2005-07-14 17:12:12 +02:00
|
|
|
/* Function prototypes for the system library. The prototypes in this file
|
2010-06-01 10:54:31 +02:00
|
|
|
* are undefined to NULL if the kernel call is not enabled in config.h.
|
2005-07-14 17:12:12 +02:00
|
|
|
* The implementation is contained in src/kernel/system/.
|
|
|
|
*
|
2005-10-14 11:13:52 +02:00
|
|
|
* The system library allows to access system services by doing a kernel call.
|
2005-07-14 17:12:12 +02:00
|
|
|
* System calls are transformed into request messages to the SYS task that is
|
|
|
|
* responsible for handling the call. By convention, sys_call() is transformed
|
|
|
|
* into a message with type SYS_CALL that is handled in a function do_call().
|
2005-08-10 12:23:55 +02:00
|
|
|
*
|
|
|
|
* Changes:
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
* Mar 01, 2010 SYS_CLEAR and SYS_EXIT split (Cristiano Giuffrida)
|
2005-08-10 12:23:55 +02:00
|
|
|
* Jul 30, 2005 created SYS_INT86 to support BIOS driver (Philip Homburg)
|
|
|
|
* Jul 13, 2005 created SYS_PRIVCTL to manage services (Jorrit N. Herder)
|
|
|
|
* Jul 09, 2005 updated SYS_KILL to signal services (Jorrit N. Herder)
|
2005-10-14 11:13:52 +02:00
|
|
|
* Jun 21, 2005 created SYS_NICE for nice(2) kernel call (Ben J. Gras)
|
2005-08-10 12:23:55 +02:00
|
|
|
* Jun 21, 2005 created SYS_MEMSET to speed up exec(2) (Ben J. Gras)
|
|
|
|
* Jan 20, 2005 updated SYS_COPY for virtual_copy() (Jorrit N. Herder)
|
|
|
|
* Oct 24, 2004 created SYS_GETKSIG to support PM (Jorrit N. Herder)
|
|
|
|
* Oct 10, 2004 created handler for unused calls (Jorrit N. Herder)
|
|
|
|
* Sep 09, 2004 updated SYS_EXIT to let services exit (Jorrit N. Herder)
|
|
|
|
* Aug 25, 2004 rewrote SYS_SETALARM to clean up code (Jorrit N. Herder)
|
|
|
|
* Jul 13, 2004 created SYS_SEGCTL to support drivers (Jorrit N. Herder)
|
|
|
|
* May 24, 2004 created SYS_SDEVIO to support drivers (Jorrit N. Herder)
|
|
|
|
* May 24, 2004 created SYS_GETINFO to retrieve info (Jorrit N. Herder)
|
|
|
|
* Apr 18, 2004 created SYS_VDEVIO to support drivers (Jorrit N. Herder)
|
|
|
|
* Feb 24, 2004 created SYS_IRQCTL to support drivers (Jorrit N. Herder)
|
|
|
|
* Feb 02, 2004 created SYS_DEVIO to support drivers (Jorrit N. Herder)
|
2005-04-21 16:53:53 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
#ifndef SYSTEM_H
|
|
|
|
#define SYSTEM_H
|
|
|
|
|
|
|
|
/* Common includes for the system library. */
|
'proc number' is process slot, 'endpoint' are generation-aware process
instance numbers, encoded and decoded using macros in <minix/endpoint.h>.
proc number -> endpoint migration
. proc_nr in the interrupt hook is now an endpoint, proc_nr_e.
. m_source for messages and notifies is now an endpoint, instead of
proc number.
. isokendpt() converts an endpoint to a process number, returns
success (but fails if the process number is out of range, the
process slot is not a living process, or the given endpoint
number does not match the endpoint number in the process slot,
indicating an old process).
. okendpt() is the same as isokendpt(), but panic()s if the conversion
fails. This is mainly used for decoding message.m_source endpoints,
and other endpoint numbers in kernel data structures, which should
always be correct.
. if DEBUG_ENABLE_IPC_WARNINGS is enabled, isokendpt() and okendpt()
get passed the __FILE__ and __LINE__ of the calling lines, and
print messages about what is wrong with the endpoint number
(out of range proc, empty proc, or inconsistent endpoint number),
with the caller, making finding where the conversion failed easy
without having to include code for every call to print where things
went wrong. Sometimes this is harmless (wrong arg to a kernel call),
sometimes it's a fatal internal inconsistency (bogus m_source).
. some process table fields have been appended an _e to indicate it's
become and endpoint.
. process endpoint is stored in p_endpoint, without generation number.
it turns out the kernel never needs the generation number, except
when fork()ing, so it's decoded then.
. kernel calls all take endpoints as arguments, not proc numbers.
the one exception is sys_fork(), which needs to know in which slot
to put the child.
2006-03-03 11:00:02 +01:00
|
|
|
#include "debug.h"
|
2005-07-14 17:12:12 +02:00
|
|
|
#include "kernel.h"
|
2005-08-04 11:26:36 +02:00
|
|
|
#include "proto.h"
|
2005-04-21 16:53:53 +02:00
|
|
|
#include "proc.h"
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_exec, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_EXEC
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_exec NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_fork, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_FORK
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_fork NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_newmap, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_NEWMAP
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_newmap NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
_PROTOTYPE( int do_clear, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_CLEAR
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_clear NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_trace, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_TRACE
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_trace NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_runctl, (struct proc * caller, message *m_ptr) );
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
#if ! USE_RUNCTL
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_runctl NULL
|
Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 11:57:22 +02:00
|
|
|
#endif
|
|
|
|
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
_PROTOTYPE( int do_update, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_UPDATE
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_update NULL
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
#endif
|
|
|
|
|
|
|
|
_PROTOTYPE( int do_exit, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_EXIT
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_exit NULL
|
New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 02:15:29 +01:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_copy, (struct proc * caller, message *m_ptr) );
|
2005-04-29 17:36:43 +02:00
|
|
|
#define do_vircopy do_copy
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! (USE_VIRCOPY || USE_PHYSCOPY)
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_copy NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_umap, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_UMAP
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_umap NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2011-06-10 16:28:20 +02:00
|
|
|
_PROTOTYPE( int do_umap_remote, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_UMAP_REMOTE
|
|
|
|
#define do_umap_remote NULL
|
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_memset, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_MEMSET
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_memset NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_abort, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_ABORT
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_abort NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_getinfo, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_GETINFO
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_getinfo NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_privctl, (struct proc * caller, message *m_ptr) );
|
2005-07-21 20:36:40 +02:00
|
|
|
#if ! USE_PRIVCTL
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_privctl NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_irqctl, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_IRQCTL
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_irqctl NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_devio, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_DEVIO
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_devio NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_vdevio, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_VDEVIO
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_vdevio NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_int86, (struct proc * caller, message *m_ptr) );
|
2005-07-29 12:21:04 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_sdevio, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_SDEVIO
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_sdevio NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_kill, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_KILL
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_kill NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_getksig, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_GETKSIG
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_getksig NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_endksig, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_ENDKSIG
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_endksig NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_sigsend, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_SIGSEND
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_sigsend NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_sigreturn, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_SIGRETURN
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_sigreturn NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_times, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_TIMES
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_times NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_setalarm, (struct proc * caller, message *m_ptr) );
|
2005-07-14 17:12:12 +02:00
|
|
|
#if ! USE_SETALARM
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_setalarm NULL
|
2005-07-14 17:12:12 +02:00
|
|
|
#endif
|
2005-04-21 16:53:53 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_stime, (struct proc * caller, message *m_ptr) );
|
2007-08-07 14:21:40 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_vtimer, (struct proc * caller, message *m_ptr) );
|
2009-08-15 23:37:26 +02:00
|
|
|
#if ! USE_VTIMER
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_vtimer NULL
|
2009-08-15 23:37:26 +02:00
|
|
|
#endif
|
|
|
|
|
2010-06-01 10:51:37 +02:00
|
|
|
_PROTOTYPE( int do_safecopy_to, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_safecopy_from, (struct proc * caller, message *m_ptr) );
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_vsafecopy, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_iopenable, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_vmctl, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_setgrant, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_readbios, (struct proc * caller, message *m_ptr) );
|
2005-09-30 14:54:59 +02:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_safemap, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_saferevmap, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_safeunmap, (struct proc * caller, message *m_ptr) );
|
2010-01-14 16:24:16 +01:00
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_sprofile, (struct proc * caller, message *m_ptr) );
|
2006-10-30 16:53:38 +01:00
|
|
|
#if ! SPROFILE
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_sprofile NULL
|
2006-10-30 16:53:38 +01:00
|
|
|
#endif
|
|
|
|
|
2010-02-03 10:04:48 +01:00
|
|
|
_PROTOTYPE( int do_cprofile, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_profbuf, (struct proc * caller, message *m_ptr) );
|
2006-10-30 16:53:38 +01:00
|
|
|
|
2010-03-12 16:58:41 +01:00
|
|
|
_PROTOTYPE( int do_getmcontext, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_setmcontext, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_MCONTEXT
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_getmcontext NULL
|
|
|
|
#define do_setmcontext NULL
|
2010-03-12 16:58:41 +01:00
|
|
|
#endif
|
|
|
|
|
Userspace scheduling
- cotributed by Bjorn Swift
- In this first phase, scheduling is moved from the kernel to the PM
server. The next steps are to a) moving scheduling to its own server
and b) include useful information in the "out of quantum" message,
so that the scheduler can make use of this information.
- The kernel process table now keeps record of who is responsible for
scheduling each process (p_scheduler). When this pointer is NULL,
the process will be scheduled by the kernel. If such a process runs
out of quantum, the kernel will simply renew its quantum an requeue
it.
- When PM loads, it will take over scheduling of all running
processes, except system processes, using sys_schedctl().
Essentially, this only results in taking over init. As children
inherit a scheduler from their parent, user space programs forked by
init will inherit PM (for now) as their scheduler.
- Once a process has been assigned a scheduler, and runs out of
quantum, its RTS_NO_QUANTUM flag will be set and the process
dequeued. The kernel will send a message to the scheduler, on the
process' behalf, informing the scheduler that it has run out of
quantum. The scheduler can take what ever action it pleases, based
on its policy, and then reschedule the process using the
sys_schedule() system call.
- Balance queues does not work as before. While the old in-kernel
function used to renew the quantum of processes in the highest
priority run queue, the user-space implementation only acts on
processes that have been bumped down to a lower priority queue.
This approach reacts slower to changes than the old one, but saves
us sending a sys_schedule message for each process every time we
balance the queues. Currently, when processes are moved up a
priority queue, their quantum is also renewed, but this can be
fiddled with.
- do_nice has been removed from kernel. PM answers to get- and
setpriority calls, updates it's own nice variable as well as the
max_run_queue. This will be refactored once scheduling is moved to a
separate server. We will probably have PM update it's local nice
value and then send a message to whoever is scheduling the process.
- changes to fix an issue in do_fork() where processes could run out
of quantum but bypassing the code path that handles it correctly.
The future plan is to remove the policy from do_fork() and implement
it in userspace too.
2010-03-29 13:07:20 +02:00
|
|
|
_PROTOTYPE( int do_schedule, (struct proc * caller, message *m_ptr) );
|
|
|
|
_PROTOTYPE( int do_schedctl, (struct proc * caller, message *m_ptr) );
|
|
|
|
|
2010-04-08 15:41:35 +02:00
|
|
|
_PROTOTYPE( int do_statectl, (struct proc * caller, message *m_ptr) );
|
|
|
|
#if ! USE_STATECTL
|
2010-06-01 10:54:31 +02:00
|
|
|
#define do_statectl NULL
|
2010-04-08 15:41:35 +02:00
|
|
|
#endif
|
|
|
|
|
2005-04-21 16:53:53 +02:00
|
|
|
#endif /* SYSTEM_H */
|
2005-07-14 17:12:12 +02:00
|
|
|
|