].fp_filp[fd]->filp_count--;
|
|
|
|
|
fproc[proc].fp_filp[fd] = NULL;
|
|
|
|
|
|
|
|
|
|
return fd;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* File descriptor is not valid for the endpoint. */
|
|
|
|
|
return EINVAL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* do_cancel_fd *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC int do_cancel_fd(void)
|
|
|
|
|
{
|
Server/driver protocols: no longer allow third-party copies.
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
2011-04-11 19:35:05 +02:00
|
|
|
return cancel_fd(m_in.USER_ENDPT, m_in.COUNT);
|
2010-08-30 15:44:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*===========================================================================*
|
|
|
|
|
* close_filp *
|
|
|
|
|
*===========================================================================*/
|
|
|
|
|
PUBLIC void close_filp(fp)
|
|
|
|
|
struct filp *fp;
|
|
|
|
|
{
|
|
|
|
|
int mode_word, rw;
|
|
|
|
|
dev_t dev;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
|
|
|
|
|
vp = fp->filp_vno;
|
|
|
|
|
if (fp->filp_count - 1 == 0 && fp->filp_mode != FILP_CLOSED) {
|
|
|
|
|
/* Check to see if the file is special. */
|
|
|
|
|
mode_word = vp->v_mode & I_TYPE;
|
|
|
|
|
if (mode_word == I_CHAR_SPECIAL || mode_word == I_BLOCK_SPECIAL) {
|
|
|
|
|
dev = (dev_t) vp->v_sdev;
|
|
|
|
|
if (mode_word == I_BLOCK_SPECIAL) {
|
|
|
|
|
if (vp->v_bfs_e == ROOT_FS_E) {
|
|
|
|
|
/* Invalidate the cache unless the special is
|
|
|
|
|
* mounted. Assume that the root filesystem's
|
|
|
|
|
* is open only for fsck.
|
|
|
|
|
*/
|
|
|
|
|
req_flush(vp->v_bfs_e, dev);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
/* Do any special processing on device close. */
|
|
|
|
|
(void) dev_close(dev, fp-filp);
|
|
|
|
|
/* Ignore any errors, even SUSPEND. */
|
|
|
|
|
|
|
|
|
|
fp->filp_mode = FILP_CLOSED;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If the inode being closed is a pipe, release everyone hanging on it. */
|
|
|
|
|
if (vp->v_pipe == I_PIPE) {
|
|
|
|
|
rw = (fp->filp_mode & R_BIT ? WRITE : READ);
|
|
|
|
|
release(vp, rw, NR_PROCS);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* If a write has been done, the inode is already marked as DIRTY. */
|
|
|
|
|
if (--fp->filp_count == 0) {
|
|
|
|
|
if (vp->v_pipe == I_PIPE) {
|
|
|
|
|
/* Last reader or writer is going. Tell PFS about latest
|
|
|
|
|
* pipe size.
|
|
|
|
|
*/
|
|
|
|
|
truncate_vnode(vp, vp->v_size);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
put_vnode(fp->filp_vno);
|
|
|
|
|
}
|
|
|
|
|
}
|
