Commit graph

33 commits

Author SHA1 Message Date
Ben Gras
565f13088f make vfs & filesystems use failable copying
Change the kernel to add features to vircopy and safecopies so that
transparent copy fixing won't happen to avoid deadlocks, and such copies
fail with EFAULT.

Transparently making copying work from filesystems (as normally done by
the kernel & VM when copying fails because of missing/readonly memory)
is problematic as it can happen that, for file-mapped ranges, that that
same filesystem that is blocked on the copy request is needed to satisfy
the memory range, leading to deadlock. Dito for VFS itself, if done with
a blocking call.

This change makes the copying done from a filesystem fail in such cases
with EFAULT by VFS adding the CPF_TRY flag to the grants. If a FS call
fails with EFAULT, VFS will then request the range to be made available
to VM after the FS is unblocked, allowing it to be used to satisfy the
range if need be in another VFS thread.

Similarly, for datacopies that VFS itself does, it uses the failable
vircopy variant and callers use a wrapper that talk to VM if necessary
to get the copy to work.

	. kernel: add CPF_TRY flag to safecopies
	. kernel: only request writable ranges to VM for the
	  target buffer when copying fails
	. do copying in VFS TRY-first
	. some fixes in VM to build SANITYCHECK mode
	. add regression test for the cases where
	  - a FS system call needs memory mapped in a process that the
	    FS itself must map.
	  - such a range covers more than one file-mapped region.
	. add 'try' mode to vircopy, physcopy
	. add flags field to copy kernel call messages
	. if CP_FLAG_TRY is set, do not transparently try
	  to fix memory ranges
	. for use by VFS when accessing user buffers to avoid
	  deadlock
	. remove some obsolete backwards compatability assignments
        . VFS: let thread scheduling work for VM requests too
          Allows VFS to make calls to VM while suspending and resuming
          the currently running thread. Does currently not work for the
          main thread.
        . VM: add fix memory range call for use by VFS

Change-Id: I295794269cea51a3163519a9cfe5901301d90b32
2014-07-28 17:05:14 +02:00
Ben Gras
256829c7e8 <sys/wait.h>
Change-Id: I24605df209d012e99333065428a3ed2752799321
2014-03-02 12:28:32 +01:00
David van Moolenbroek
24ec0d73b5 Clean up interface to PM and VFS
- introduce new call numbers, names, and field aliases;
- initialize request messages to zero for all ABI calls;
- format callnr.h in the same way as com.h;
- redo call tables in both servers;
- remove param.h namespace pollution in the servers;
- make brk(2) go to VM directly, rather than through PM;
- remove obsolete BRK, UTIME, and WAIT calls;
- clean up path copying routine in VFS;
- move remaining system calls from libminlib to libc;
- correct some errno-related mistakes in libc routines.

Change-Id: I2d8ec5d061cd7e0b30c51ffd77aa72ebf84e2565
2014-03-01 09:05:01 +01:00
David van Moolenbroek
efd3487bc5 PM: send replies immediately
The original delayed reply functionality was there to support swapping
in processes as they are unblocked, but swap support is long gone.
These days, this code only incurs overhead and hides bugs.

Change-Id: I4aebcd80719daa1bec45ac91975ddc9a460d74d4
2014-03-01 09:05:00 +01:00
David van Moolenbroek
595d73a896 PM: rework signal handling
- introduce PROC_STOPPED flag, which tracks whether the process is
  stopped on PROC_STOP in the kernel, rather than implicitly deriving
  this from PM_SIG_PENDING;
- make the process resumption test based on current state rather than
  state transitions;
- add and clarify several flag checks in the signal handling code;
- add test79 to test signal handling robustness.

Change-Id: Ic8c7527095035b300b56f2ab1b9dd190bd4bf001
2014-03-01 09:04:59 +01:00
David van Moolenbroek
4f6b382c41 Retire ptrace(T_DUMPCORE), dumpcore(1), gcore(1)
The T_DUMPCORE implementation was not only broken - it would currently
produce a coredump of the tracer process rather than the traced
process - but also deeply flawed, and fixing it would require serious
alteration of PM's internal state machine. It should be possible to
implement the same functionality in userland, and that is now the
suggested way forward. For now, also remove the (identical) utilities
using T_DUMPCORE: dumpcore(1) and gcore(1).

Change-Id: I1d51be19c739362b8a5833de949b76382a1edbcc
2014-02-18 11:25:03 +01:00
Ben Gras
0fb2f83da9 drop from segments physcopy/vircopy invocations
. sys_vircopy always uses D for both src and dst
	. sys_physcopy uses PHYS_SEG if and only if corresponding
	  endpoint is NONE, so we can derive the mode (PHYS_SEG or D)
	  from the endpoint arg in the kernel, dropping the seg args
	. fields in msg still filled in for backwards compatability,
	  using same NONE-logic in the library
2012-06-18 12:28:40 +00:00
Ben Gras
7336a67dfe retire PUBLIC, PRIVATE and FORWARD 2012-03-25 21:58:14 +02:00
Thomas Veerman
a6d0ee24c3 Use correct value for _NSIG
User processes can send signals with number up to _NSIG. There are a few
signal numbers above that used by the kernel, but should explicitly not
be included in the range or range checks in PM will fail.

The system processes use a different version of sigaddset, sigdelset,
sigemptyset, sigfillset, and sigismember which does not include a range
check on signal numbers (as opposed to the normal functions used by normal
processes).

This patch unbreaks test37 when the boot image is compiled with GCC/Clang.
2012-01-16 11:42:29 +00:00
Adriana Szekeres
c30f014a89 gcore command to coredump a process 2011-11-22 22:07:41 +01:00
Thomas Veerman
34a2864e27 Fix a few compile time warnings 2010-07-02 12:41:19 +00:00
Arun Thomas
f0a158d8c1 More cleanup to remove MM and FS references 2010-06-10 14:04:46 +00:00
Tomas Hruby
6e25ad8b0a Use of all NIL_* defines converted to NULL 2010-05-10 13:26:00 +00:00
Ben Gras
35a108b911 panic() cleanup.
this change
   - makes panic() variadic, doing full printf() formatting -
     no more NO_NUM, and no more separate printf() statements
     needed to print extra info (or something in hex) before panicing
   - unifies panic() - same panic() name and usage for everyone -
     vm, kernel and rest have different names/syntax currently
     in order to implement their own luxuries, but no longer
   - throws out the 1st argument, to make source less noisy.
     the panic() in syslib retrieves the server name from the kernel
     so it should be clear enough who is panicing; e.g.
         panic("sigaction failed: %d", errno);
     looks like:
         at_wini(73130): panic: sigaction failed: 0
         syslib:panic.c: stacktrace: 0x74dc 0x2025 0x100a
   - throws out report() - printf() is more convenient and powerful
   - harmonizes/fixes the use of panic() - there were a few places
     that used printf-style formatting (didn't work) and newlines
     (messes up the formatting) in panic()
   - throws out a few per-server panic() functions
   - cleans up a tie-in of tty with panic()

merging printf() and panic() statements to be done incrementally.
2010-03-05 15:05:11 +00:00
Erik van der Kouwe
c107dbe1d0 Man-pages on mkdep, cdprobe, loadramdisk and newroot; thanks to Antoine Leca 2010-02-02 15:10:00 +00:00
David van Moolenbroek
0dcf5b7aa8 add ptrace(2) TO_NOEXEC flag 2010-01-05 09:30:28 +00:00
David van Moolenbroek
e423c86009 ptrace(2) modifications:
- add T_GETRANGE/T_SETRANGE to get/set ranges of values
- change EIO error code to EFAULT
- move common-I&D text-to-data translation to umap_local
2009-12-29 21:32:15 +00:00
David van Moolenbroek
a07f8d7646 Fix ptrace bug when reattaching to a detached process 2009-11-09 08:12:25 +00:00
David van Moolenbroek
b423d7b477 Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
  being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
  AMF_NOREPLY senda() flag

DETAILS

Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
  aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
  and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
  stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
  VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
  running while modifying its process structure

Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
  the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
  protocol message
o Detached debugger signals from general signal logic and from being
  blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
  one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
  are pending
o Fixed wait test for tracer, which was returning for children that were
  not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
  debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG

Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
  debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
  of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
  a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
  structure
o Removed T_STOP ptrace request again, as it does not help implementing
  debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)

Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
  with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
  satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
  #define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
  revealed RS-PM-VFS race condition triangle until VFS is asynchronous

System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
  signal set, rather than just the POSIX subset

Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
  structure clearer
o Fixed setpriority() being able to put to sleep processes using an
  invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there

Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code

THINGS OF POSSIBLE INTEREST

o It should now be possible to run PM at any priority, even lower than
  user processes
o No assumptions are made about communication speed between PM and VFS,
  although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
  only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 09:57:22 +00:00
Ben Gras
5f497bcf22 - Introduce some macros for field names, so that endpt, pendpt,
addr and taddr don't have to be defined any more, so that <sys/mman.h>
    can be included for proper prototypes of munmap() and friends.
  - rename our GETPID to MINIX_GETPID to avoid a name conflict with
    other sources
  - PM needs its own munmap() and munmap_text() to avoid sending messages
    to VM at the startup phase. It *does* want to do that, but only
    after initialising. So they're called again with unmap_ok set to 1
    later.
  - getnuid(), getngid() implementation
2009-09-21 14:48:19 +00:00
David van Moolenbroek
1a9e07b0e5 PM: fix ptrace(T_EXIT) 'exit_proc: not idle' race condition. 2009-07-11 13:22:56 +00:00
David van Moolenbroek
73c5bbf1a3 PM: add EXITING process flag as stopgap between starting coredump and setting ZOMBIE flag 2009-07-09 22:33:56 +00:00
David van Moolenbroek
67d986f882 PM cleanup: merge exit and coredump paths 2009-07-08 17:16:53 +00:00
David van Moolenbroek
12451e6b06 Miscellaneous PM fixes:
o Don't call vm_willexit() more than once upon normal process exit
o Correct two cases of indenting of the no-discussion-possible kind
o Perform slightly stricter ptrace(2) checks:
  - process calling ptrace must be target process's parent
  - process must call wait/waitpid before using ptrace on stopped child
  - no ptrace on zombies
o Allow user processes to use ptrace(T_STOP) to stop an active child
2009-07-05 22:48:18 +00:00
Ben Gras
c078ec0331 Basic VM and other minor improvements.
Not complete, probably not fully debugged or optimized.
2008-11-19 12:26:10 +00:00
Philip Homburg
1cffa69d2c Support for I/O MMU: do not re-use a memory segment until the I/O MMU has
removed it from its map.
2008-02-21 16:33:34 +00:00
Philip Homburg
1ce2f75627 Additional ptrace commands for fault injection. 2006-10-20 14:14:08 +00:00
Philip Homburg
773844a816 New interface between PM and FS. 2006-05-11 14:57:23 +00:00
Philip Homburg
57ed4b2bf7 Pass endpoint to sys_trace instead of slot number. 2006-03-15 11:32:00 +00:00
Jorrit Herder
ab732a37e8 Renamed mm_exit to pm_exit (requested by Al)
Small cleanup in pm_init.
2005-08-10 09:37:54 +00:00
Jorrit Herder
e782e76944 Created new findproc system call to the PM (to replace similar kernel
functionality). Currently working on memory allocation (not yet finished).
2005-06-02 12:43:21 +00:00
Jorrit Herder
1ecc6bf3b3 Removed 'system process' magic from PM and FS. 2005-05-13 08:57:08 +00:00
Ben Gras
0e9261ed5a Rename mm (memory manager) to pm (process manager), involved renaming
dir..
2005-05-03 15:35:52 +00:00