Commit graph

374 commits

Author SHA1 Message Date
Ben Gras
a12c7ad963 Start a 2nd copy of at_wini, for /dev/c1*. This requires a slightly
larger rs.
2007-02-08 14:04:59 +00:00
Ben Gras
8ea438ae93 Retired DEV_{READ,WRITE,GATHER,SCATTER,IOCTL} (safe versions *_S are to
be used and drivers should never receieve these 'unsafe' variants
any more).
2007-02-07 16:22:19 +00:00
Ben Gras
41e9fedf87 Mostly bugfixes of bugs triggered by the test set.
bugfixes:
 SYSTEM:
 . removed
        rc->p_priv->s_flags = 0;
   for the priv struct shared by all user processes in get_priv(). this
   should only be done once. doing a SYS_PRIV_USER in sys_privctl()
   caused the flags of all user processes to be reset, so they were no
   longer PREEMPTIBLE. this happened when RS executed a policy script.
   (this broke test1 in the test set)

 VFS/MFS:
 . chown can change the mode of a file, and chmod arguments are only
   part of the full file mode so the full filemode is slightly magic.
   changed these calls so that the final modes are returned to VFS, so
   that the vnode can be kept up-to-date.
   (this broke test11 in the test set)

 MFS:
 . lookup() checked for sizeof(string) instead of sizeof(user_path),
   truncating long path names
   (caught by test 23)
 . truncate functions neglected to update ctime
   (this broke test16)

 VFS:
 . corner case of an empty filename lookup caused fields of a request
   not to be filled in in the lookup functions, not making it clear
   that the lookup had failed, causing messages to garbage processes,
   causing strange failures.
   (caught by test 30)
 . trust v_size in vnode when doing reads or writes on non-special
   files, truncating i/o where necessary; this is necessary for pipes,
   as MFS can't tell when a pipe has been truncated without it being
   told explicitly each time.
   when the last reader/writer on a pipe closes, tell FS about
   the new size using truncate_vn().
   (this broke test 25, among others)
 . permission check for chdir() had disappeared; added a
   forbidden() call
   (caught by test 23)

new code, shouldn't change anything:
 . introduced RTS_SET, RTS_UNSET, and RTS_ISSET macro's, and their
   LOCK variants. These macros set and clear the p_rts_flags field,
   causing a lot of duplicated logic like

       old_flags = rp->p_rts_flags;            /* save value of the flags */
       rp->p_rts_flags &= ~NO_PRIV;
       if (old_flags != 0 && rp->p_rts_flags == 0) lock_enqueue(rp);

   to change into the simpler

       RTS_LOCK_UNSET(rp, NO_PRIV);

   so the macros take care of calling dequeue() and enqueue() (or lock_*()),
   as the case may be). This makes the code a bit more readable and a
   bit less fragile.
 . removed return code from do_clocktick in CLOCK as it currently
   never replies
 . removed some debug code from VFS
 . fixed grant debug message in device.c
 
preemptive checks, tests, changes:
 . added return code checks of receive() to SYSTEM and CLOCK
 . O_TRUNC should never arrive at MFS (added sanity check and removed
   O_TRUNC code)
 . user_path declared with PATH_MAX+1 to let it be null-terminated
 . checks in MFS to see if strings passed by VFS are null-terminated
 
 IS:
 . static irq name table thrown out
2007-02-01 17:50:02 +00:00
Ben Gras
73e4e31376 Don't reply to the caller on RS_DOWN until process is actually dead -
otherwise (e.g.) mounts right after an unmount of the same device don't
work (duplicate label).
2007-01-22 16:44:03 +00:00
Ben Gras
2194bc0310 vfs/mount/rs/service changes:
. changed umount() and mount() to call 'service', so that it can include
   a custom label, so that umount() works again (RS slot gets freed now).
   merged umount() and mount() into one file to encode keep this label
   knowledge in one file.
 . removed obsolete RS_PID field and RS_RESCUE rescue command
 . added label to RS_START struct
 . vfs no longer does kill of fs process on unmount (which was failing
   due to RS_PID request not working)
 . don't assume that if error wasn't one of three errors, that no error
   occured in vfs/request.c
mfs changes:
 . added checks to copy statements to truncate copies at buffer sizes
   (left in debug code for now)
 . added checks for null-terminatedness, if less than NAME_MAX was copied
 . added checks for copy function success
is changes: 
 . dump rs label
drivers.conf changes:
 . added acl for mfs so that mfs can be started with 'service start',
   so that a custom label can be provided
2007-01-22 15:25:41 +00:00
Ben Gras
722f1b2b9f . added checks for buffer sizes in sys_datacopy() functions in mfs,
print debug message if copy is truncated
. increased buffer in lookup() to be PATH_MAX instead of NAME_MAX
. sanity check in fetch_name() in vfs to see if name fits, and
  is null-terminated
. first check i < NAME_MAX, then string[i] in search_dir, as we're
  not supposed to look at string[NAME_MAX]
2007-01-16 14:50:10 +00:00
Ben Gras
94b936d7c1 . added super-user check for mount
. corrected device match for unmount (otherwise unmount would
  proceed with bogus mount slot, often sending messages to 0 (PM))
. added some sanity checking to fs process number
. made fs_sendrec PRIVATE to request.c
2007-01-16 13:57:35 +00:00
Ben Gras
bcbac65a07 Don't panic if opening a block device fails. 2007-01-12 17:16:51 +00:00
Philip Homburg
9092146be7 VFS cleanup (mostly open). 2007-01-05 16:36:55 +00:00
Ben Gras
6f77685609 Split of architecture-dependent and -independent functions for i386,
mainly in the kernel and headers. This split based on work by
Ingmar Alting <iaalting@cs.vu.nl> done for his Minix PowerPC architecture
port.

 . kernel does not program the interrupt controller directly, do any
   other architecture-dependent operations, or contain assembly any more,
   but uses architecture-dependent functions in arch/$(ARCH)/.
 . architecture-dependent constants and types defined in arch/$(ARCH)/include.
 . <ibm/portio.h> moved to <minix/portio.h>, as they have become, for now,
   architecture-independent functions.
 . int86, sdevio, readbios, and iopenable are now i386-specific kernel calls
   and live in arch/i386/do_* now.
 . i386 arch now supports even less 86 code; e.g. mpx86.s and klib86.s have
   gone, and 'machine.protected' is gone (and always taken to be 1 in i386).
   If 86 support is to return, it should be a new architecture.
 . prototypes for the architecture-dependent functions defined in
   kernel/arch/$(ARCH)/*.c but used in kernel/ are in kernel/proto.h
 . /etc/make.conf included in makefiles and shell scripts that need to
   know the building architecture; it defines ARCH=<arch>, currently only
   i386.
 . some basic per-architecture build support outside of the kernel (lib)
 . in clock.c, only dequeue a process if it was ready
 . fixes for new include files

files deleted:
 . mpx/klib.s - only for choosing between mpx/klib86 and -386
 . klib86.s - only for 86

i386-specific files files moved (or arch-dependent stuff moved) to arch/i386/:
 . mpx386.s (entry point)
 . klib386.s
 . sconst.h
 . exception.c
 . protect.c
 . protect.h
 . i8269.c
2006-12-22 15:22:27 +00:00
Ben Gras
da42185e1c Removed verbose statements from vfs and mfs 2006-12-22 11:54:42 +00:00
Philip Homburg
8a2a957d49 Some 64-bit file offset changes that were left out accidentally in the first
commit.
2006-12-06 15:21:27 +00:00
Philip Homburg
bafc45a309 First cut at 64-bit file offsets in block devices for mkfs/fsck. 2006-11-27 14:21:43 +00:00
Philip Homburg
ca448f0b0f Getdents implementation in library/vfs/mfs.
Changed readdir, etc. to use getdents
2006-11-09 16:22:54 +00:00
Ben Gras
64dbdd855d obsolete server. 2006-11-01 16:53:45 +00:00
Ben Gras
86303b3024 Explicit conversion from O_ACCMODE to minix [RW]_BIT is clearer
and catches bogus values (such as 3).
2006-11-01 14:17:47 +00:00
Philip Homburg
0c1d433f60 rs changes (also use driver configurations in the image ramdisk) 2006-10-31 13:35:04 +00:00
Ben Gras
7195fe3325 System statistical and call profiling
support by Rogier Meurs <rogier@meurs.org>.
2006-10-30 15:53:38 +00:00
Ben Gras
fa0ba56bc9 Merge of VFS by Balasz Gerofi with Minix trunk. 2006-10-25 13:40:36 +00:00
Philip Homburg
7c0fda0932 Include kernel/priv.h for rs/manager.h 2006-10-25 13:07:58 +00:00
Ben Gras
1e656b349d . processes stay ZOMBIE, even after wait(), to avoid wrongly seeing them
as living processes  before they are cleaned up (fixes
  wait()/waitpid() hanging forever on previously-ZOMBIE processes)

. stop processes from running using sys_nice() with PRIO_STOP
  when a handled signal is delivered, before computing 
  stack locations for sys_sigsend(). (fixes race condition
  when runnable processes get signals, and e.g. get scheduled
  before FS sends a reply to unpause(), which can make the
  signal stack location wrong.)
2006-10-25 11:29:43 +00:00
Philip Homburg
f9ccfca2a1 (Incomplete) support for access control in PCI (pci_set_acl).
-script argument to service for crash recovery scripts
-config argument to service for driver resource configuration
restart command in service to restart a driver after a crash (for use in
crash recovery scripts).
down and refresh now take labels instead of pids.
verious changes in rs to make this work.
2006-10-20 15:01:32 +00:00
Philip Homburg
1ce2f75627 Additional ptrace commands for fault injection. 2006-10-20 14:14:08 +00:00
Ben Gras
cbfa0f4fb8 Change select() so that only as many words as necessary for the 'nfds'
argument from the fd bitmasks are copied from and back to userspace. This
solves an ABI dependency on OPEN_MAX. If nfds is too big for the current
OPEN_MAX, select() fails (but that's relatively easy to fix by 'just'
recompiling the system and not the application binaries), but if it's
smaller, binaries keep working.
2006-10-04 13:28:38 +00:00
Philip Homburg
66f9a5f508 Do not abort/panic when an ethernet driver does something unexpected. 2006-08-28 12:59:36 +00:00
Ben Gras
b888922d62 Added 'service run' to run a service without restart. 2006-08-15 15:54:51 +00:00
Ben Gras
4539e54d8b . fix for wild store at startup time by calling dev_io without fp
initialized
 . fix for writing exactly PIPE_SIZE to a pipe with O_NONBLOCK blocking
   anyway because of incomplete logic in pipe_check
2006-08-10 11:51:11 +00:00
Ben Gras
c3c08d252c report driver source of grant mismatch 2006-08-04 13:31:06 +00:00
Ben Gras
18327f02a8 Introduced unprivileged getsysinfo variant, to retrieve harmless data
in formats that don't change (or is upwards compatible).
2006-07-27 16:23:01 +00:00
Philip Homburg
baa3ac5853 Fix for 'cleanup: not idle: 2313' bug. 2006-07-25 14:13:09 +00:00
Ben Gras
82173212ee Introduction of a 'big' ioctl, with more bits (20) reserved for encoding the
size field. The TIOCSFON ioctl size (8192) didn't get encoded properly,
as there weren't enough bits for it (12) in the regular format.

The new format has only one type field, and an extra flag (_IOC_BIG)
turned on. FS checks for this flag and uses the alternative decoding
of the ioctl codes to determine the size when doing grants.

This unbreaks loadfont, although that still uses a phys copy in tty.
2006-07-25 09:41:40 +00:00
Philip Homburg
61337d5f7b Allow holes in executables. 2006-07-24 13:07:25 +00:00
Ben Gras
3512a86b44 . DS understands publishing and subscribing where keys are in string
form. Subscriptions are regular expressions.
 . different types are stored per key; currently u32 and/or string.
   the same key can be referenced (publish, subscribe, check) as any type.
 . notify()s are sent when subscriptions are triggered (publishing or
   updating of matching keys); optionally, a subscribe flag sends
   updates for all matching keys at subscription time, instead of only
   after updates after subscribing
 . all interfacing to ds is in /usr/src/lib/syslib/ds.c.
 . subscribe is ds_subscribe
   publish functions are ds_publish_<type>
   retrieve functions are ds_retrieve_<type> (one-time retrieval of a value)
   check functions are ds_check_<type> (check for updated key caller
      subscribes to not yet checked for, or ESRCH for none)
 . ramdisk driver updated with new ds interface
2006-07-13 14:50:23 +00:00
Philip Homburg
c06bc3ead8 Left consistency checks enabled in INET in the previous commit. 2006-07-13 13:25:55 +00:00
Philip Homburg
04b478f177 More stack for tcpd.
Safecopies renders the NWIOQUERYPARAM ioctl useless. This functionality
is now replaced with /dev/ipstat. Write the request to the device and
read the answer in one read request.
2006-07-13 13:19:48 +00:00
Philip Homburg
9939089dea Safecopy support for INET. 2006-07-10 12:55:33 +00:00
Philip Homburg
7ce17fe655 Support for SI_CALL_STATS (counting systemcalls). 2006-07-10 12:44:43 +00:00
Ben Gras
1561067ee4 Grant system dynamic-only. 2006-06-30 14:40:29 +00:00
Ben Gras
b654c02f55 Give pm its own brk() so malloc() works in pm. pm needs more stack for this. 2006-06-30 14:36:11 +00:00
Ben Gras
b5179d7025 Split do_brk in a stub and a function that does the real work, so that
the real work can be called from elsewhere too. Specifically, to allow PM
its own brk().
2006-06-30 14:35:38 +00:00
Ben Gras
0323892f71 3rd fix for improper behaviour on crashing driver with safe_io_conversion 2006-06-29 14:24:07 +00:00
Ben Gras
bfca7d68ba Fix another bug related to trying i/o more than once 2006-06-28 12:20:30 +00:00
Ben Gras
46646a49a8 Don't print cloexec 2006-06-28 10:04:32 +00:00
Ben Gras
f9fb0ff546 Fix bug where safe conversion doesn't happen after 1st time in loop 2006-06-28 10:03:18 +00:00
Ben Gras
bd535a120b . satisfy some gcc warnings (uninitialized/unused variables)
. change cloexec mask from long to fd_set to remove 32 fd's per
   process restriction (from cloexec at least)
2006-06-27 16:47:35 +00:00
Ben Gras
a587273c56 . expanded grant manipulation interface to more direct
manipulation
. made fs allocate a grant for every ioctl, even if no data
  is being copied, in order to disambiguate concurrent ioctls
  on the same minor
2006-06-26 16:08:42 +00:00
Philip Homburg
2f50f92eb3 Move inet to safe copies. 2006-06-26 16:03:35 +00:00
Philip Homburg
de07a562d1 Vectored safe copies for inet. 2006-06-26 14:20:11 +00:00
Philip Homburg
14c9743ecf First cut at safe copies for inet. Breaks tcpstat. 2006-06-26 11:17:19 +00:00
Philip Homburg
8dfac43a75 Print ipc_to in hex. Also print the 'system' call mask. 2006-06-23 13:27:03 +00:00
Ben Gras
82855e9cf5 . leave out dead code from device.c
. don't loop doing a receive() after sendrec() - chance of recovering is not
  high, and can lead to receive()ing a notify() (which can't happen in sendrec()),
  which is terrible
. return status from device when DEV_CANCEL is done on a signal; hardcode EAGAIN to
  become EINTR though
2006-06-23 11:51:56 +00:00
Ben Gras
7b6a1e5f59 More space for rs 2006-06-20 10:59:45 +00:00
Ben Gras
0d39b17655 Changed order of -lsys and -lsysutil for printf() 2006-06-20 10:50:29 +00:00
Ben Gras
705f1039d9 order changed for printf() 2006-06-20 10:47:25 +00:00
Ben Gras
150c964b49 Fix for losing REVIVE 2006-06-20 10:12:30 +00:00
Ben Gras
2384a85296 FS support for grant-based i/o.
For character device i/o, FS does a so-called 'magic' grant to let the
driver copy from or to user space. As this is done in FS address space,
the driver is told to do this in FS address space. The redirection to
the right user process then happens at copy-time in the kernel, using the
FS grant table. This also happens for DEV_READ and DEV_WRITE on block
devices.

For other block device i/o, which happens from/to FS buffers, FS does
a 'direct' grant to its own address space for the driver.

After the i/o returns, this access has to be K-I-L-L-E-D, revoked.
Sometimes this is after a SUSPEND and DEV_REVIVE, in which case the
revoking happens in pipe.c.

This conversion happens in safe_io_conversion() in device.c, called
by dev_io and dev_bio.

FS has to pre-allocate its own space for these grant tables. This happens
in main.c.
2006-06-20 10:12:09 +00:00
Ben Gras
54f1e6d3d4 Use endpoint_t 2006-06-20 10:04:33 +00:00
Ben Gras
7a76a7a495 Rename protected to prot
Also print size of grant table known in system
2006-06-20 10:03:48 +00:00
Philip Homburg
221e731e45 Wake up writer when selecting for read on an empty pipe.
Set fp_revived to NOT_REVIVING when decrementing reviving.
2006-06-14 13:17:41 +00:00
Philip Homburg
cb02a90b77 Fixed some select bugs related to pipes. Removed SELFD_* because they were
bogus and unused.
2006-06-07 14:41:47 +00:00
Philip Homburg
e9aabcf2f8 Disabled building rescue driver (no longer needed). Moved allocmem from
library to the memory driver. Always put output from within TTY directly on
the console. Removed second include of driver.h from tty.c. Made tty_inrepcode
bigger. First step to move PM and FS calls that are not regular (API)
system calls out of callnr.h (renumbered them, and removed them from the
table.c files). Imported the Minix-vmd uname implementation. This provides
a more stable ABI than the current implementation. Added a bit of security
checking. Unfortunately not nearly enough to get a secure system. Fixed a
bug related to the sizes of the programs in the image (in PM patch_mem_chunks).
2006-05-19 12:19:37 +00:00
Philip Homburg
c3cf4ef460 Fixed off by one error in backoff code. Limit backoff to 1 second for
disk drivers.
2006-05-15 12:08:43 +00:00
Philip Homburg
c9ff3994f1 Unpause requests (to FS) can be generated in parallel to other requests. 2006-05-15 12:06:19 +00:00
Philip Homburg
f0186f4179 Do not unmap a driver when the driver dies (it interferes with restarting
disk drivers). Fixed accounting for REVIVING/reviving.
2006-05-15 11:43:06 +00:00
Philip Homburg
ae92cc208d The new service command managed to escape. 2006-05-11 15:30:56 +00:00
Philip Homburg
14b7a72ba3 Init need more space (the results of removing the special case for init in
adjust in PM). Better flags dump in IS.
2006-05-11 15:00:46 +00:00
Philip Homburg
e4967b06bb Special code for restarting disk drivers (-c flag in service). 2006-05-11 14:58:33 +00:00
Philip Homburg
773844a816 New interface between PM and FS. 2006-05-11 14:57:23 +00:00
Ben Gras
461a4fafb1 Added fchmod() and fchown() 2006-04-18 11:26:04 +00:00
Ben Gras
7497a76779 More filesystems. 2006-03-28 11:34:59 +00:00
Ben Gras
2d5058685d Don't open pipes readwrite as it leads to confusion. 2006-03-28 11:28:16 +00:00
Ben Gras
52cd12195e Typo 2006-03-28 10:09:43 +00:00
Ben Gras
7b58dd7f9b Renamed findproc() to _pm_findproc() to reduce polluting of application
namespace.
2006-03-25 04:49:04 +00:00
Ben Gras
df9f4f4369 . minor fix in select() logic on pipes
. fix in pipe_check when 'notouch' is on - we touched something!
2006-03-24 20:53:10 +00:00
Philip Homburg
6e0bf57f82 Fixed bug in tcp select, added NWIOTCPGERROR. 2006-03-24 14:06:03 +00:00
Philip Homburg
e695deb8f8 Fixed mq leak in NWIOQUERYPARAM. 2006-03-24 14:05:11 +00:00
Ben Gras
26a59eea43 readlink(); check bounds
top: add 'system' cpu time to 'kernel', 'idle' and 'user'
2006-03-17 13:34:40 +00:00
Ben Gras
eae250dea4 . load average calculation changed to calculate it all over every tick
instead of keeping a running total of enqueued processes
   (because somehow the load average was broken)
 . added SI_KPROC_TAB to get a copy of kernel process table from PM, for
   a top implementation
 . fixed arg to sys_nice() to make it an endpoint, not a slot number
2006-03-16 09:33:35 +00:00
Ben Gras
6e7ba75acb Driver disappearing during dev_io() is not a fatal error. 2006-03-15 21:55:32 +00:00
Ben Gras
ff67776995 FS:
. loops checked for PID_FREE
  . exit broken down in exit and cleanup functions; when reboot happens,
    cleanup is done but not exit (as processes have not actually exited),
    this keeps drivers working
  . fixed a few uninitialized and unused variables

scripts:
  . new packaging system
2006-03-15 15:34:12 +00:00
Ben Gras
557d865b35 Removed some debug prints 2006-03-15 15:16:16 +00:00
Philip Homburg
50d805144c dmap_io now returns a status. map_driver no longer calls dev_up. 2006-03-15 13:37:20 +00:00
Philip Homburg
454dc8a180 Disabled special processing of KILL signals that are passed to pm by the kernel 2006-03-15 11:35:53 +00:00
Philip Homburg
57ed4b2bf7 Pass endpoint to sys_trace instead of slot number. 2006-03-15 11:32:00 +00:00
Ben Gras
def8c13ba8 Do a sync() before reboot()ing in FS. 2006-03-14 13:54:20 +00:00
Ben Gras
1a7f7d6333 at_wini: removed RO_BIT misfeature, not used any more
pm: fixed rebooting by making a copy of the monitor code from the user
    process. this is necessary because that process is dead by the time
    sys_abort() is called.

    also added more info to the "can't reply" panic.
2006-03-13 13:21:13 +00:00
Ben Gras
cd8905f906 Don't need this change with new reboot 2006-03-13 10:36:52 +00:00
Ben Gras
9b1d4ef233 special case when exiting FS - don't core dump and don't tell FS about it
Because if FS is hanging in a signal, the exit won't work.
This way FS gets exited on e.g. SIGSEGV.
2006-03-10 17:35:55 +00:00
Ben Gras
c236121692 Let reboot work again by making PM check for RBT_REBOOT 2006-03-10 16:50:27 +00:00
Jorrit Herder
021e3234d8 Jorrit's ... "progress?" 2006-03-10 16:10:05 +00:00
Ben Gras
6fe89cfbe8 Hack small and big fs into a single image. Must now set BIG or SMALL label. 2006-03-10 14:11:19 +00:00
Ben Gras
25fdc7657d panic() on inconsistent endpoints 2006-03-10 12:59:46 +00:00
Ben Gras
6746ee10f5 If re-open fails, mark fd as unusable but not-reusable either (until
close()d).
2006-03-09 16:00:33 +00:00
Ben Gras
9a6987e9cd Medium stack for ds and rs 2006-03-09 14:03:39 +00:00
Ben Gras
925dd3321f Don't blindly skip 0-group processes in signals 2006-03-08 14:46:42 +00:00
Ben Gras
6c2a1bac7b endpoint fixes for RS 2006-03-08 14:38:35 +00:00
Ben Gras
acb804f0bd RS formatting fixes 2006-03-08 14:37:26 +00:00
Ben Gras
d63e366944 Less stack for ds and rs 2006-03-07 13:22:36 +00:00
Ben Gras
b31d93aaa4 Comment fixes mailed to bugs@ 2006-03-04 22:51:52 +00:00
Ben Gras
10eeb788f9 Generation number printed too 2006-03-03 16:34:37 +00:00