Commit graph

36 commits

Author SHA1 Message Date
Arun Thomas
436d6012a3 Convert drivers/ and servers/ over to bsdmake
-Move libdriver to lib/
-Install all boot image services on filesystem to aid restartability
2010-03-22 21:25:22 +00:00
Cristiano Giuffrida
cb176df60f New RS and new signal handling for system processes.
UPDATING INFO:
20100317:
        /usr/src/etc/system.conf updated to ignore default kernel calls: copy
        it (or merge it) to /etc/system.conf.
        The hello driver (/dev/hello) added to the distribution:
        # cd /usr/src/commands/scripts && make clean install
        # cd /dev && MAKEDEV hello

KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.

PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.

SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.

VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().

RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.

DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.

DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
2010-03-17 01:15:29 +00:00
Ben Gras
35a108b911 panic() cleanup.
this change
   - makes panic() variadic, doing full printf() formatting -
     no more NO_NUM, and no more separate printf() statements
     needed to print extra info (or something in hex) before panicing
   - unifies panic() - same panic() name and usage for everyone -
     vm, kernel and rest have different names/syntax currently
     in order to implement their own luxuries, but no longer
   - throws out the 1st argument, to make source less noisy.
     the panic() in syslib retrieves the server name from the kernel
     so it should be clear enough who is panicing; e.g.
         panic("sigaction failed: %d", errno);
     looks like:
         at_wini(73130): panic: sigaction failed: 0
         syslib:panic.c: stacktrace: 0x74dc 0x2025 0x100a
   - throws out report() - printf() is more convenient and powerful
   - harmonizes/fixes the use of panic() - there were a few places
     that used printf-style formatting (didn't work) and newlines
     (messes up the formatting) in panic()
   - throws out a few per-server panic() functions
   - cleans up a tie-in of tty with panic()

merging printf() and panic() statements to be done incrementally.
2010-03-05 15:05:11 +00:00
Kees van Reeuwijk
a7cee5bec4 Removed unused symbols.
Minor cleanups.
2010-01-22 22:01:08 +00:00
Cristiano Giuffrida
1f5841c8ed Basic System Event Framework (SEF) with ping and live update.
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
  1. SEF Ping. The event occurs every time RS sends a ping to figure out
  whether a system process is still alive. The default callback implementation
  provided by SEF is to notify RS back to let it know the process is alive
  and kicking.
  2. SEF Live update. The event occurs every time RS sends a prepare to update
  message to let a system process know an update is available and to prepare
  for it. The live update support is very basic for now. SEF only deals with
  verifying if the prepare state can be supported by the process, dumping the
  state for debugging purposes, and providing an event-driven programming
  model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
  * PM notify messages primarily used at shutdown.
  * SYSTEM notify messages primarily used for signals.
  * CLOCK notify messages used for system alarms.
  * Debug messages. IS could still be in charge of fkey handling but would
  forward the debug message to the target process (e.g. PM, if the user
  requested debug information about PM). SEF would then catch the message and
  do nothing unless the process has registered an appropriate callback to
  deal with the event. This simplifies the programming model to print debug
  information, avoids duplicating code, and reduces the effort to print
  debug information.

SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.

RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
  * When an update command is issued (via "service update *"), RS notifies the
  target system process to prepare for a specific update state.
  * If the process doesn't respond back in time, the update is aborted.
  * When the process responds back, RS kills it and marks it for refreshing.
  * The process is then automatically restarted as for a buggy process and can
  start running again.
  * Live update is currently prototyped as a controlled failure.
2009-12-21 14:12:21 +00:00
David van Moolenbroek
30a7fe5fa9 libdriver changes:
- remove obsolete non-safecopy support
- merge libdriver and libdriver_asyn
- change standard reply model from sendnb to senda
2009-12-02 09:57:48 +00:00
David van Moolenbroek
b423d7b477 Merge of David's ptrace branch. Summary:
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
  being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
  AMF_NOREPLY senda() flag

DETAILS

Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
  aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
  and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
  stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
  VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
  running while modifying its process structure

Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
  the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
  protocol message
o Detached debugger signals from general signal logic and from being
  blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
  one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
  are pending
o Fixed wait test for tracer, which was returning for children that were
  not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
  debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG

Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
  debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
  of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
  a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
  structure
o Removed T_STOP ptrace request again, as it does not help implementing
  debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)

Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
  with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
  satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
  #define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
  revealed RS-PM-VFS race condition triangle until VFS is asynchronous

System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
  signal set, rather than just the POSIX subset

Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
  structure clearer
o Fixed setpriority() being able to put to sleep processes using an
  invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there

Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code

THINGS OF POSSIBLE INTEREST

o It should now be possible to run PM at any priority, even lower than
  user processes
o No assumptions are made about communication speed between PM and VFS,
  although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
  only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
2009-09-30 09:57:22 +00:00
Tomas Hruby
4dad30937b Removed macros that depend on NOTIFY_FROM from servers and drivers. They
determine the information defined by these macros from the m_source field of the
notify message.
2009-09-29 18:47:56 +00:00
Ben Gras
1d8aed840c . no more HZ, but use sys_hz() to get that value
. memory maps in physical memory (for /dev/mem) with new vm interface
 . pci complete_bars() seems to be buggy behaviour sometimes
 . startup script opens its own stdout, stderr and stdin so init doesn't
   have to do it
2008-12-11 14:42:23 +00:00
Ben Gras
c078ec0331 Basic VM and other minor improvements.
Not complete, probably not fully debugged or optimized.
2008-11-19 12:26:10 +00:00
Philip Homburg
8a07b7687a Use nonblocking send to reply. 2008-02-22 15:52:13 +00:00
Ben Gras
8ea438ae93 Retired DEV_{READ,WRITE,GATHER,SCATTER,IOCTL} (safe versions *_S are to
be used and drivers should never receieve these 'unsafe' variants
any more).
2007-02-07 16:22:19 +00:00
Ben Gras
b01aff70d2 use servers/inet/mq.[ch] to queue messages using mq_queue() in
libdriver.  at_wini now queues messages it can't handle it receives when
waiting for an interrupt. this way it can do receive(ANY) and timeouts
should be working again (were broken for VFS, as with the advent of VFS,
at_wini could get requests from a filesystem while it was waiting for an
interrupt - as a hack, the receive() was changed to receive(HARDWARE)).

Added mq.c to libdriver, and made libdriver an actual library that
drivers link with -L../libdriver -ldriver. (So adding files, if
necessary, is easier next time.)
2007-01-12 13:33:12 +00:00
Philip Homburg
bafc45a309 First cut at 64-bit file offsets in block devices for mkfs/fsck. 2006-11-27 14:21:43 +00:00
Ben Gras
e929676268 . made libdriver understand *_S variants
. ioctl, transfer and 'other' functions get an extra parameter: 'safe', int
  is nonzero if function is called with *_S variant ('other' if ioctl)
2006-06-20 08:49:51 +00:00
Jorrit Herder
376d8485d8 *** empty log message *** 2006-03-10 16:20:24 +00:00
Ben Gras
f877da3aec endpoint migration for drivers.
mostly renaming message field names to the new names.

tty stored process numbers in chars in tty and pty structs - now ints.
2006-03-03 10:21:45 +00:00
Jorrit Herder
381c24ce17 New MEM driver for recovery. 2005-10-20 20:26:02 +00:00
Ben Gras
87dbfc7dda Added DEV_PING message type to drivers (but not ethernet drivers) so
RS can monitor them.
2005-10-12 14:31:39 +00:00
Jorrit Herder
98124a8082 Cleanup with gcc. 2005-08-25 12:50:11 +00:00
Ben Gras
ae5f1f2286 ata-pci support for at driver.
added a hook in libdriver for HARD_INT messages.
2005-08-25 08:19:11 +00:00
Ben Gras
e2e90b1fdc Remove double-blank lines (Al) 2005-08-22 15:17:42 +00:00
Jorrit Herder
7de7ca978d Security check on physical address to be < 16 MB (ISA DMA uses 24-bit
addressing, which can address 16 MB max).
Floppy driver now dynamically loaded.
2005-08-05 16:23:42 +00:00
Jorrit Herder
375f6f8754 Miscellaneous cleanups. 2005-08-03 11:53:36 +00:00
Jorrit Herder
52965b6f17 Various updates to support dynamically starting drivers.
Output during initialization should be suppressed. Unless an error occurs.
Note that main() can now be main(int argc, char **argv) and arguments can
be passed when bringing up the driver.
2005-08-02 15:30:36 +00:00
Jorrit Herder
a63d324caa Small update to shared driver code: SYS_EVENT (signal) is now known.
Fixed drivers. HARD_STOP message no longer exists.
2005-07-26 12:50:25 +00:00
Jorrit Herder
09830fc33e Allowed printing diagnostic messages (either from system processes or the
kernel) to the log driver. The log driver forwards such output to the TTY.

Changed driver_task() not to send a reply if the return value is EDONTREPLY.
2005-07-21 18:29:52 +00:00
Ben Gras
c389801a5f Made timeout and no. of errors in at_wini dynamically settable
by ioctl; made catch-all function in driver table also called when
unrecognized ioctl called, so drivers can add their own ioctl codes.
2005-07-13 14:58:21 +00:00
Ben Gras
640eb73ca2 New log driver; buffers messages and makes them available to userland.
Added some fields in the generic device table to support this driver
using libdriver. Updated other drivers to fill these fields with nops
and NULLs.
2005-07-08 17:23:44 +00:00
Jorrit Herder
c281867f46 Fixed bug relating to FS and MEMORY during startup;
Relocated some syslib functions to utils library;
Changed location of 'Multiuser startup ..." echo in /etc/rc
2005-06-06 09:30:44 +00:00
Jorrit Herder
6d23f072f3 Cleaned up src/lib/utils library. Renamed server_ functions to more logical
names. All system processes can now either use panic() or report() from
libutils, or redefine their own function. Assertions are done via the standard
<assert.h> functionality.
2005-06-01 14:31:00 +00:00
Jorrit Herder
0899f82ab2 Fixed some minor issues with the NOTIFY call. 2005-05-24 14:35:58 +00:00
Jorrit Herder
1ecc6bf3b3 Removed 'system process' magic from PM and FS. 2005-05-13 08:57:08 +00:00
Jorrit Herder
ac0995259d *** empty log message *** 2005-05-02 14:30:04 +00:00
Jorrit Herder
89ac678b9b *** empty log message *** 2005-04-29 15:36:43 +00:00
Ben Gras
9865aeaa79 Initial revision 2005-04-21 14:53:53 +00:00