implementation functions.
Changed check in system.c to check compile-time-sized bitmap of
kernel calls.
Added SYS_SAFECOPYFROM and SYS_SAFECOPYTO, both mapping to
do_safecopy (that's what sys_call_code is used for).
any number of kernel calls.
Allowed kernel calls are stored in table.c for every image process as a
variably-sized array of allowed calls. This is used to fill the bitmap
of size determined at compile time by the number of kernel calls. This
filling is done by main.c. There is a special call called SYS_ALL_CALLS
which fills the bitmap of allowed calls completely, if that is the only
entry in the array.
include grant id in DEV_REVIVE messages.
. Removal of TTY_FLAGS field (and so O_NONBLOCK support).
. Fixed CANCEL behaviour and return code on blocking I/O,
previously handled by O_NONBLOCK
. Totally removed REVIVE replies, previously still possible on
blocking ioctls (REVIVE directly called) and ptys (missing TTY_REVIVE
check), removes deadlock bug with FS
. Removed obsolete *COMPAT options and associated code
. added safecopies.c:
these are library functions to maintain grant tables in own address space
. sys_safecopy.c:
interfaces to kernel calls to perform safe copy functions in from or to
foreign process
. changes in i/o fields (type merged with request) reflected in
library functions (sys_out.c, sys_vinb.c, sys_vinl.c, sys_vinw.c,
sys_voutb.c, sys_voutl.c, sys_voutw.c)
. type merged with request in sys_sdevio, also now accepts offset which
is used when a grant is specified (the _DIO_SAFE subtype)
. system printf() function changed to send DIAGNOSTICS_S messages, which
specify a grant id instead of a direct address for the buffer to be
printed; tty and log can then safecopy the buffer
. changed some CMOS ioctl codes to have correct sizes (struct tm instead
of u32_t), a disk ioctl code from W to RW, and memory ioctl codes from R
to W, needed for proper matching of grant in FS
and DEV_IOCTL_S as replacements for DEV_READ, DEV_WRITE, DEV_SCATTER,
DEV_GATHER and DEV_IOCTL. Instead of a direct address, the *_S commands
pass 'grant ids' to the drivers which are referenced through a new set
of copy calls (sys_safecopyfrom and sys_safecopyto). in order for this
copy to succeed, the grant must have previously been created in the
address space of the granter.
. bitmap manipulation functions moved to <minix/bitmap.h>
. HIGHPOS introduced as field containing high 32 bits of position in
device I/O message; TTY_FLAGS no longer used
. IO_GRANT field introduced for GRANTs, to replace ADDRESS
. REP_IO_GRANT field for un-SUSPEND messages introduced to indicate
grant for which I/O was done to disambiguate messages
. SYS_SAFECOPYFROM and SYS_SAFECOPYTO introduced as new calls
. SYS_PRIV_SET_GRANTS code introduced as a code to set the address and
size of the grant table in a process' own address space
. 'type' and 'direction' field of _ins* and _outs* I/O functions
are merged into one by ORing _DIO_INPUT/_DIO_OUTPUT and _DIO_BYTE/_DIO_WORD
etc. This allows for an additional parameter, _DIO_SAFE, which indicates
the address in another address space isn't actually an address, but
a grant id. Also needs an offset, for which fields had to be merged.
. SCP_* are field names for SYS_SAFECOPY* functions
. DIAGNOSTICS and GET_KMESS moved to their own range above DIAG_BASE,
added DIAGNOSTICS_S which is a grant-based variant of DIAGNOSTICS
. removed obsolete BINCOMPAT and SRCCOMPAT options
. added GRANT_SEG type for use in vircopy - allows copying to a grant
id (without offset)
. added _MINIX_IOCTL_* macros that decode information encoded by
_IO* macros in ioctl codes, used to check which grants are necessary
for an ioctl
. introduced the type endpoint_t for process endpoints, changed some
prototypes and struct field types to match
. renamed protected to prot for g++
library to the memory driver. Always put output from within TTY directly on
the console. Removed second include of driver.h from tty.c. Made tty_inrepcode
bigger. First step to move PM and FS calls that are not regular (API)
system calls out of callnr.h (renumbered them, and removed them from the
table.c files). Imported the Minix-vmd uname implementation. This provides
a more stable ABI than the current implementation. Added a bit of security
checking. Unfortunately not nearly enough to get a secure system. Fixed a
bug related to the sizes of the programs in the image (in PM patch_mem_chunks).