Commit graph

40 commits

Author SHA1 Message Date
David van Moolenbroek
b8b8f537bd IPC privileges fixes
Kernel:
o Remove s_ipc_sendrec, instead using s_ipc_to for all send primitives
o Centralize s_ipc_to bit manipulation,
  - disallowing assignment of bits pointing to unused priv structs;
  - preventing send-to-self by not setting bit for own priv struct;
  - preserving send mask matrix symmetry in all cases
o Add IPC send mask checks to SENDA, which were missing entirely somehow
o Slightly improve IPC stats accounting for SENDA
o Remove SYSTEM from user processes' send mask
o Half-fix the dependency between boot image order and process numbers,
  - correcting the table order of the boot processes;
  - documenting the order requirement needed for proper send masks;
  - warning at boot time if the order is violated

RS:
o Add support in /etc/drivers.conf for servers that talk to user processes,
  - disallowing IPC to user processes if no "ipc" field is present
  - adding a special "USER" label to explicitly allow IPC to user processes
o Always apply IPC masks when specified; remove -i flag from service(8)
o Use kernel send mask symmetry to delay adding IPC permissions for labels
  that do not exist yet, adding them to that label's process upon creation
o Add VM to ipc permissions list for rtl8139 and fxp in drivers.conf

Left to future fixes:
o Removal of the table order vs process numbers dependency altogether,
  possibly using per-process send list structures as used for SYSTEM calls
o Proper assignment of send masks to boot processes;
  some of the assigned (~0) masks are much wider than necessary
o Proper assignment of IPC send masks for many more servers in drivers.conf
o Removal of the debugging warning about the now legitimate case where RS's
  add_forward_ipc cannot find the IPC destination's label yet
2009-07-02 16:25:31 +00:00
Ben Gras
c628f24bc2 moved stacktrace to sysctl, as vmctl is very privileged so can't
be used outside VM. IS code cleanup. added stacktrace feature to IS.
2009-01-27 12:54:33 +00:00
Ben Gras
5cbcc11ed3 compile fix for new lock timings 2009-01-12 22:14:43 +00:00
Ben Gras
c078ec0331 Basic VM and other minor improvements.
Not complete, probably not fully debugged or optimized.
2008-11-19 12:26:10 +00:00
Philip Homburg
b4a88a3705 Removed ECHO from dump, added SENDA. Also dump s_ipc_sendrec. 2007-04-23 14:40:13 +00:00
Ben Gras
41e9fedf87 Mostly bugfixes of bugs triggered by the test set.
bugfixes:
 SYSTEM:
 . removed
        rc->p_priv->s_flags = 0;
   for the priv struct shared by all user processes in get_priv(). this
   should only be done once. doing a SYS_PRIV_USER in sys_privctl()
   caused the flags of all user processes to be reset, so they were no
   longer PREEMPTIBLE. this happened when RS executed a policy script.
   (this broke test1 in the test set)

 VFS/MFS:
 . chown can change the mode of a file, and chmod arguments are only
   part of the full file mode so the full filemode is slightly magic.
   changed these calls so that the final modes are returned to VFS, so
   that the vnode can be kept up-to-date.
   (this broke test11 in the test set)

 MFS:
 . lookup() checked for sizeof(string) instead of sizeof(user_path),
   truncating long path names
   (caught by test 23)
 . truncate functions neglected to update ctime
   (this broke test16)

 VFS:
 . corner case of an empty filename lookup caused fields of a request
   not to be filled in in the lookup functions, not making it clear
   that the lookup had failed, causing messages to garbage processes,
   causing strange failures.
   (caught by test 30)
 . trust v_size in vnode when doing reads or writes on non-special
   files, truncating i/o where necessary; this is necessary for pipes,
   as MFS can't tell when a pipe has been truncated without it being
   told explicitly each time.
   when the last reader/writer on a pipe closes, tell FS about
   the new size using truncate_vn().
   (this broke test 25, among others)
 . permission check for chdir() had disappeared; added a
   forbidden() call
   (caught by test 23)

new code, shouldn't change anything:
 . introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
   LOCK variants. These macros set and clear the p_rts_flags field,
   causing a lot of duplicated logic like

       old_flags = rp->p_rts_flags;            /* save value of the flags */
       rp->p_rts_flags &= ~NO_PRIV;
       if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);

   to change into the simpler

       RTS_LOCK_UNSET(rp, NO_PRIV);

   so the macros take care of calling dequeue() and enqueue() (or lock_*()),
   as the case may be). This makes the code a bit more readable and a
   bit less fragile.
 . removed return code from do_clocktick in CLOCK as it currently
   never replies
 . removed some debug code from VFS
 . fixed grant debug message in device.c
 
preemptive checks, tests, changes:
 . added return code checks of receive() to SYSTEM and CLOCK
 . O_TRUNC should never arrive at MFS (added sanity check and removed
   O_TRUNC code)
 . user_path declared with PATH_MAX+1 to let it be null-terminated
 . checks in MFS to see if strings passed by VFS are null-terminated
 
 IS:
 . static irq name table thrown out
2007-02-01 17:50:02 +00:00
Ben Gras
6f77685609 Split of architecture-dependent and -independent functions for i386,
mainly in the kernel and headers. This split based on work by
Ingmar Alting <iaalting@cs.vu.nl> done for his Minix PowerPC architecture
port.

 . kernel does not program the interrupt controller directly, do any
   other architecture-dependent operations, or contain assembly any more,
   but uses architecture-dependent functions in arch/$(ARCH)/.
 . architecture-dependent constants and types defined in arch/$(ARCH)/include.
 . <ibm/portio.h> moved to <minix/portio.h>, as they have become, for now,
   architecture-independent functions.
 . int86, sdevio, readbios, and iopenable are now i386-specific kernel calls
   and live in arch/i386/do_* now.
 . i386 arch now supports even less 86 code; e.g. mpx86.s and klib86.s have
   gone, and 'machine.protected' is gone (and always taken to be 1 in i386).
   If 86 support is to return, it should be a new architecture.
 . prototypes for the architecture-dependent functions defined in
   kernel/arch/$(ARCH)/*.c but used in kernel/ are in kernel/proto.h
 . /etc/make.conf included in makefiles and shell scripts that need to
   know the building architecture; it defines ARCH=<arch>, currently only
   i386.
 . some basic per-architecture build support outside of the kernel (lib)
 . in clock.c, only dequeue a process if it was ready
 . fixes for new include files

files deleted:
 . mpx/klib.s - only for choosing between mpx/klib86 and -386
 . klib86.s - only for 86

i386-specific files files moved (or arch-dependent stuff moved) to arch/i386/:
 . mpx386.s (entry point)
 . klib386.s
 . sconst.h
 . exception.c
 . protect.c
 . protect.h
 . i8269.c
2006-12-22 15:22:27 +00:00
Philip Homburg
8dfac43a75 Print ipc_to in hex. Also print the 'system' call mask. 2006-06-23 13:27:03 +00:00
Ben Gras
7a76a7a495 Rename protected to prot
Also print size of grant table known in system
2006-06-20 10:03:48 +00:00
Philip Homburg
14b7a72ba3 Init need more space (the results of removing the special case for init in
adjust in PM). Better flags dump in IS.
2006-05-11 15:00:46 +00:00
Ben Gras
10eeb788f9 Generation number printed too 2006-03-03 16:34:37 +00:00
Ben Gras
7967177710 endpoint-aware conversion of servers.
'who', indicating caller number in pm and fs and some other servers, has
been removed in favour of 'who_e' (endpoint) and 'who_p' (proc nr.).

In both PM and FS, isokendpt() convert endpoints to process slot
numbers, returning OK if it was a valid and consistent endpoint number.
okendpt() does the same but panic()s if it doesn't succeed. (In PM,
this is pm_isok..)

pm and fs keep their own records of process endpoints in their proc tables,
which are needed to make kernel calls about those processes.

message field names have changed.

fs drivers are endpoints.

fs now doesn't try to get out of driver deadlock, as the protocol isn't
supposed to let that happen any more. (A warning is printed if ELOCKED
is detected though.)

fproc[].fp_task (indicating which driver the process is suspended on)
became an int.

PM and FS now get endpoint numbers of initial boot processes from the
kernel. These happen to be the same as the old proc numbers, to let
user processes reach them with the old numbers, but FS and PM don't know
that. All new processes after INIT, even after the generation number
wraps around, get endpoint numbers with generation 1 and higher, so
the first instances of the boot processes are the only processes ever
to have endpoint numbers in the old proc number range.

More return code checks of sys_* functions have been added.

IS has become endpoint-aware. Ditched the 'text' and 'data' fields
in the kernel dump (which show locations, not sizes, so aren't terribly
useful) in favour of the endpoint number. Proc number is still visible.

Some other dumps (e.g. dmap, rs) show endpoint numbers now too which got
the formatting changed.

PM reading segments using rw_seg() has changed - it uses other fields
in the message now instead of encoding the segment and process number and
fd in the fd field. For that it uses _read_pm() and _write_pm() which to
_taskcall()s directly in pm/misc.c.

PM now sys_exit()s itself on panic(), instead of sys_abort().

RS also talks in endpoints instead of process numbers.
2006-03-03 10:20:58 +00:00
Philip Homburg
b6d12e81aa Change to some debug code. 2006-02-24 12:55:00 +00:00
Philip Homburg
21163c8da2 Print masked IRQs. 2006-01-12 14:41:40 +00:00
Jorrit Herder
288860f6e6 New dumps for RS and DS server. 2005-10-20 20:28:54 +00:00
Ben Gras
ee5940e097 Print quant as signed number so a 'scheduling defecit' appears as such 2005-10-17 14:06:08 +00:00
Jorrit Herder
5a9dec8bd2 New signal handling behaviour at PM (services can be killed).
New Shift-F6 dump for RS server at IS.
New getnpid, getnproc, getpproc library calls at PM.
New reincarnation server (basic functionality is there now).
2005-10-12 15:07:38 +00:00
Ben Gras
42fbd9aced Andy's formatting changes. 2005-09-11 16:45:46 +00:00
Jorrit Herder
a238c1ba48 Cleanup with gcc. 2005-08-25 12:04:36 +00:00
Ben Gras
d11b2e4b8c Al's double-blank-line removal request 2005-08-22 15:23:47 +00:00
Jorrit Herder
872687ddfc Scheduling updates to the kernel. Sched() function now is single point for
policy. Actual policy not yet implemented.

PM calculates nice values for processes in boot image.

IS debug dumps improved (Shift+F1-F4).
2005-08-22 15:14:11 +00:00
Jorrit Herder
a01645b788 New scheduling code in kernel. Work in progress.
Round-robin within one priority queue works fine.
Ageing algorithm to be done.
2005-08-19 16:43:28 +00:00
Jorrit Herder
74711a3b14 Check if kernel calls is allowed (from process' call mask) added. Not yet
enforced. If a call is denied, this will be kprinted. Please report any such
errors, so that I can adjust the mask before returning errors instead of
warnings.

Wrote CMOS driver. All CMOS code from FS has been removed. Currently the
driver only supports get time calls. Set time is left out as an exercise
for the book readers ... startup scripts were updated because the CMOS driver
is needed early on. (IS got same treatment.) Don't forget to run MAKEDEV cmos
in /dev/, otherwise the driver cannot be loaded.
2005-08-04 19:23:03 +00:00
Jorrit Herder
f44725b777 Created new devctl system call to FS. Moved dmap.h header to include/minix/.
Various updates to support dynamically starting servers and suppress output.
2005-08-02 15:29:17 +00:00
Jorrit Herder
d3874a7917 Updated servers according to syslib interface changes. 2005-07-29 15:00:49 +00:00
Jorrit Herder
d62e515660 Small update to SYS_IRQCTL -> setting an interrupt policy now allows the caller
to provide an index (0 .. 31) that is passed in the HARD_INT message when an
interrupt occurs. The NOTIFY_ARG field contains a bitmap with all indexes for
which an interrupt occured.
2005-07-29 12:44:42 +00:00
Ben Gras
b924ce0726 Prettify scheduling queue prints 2005-07-27 14:30:17 +00:00
Ben Gras
2b810f6923 Prettier s_flags printing 2005-07-27 07:00:20 +00:00
Jorrit Herder
a41eb700e8 Minor fixes and improvements for sys_call(). 2005-07-26 13:51:21 +00:00
Jorrit Herder
3d0b9140f2 Updated F4 dump at IS to include send masks.
Removed unused constant from fproc.h
Changed signal behaviour at PM (work in progress)
2005-07-26 12:49:35 +00:00
Jorrit Herder
808202ee30 Removed printing functionality from IS server.
This functionality is now provided by the LOG driver.
2005-07-21 18:31:27 +00:00
Jorrit Herder
f1153541c7 Fixed bug in PM that caused update program not to be scheduled, so that
sync was not periodically run. Chain of timers was accidentially broken.

Kernel sends SIGKSTOP signal on shutdown. FS calls sync to clean up.
2005-07-20 15:27:42 +00:00
Jorrit Herder
570eac1f53 Renamed system library functionality.
Updated debug dumps of IS server.
2005-07-14 15:16:12 +00:00
Jorrit Herder
c349ef942a Changes scheduling priorities for nice(). 2005-07-01 09:08:41 +00:00
Jorrit Herder
bfa25ba41f Changed debug dumps of kernel process table (F1) 2005-06-30 15:55:43 +00:00
Ben Gras
6be8c4d8a3 Import of dpeth 3c501/3c509b/.. ethernet driver by
Giovanni Falzoni <fgalzoni@inwind.it>.
2005-06-29 10:16:46 +00:00
Jorrit Herder
042c4ac395 Changed Makefiles for mkdep script.
Updated debugging dumps at IS server, and function key control.

NOTE: pm modified with DEBUG() output, to be removed later.
2005-06-24 16:21:21 +00:00
Ben Gras
c60302c1e7 Print re-locking event count if enabled. 2005-06-20 14:52:00 +00:00
Jorrit Herder
37a1e3f8e3 Removed mem chunks dump. (No longer available from kernel.) 2005-06-17 09:13:32 +00:00
Jorrit Herder
c2cd510adf Removed debug dumps from the PM and FS servers. The dumps are now done by the
IS servers, which obtains a copy of the data through the getsysinfo() system
call. CTRL-F1 now is a special TTY key to shows function key mappings.
2005-06-07 14:43:35 +00:00