. don't loop doing a receive() after sendrec() - chance of recovering is not
high, and can lead to receive()ing a notify() (which can't happen in sendrec()),
which is terrible
. return status from device when DEV_CANCEL is done on a signal; hardcode EAGAIN to
become EINTR though
For character device i/o, FS does a so-called 'magic' grant to let the
driver copy from or to user space. As this is done in FS address space,
the driver is told to do this in FS address space. The redirection to
the right user process then happens at copy-time in the kernel, using the
FS grant table. This also happens for DEV_READ and DEV_WRITE on block
devices.
For other block device i/o, which happens from/to FS buffers, FS does
a 'direct' grant to its own address space for the driver.
After the i/o returns, this access has to be K-I-L-L-E-D, revoked.
Sometimes this is after a SUSPEND and DEV_REVIVE, in which case the
revoking happens in pipe.c.
This conversion happens in safe_io_conversion() in device.c, called
by dev_io and dev_bio.
FS has to pre-allocate its own space for these grant tables. This happens
in main.c.
from DIO_REQUEST. Also do_vdevio. Also do_sdevio, but this
function also supports grant id's and offsets.
do_segctl: rename protected to prot.
do_umap: support for GRANT_SEG umap.
do_privctl: support SYS_PRIV_SET_GRANTS, which sets location and size
of in-own-address-space grant table.
do_safecopy: functions to verify and perform 'safe' (grant-based) copies.
implementation functions.
Changed check in system.c to check compile-time-sized bitmap of
kernel calls.
Added SYS_SAFECOPYFROM and SYS_SAFECOPYTO, both mapping to
do_safecopy (that's what sys_call_code is used for).
any number of kernel calls.
Allowed kernel calls are stored in table.c for every image process as a
variably-sized array of allowed calls. This is used to fill the bitmap
of size determined at compile time by the number of kernel calls. This
filling is done by main.c. There is a special call called SYS_ALL_CALLS
which fills the bitmap of allowed calls completely, if that is the only
entry in the array.
include grant id in DEV_REVIVE messages.
. Removal of TTY_FLAGS field (and so O_NONBLOCK support).
. Fixed CANCEL behaviour and return code on blocking I/O,
previously handled by O_NONBLOCK
. Totally removed REVIVE replies, previously still possible on
blocking ioctls (REVIVE directly called) and ptys (missing TTY_REVIVE
check), removes deadlock bug with FS
. Removed obsolete *COMPAT options and associated code
. added safecopies.c:
these are library functions to maintain grant tables in own address space
. sys_safecopy.c:
interfaces to kernel calls to perform safe copy functions in from or to
foreign process
. changes in i/o fields (type merged with request) reflected in
library functions (sys_out.c, sys_vinb.c, sys_vinl.c, sys_vinw.c,
sys_voutb.c, sys_voutl.c, sys_voutw.c)
. type merged with request in sys_sdevio, also now accepts offset which
is used when a grant is specified (the _DIO_SAFE subtype)
. system printf() function changed to send DIAGNOSTICS_S messages, which
specify a grant id instead of a direct address for the buffer to be
printed; tty and log can then safecopy the buffer