Commit graph

717 commits

Author SHA1 Message Date
Erik van der Kouwe
1f2054c89c Shutdown changes for multiboot: CTRL-ALT-DEL resets, panic halts 2010-08-30 19:01:58 +00:00
Erik van der Kouwe
50ca7f7f8f Zero out to three stack dwords to fix boot errors 2010-08-24 12:51:11 +00:00
Arun Thomas
de231a713e Move MIN() and MAX() macros to sys/params.h 2010-08-21 13:10:41 +00:00
Erik van der Kouwe
b9f5e50421 Provide boot image process main functions with a full parameter list, so that bad things don't heppen when using getenv 2010-08-20 11:07:16 +00:00
Arun Thomas
9a21d1a2fd Macros for symbols used in both ASM and C
-The macros take care of prepending the leading underscore when
 necessary.
2010-08-17 16:44:07 +00:00
Tomas Hruby
f7ef192c02 Fixed warning noreturn function returns in arch_system.c 2010-08-06 12:48:26 +00:00
Tomas Hruby
58654acf08 both ack and gcc can compile klib16.S 2010-08-06 12:46:44 +00:00
Tomas Hruby
ac9a7f47bd Missing prototype in pre_init.c
- gcc does not like it
2010-08-06 12:26:26 +00:00
Erik van der Kouwe
25397ef756 Deal all shutdown cases with multiboot as either reset or poweroff depending on their type (contributed by Feiran 'Fam' Zheng) 2010-08-02 14:41:45 +00:00
Erik van der Kouwe
ebec792700 Display fallback message in case poweroff fails (contributed by Feiran 'Fam' Zheng) 2010-08-02 14:40:26 +00:00
Ben Gras
b9cea27497 kernel: deadlock test with endpoints instead of slot numbers, slightly cleaner 2010-07-28 14:14:06 +00:00
Erik van der Kouwe
df0ba02a38 Multiboot support (contributed by Feiran "Fam" Zheng);
keep in mind that GRUB needs to be patched to read MFS for now;
use /boot/image_latest to boot the last compiled image in GRUB
2010-07-23 14:24:34 +00:00
Erik van der Kouwe
f389ad2655 Move sensitive instructions from libc into kernel 2010-07-23 07:12:47 +00:00
Ben Gras
fe343bb002 Make kernel ipc log scripts work for separate ${.OBJDIR}.
contributed by Antoine Leca.
2010-07-22 22:04:37 +00:00
Cristiano Giuffrida
03bb1e5750 Don't panic so easily on unexpected pagefault. 2010-07-20 23:51:34 +00:00
Cristiano Giuffrida
0d984b36ef Get rid of static spare pages after VM startup. 2010-07-20 21:59:27 +00:00
Ben Gras
7f343ed574 kernel: clear MF_CONTEXT_SET on kernel exit. 2010-07-20 17:13:44 +00:00
Ben Gras
c0074d3aa9 kernel: fix case of EAX getting clobbered after sigreturn. 2010-07-20 17:10:09 +00:00
Ben Gras
e0701109ca kernel: make loading kernel in 2nd chunk of memory (at 1MB) the default.
(indicated by flags hardcoded in kernel that the boot monitor
interprets.)
2010-07-19 16:33:49 +00:00
Ben Gras
b05c989298 kernel - prettier output for ipc errors, call names instead of trap numbers 2010-07-16 15:36:29 +00:00
Cristiano Giuffrida
20101b3bab Remove patch leftovers. 2010-07-13 22:40:14 +00:00
Cristiano Giuffrida
f8a8ea0a79 Dynamic configuration in system.conf for boot system services. 2010-07-13 21:11:44 +00:00
Cristiano Giuffrida
8cedace2f5 Scheduling parameters out of the kernel. 2010-07-13 15:30:17 +00:00
Ben Gras
12e9303297 kernel: compile with -mi386 under gcc/clang to not generate SSE code in-kernel. 2010-07-12 10:11:50 +00:00
Cristiano Giuffrida
8427d774b6 RS live update support. 2010-07-09 18:29:04 +00:00
Cristiano Giuffrida
1f8dbed029 RS crash recovery support. 2010-07-06 22:05:21 +00:00
Ben Gras
e920c1e1df kernel: fix main prototype 2010-07-06 12:14:59 +00:00
Ben Gras
f6f814cb02 include, kernel: minor fixes to make compiling and linking work with clang.
(fixing warnings)
2010-07-06 11:59:19 +00:00
Kees van Reeuwijk
0cfdb11450 Repair errors and warnings flagged by llvm. 2010-07-06 11:29:23 +00:00
Ben Gras
42399159da kernel: these asserts from r7657 are not reasonable
will fire if copy needs more than one try, which is legit.
2010-07-05 17:45:16 +00:00
Ben Gras
545054c608 kernel: use MF_KCALL_RESUME instead of RTS_VMREQUEST for memcopy retry.
solves tracker item 499, submitted by Roman Ignatov.
2010-07-04 23:09:24 +00:00
Tomas Hruby
97eb470bee Fix 2010-07-01 12:31:53 +00:00
Tomas Hruby
7920d48156 FPU cleanup
- last reference to MF_USED_FPU removed

- proc_used_fpu() used to test for MF_FPU_INITIALIZED
2010-07-01 12:23:25 +00:00
Erik van der Kouwe
23284ee7bd User-space scheduling for system processes 2010-07-01 08:32:33 +00:00
Cristiano Giuffrida
180358ffb4 Give RS a page table. 2010-06-28 22:07:49 +00:00
Cristiano Giuffrida
06700d05d1 Give RS a page table. 2010-06-28 21:53:37 +00:00
Ben Gras
8379b08845 library function to retrieve kernel proc table and sanity check it 2010-06-28 11:05:15 +00:00
Tomas Hruby
67fa273d00 MF_REPLY_PEND should be removed when sendrec finishes 2010-06-28 08:32:49 +00:00
Kees van Reeuwijk
5eb6f6e922 Fixed a type declaration inconsistency. 2010-06-26 21:13:36 +00:00
Arun Thomas
c0c8d25799 Rename mkfiles from minix.*.mk to bsd.*.mk
Makes things easier for pkgsrc
2010-06-25 18:29:09 +00:00
Erik van der Kouwe
fe07e7c984 Optional IPC logging 2010-06-24 13:31:40 +00:00
Ben Gras
b3a0a2d86f kernel: don't initialize catch_pagefaults at the extern declaration. 2010-06-24 12:23:23 +00:00
Tomas Hruby
76708e9bf4 mini_receive() clean up
- for better readability xpp is substitued by sender

- makes sure that the dequeued sender has p_q_link == NULL and that
  this condition holds when enqueuing the sender again. This is a
  sanity check to make sure that the new sender is not enqueued
  already

- Before this change the dequeued sender's p_q_link may not be NULL
  and it was only set to NULL when enqueued again
2010-06-23 10:36:19 +00:00
Tomas Hruby
6bc21b6992 Cycle counters zeroed after fork for the child 2010-06-18 14:01:34 +00:00
Tomas Hruby
360de619c0 No linear addresses in message delivery
- removes p_delivermsg_lin item from the process structure and code
  related to it

- as the send part, the receive does not need to use the
  PHYS_COPY_CATCH() and umap_local() couple.  

- The address space of the target process is installed before
  delivermsg() is called.

- unlike the linear address, the virtual address does not change when
  paging is turned on nor after fork().
2010-06-11 08:16:10 +00:00
Ben Gras
a6e357da22 kernel: fix assert condition after a caught in-kernel pagefault 2010-06-09 10:59:57 +00:00
Kees van Reeuwijk
826b9590f2 More endpoint_t correctness.
More const correctness.
Other code cleanup.
2010-06-08 14:09:18 +00:00
Arun Thomas
4c10a31440 Remove legacy MM, FS, and FS_PROC_NR macros 2010-06-08 13:58:01 +00:00
Erik van der Kouwe
7bd7946346 Remove redundant macro cproc_addr 2010-06-08 13:38:44 +00:00
Erik van der Kouwe
78186ee5f5 Add endpoint checks in scheduling kernel calls 2010-06-08 12:04:21 +00:00
Ben Gras
a09a8d4f3e kernel: fix for vm_init that triggered assert(ptproc == newptproc)
- zero cr3 in vm_init() to avoid switch_address_space() not doing anything.

 - add vm_stop() to disable paging on shutdown.
2010-06-07 22:21:45 +00:00
Tomas Hruby
cbc9586c13 Lazy FPU
- FPU context is stored only if conflict between 2 FPU users or while
  exporting context of a process to userspace while it is the active
  user of FPU

- FPU has its owner (fpu_owner) which points to the process whose
  state is currently loaded in FPU

- the FPU exception is only turned on when scheduling a process which
  is not the owner of FPU

- FPU state is restored for the process that generated the FPU
  exception. This process runs immediately without letting scheduler
  to pick a new process to resolve the FPU conflict asap, to minimize
  the FPU thrashing and FPU exception hadler execution

- faster all non-FPU-exception kernel entries as FPU state is not
  checked nor saved

- removed MF_USED_FPU flag, only MF_FPU_INITIALIZED remains to signal
  that a process has used FPU in the past
2010-06-07 07:43:17 +00:00
Cristiano Giuffrida
a53514d4a9 Fix range checking in safecopy. 2010-06-04 18:05:38 +00:00
Tomas Hruby
f28acecb78 Removed a buggy assert unintentionally commted in r7044 2010-06-04 10:54:43 +00:00
Ben Gras
2f892aca91 kernel fpu context switching: fix race condition
There seems to have been a broken assumption in the fpu context
restoring code.  It restores the context of the running process, without
guarantee that the current process is the one that will be scheduled.
This caused fpu saving for a different process to be triggered without
fpu hardware being enabled, causing an fpu exception in the kernel. This
practically only shows up with DEBUG_RACE on. Fix my thruby+me.

The fix
 . is to only set the fpu-in-use-by-this-process flag in the
   exception handler, and then take care of fpu restoring when
   actually returning to userspace

And the patch
 . translates fpu saving and restoring to c in arch_system.c,
   getting rid of a juicy chunk of assembly
 . makes osfxsr_feature private to arch_system.c
 . removes most of the arch dependent code from do_sigsend
2010-06-03 11:32:22 +00:00
Kees van Reeuwijk
36e12d5bd8 Use endpoint_t for the destination of mini_send and _syscall, and the
source of mini_receive.

Also some small cleanup.
2010-06-02 21:51:32 +00:00
Kees van Reeuwijk
ed0b81c25c Removed some unused variables and functions. 2010-06-02 19:41:38 +00:00
Tomas Hruby
463be393c2 Gracefull crash if FPU exception in kernel 2010-06-02 13:59:55 +00:00
Tomas Hruby
7bfa47476c Fixed stack trace if panic in stop_context() 2010-06-02 08:53:49 +00:00
Arun Thomas
8579c59b3f Minor makefile changes for GCC 2010-06-01 09:41:31 +00:00
Tomas Hruby
40f440b8cd KCall methods do not depend on m_source and m_type fields
- substituted the use of the m_source message field by
  caller->p_endpoint in kernel calls. It is the same information, just
  passed more intuitively.
  
- the last dependency on m_type field is removed.
  
- do_unused() is substituted by a check for NULL.

- this pretty much removes the depency of kernel calls on the general
  message format. In the future this may be used to pass the kcall
  arguments in a different structure or registers (x86-64, ARM?) The
  kcall number may be passed in a register already.
2010-06-01 08:54:31 +00:00
Tomas Hruby
ebbd319ac0 do_safecopy split
- removes dependency of do_safecopy() on the m_type field of the kcall
  messages.

- instead of do_safecopy() figuring out what action is requested, the
  correct safecopy method is called right away.
2010-06-01 08:51:37 +00:00
Arun Thomas
007104d60e GCC build fixes/updates
-Set stack sizes for boot image processes
-Increase RS stack size
-Reduce ramdisk size
-HARDWARE task should use kernel stack
-Minor asm tweaks for leading underscores
2010-05-26 18:45:55 +00:00
Tomas Hruby
24764ff47a Fixed ms-based scheduling for legacy timer 2010-05-26 08:20:29 +00:00
David van Moolenbroek
51ff10d7c0 reset alarm timer on PRIVCTL 2010-05-26 07:10:28 +00:00
Tomas Hruby
451a6890d6 scheduling - time quantum in miliseconds
- Currently the cpu time quantum is timer-ticks based. Thus the
  remaining quantum is decreased only if the processes is interrupted
  by a timer tick. As processes block a lot this typically does not
  happen for normal user processes. Also the quantum depends on the
  frequency of the timer.

- This change makes the quantum miliseconds based. Internally the
  miliseconds are translated into cpu cycles. Everytime userspace
  execution is interrupted by kernel the cycles just consumed by the
  current process are deducted from the remaining quantum.

- It makes the quantum system timer frequency independent.

- The boot processes quantum is loosely derived from the tick-based
  quantas and 60Hz timer and subject to future change

- the 64bit arithmetics is a little ugly, will be changes once we have
  compiler support for 64bit integers (soon)
2010-05-25 08:06:14 +00:00
Kees van Reeuwijk
ac14a989b3 Fixed some inconsistent strict typing declarations.
Better strict typing.
2010-05-25 07:23:24 +00:00
Erik van der Kouwe
1f11a57141 Oops, last commit included more than was intended 2010-05-20 08:07:47 +00:00
Erik van der Kouwe
5f15ec05b2 More system processes, this was not enough for the release script to run on some configurations 2010-05-20 08:05:07 +00:00
Arun Thomas
b0159ad168 Buildsystem changes for GCC
-Makefile updates
-Update mkdep
-Build fixes/warning cleanups for some programs
-Restore leading underscores on global syms in kernel asm files
-Increase ramdisk size
2010-05-19 13:24:15 +00:00
Ben Gras
6d0e53c2ca use oxpcie only if enabled to avoid baud bottleneck of uart. 2010-05-19 10:18:46 +00:00
Ben Gras
9ba760e603 kernel: oxpcie serial card support.
ask to map in oxpcie i/o memory and support serial i/o for it in the
kernel. set oxpcie=<address> in boot monitor (retrieve address using
pci_debug=1 output). (no sanity checking is done on the address
currently.) disabled by default.

The change also contains some other minor cleanup (a new serial.h to set
register info common to UART and the OXPCIe card, in-kernel memory
mapping a little more structured and env_get() to get sysenv variables
without knowing about the params_buffer).
2010-05-19 10:00:02 +00:00
Tomas Hruby
dcc81d73e8 boot image - no need for entry point
- removes the initial_pc from struct boot_image. It is always set
  to 0 and RS uses a.out headers.
2010-05-18 13:51:46 +00:00
Tomas Hruby
b09bcf6779 Scheduling server (by Bjorn Swift)
In this second phase, scheduling is moved from PM to its own
scheduler (see r6557 for phase one). In the next phase we hope to a)
include useful information in the "out of quantum" message and b)
create some simple scheduling policy that makes use of that
information.

When the system starts up, PM will iterate over its process table and
ask SCHED to take over scheduling unprivileged processes. This is
done by sending a SCHEDULING_START message to SCHED. This message
includes the processes endpoint, the parent's endpoint and its nice
level. The scheduler adds this process to its schedproc table, issues
a schedctl, and returns its own endpoint to PM - as the endpoint of
the effective scheduler. When a process terminates, a SCHEDULING_STOP
message is sent to the scheduler.

The reason for this effective endpoint is for future compatibility.
Some day, we may have a scheduler that, instead of scheduling the
process itself, forwards the SCHEDULING_START message on to another
scheduler.

PM has information on who schedules whom. As such, scheduling
messages from user-land are sent through PM. An example is when
processes change their priority, using nice(). In that case, a
getsetpriority message is sent to PM, which then sends a
SCHEDULING_SET_NICE to the process's effective scheduler.

When a process is forked through PM, it inherits its parent's
scheduler, but is spawned with an empty quantum. As before, a request
to fork a process flows through VM before returning to PM, which then
wakes up the child process. This flow has been modified slightly so
that PM notifies the scheduler of the new process, before waking up
the child process. If the scheduler fails to take over scheduling,
the child process is torn down and the fork fails with an erroneous
value.

Process priority is entirely decided upon using nice levels. PM
stores a copy of each process's nice level and when a child is
forked, its parent's nice level is sent in the SCHEDULING_START
message. How this level is mapped to a priority queue is up to the
scheduler. It should be noted that the nice level is used to
determine the max_priority and the parent could have been in a lower
priority when it was spawned. To prevent a CPU intensive process from
hawking the CPU by continuously forking children that get scheduled
in the max_priority, the scheduler should determine in which queue
the parent is currently scheduled, and schedule the child in that
same queue.

Other fixes: The USER_Q in kernel/proc.h was incorrectly defined as
NR_SCHED_QUEUES/2. That results in a "off by one" error when
converting priority->nice->priority for nice=0. This also had the
side effect that if someone were to set the MAX_USER_Q to something
else than 0, then USER_Q would be off.
2010-05-18 13:39:04 +00:00
Tomas Hruby
b90c2d7026 rename of mode/context switching functions
- this patch only renames schedcheck() to switch_to_user(),
  cycles_accounting_stop() to context_stop() and restart() to
  +restore_user_context()

- the motivation is that since the introduction of schedcheck() it has
  been abused for many things. It deserves a better name.  It should
  express the fact that from the moment we call the function we are in
  the process of switching to user.

- cycles_accounting_stop() was originally a single purpose function.
  As this function is called at were convenient places it is used in
  for other things too, e.g. (un)locking the kernel. Thus it deserves
  a better name too.

- using the old name, restart() does not call schedcheck(), however
  calls to restart are replaced by calls to schedcheck()
  [switch_to_user] and it calls restart() [restore_user_context]
2010-05-18 13:00:39 +00:00
Ben Gras
bfc9c5c3a8 kernel: small ammendment to pagefault-in-kernel panic 2010-05-12 08:56:11 +00:00
Ben Gras
c5c25e7abc kernel/vm: change pde table info from single buffer to explicit per-process.
makes code in kernel more readable, and allows better sanity checking on
using the pde info.
2010-05-12 08:31:05 +00:00
Ben Gras
7c5e1d1b29 kernel - don't print info about scheduled process if pagefault happened in kernel. 2010-05-11 15:14:10 +00:00
Erik van der Kouwe
b7bf2733d6 Intermediate boot verbosity level EXTRA (2), MAX moved to 3 2010-05-10 18:07:59 +00:00
Tomas Hruby
6e25ad8b0a Use of all NIL_* defines converted to NULL 2010-05-10 13:26:00 +00:00
Ben Gras
a1636b85b7 kernel: new DEBUG_RACE option. try to provoke race conditions between processes.
it does this by 
  - making all processes interruptible by running out of quantum
  - giving all processes a single tick of quantum
  - picking a random runnable process instead of in order, and
    from a single pool of runnable processes (no priorities)

This together with very high HZ values currently provokes some race conditions
seen earlier only when running with SMP.
2010-05-08 18:00:03 +00:00
Ben Gras
72335b7642 kernel: print spurious interrupt message with increasing interval. 2010-05-08 17:21:37 +00:00
Tomas Hruby
4f962b4798 A small mini_receive() cleanup
- this patch substitutes *xpp for sender to increase readability of
  mini_receive().

- makes sure that the dequeued sender has p_q_link == NULL and that
  this condition holds when enqueuing the sender again. 

- it is a sanity check to make sure that the new sender is not
  enqueued already. Before this change the dequeued sender's p_q_link
  may not be NULL and it was only set to NULL when enqueued again.
2010-05-07 11:22:49 +00:00
Ben Gras
b8eddf00d8 kernel: don't try to lookup ANY in debug output. 2010-05-06 22:39:11 +00:00
Ben Gras
0194fe55dc kernel: increase some per-process privilege limits. 2010-05-06 22:21:08 +00:00
Tomas Hruby
ec56479675 deadlock() - more info
- deadlock() is more verbose in case of a detected deadlock. First, it
  lists all processses in the deadlock group. Then it prints the proc
  extra info, not only  stack trace and register dump
2010-05-03 17:38:54 +00:00
Tomas Hruby
57a88ce708 debugging - printing processes on serial
- this patch moves the former printslot() from arch_system.c to
  debug.c and reimplements it slightly. The output is not changed,
  however, the process information is printed in a separate function
  print_proc() in debug.c as such a function is also handy in other
  situations and should be publicly available when debugging.
2010-05-03 17:37:18 +00:00
Ben Gras
4e837dcfb3 kernel: more diagnostics for privctl ENOMEM conditions. 2010-04-29 08:50:52 +00:00
Ben Gras
50335291ae kernel: fpu_init: only enable OSXMMEXCPT in CR4 on at least SSE1 machines.
Found and debugged by totalinux at yandex.ru and Evgeniy Ivanov, thanks!
2010-04-28 13:51:02 +00:00
Ben Gras
c37401f23f kernel: fpu init to separate function; also move fpu init down
moving the fpu code causes exceptions raised by it to be trapped
neatly instead of causing a triple fault, before the IDT is initialized.
2010-04-28 13:25:29 +00:00
Erik van der Kouwe
84d404aba3 Fix types in debug register functions 2010-04-28 08:35:05 +00:00
Tomas Hruby
b528d52ea8 pagefault() is private 2010-04-27 20:30:33 +00:00
Erik van der Kouwe
4bddc57477 Remove debug printfs in breakpoints.c, they should never have been there 2010-04-27 12:25:04 +00:00
Tomas Hruby
f51eea4b32 Changed pagefault delivery to VM
this patch changes the way pagefaults are delivered to VM. It adopts
the same model as the out-of-quantum messages sent by kernel to a
scheduler.

- everytime a userspace pagefault occurs, kernel creates a message
  which is sent to VM on behalf of the faulting process

- the process is blocked on delivery to VM in the standard IPC code
  instead of waiting in a spacial in-kernel queue (stack) and is not
  runnable until VM tell kernel that the pagefault is resolved and is
  free to clear the RTS_PAGEFAULT flag.

- VM does not need call kernel and poll the pagefault information
  which saves many (1/2?) calls and kernel calls that return "no more
  data"

- VM notification by kernel does not need to use signals

- each entry in proc table is by 12 bytes smaller (~3k save)
2010-04-26 23:21:26 +00:00
Ben Gras
86e8eff905 remove intr_disabled() as interrupts are always disabled in the kernel now. 2010-04-26 15:32:42 +00:00
Cristiano Giuffrida
0f353411d7 Set IPC status code only for RECEIVE 2010-04-26 14:43:59 +00:00
Kees van Reeuwijk
d106968d77 Remove useless symbol declarations from headers, make symbols local where possible, add some explicit initialization to global variables. 2010-04-22 07:49:40 +00:00
Kees van Reeuwijk
86a23c1fbd Remove U16_t and most other similar types. Rewrite functions to ansi-style
declaration if necessary.
2010-04-21 11:05:22 +00:00
Kees van Reeuwijk
b412fb7ad5 Code cleanup: remove unused #include, variables and code, 2010-04-15 18:49:36 +00:00
Erik van der Kouwe
8b459cfbb3 Provide information on lethal signals (stacktrace and signo) 2010-04-14 09:06:34 +00:00
Kees van Reeuwijk
fa3adedf63 Remove some duplicate declarations in headers.
Explicitly declare some functions as returning void.
2010-04-13 15:22:38 +00:00
Kees van Reeuwijk
bc314bda91 Remove the types Dev_t, _mnx_Gui, _mnx_Uid, and similar.
Use ANSI-style function declarations where necessary.
2010-04-13 10:58:41 +00:00
Tomas Hruby
9b599bac1d Quantum in fork
- This patch removes the time slice split between parent and child in
  fork.

- The time slice of the parent remains unchanged and the child does
  not have any.

- If the process has a scheduler, the scheduler must assign the
  quantum and priority of the new process and let it run.

- If the child does not inherit a scheduler, it is scheduled by the
  dummy default kernel policy. (servers, drivers, etc.)

- In theory, the scheduler can change the quantum even of the parent
  process and implement any policy for splitting the quantum as
  neither the parent nor the child are runnable.  Sending the
  out-of_quantum message on behalf of the processes may look like the
  right solution, however, the scheduler would probably handle the
  message before the whole fork protocol is finished. This way the
  scheduler has absolute control when the process should become
  runnable.
2010-04-10 15:27:38 +00:00
Tomas Hruby
512058ca98 This tiny cleanup makes the naming a variables in createpde() more clear. 2010-04-10 15:22:41 +00:00
Tomas Hruby
9fdb773cdb A simpler test whether to use kernel's default scheduling
- this is a small addition to the userspace scheduling.
  proc_kernel_scheduler() tests whether to use the default scheduling
  policy in kernel. It is true if the process' scheduler is NULL _or_
  self. Currently none of the tests was complete.
2010-04-10 15:19:25 +00:00
Tomas Hruby
485a037563 do_schedule() cleanup
- it is not neccessary to test whether the scheduler is a system
  process as the process already head permissions to make this call.

- it is better to test whether the scheduler has permission to make
  changes to this process before testing whether the values are valid.
2010-04-10 15:17:09 +00:00
Cristiano Giuffrida
48c6bb79f4 Driver refactory for live update and crash recovery.
SYSLIB CHANGES:
- DS calls to publish / retrieve labels consider endpoints instead of u32_t.

VFS CHANGES:
- mapdriver() only adds an entry in the dmap table in VFS.
- dev_up() is only executed upon reception of a driver up event.

INET CHANGES:
- INET no longer searches for existing drivers instances at startup.
- A newtwork driver is (re)initialized upon reception of a driver up event.
- Networking startup is now race-free by design. No need to waste 5 seconds
at startup any more.

DRIVER CHANGES:
- Every driver publishes driver up events when starting for the first time or
in case of restart when recovery actions must be taken in the upper layers.
- Driver up events are published by drivers through DS. 
- For regular drivers, VFS is normally the only subscriber, but not necessarily.
For instance, when the filter driver is in use, it must subscribe to driver
up events to initiate recovery.
- For network drivers, inet is the only subscriber for now.
- Every VFS driver is statically linked with libdriver, every network driver
is statically linked with libnetdriver.

DRIVER LIBRARIES CHANGES:
- Libdriver is extended to provide generic receive() and ds_publish() interfaces
for VFS drivers.
- driver_receive() is a wrapper for sef_receive() also used in driver_task()
to discard spurious messages that were meant to be delivered to a previous
version of the driver.
- driver_receive_mq() is the same as driver_receive() but integrates support
for queued messages.
- driver_announce() publishes a driver up event for VFS drivers and marks
the driver as initialized and expecting a DEV_OPEN message.
- Libnetdriver is introduced to provide similar receive() and ds_publish()
interfaces for network drivers (netdriver_announce() and netdriver_receive()).
- Network drivers all support live update with no state transfer now.

KERNEL CHANGES:
- Added kernel call statectl for state management. Used by driver_announce() to
unblock eventual callers sendrecing to the driver.
2010-04-08 13:41:35 +00:00
Tomas Hruby
25f2145956 Fixed a panic message
- exceptions cannot occur in kernel tasks as we don't have kernel
  tasks anymore
2010-04-07 12:50:43 +00:00
Kees van Reeuwijk
94a81c840a Removed unused variables, added const where possible. 2010-04-07 11:25:51 +00:00
Tomas Hruby
b464da5d73 do_nice.c
- this file is not used and should have been remove in r6557
2010-04-06 13:44:03 +00:00
Tomas Hruby
987b87e2ad Small fixes
- do_sync_ipc() is private

- fixed typo in a comment
2010-04-06 11:29:31 +00:00
Tomas Hruby
a774cc832f do_ipc() rearrangements
this patch does not add or change any functionality of do_ipc(), it
only makes things a little cleaner (hopefully).

Until now do_ipc() was responsible for handling all ipc calls. The
catch is that SENDA is fairly different which results in some ugly
code like this typecasting and variables naming which does not make
much sense for SENDA and makes the code hard to read.

result = mini_senda(caller_ptr, (asynmsg_t *)m_ptr, (size_t)src_dst_e);

As it is called directly from assembly, the new do_ipc() takes as
input values of 3 registers in reg_t variables (it used to be 4,
however, bit_map wasn't used so I removed it), does the checks common
to all ipc calls and call the appropriate handler either for
do_sync_ipc() (all except SENDA) or mini_senda() (for SENDA) while
typecasting the reg_t values correctly. As a result, handling SENDA
differences in do_sync_ipc() is no more needed. Also the code that
uses msg_size variable is improved a little bit.

arch_do_syscall() is simplified too.
2010-04-06 11:24:26 +00:00
Tomas Hruby
b0d37b81c4 RTS_SYS_LOCK and do_runctl()
- No need for RTS_SYS_LOCK as there are no tasks anymore.
2010-04-06 11:18:04 +00:00
Tomas Hruby
cdd6743e88 do_vtimer()
- removed comment which is not true anymore as we don't have any
  tasks. No need to take any special measures.
2010-04-06 11:16:14 +00:00
Arun Thomas
4ed3a0cf3a Convert kernel over to bsdmake 2010-04-01 22:22:33 +00:00
Kees van Reeuwijk
0a04f49d2b Fixed some incorrect uses of printf-like functions. 2010-04-01 14:30:36 +00:00
Kees van Reeuwijk
fc7dced1fa Fix printfs with too few or too many parms, remove unused vars, fix incorrect flag tests, other code cleanup. 2010-04-01 13:25:05 +00:00
Cristiano Giuffrida
d8b42a755d Move kernel signal SIGKNDELAY to system signal SIGSNDELAY and fix broken ptrace. 2010-03-31 08:55:12 +00:00
Kees van Reeuwijk
4865e3f4f9 More use of endpoint_t. Other code cleanup. 2010-03-30 14:07:15 +00:00
Tomas Hruby
63e2d73d1b Fixed brackets in bitmap macros 2010-03-30 08:34:33 +00:00
Ben Gras
f2b87f5fb7 don't print SYSTEM stacktrace on exceptions as it's not scheduled any more. 2010-03-29 15:32:19 +00:00
Tomas Hruby
62203ec287 NOREC_ENTER and NOREC_RETURN checks removed
- the reasons for these checks no longer exist

- these check are problematic on SMP
2010-03-29 11:43:10 +00:00
Tomas Hruby
5b52c5aa02 A reliable way for userspace to check if a msg is from kernel
- IPC_FLG_MSG_FROM_KERNEL status flag is returned to userspace if the
  receive was satisfied by s message which was sent by the kernel on
  behalf of a process. This perfectly reliale information.

- MF_SENDING_FROM_KERNEL flag added to processes to be able to set
  IPC_FLG_MSG_FROM_KERNEL when finishing receive if the receiver
  wasn't ready to receive immediately.

- PM is changed to use this information to confirm that the scheduling
  messages are indeed from the kernel and not faked by a process.

  PM uses sef_receive_status()

- get_work() is removed from PM to make the changes simpler
2010-03-29 11:25:01 +00:00
Tomas Hruby
2521cc6bdf Slightly faster IPC
- there are cycles wasted in the IPC call due to a fairly compliacted
  way of copying messages from userland to kernel. Sometimes this
  complicated way (generic though) is used even for copying within the
  kernel address space, sometimes it is used for copying in case _no_
  copying is necessary. The goal of this patch is to improve this a
  little bit.

- the places where a copy is from user to kernel use the
  copy_msg_from_user() kernel-kernel copies are turned into
  assignments and BuildNotifyMessage uses the delivery buffers to
  avoid copying.

- copy_msg_from_user() was introduced when removing the system task
  and is about 2/3 faster then using the current mechanism
  (phys_copy). It also avoids the PHYS_COPY_CATCH macro. Assignment is
  also faster and no copy is the fastest ;-) so perhaps there will be
  some hardly noticable performance gain besides the clean up.
2010-03-29 11:16:37 +00:00
Tomas Hruby
b4cf88a04f Userspace scheduling
- cotributed by Bjorn Swift

- In this first phase, scheduling is moved from the kernel to the PM
  server. The next steps are to a) moving scheduling to its own server
  and b) include useful information in the "out of quantum" message,
  so that the scheduler can make use of this information.

- The kernel process table now keeps record of who is responsible for
  scheduling each process (p_scheduler). When this pointer is NULL,
  the process will be scheduled by the kernel. If such a process runs
  out of quantum, the kernel will simply renew its quantum an requeue
  it.

- When PM loads, it will take over scheduling of all running
  processes, except system processes, using sys_schedctl().
  Essentially, this only results in taking over init. As children
  inherit a scheduler from their parent, user space programs forked by
  init will inherit PM (for now) as their scheduler.

 - Once a process has been assigned a scheduler, and runs out of
   quantum, its RTS_NO_QUANTUM flag will be set and the process
   dequeued. The kernel will send a message to the scheduler, on the
   process' behalf, informing the scheduler that it has run out of
   quantum. The scheduler can take what ever action it pleases, based
   on its policy, and then reschedule the process using the
   sys_schedule() system call.

- Balance queues does not work as before. While the old in-kernel
  function used to renew the quantum of processes in the highest
  priority run queue, the user-space implementation only acts on
  processes that have been bumped down to a lower priority queue.
  This approach reacts slower to changes than the old one, but saves
  us sending a sys_schedule message for each process every time we
  balance the queues. Currently, when processes are moved up a
  priority queue, their quantum is also renewed, but this can be
  fiddled with.

- do_nice has been removed from kernel. PM answers to get- and
  setpriority calls, updates it's own nice variable as well as the
  max_run_queue. This will be refactored once scheduling is moved to a
  separate server. We will probably have PM update it's local nice
  value and then send a message to whoever is scheduling the process.

- changes to fix an issue in do_fork() where processes could run out
  of quantum but bypassing the code path that handles it correctly.
  The future plan is to remove the policy from do_fork() and implement
  it in userspace too.
2010-03-29 11:07:20 +00:00
Tomas Hruby
a3ffc0f7ad Removed NIL_SYS_PROC and NIL_PROC
- NIL_PROC replaced by simple NULLs
2010-03-28 09:54:32 +00:00
Kees van Reeuwijk
98493805fd Lots of const correctness. 2010-03-27 14:31:00 +00:00
Cristiano Giuffrida
9192dbecc9 Preserve the order of IPC messages between two parties.
Currently a sequence of messages between a sender A and a receiver B of the
form: A.asynsend(M1, B); A.send(M2, B) may result in the receiver receiving
M1 first and then M2 or viceversa. This patch makes sure that the original
order M1, M2 is always preserved.

Note that the order of a hypotetical sequence A.asynsend(M1, B);
A.asynsend(M2, B) is already guaranteed by the implementation of
asynsend by design. Other senda-based wrappers can define their own
semantics.
2010-03-27 00:09:22 +00:00
Tomas Hruby
8e5a82fd49 Comment in proc.h
- This comment is not correct as the pproc_addr array does not exist.
2010-03-26 13:19:04 +00:00
Tomas Hruby
1dd6f5573a Direction flag
- ack assumes that the direction flag in eflags is clear when
  assigning two structures. It is implemented by a call to a built-in
  function which is like memcpy but needs the flag to be clear
  otherwise rubish is copied. This patch fixes the kernel entries.
2010-03-26 12:29:52 +00:00
Tomas Hruby
8451a86f0a Interrupts hadling while idle
- When the cpu halts, the interrupts are enable so the cpu may be
  woken up. When the interrupt handler returns but another interrupt
  is available it is also serviced immediately. This is not a problem
  per-se. It only slightly breaks time accounting as idle accounted is
  for the kernel time in the interrupt handler.
  
  
-  As the big kernel lock is lock/unlocked in the smp branch in the
   time acounting functions as they are called exactly at the places
   we need to take the lock) this leads to a deadlock.

- we make sure that once the interrupt handler returns from the nested
  trap, the interrupts are disabled. This means that only one
  interrupt is serviced after idle is interrupted.

- this requires the loop in apic timer calibration to keep reenabling
  the interrupts. I admit it is a little bit hackish (one line),
  however, this code is a stupid corner case at the boot time.
  Hopefully it does not matter too much.
2010-03-23 13:35:01 +00:00
Cristiano Giuffrida
bde2109b7c IPC status code for receive().
IPC changes:
- receive() is changed to take an additional parameter, which is a pointer to
a status code.
- The status code is filled in by the kernel to provide additional information
to the caller. For now, the kernel only fills in the IPC call used by the
sender.

Syslib changes:
- sef_receive() has been split into sef_receive() (with the original semantics)
and sef_receive_status() which exposes the status code to userland.
- Ideally, every sys process should gradually switch to sef_receive_status()
and use is_ipc_notify() as a dependable way to check for notify.
- SEF has been modified to use is_ipc_notify() and demonstrate how to use the
new status code.
2010-03-23 00:09:11 +00:00
Cristiano Giuffrida
45db6482e8 Prioritized NOTIFY messages for reliable asynchonrous delivery of system events. 2010-03-22 23:44:55 +00:00
Kees van Reeuwijk
c33102ea6b Miscellaneous code cleanup. 2010-03-22 20:43:06 +00:00
Ben Gras
4b2310a7ee only print 1 every 1000 spurious interrupts (per interrupt). 2010-03-22 13:55:51 +00:00
Tomas Hruby
12ef495cac atomicity fix when enabling paging
- before enabling paging VM asks kernel to resize its segments. This
  may cause kernel to segfault if APIC is used and an interrupt
  happens between this and paging enabled. As these are 2 separate
  vmctl calls it is not atomic. This patch fixes this problem. VM does
  not ask kernel to resize the segments in a separate call anymore.
  The new segments limit is part of the "enable paging" call. It
  generalizes this call in such a way that more information can be
  passed as need be or the information may be completely different if
  another architecture requires this.
2010-03-22 07:42:52 +00:00
Tomas Hruby
a5094f7d7f Kernel dumps its registers when exception
- if an exception occurs in kernel and this exception is not handled
  in an sane way and the kernel crashes, it also dumps what was loaded
  in the general purpose registers exactly at the time of the
  exception to help to debug the problem
2010-03-20 14:59:18 +00:00
Erik van der Kouwe
b42c66ed10 this patch adds access to the debug breakpoints to
the kernel. They are not used atm, but having them in trunk allows them
to be easily used when needed. To set a breakpoint that triggers when
the variable foo is written to (the most common use case), one calls:

breakpoint_set(vir2phys((vir_bytes) &foo), 0,
  BREAKPOINT_FLAG_MODE_GLOBAL |
  BREAKPOINT_FLAG_RW_WRITE |
  BREAKPOINT_FLAG_LEN_4);

It can later be disabled using:

breakpoint_set(vir2phys((vir_bytes) &foo), 0,
  BREAKPOINT_FLAG_MODE_OFF);

There are some limitations:

- There are at most four breakpoints (hardware limit); the index of the
  breakpoint (0-3) is specified as the second parameter of
  breakpoint_set.

- The breakpoint exception in the kernel is not handled and causes a
  panic; it would be reasonably easy to change this by inspecing DR6,
  printing a message, disabling the breakpoint and continuing. However,
  in my experience even just a panic can be very useful.

- Breakpoints can be set only in the part of the address space that is
  in every page table. It is useful for the kernel, but to use this for
  user processes would require saving and restoring the debug registers
  as part of the context switch. Although the CPU provides support for
  local breakpoints (I implemened this as BREAKPOINT_FLAG_LOCAL) they
  only work if task switching is used.
2010-03-19 19:15:20 +00:00
Erik van der Kouwe
19ff96081c Specify missing return type 2010-03-19 19:07:00 +00:00
Tomas Hruby
a0602c06a3 Fixed kernel stack comment 2010-03-18 16:18:22 +00:00
Ben Gras
f250bfaa13 change messy CREATEPDE macro to clean little function.
forget about the dirtypde bitmap and WIPEPDE/DONEPDE macros too.

check if mapping happens to already be in place, and if so, don't
reload cr3 (on the account of that mapping, that is).

don't reload cr3 unconditionally.
2010-03-18 13:35:41 +00:00
Erik van der Kouwe
c3e73f0793 Provide a warning is a kernel call has been denied, to ease system.conf debugging 2010-03-17 18:23:51 +00:00
Cristiano Giuffrida
cb176df60f New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
        /usr/src/etc/system.conf updated to ignore default kernel calls: copy
        it (or merge it) to /etc/system.conf.
        The hello driver (/dev/hello) added to the distribution:
        # cd /usr/src/commands/scripts && make clean install
        # cd /dev && MAKEDEV hello

KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.

PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.

SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.

VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().

RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.

DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.

DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 01:15:29 +00:00
Cristiano Giuffrida
83d1f45578 Fixed a bug in interrupt handling code when removing a handler in case of
a shared IRQ.
2010-03-16 10:20:36 +00:00
Thomas Veerman
bef0e3eb63 - Add support for the ucontext system calls (getcontext, setcontext,
swapcontext, and makecontext).
- Fix VM to not erroneously think the stack segment and data segment have
  collided when a user-space thread invokes brk().
- Add test51 to test ucontext functionality.
- Add man pages for ucontext system calls.
2010-03-12 15:58:41 +00:00
Ben Gras
0937d6c367 re-establish kernel assert()s.
use the regular <assert.h> assert() instead of vmassert() in
kernel. throw out some #if 0 code. fix a few assert() conditions.
enable by default.
2010-03-10 13:00:05 +00:00
Arun Thomas
1f9ce647cf Move archtypes.h, fpu.h, and stackframe.h
Move archtypes.h to include/ dir, since several servers require it. Move
fpu.h and stackframe.h to arch-specific header directory. Make source
files and makefiles aware of the new header locations.
2010-03-09 09:41:14 +00:00
Arun Thomas
2a8fabf4ad Include directory reorg and makefile updates.
-Convert the include directory over to using bsdmake
 syntax
-Update/add mkfiles
-Modify install(1) so that it can create symlinks
-Update makefiles to use new install(1) options
-Rename /usr/include/ibm to /usr/include/i386
-Create /usr/include/machine symlink to arch header files
-Move vm_i386.h to its new home in the /usr/include/i386
-Update source files to #include the header files at their
 new homes.
-Add new gnu-includes target for building GCC headers
2010-03-08 11:04:59 +00:00
Tomas Hruby
ecf1a36d48 Fix for FPU broken by r6131
- cycles accounting must be called earlier, firstly not to clobber the %ebx
  register, secondly to be correctly called in both branches.
2010-03-05 22:23:03 +00:00
Ben Gras
35a108b911 panic() cleanup.
this change
   - makes panic() variadic, doing full printf() formatting -
     no more NO_NUM, and no more separate printf() statements
     needed to print extra info (or something in hex) before panicing
   - unifies panic() - same panic() name and usage for everyone -
     vm, kernel and rest have different names/syntax currently
     in order to implement their own luxuries, but no longer
   - throws out the 1st argument, to make source less noisy.
     the panic() in syslib retrieves the server name from the kernel
     so it should be clear enough who is panicing; e.g.
         panic("sigaction failed: %d", errno);
     looks like:
         at_wini(73130): panic: sigaction failed: 0
         syslib:panic.c: stacktrace: 0x74dc 0x2025 0x100a
   - throws out report() - printf() is more convenient and powerful
   - harmonizes/fixes the use of panic() - there were a few places
     that used printf-style formatting (didn't work) and newlines
     (messes up the formatting) in panic()
   - throws out a few per-server panic() functions
   - cleans up a tie-in of tty with panic()

merging printf() and panic() statements to be done incrementally.
2010-03-05 15:05:11 +00:00
Ben Gras
e6cb76a2e2 no more kprintf - kernel uses libsys printf now, only kputc is special
to the kernel.
2010-03-03 15:45:01 +00:00
Ben Gras
18924ea563 New P_BLOCKEDON for kernel - a macro that encodes the "who is this
process waiting for" logic, which is duplicated a few times in the
kernel. (For a new feature for top.)

Introducing it and throwing out ESRCDIED and EDSTDIED (replaced by
EDEADSRCDST - so we don't have to care which part of the blocking is
failing in system.c) simplifies some code in the kernel and callers that
check for E{DEADSRCDST,ESRCDIED,EDSTDIED}, but don't care about the
difference, a fair bit, and more significantly doesn't duplicate the
'blocked-on' logic.
2010-03-03 15:32:26 +00:00
Arun Thomas
cbd276e4ce Convert library asm files to GAS syntax 2010-03-03 14:27:30 +00:00
Kees van Reeuwijk
bf7397b64e More correctly use cp_grant_id_t.
More correctly use vir_bytes.
More correctly use endpoint_t.
2010-03-02 23:12:13 +00:00
Kees van Reeuwijk
1ba0936619 Fix some uses of uninitialized variables. 2010-02-19 10:41:02 +00:00
Kees van Reeuwijk
97c169b93a Remove some unused #include.
Remove some unused variables and computations on them.
2010-02-17 20:24:42 +00:00
Arun Thomas
b706112487 Incorporate bsdmake into buildsystem and reorganize libs 2010-02-16 14:41:33 +00:00
David van Moolenbroek
e306663455 fix the somehow newly introduced warnings 2010-02-14 18:39:47 +00:00
Erik van der Kouwe
ff835e0e35 use the verbose=2 boot monitor setting to get extensive output for debugging 2010-02-13 22:11:16 +00:00
Kees van Reeuwijk
df60646f98 Undo the use of #include <...> because it caused some errors. 2010-02-12 14:43:18 +00:00
Tomas Hruby
1b56fdb33c Time accounting based on TSC
- as thre are still KERNEL and IDLE entries, time accounting for
  kernel and idle time works the same as for any other process

- everytime we stop accounting for the currently running process,
  kernel or idle, we read the TSC counter and increment the p_cycles
  entry.

- the process cycles inherently include some of the kernel cycles as
  we can stop accounting for the process only after we save its
  context and we start accounting just before we restore its context

- this assumes that the system does not scale the CPU frequency which
  will be true for ... long time ;-)
2010-02-10 15:36:54 +00:00
Tomas Hruby
c9da61022b intr_disabled() tests removed
- we don't need to test this in kernel as we always have interrupts
  disabled

- if interrupts are enabled in kernel, it is only at very carefully
  chosen places. There are no such places now.
2010-02-09 15:29:58 +00:00
Tomas Hruby
c6fec6866f No locking in kernel code
- No locking in RTS_(UN)SET macros

- No lock_notify()

- Removed unused lock_send()

- No lock/unlock macros anymore
2010-02-09 15:26:58 +00:00
Tomas Hruby
391fd926ff TASK_PRIVILEGE and level0() removed
- there are no tasks running, we don't need TASK_PRIVILEGE priviledge anymore

- as there is no ring 1 anymore, there is no need for level0() to call sensitive
  code from ring 1 in ring 0

- 286 related macros removed as clean up
2010-02-09 15:23:31 +00:00
Tomas Hruby
ebba20a65d No CLOCK task
- no kernel tasks are runnable

- clock initialization moved to the end of main()

- the rest of the body of clock_task() is moved to bsp_timer_int_handler() as
  for now we are going to handle this on the bootstrap cpu. A change later is
  possible.
2010-02-09 15:22:43 +00:00
Tomas Hruby
728f0f0c49 Removal of the system task
* Userspace change to use the new kernel calls

	- _taskcall(SYSTASK...) changed to _kernel_call(...)

	- int 32 reused for the kernel calls

	- _do_kernel_call() to make the trap to kernel

	- kernel_call() to make the actuall kernel call from C using
	  _do_kernel_call()

	- unlike ipc call the kernel call always succeeds as kernel is
	  always available, however, kernel may return an error

* Kernel side implementation of kernel calls

	- the SYSTEm task does not run, only the proc table entry is
	  preserved

	- every data_copy(SYSTEM is no data_copy(KERNEL

	- "locking" is an empty operation now as everything runs in
	  kernel

	- sys_task() is replaced by kernel_call() which copies the
	  message into kernel, dispatches the call to its handler and
	  finishes by either copying the results back to userspace (if
	  need be) or by suspending the process because of VM

	- suspended processes are later made runnable once the memory
	  issue is resolved, picked up by the scheduler and only at
	  this time the call is resumed (in fact restarted) which does
	  not need to copy the message from userspace as the message
	  is already saved in the process structure.

	- no ned for the vmrestart queue, the scheduler will restart
	  the system calls

	- no special case in do_vmctl(), all requests remove the
	  RTS_VMREQUEST flag
2010-02-09 15:20:09 +00:00
Tomas Hruby
5e57818431 copy_msg_from_user() and copy_msg_to_user()
- copies a mesage from/to userspace without need of translating
  addresses

- the assumption is that the address space is installed, i.e. ldt and
  cr3 are loaded correctly

- if a pagefault or a general protection occurs while copying from
  userland to kernel (or vice versa) and error is returned which gives
  the caller a chance to respond in a proper way

- error happens _only_ because of a wrong user pointer if the function
  is used correctly

- if the prerequisites of the function do no hold, the function will
  most likely fail as the user address becomes random
2010-02-09 15:15:45 +00:00
Tomas Hruby
ad9ba944d1 Early address space switch
- switch_address_space() implements a switch of the user address space
  for the destination process

- this makes memory of this process easily accessible, e.g. a pointer
  valid in the userspace can be used with a little complexity to
  access the process's memory

- the switch does not happed only just before we return to userspace,
  however, it happens right after we know which process we are going
  to schedule. This happens before we start processing the misc flags
  of this process so its memory is available

- if the process becomes not runnable while processing the mics flags
  we pick a new process and we switch the address space again which
  introduces possibly a little bit more overhead, however, it is
  hopefully hidden by reducing the overheads when we actually access
  the memory
2010-02-09 15:13:52 +00:00
Tomas Hruby
b14a86ca5c Sys calls are called ipc calls now
- the syscalls are pretty much just ipc calls, however, sendrec() is
  used to implement system task (sys) calls

- sendrec() won't be used anymore for this, therefore ipc calls will
  become pure ipc calls
2010-02-09 15:13:07 +00:00
Tomas Hruby
8a03d497b8 System task initialization moved to main()
- the system task initialization code does not really need to be part
  of the system task process. An earlier initialization in kernel is
  cleaner as it does not only initialize the syscalls but also irq
  hooks etc.
2010-02-09 15:12:20 +00:00
David van Moolenbroek
f029b0e0b1 Kernel: fix sys_irqctl(IRQ_RMPOLICY) 2010-02-09 08:07:47 +00:00
Tomas Hruby
8f82633fa2 Removed useless global variable sys_call_code
- we have to same information in the message (m_ptr) where needed
2010-02-03 18:17:01 +00:00
Tomas Hruby
cca24d06d8 This patch removes the global variables who_p and who_e from the
kernel (sys task).  The main reason is that these would have to become
cpu local variables on SMP.  Once the system task is not a task but a
genuine part of the kernel there is even less reason to have these
extra variables as proc_ptr will already contain all neccessary
information. In addition converting who_e to the process pointer and
back again all the time will be avoided.

Although proc_ptr will contain all important information, accessing it
as a cpu local variable will be fairly expensive, hence the value
would be assigned to some on stack local variable. Therefore it is
better to add the 'caller' argument to the syscall handlers to pass
the value on stack anyway. It also clearly denotes on who's behalf is
the syscall being executed.

This patch also ANSIfies the syscall function headers.

Last but not least, it also fixes a potential bug in virtual_copy_f()
in case the check is disabled. So far the function in case of a
failure could possible reuse an old who_p in case this function had
not been called from the system task.

virtual_copy_f() takes the caller as a parameter too. In case the
checking is disabled, the caller must be NULL and non NULL if it is
enabled as we must be able to suspend the caller.
2010-02-03 09:04:48 +00:00
Kees van Reeuwijk
477b616fe8 Fixed a number of complaints about missing return statements.
Some cases were fixed by declaring the function void, others were fixed
by adding a return <value> statement, thereby avoiding potentially
incorrect behavior (usually in error handling).
Some enum correctness in boot.c.
2010-01-28 13:17:07 +00:00
Ben Gras
75a3d4ebde bump version number to 3.1.6, copyright year to 2010. 2010-01-27 16:19:50 +00:00
Tomas Hruby
e0f7043e04 No need to use memcpy to copy a message of 36 bytes. The overhead just
to call memcpy is half of the inline copy (using gcc -O)
2010-01-27 09:34:47 +00:00
Kees van Reeuwijk
c8a11b5453 Fixed some type inconsistencies in the kernel. 2010-01-26 12:26:06 +00:00
Kees van Reeuwijk
b67f788eea Removed a number of useless #includes 2010-01-26 10:59:01 +00:00
Kees van Reeuwijk
a701e290f7 Removed unused symbols.
Made some functions PRIVATE, including ones that aren't used anywhere.
2010-01-25 18:13:48 +00:00
Kees van Reeuwijk
a7cee5bec4 Removed unused symbols.
Minor cleanups.
2010-01-22 22:01:08 +00:00
Tomas Hruby
0cfbe936ce Removed bunch of unused variables in kernel/proc.c 2010-01-22 16:14:57 +00:00
Kees van Reeuwijk
f30c82b430 Restored idt_reload() prototype. 2010-01-21 11:40:22 +00:00
Kees van Reeuwijk
d6383bef47 Removed some unused tests. 2010-01-20 17:55:14 +00:00
David van Moolenbroek
53a6e039de remove SYS_MAPDMA 2010-01-19 21:24:42 +00:00
David van Moolenbroek
f175410902 rename message.m5_c[12] to m5_s[12] 2010-01-19 21:19:59 +00:00
Tomas Hruby
7d51b0cce1 Fixed warnings in watchdog.c 2010-01-19 14:47:25 +00:00
Tomas Hruby
5efa92f754 NMI watchdog is an awesome feature for debugging locked up kernels.
There is not that much use for it on a single CPU, however, deadlock
between kernel and system task can be delected. Or a runaway loop.

If a kernel gets locked up the timer interrupts don't occure (as all
interrupts are disabled in kernel mode). The only chance is to
interrupt the kernel by a non-maskable interrupt.

This patch generates NMIs using performance counters. It uses the most
widely available performace counters. As the performance counters are 
highly model-specific this patch is not guaranteed to work on every
machine.  Unfortunately this is also true for KVM :-/ On the other
hand adding this feature for other models is not extremely difficult
and the framework makes it hopefully easy enough.

Depending on the frequency of the CPU an NMI is generated at most
about every 0.5s If the cpu's speed is less then 2Ghz it is generated
at most every 1s. In general an NMI is generated much less often as
the performance counter counts down only if the cpu is not idle.
Therefore the overhead of this feature is fairly minimal even if the
load is high.

Uppon detecting that the kernel is locked up the kernel dumps the 
state of the kernel registers and panics.

Local APIC must be enabled for the watchdog to work.

The code is _always_ compiled in, however, it is only enabled if  
watchdog=<non-zero> is set in the boot monitor.

One corner case is serial console debugging. As dumping a lot of stuff
to the serial link may take a lot of time, the watchdog does not 
detect lockups during this time!!! as it would result in too many
false positives. 10 nmi have to be handled before the lockup is
detected. This means something between ~5s to 10s.

Another corner case is that the watchdog is enabled only after the
paging is enabled as it would be pure madness to try to get it right.
2010-01-16 20:53:55 +00:00
Cristiano Giuffrida
c5b309ff07 Merge of Wu's GSOC 09 branch (src.20090525.r4372.wu)
Main changes:
- COW optimization for safecopy.
- safemap, a grant-based interface for sharing memory regions between processes.
- Integration with safemap and complete rework of DS, supporting new data types
  natively (labels, memory ranges, memory mapped ranges).
- For further information:
  http://wiki.minix3.org/en/SummerOfCode2009/MemoryGrants

Additional changes not included in the original Wu's branch:
- Fixed unhandled case in VM when using COW optimization for safecopy in case
  of a block that has already been shared as SMAP.
- Better interface and naming scheme for sys_saferevmap and ds_retrieve_map
  calls.
- Better input checking in syslib: check for page alignment when creating
  memory mapping grants.
- DS notifies subscribers when an entry is deleted.
- Documented the behavior of indirect grants in case of memory mapping.
- Test suite in /usr/src/test/safeperf|safecopy|safemap|ds/* reworked
  and extended.
- Minor fixes and general cleanup.
- TO-DO: Grant ids should be generated and managed the way endpoints are to make
sure grant slots are never misreused.
2010-01-14 15:24:16 +00:00
Kees van Reeuwijk
da3b64d8bc Fixed a bug in do_sdevio() that broke I/O size computations.
Removed redundant size computations.
Cleaned up code.
2010-01-14 14:51:23 +00:00
Kees van Reeuwijk
9d247900c0 Remove obsolete m_ptr calculations in try_one() and mini_senda(). 2010-01-14 12:04:24 +00:00
Tomas Hruby
98563a4afa Killing Minix by typing Q on serial console
- if debugging on serial console is enabled typing Q kills the system. It is
  handy if the system gets locked up and the timer interrupts still work. Good
  for remote debugging.

- NOT_REACHABLE reintroduced and fixed. It should be used for marking code which
  is not reachable because the previous code _should_ not return. Such places
  are not always obvious
2010-01-14 09:46:16 +00:00
Tomas Hruby
8a2a4f97fc Fixed redundant typecast in lapic write/read macros 2010-01-13 18:23:58 +00:00
Tomas Hruby
42c13951a7 APIC disabled if CPU lacks TSC
- we cannot calibrate local APIC timer in such a case

- fixes possible uninitialized variable problem during calibration if no TSC
2010-01-13 18:22:41 +00:00
Kees van Reeuwijk
ad4c0ff698 Fixed a bug in apic.c that broke lapic_stop_timer().
Fixed bugs in liveupdate.c that rendered load_state_info() meaningless.
More informative error message in do_config() in service.c.
2010-01-13 14:44:19 +00:00
Tomas Hruby
a316221fbf Local apic is dissabled by default
to enable it set no_apic=0 in the boot monitor
2010-01-11 17:21:19 +00:00
Cristiano Giuffrida
d1fd04e72a Initialization protocol for system services.
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.

SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic 
registration / deregistration of system services.

VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.

RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
2010-01-08 01:20:42 +00:00
Erik van der Kouwe
38ed5b2685 Fix brackets in kernel/arch/i386/include/archconst.h 2010-01-06 08:46:33 +00:00
Kees van Reeuwijk
d8f3af3672 Fixed a typing bug.
More explicit type conversion from virual to physical bytes.
Bracket negative #defines for extra paranoia.
Added a forgotten 'void' to a function.
2010-01-06 08:23:14 +00:00
David van Moolenbroek
ac9ab099c8 General cleanup:
- clean up kernel section of minix/com.h somewhat
- remove ALLOCMEM and VM_ALLOCMEM calls
- remove non-safecopy and minix-vmd support from Inet
- remove SYS_VIRVCOPY and SYS_PHYSVCOPY calls
- remove obsolete segment encoding in SYS_SAFECOPY*
- remove DEVCTL call, svrctl(FSDEVUNMAP), map_driverX
- remove declarations of unimplemented svrctl requests
- remove everything related to swapping to disk
- remove floppysetup.sh
- remove traces of rescue device
- update DESCRIBE.sh with new devices
- some other small changes
2010-01-05 19:39:27 +00:00
David van Moolenbroek
bac0e91705 typo (Bug#376, reported by Kees van Reeuwijk) 2010-01-04 12:29:51 +00:00