Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
asynchronous message resulted in an error.
The model here is that:
- Iff a sender wishes to be notified, the sender MUST check for errors
BEFORE sending another asynchronous message.
The reason is that in order to remember the error code, we can't clean up
the message table and hence we risk running out of table space. This is
less of a problem when the sender enables notifications only for errors.
completed (successfully or not). AMF_NOTIFY_ERR can be used if the sender
only wishes to be notified in case of an error (e.g., EDEADSRCDST). A new
endpoint ASYNCM will be the sender of the notification.
lwip server needs to include struct udp_io_hdr but must not include
struct udp-hdr as it conflicts with its internal type. So it is split
into to files now.
- Remove sanity checks for initialized mutexes and condition variables. This
significantly boosts performance. The checks can be turned back on by
compiling libmthread with MTHREAD_STRICT. According to POSIX operations on
uninitialized variables are a MAY fail if, therefore allowing this
optimization.
- Test59 has to be accommodated to the lack of sanity checks on uninitialized
variables in the library. It specifically tests for them and will run into
segfaults when the checks are absent in the library.
- Fix a few bugs related to the scheduler
- Do some general code cleanups
This patch moves more includes (most of them, to tell the truth) to
common/include directory. This completes the list of includes needed
to compile current trunk with the new libc (but to do that you need
more patches in queue).
This patch also contains some modification (for compilation with new
headers) to the common includes under __NBSD_LIBC, the define used
in mk script to specialize compilation with new includes.
This patch moves further includes (the network part and lib.h) in common/.
It is the last part to get the netbsd libc to compile under minix. Further moves will be needed as we get the netbsd libc to compile minix itself.
Also, this patch add #ifndef's to termios.h, as it create problems with netbsd's namespace.h.
Headers that will be shared between old includes and NetBSD-like includes
are moved into common/include tree. They are still copied in /usr/include
in 'make includes', so compilation and programs aren't be affected.