Commit graph

311 commits

Author SHA1 Message Date
Ben Gras
cd8b915ed9 Primary goal for these changes is:
- no longer have kernel have its own page table that is loaded
    on every kernel entry (trap, interrupt, exception). the primary
    purpose is to reduce the number of required reloads.
Result:
  - kernel can only access memory of process that was running when
    kernel was entered
  - kernel must be mapped into every process page table, so traps to
    kernel keep working
Problem:
  - kernel must often access memory of arbitrary processes (e.g. send
    arbitrary processes messages); this can't happen directly any more;
    usually because that process' page table isn't loaded at all, sometimes
    because that memory isn't mapped in at all, sometimes because it isn't
    mapped in read-write.
So:
  - kernel must be able to map in memory of any process, in its own
    address space.
Implementation:
  - VM and kernel share a range of memory in which addresses of
    all page tables of all processes are available. This has two purposes:
      . Kernel has to know what data to copy in order to map in a range
      . Kernel has to know where to write the data in order to map it in
    That last point is because kernel has to write in the currently loaded
    page table.
  - Processes and kernel are separated through segments; kernel segments
    haven't changed.
  - The kernel keeps the process whose page table is currently loaded
    in 'ptproc.'
  - If it wants to map in a range of memory, it writes the value of the
    page directory entry for that range into the page directory entry
    in the currently loaded map. There is a slot reserved for such
    purposes. The kernel can then access this memory directly.
  - In order to do this, its segment has been increased (and the
    segments of processes start where it ends).
  - In the pagefault handler, detect if the kernel is doing
    'trappable' memory access (i.e. a pagefault isn't a fatal
     error) and if so,
       - set the saved instruction pointer to phys_copy_fault,
	 breaking out of phys_copy
       - set the saved eax register to the address of the page
	 fault, both for sanity checking and for checking in
	 which of the two ranges that phys_copy was called
	 with the fault occured
  - Some boot-time processes do not have their own page table,
    and are mapped in with the kernel, and separated with
    segments. The kernel detects this using HASPT. If such a
    process has to be scheduled, any page table will work and
    no page table switch is done.

Major changes in kernel are
  - When accessing user processes memory, kernel no longer
    explicitly checks before it does so if that memory is OK.
    It simply makes the mapping (if necessary), tries to do the
    operation, and traps the pagefault if that memory isn't present;
    if that happens, the copy function returns EFAULT.
    So all of the CHECKRANGE_OR_SUSPEND macros are gone.
  - Kernel no longer has to copy/read and parse page tables.
  - A message copying optimisation: when messages are copied, and
    the recipient isn't mapped in, they are copied into a buffer
    in the kernel. This is done in QueueMess. The next time
    the recipient is scheduled, this message is copied into
    its memory. This happens in schedcheck().
    This eliminates the mapping/copying step for messages, and makes
    it easier to deliver messages. This eliminates soft_notify.
  - Kernel no longer creates a page table at all, so the vm_setbuf
    and pagetable writing in memory.c is gone.

Minor changes in kernel are
  - ipc_stats thrown out, wasn't used
  - misc flags all renamed to MF_*
  - NOREC_* macros to enter and leave functions that should not
    be called recursively; just sanity checks really
  - code to fully decode segment selectors and descriptors
    to print on exceptions
  - lots of vmassert()s added, only executed if DEBUG_VMASSERT is 1
2009-09-21 14:31:52 +00:00
Ben Gras
f5b04e1881 minor change to panic code 2009-09-21 14:28:16 +00:00
David van Moolenbroek
f2def7d360 Kernel: correct a few SYSTEM source documentation comments 2009-09-17 20:51:34 +00:00
Tomas Hruby
db56801ddc Some clean up of the segment selectors macros
- [ABCD]_INDEX are not used anywhere

- value of *_SELECTOR is now calculated using the *_INDEX value so changing the
  index does not break the selector

- TSS is now the last of the global selectors. There will be TSS per CPU on SMP
  and the number will vary depending on the maximal supported number of CPUs
  configured
2009-09-15 10:01:06 +00:00
Tomas Hruby
71077d1228 iskernelp() and isuserp() test pointers
- we may test even not fully initialized entries, e.g. during boot
  crash

- is we know the process number we should use iskerneln
  and isusern
2009-09-15 09:58:46 +00:00
Tomas Hruby
78793f4f38 pproc_addr unused and removed 2009-09-15 09:57:54 +00:00
Tomas Hruby
4fd433694f proc_addr() returns address based on location in proc array
- pproc_addr is not neccessary to get the address of a process if we know its
  number

- local proc variables in system calls implementation (sys_task) conflicts with
  the global proc array of all process, therefore the variable were renamed to
  proc_nr as they hold the process number
2009-09-15 09:57:22 +00:00
David van Moolenbroek
e538509508 Kernel: remove unused CHECK_DEADLOCK definition 2009-09-07 20:23:31 +00:00
David van Moolenbroek
9c19233879 Kernel: do_[sv]devio.c header corrections 2009-09-06 15:54:15 +00:00
David van Moolenbroek
979bcfc195 - sys_privctl: don't mix message types
- sys_privctl: remove CTL_MM_PRIV (third parameter)
- remove obsolete sys_svrctl.c library file
2009-09-06 12:37:13 +00:00
Tomas Hruby
2e293ce7c0 system_init() renamed to arch_init()
- a better name for architecture specific init function

- some of x86 init code must execute in protected mode

- prot_init() removed from this function and still called in cstart() Imho this
  should be called from the architecture specific assembly not cstart. cstart
  perform Minix monitor specific tasks and will be touched once another
  bootloader is in use, e.g. booting via tftp, therefore we keep it as is for
  now.

- this is a backport from the SMP code which requires this. Merging will be simpler
2009-08-30 14:55:30 +00:00
Tomas Hruby
b1aaee6dcc Printing the trap info even if kernel crashes is handy. 2009-08-29 19:38:11 +00:00
Tomas Hruby
50473107c2 saved_proc in exception() may be NULL
If an exception happens in kernel while the kernel is booting and no processes
are running yet, saved_proc == NULL and priting any process related information
results in dumping rubish.

This check is mostly useful when debugging kernel stuff. Should _never_ happen
on a production kernel.
2009-08-29 19:26:46 +00:00
Tomas Hruby
4903a734b8 IDT is initialized in idt_init() not in prot_init()
This is a backport form the SMP branch. Not required here, it only makes life
for SMP easier. And future merging too.

- filling the IDT is removed from prot_init()

- struct gate_table_s is a public type

- gate_table_pic is a global array as it is used by APIC code too

- idt_copy_vectors() is also global and used by idt_init() as well as
  apic_idt_init()

- idt_init() is called right after prot_init() in system_init()
2009-08-28 15:55:30 +00:00
David van Moolenbroek
323f0abdd6 Support for setitimer(ITIMER_VIRTUAL/ITIMER_PROF). New test (41) for setitimer. 2009-08-15 21:37:26 +00:00
David van Moolenbroek
5e173f55f5 Remove leftover PowerPC cruft. Reported by Evgeniy Ivanov. 2009-07-07 18:55:11 +00:00
David van Moolenbroek
b8b8f537bd IPC privileges fixes
Kernel:
o Remove s_ipc_sendrec, instead using s_ipc_to for all send primitives
o Centralize s_ipc_to bit manipulation,
  - disallowing assignment of bits pointing to unused priv structs;
  - preventing send-to-self by not setting bit for own priv struct;
  - preserving send mask matrix symmetry in all cases
o Add IPC send mask checks to SENDA, which were missing entirely somehow
o Slightly improve IPC stats accounting for SENDA
o Remove SYSTEM from user processes' send mask
o Half-fix the dependency between boot image order and process numbers,
  - correcting the table order of the boot processes;
  - documenting the order requirement needed for proper send masks;
  - warning at boot time if the order is violated

RS:
o Add support in /etc/drivers.conf for servers that talk to user processes,
  - disallowing IPC to user processes if no "ipc" field is present
  - adding a special "USER" label to explicitly allow IPC to user processes
o Always apply IPC masks when specified; remove -i flag from service(8)
o Use kernel send mask symmetry to delay adding IPC permissions for labels
  that do not exist yet, adding them to that label's process upon creation
o Add VM to ipc permissions list for rtl8139 and fxp in drivers.conf

Left to future fixes:
o Removal of the table order vs process numbers dependency altogether,
  possibly using per-process send list structures as used for SYSTEM calls
o Proper assignment of send masks to boot processes;
  some of the assigned (~0) masks are much wider than necessary
o Proper assignment of IPC send masks for many more servers in drivers.conf
o Removal of the debugging warning about the now legitimate case where RS's
  add_forward_ipc cannot find the IPC destination's label yet
2009-07-02 16:25:31 +00:00
Ben Gras
bdab3c4cfb Library call for cpu features; make kernel and vm use this to query cpu
features (specifically: 4MB pages and TLB global bit).  Only enable
these features in CR4 if available. 4MB pages to be used in the near
future.
2009-05-15 17:07:36 +00:00
Arun Thomas
db4faccbf9 -Installation info is on the wiki now, so remove setup guides and update
README.
-Remove obsolete FAT partitioning utility.
-Update startup banner.
2009-05-14 15:54:02 +00:00
David van Moolenbroek
c2aef85eda Clear trace bit for child on fork.
Without this, a forking single-stepped process will have its child
die from a TRAP signal right away.
2009-05-13 21:58:10 +00:00
Ben Gras
e3ca89c0be more sanity checking. sanity checking disabled by default.
give every process a full pagetable by default now.

first step to disabling kernel page table code (processes
might not have page tables -> no address translation).
2009-05-12 11:35:01 +00:00
David van Moolenbroek
4af032bbfe Kernel interrupt hook management fixes:
- properly assign unique hook IDs
- after hook removal, remove hook-specific interrupt disable flag
2009-05-07 14:52:07 +00:00
Ben Gras
bb23344283 spurious debug 2009-04-27 16:11:38 +00:00
Ben Gras
ef8a741301 set global flag for kernel pages, so tlb entries for kernel aren't thrown
away on cr3 reload. minor optimization.
2009-04-23 15:11:16 +00:00
Ben Gras
e0f3a5acf1 - enable ipc warnings by default
- ipc checking code in kernel didn't properly catch the
   sendrec() to self case; added special case check
 - triggered by PM using stock panic() - needs its own _exit()

reported by Joren l'Ami.
2009-04-17 13:46:37 +00:00
Ben Gras
9647fbc94e moved type and constants for random data to include file;
added consistency check in random; added source of randomness
internal to random using timing; only retrieve random bins that are full.
2009-04-02 15:24:44 +00:00
Ben Gras
b560a36b20 trace fix contributed by Joren l'Ami 2009-04-02 11:38:23 +00:00
Ben Gras
6ac0338584 Don't declare the cprof buf if CPROFILE isn't on. 2009-02-06 16:31:28 +00:00
Ben Gras
6e86e6706d fix compiler warning; missing memory range check 2009-02-05 13:00:03 +00:00
Ben Gras
113932905f disable interrupts if necessary in kernel debug code to dump all process
stacks.
2009-01-29 15:13:54 +00:00
Ben Gras
c628f24bc2 moved stacktrace to sysctl, as vmctl is very privileged so can't
be used outside VM. IS code cleanup. added stacktrace feature to IS.
2009-01-27 12:54:33 +00:00
Ben Gras
3cc092ff06 . new kernel call sysctl for generic unprivileged system operations;
now used for printing diagnostic messages through the kernel message
   buffer. this lets processes print diagnostics without sending messages
   to tty and log directly, simplifying the message protocol a lot and
   reducing difficulties with deadlocks and other situations in which
   diagnostics are blackholed (e.g. grants don't work). this makes
   DIAGNOSTICS(_S), ASYN_DIAGNOSTICS and DIAG_REPL obsolete, although tty
   and log still accept the codes for 'old' binaries. This also simplifies
   diagnostics in several servers and drivers - only tty needs its own
   kputc() now.
 . simplifications in vfs, and some effort to get the vnode references
   right (consistent) even during shutdown. m_mounted_on is now NULL
   for root filesystems (!) (the original and new root), a less awkward
   special case than 'm_mounted_on == m_root_node'. root now has exactly
   one reference, to root, if no files are open, just like all other
   filesystems. m_driver_e is unused.
2009-01-26 17:43:59 +00:00
Ben Gras
b784e88026 prototype 2009-01-22 17:09:45 +00:00
Ben Gras
0f41416100 minor cleanup, extra check 2009-01-20 15:47:00 +00:00
Ben Gras
ef2867de41 don't print if we're already printing to serial. 2009-01-14 08:54:17 +00:00
Ben Gras
b4934f0e12 debug twiddle. 2009-01-14 08:52:50 +00:00
Ben Gras
3ca00a926c don't produce kernel output if serial debug is on. 2009-01-11 23:47:03 +00:00
Ben Gras
d5f978411e use #include name for servarname 2009-01-11 23:45:29 +00:00
Ben Gras
cd54beeb30 cprofile not conditional 2009-01-09 21:45:27 +00:00
Ben Gras
c27008fbcc cprofile not conditional 2009-01-09 21:44:52 +00:00
Ben Gras
22d9444773 don't always time that 2009-01-09 20:58:35 +00:00
Ben Gras
7740d0379c no longer in kernel 2009-01-09 16:35:25 +00:00
Ben Gras
128a0508c0 timing measurement code out of kernel and into library
(so other components can use it too)
2009-01-09 16:15:15 +00:00
Ben Gras
23a158b361 don't check senda() buffer if size is 0. 2008-12-21 03:46:42 +00:00
Ben Gras
203eb54a4c make space for first code and data pages if so configured. 2008-12-19 15:46:29 +00:00
Ben Gras
b740ff055f if serial output is enabled in the boot monitor, on the first serial line,
enable serial debug output in the kernel too.
2008-12-19 13:21:42 +00:00
Ben Gras
f0000078c3 make kernel leave a page-sized gap in its code and data to not be
mapped in if so configured.
2008-12-18 14:30:55 +00:00
Ben Gras
5db1a042c2 stacktrace feature. 2008-12-11 15:33:43 +00:00
Ben Gras
9d096e014b . print kernel stacktrace unconditionally on panic
. provide a panic() in the kernel for if a library function wants to panic
2008-12-11 14:23:58 +00:00
Ben Gras
b61687fb1b . VM needs a higher priority than VFS, PM etc
. introduce FULLVM flag: MEMORY and the initial MFS
   get their own full address spaces, making their stacks
   and heaps not preallocated (well, freed after VM has
   initialized it) and letting them allocate more dynamically.
   MEMORY in particular needs this to map in physical memory
   using its own page table, without having to allocate.
2008-12-11 14:21:47 +00:00