Some select queries require a response from device drivers. If a
select call is nonblocking (with a zero timeout), the response to
the caller may have to be deferred until all involved drivers have
responded to the initial query. This is handled just fine.
However, if the select call has a timeout that is so short that it
triggers before all the involved drivers have responded, the
resulting alarm would be discarded, possibly resulting in the call
blocking forever. This fix changes the alarm handler such that if
the alarm triggers too early, the select call is further handled
as though it was nonblocking.
This fix resolves a test77 deadlock on really slow systems.
Change-Id: Ib487c8fe436802c3e11c57355ae0c8480721f06e
Fix /dev/tty-related issues in tmux(1) by hardcoding the PTY major
in VFS in addition to the TTY major. Even though this is exactly
what we did NOT want to have to do, the actual fix for this issue
is going to take a little longer.
Change-Id: I24c75eaf688b9ebd28e931f2e445b8442cfdac78
The previous approach of storing pointers to messages structures for
thread-blocking sendrec operations relied on several assumptions,
which if violated could lead to odd cases of memory corruption.
With this patch, VFS resets pointers right after use, avoiding that
any dangling pointers are accidentally dereferenced later. This
approach was already used in some cases, but not all of them.
Change-Id: I752d994ea847b46228bd2ccf4e537deceb78fbaf
For dynamically linked executables, the interpreter is passed a
file descriptor of the binary being executed. To this end, VFS
opens the target executable, but opening the file fails if it is
not readable, even when it is executable. With this patch, when
opening the executable, it verifies the X bit rather than the R
bit on the file, thus allowing the execution of dynamically
linked binaries that are executable but not readable.
Add test86 to verify correctness.
Change-Id: If3514add6a33b33d52c05a0a627d757bff118d77
- do not use timers when there is only ever one timer;
- do not include kernel header files for no reason;
- do not reply to notifications ever.
Change-Id: I5817e22c1b46c4e30e5135069df318af0b4f87fd
- The lmfs_get_block*(3) API calls may now return an error. The idea
is to encourage a next generation of file system services to do a
better job at dealing with block read errors than the MFS-derived
implementations do. These existing file systems have been changed
to panic immediately upon getting a block read error, in order to
let unchecked errors cause corruption. Note that libbdev already
retries failing I/O operations a few times first.
- The libminixfs block device I/O module (bio.c) now deals properly
with end-of-file conditions on block devices. Since a device or
partition size may not be a multiple of the root file system's block
size, support for partial block retrival has been added, with a new
internal lmfs_get_partial_block(3) call. A new test program,
test85, tests the new handling of EOF conditions when reading,
writing, and memory-mapping a block device.
Change-Id: I05e35b6b8851488328a2679da635ebba0c6d08ce
This patch employs one solution to resolve two independent but related
issues. Both issues are the result of one fundamental aspect of the
way VM's memory mapping works: VM uses its cache to map in blocks for
memory-mapped file regions, and for blocks already in the VM cache, VM
does not go to the file system before mapping them in. To preserve
consistency between the FS and VM caches, VM relies on being informed
about all updates to file contents through the block cache. The two
issues are both the result of VM not being properly informed about
such updates:
1. Once a file system provides libminixfs with an inode association
(inode number + inode offset) for a disk block, this association
is not broken until a new inode association is provided for it.
If a block is freed and reallocated as a metadata (non-inode)
block, its old association is maintained, and may be supplied to
VM's secondary cache. Due to reuse of inodes, it is possible
that the same inode association becomes valid for an actual file
block again. In that case, when that new file is memory-mapped,
under certain circumstances, VM may end up using the metadata
block to satisfy a page fault on the file, due to the stale inode
association. The result is a corrupted memory mapping, with the
application seeing data other than the current file contents
mapped in at the file block.
2. When a hole is created in a file, the underlying block is freed
from the device, but VM is not informed of this update, and thus,
if VM's cache contains the block with its previous inode
association, this block will remain there. As a result, if an
application subsequently memory-maps the file, VM will map in the
old block at the position of the hole, rather than an all-zeroes
block. Thus, again, the result is a corrupted memory mapping.
This patch resolves both issues by making the file system inform the
minixfs library about blocks being freed, so that libminixfs can
break the inode association for that block, both in its own cache and
in the VM cache. Since libminixfs does not know whether VM has the
block in its cache or not, it makes a call to VM for each block being
freed. Thus, this change introduces more calls to VM, but it solves
the correctness issues at hand; optimizations may be introduced
later. On the upside, all freed blocks are now marked as clean,
which should result in fewer blocks being written back to the device,
and the blocks are removed from the caches entirely, which should
result in slightly better cache usage.
This patch is necessary but not sufficient to resolve the situation
with respect to memory mapping of file holes in general. Therefore,
this patch extends test 74 with a (rather particular but effective)
test for the first issue, but not yet with a test for the second one.
This fixes#90.
Change-Id: Iad8b134d2f88a884f15d3fc303e463280749c467
There is no reason to keep these tightly coupled data structures
separate. Moreover, there is no reason to have a union of file
descriptor and file pointer, since the second can be derived from
the first. The result are somewhat cleaner VFS internals.
Change-Id: I854da7d8291177878eecfc3077ef0a9e0cc82aaa
Previously, procfs would retrieve the rproc and rprocpub tables from
RS in two separate calls. This allowed for a race condition where the
tables could change in between the calls, resulting in a panic in
procfs under certain circumstances. RS now implements a new method
for getsysinfo that allows the retrieval of both tables at once.
Change-Id: I5ec22d25898361270c90e805a43fc6d76ad9e29d
Commit 723e513 erroneously removed a yield() call from VFS which was
necessary to get resumed pipe read/write threads to run before VFS
blocks on receive(). The removal caused those threads to run only
once VFS received another message, effectively slowing down activity
on pipes to a crawl in some cases.
Instead of readding the yield() call, this patch restructures the
get_work() code to go back through the main message loop even when no
new work is received, thus ensuring that newly started threads are
always activated without requiring a special case.
This fixes#65.
Change-Id: I59b7fb9e403d87dba1a5deecb04539cc37517742
For VFS, initialization is a special case for processing work: PFS
and the ramdisk MFS must be fully mounted before VFS can process any
other requests, in particular from init(8). This case was handled by
receiving reply messages only from the FS service being mounted, but
this effectively disallowed PFS from calling setuid(2) at startup.
This patch lets VFS receive all messages during the mounting process,
but defer processing any new requests. As a result, the FS services
have a bit more freedom in what they can do during startup.
Change-Id: I18275f458952a8d790736a9c9559b27bbef97b7b
This patch fixes two related issues:
- If a large (>PIPE_BUF) pipe write is processed partially, only to be
followed by a write error condition, then the process is left in an
incorrect state, possibly causing VFS to crash on a subsequent call.
- If such a partially processed large pipe write ends up resulting in
an EPIPE error, no corresponding SIGPIPE signal is generated.
The corrected behavior is tested in test68.
Change-Id: I5540e61ab6bcc60a31201485eda04bc49ece2ca8
The original one-shot page patch (git-e321f65) did not account for the
possibility of pagefaults happening while copying memory in the
kernel. This allowed a simple cp(1) from vbfs to hang the system,
since VM was repeatedly requesting the same page from the file system.
With this fix, VM no longer tries to fetch the same memory-mapped page
from VFS more than once per memory handling request from the kernel.
In addition to fixing the original issue, this change should make
handling memory somewhat more robust and ever-so-slightly faster.
Test74 has been extended with a simple test for this case.
Change-Id: I6e565f3750141e51b52ec98c938f8e1aa40070d0
. bitcode fixes
. switch to compiler-rt instead of netbsd libc functions
or libgcc for support functions for both x86 and arm
. minor build fixes
. allow build with llvm without crossbuilding llvm itself
. can now build minix/arm using llvm and eabi - without C++
support for now (hence crossbuilding llvm itself is turned off
for minix/arm)
Change-Id: If5c44ef766f5b4fc4394d4586ecc289927a0d6eb
This patch adds (very limited) support for memory-mapping pages on
file systems that are mounted on the special "none" device and that
do not implement PEEK support by themselves. This includes hgfs,
vbfs, and procfs.
The solution is implemented in libvtreefs, and consists of allocating
pages, filling them with content by calling the file system's READ
functionality, passing the pages to VM, and freeing them again. A new
VM flag is used to indicate that these pages should be mapped in only
once, and thus not cached beyond their single use. This prevents
stale data from getting mapped in without the involvement of the file
system, which would be problematic on file systems where file contents
may become outdated at any time. No VM caching means no sharing and
poor performance, but mmap no longer fails on these file systems.
Compared to a libc-based approach, this patch retains the on-demand
nature of mmap. Especially tail(1) is known to map in a large file
area only to use a small portion of it.
All file systems now need to be given permission for the SETCACHEPAGE
and CLEARCACHE calls to VM.
A very basic regression test is added to test74.
Change-Id: I17afc4cb97315b515cad1542521b98f293b6b559
- rename start_vtreefs to run_vtreefs, since the function returns upon
termination these days;
- add get_inode_slots function to retrieve the number of indexed slots;
- add support for extra per-inode data for arbitrary storage.
Change-Id: If2d365d7b478a1cecc9e20fb2b3e70c1a1cf7243
Fix for problems reported by Alejandro Hernández:
. VM unmap: handle case where there is no nextvr
Fixes for problems found by running Melkor ELF fuzzing tool:
. VM: better handle case where region prealloc fails by
freeing memory that was allocated so far
. MFS fs_readwrite: EOF check should happen for read and
peek requests, not just read
This fixes#4.
Change-Id: I2adf4eebdfb4c48a297beff0478eed5c917a53a4
Read calls may be repeated by VFS if the user destination memory is
not mapped in. Devman currently assumes that all reads are
successful, and uses this to track whether EOF has been reached for
a particular event, discarding it as soon as this happens. Upon
repetition, this may result in lost events for devmand.
With this patch, devman discards events only once devmand reads the
EOF marker, which itself can never generate a user page fault. The
result is that read calls for data can be repeated safely, without
the risk of losing events in the process.
Change-Id: I9dfdf7f8c8992a20a10302d79c3506e61f8564b0
The entire infrastructure relied on an ACK feature, and as such, it
has been broken for years now, with no easy way to repair it.
Change-Id: I783c2a21276967af115a642199f31fef0f14a572
- synchronize request type with ioctl by making it unsigned long;
- unbreak VFS requests, as they were being sent to PM;
- use proper ioctl direction flags (and new numbers) for requests;
- remove some needless header inclusions;
- svrctl is in libc, make its message name reflect this;
- keep backward compatibility: svrctl is part of the userland ABI.
Change-Id: I44902e8d0d11b8ebc1ef3bda94d2202481743c9b
In order to avoid creating libfsdriver exceptions, two changes to VFS
are necessary:
- the returned position field for reads/writes is no longer abused to
return the new pipe size; VFS is perfectly capable of updating the
size itself;
- during system startup, PFS is now sent a mount request, just like all
other file systems.
In proper "two steps forward, one step back" fashion, the latter point
has the consequence that PFS can no longer drop its privileges at
startup. This is probably best resolved with a more general solution
for all boot image system services. The upside is that PFS no longer
needs to be linked with libc.
Change-Id: I92e2410cdb0d93d0e6107bae10bc08efc2dbb8b3
The conversion was never properly implemented for asynchronous
character drivers, and got lost during the removal of the
synchronous character protocol.
Change-Id: Ib858806859aa7a52d6b391d4c6c521a2be361fdd
. get rid of includes in libcompat_minix:
. move configfile.h to minix/include/
. all others are unneeded as they point to other files
. merge the .c files with libc
Change-Id: I5e840c66fb9bc484f377926aa9d66473bbd16259
The remapping from /dev/tty to the real controlling terminal in the
device code was confusing the select code. The latter is now aware
of this case and should handle it properly, at the cost of one extra
field in the filp structure.
There is a nasty, hopefully sufficiently rare case of /dev/tty being
kept open while controlling terminals are changing, that we are still
not handling. Doing so would require more than just a few changes,
but the code should at least detect and cleanly fail on this case.
Test77 now has a basic test set for selecting on /dev/tty.
Change-Id: Iaedea449cdb728d0e66a9de8faacdfd9638dfe92
Changes provoked by debugging / making 'PM: INIT died' error debuggable.
This was caused (in one instance) by a missing /dev/console (and everything
else) on the boot time ramdisk.
. sanity-check against this case by checking for console
. PM: print init stacktrace and exit status when init dies
. eliminate some explicitly invoked ${MAKE}s and a rm -rf in
Makefiles, causing race conditions; use explicit ordering (.WAIT)
instead, moving some of the burden of dependencies of partial builds
to the user. On the plus side, generate ramdisk just once.
. make mkfs.mfs fail as soon as it sees an error missing file in
the proto file. - except for EACCES on minix native for the mfs
test. also fix some fmt warnings.
. init: include debug info in executable
Change-Id: I8eea4986a4f64ecaf223aff5da321d8b4f4a3fa4
RS used to do a stat, and check that the stat was successful, but it
didn't check that the executable was not actually empty.
This patch adds a check to detect file which are smaller than the minimum
ELF size possible.
Change-Id: I22b004084f17e7d395e2c1377add7bc8b51c3d5e
This concerns all services, a.k.a drivers, filesystem drivers, network
(inet, lwip, uds) servers, and the system servers.
Change-Id: I626fd15c795e15af42df2d10d47fb4a703665d63