Commit graph

13 commits

Author SHA1 Message Date
Thomas Veerman
ddbdca6cdb Add support for survival of crashed FSs
When an FS crashes, VFS will clean up resources tied to that FS:
 - Pending requests to the FS are canceled (i.e., fail with EIO)
 - Threads waiting for a reply are stopped (i.e., fail with EIO)
 - Open files are marked invalid. Future operations on a file descriptor
   will cause EBADF errors.
 - vmnt entry is cleared, so in-flight system calls that got past the
   file descriptor check but not yet talking to the crashed FS, will
   fail with EIO.
 - The reference counter of the mount point is decreased, effectively
   removing the crashed FS from the file system tree. Descendants of
   this part of the tree are unreachable by means of a path, but can
   still be unmounted by feeding the block special file to unmount(2).

This patch also gets rid of the "not a known driver endpoint" messages
during shutdown.
2012-01-19 14:21:46 +00:00
David van Moolenbroek
c25e2eb0cf avfs: fix for root file system not being unmounted
Also no longer have avfs crash whenever a file system server crashes.
2012-01-04 14:10:10 +01:00
Thomas Veerman
de5a9a3e8b AVFS: Use scratchpad instead of m_in to pass around file descriptors
Some code relies on having the file descriptor in m_in.fd. Consequently,
m_in is not only used to provide syscall parameters from user space to
VFS, but also as a global variable to store temporary data within VFS.
This has the ugly side effect that m_in gets overwritten during core
dumping.*

To work around this problem VFS now uses a so called "scratchpad" to
store temporary data that has to be globally accessible. This is a simple
table indexed by process number, just like fproc. The scratchpad allows
us to store the buffer pointer and buffer size for suspended system calls
(i.e., read, write, open, lock) instead of using fproc. This makes fproc
a bit smaller and fproc iterators a bit faster. Moreover, suspension of
processes becomes simpler altogether and suspended operations on pipes
are now less of a special case.

* This patch fixes a bug where due to unexpected m_in overwriting a
coredump would fail, and consequently resources are leaked. The coredump
was triggered with:
$ a() { a; }
$ a
2011-12-21 10:52:51 +00:00
Thomas Veerman
9f9f893123 Mark filp as in use on fd dup'ing 2011-12-21 10:45:29 +00:00
David van Moolenbroek
6f374faca5 Add "expected size" parameter to getsysinfo()
This patch provides basic protection against damage resulting from
differently compiled servers blindly copying tables to one another.
In every getsysinfo() call, the caller is provided with the expected
size of the requested data structure. The callee fails the call if
the expected size does not match the data structure's actual size.
2011-12-11 22:34:14 +01:00
Thomas Veerman
0a61519eea Provide core dumping support for AVFS 2011-12-08 10:47:11 +00:00
David van Moolenbroek
b4d909d415 Split block/character protocols and libdriver
This patch separates the character and block driver communication
protocols. The old character protocol remains the same, but a new
block protocol is introduced. The libdriver library is replaced by
two new libraries: libchardriver and libblockdriver. Their exposed
API, and drivers that use them, have been updated accordingly.
Together, libbdev and libblockdriver now completely abstract away
the message format used by the block protocol. As the memory driver
is both a character and a block device driver, it now implements its
own message loop.

The most important semantic change made to the block protocol is that
it is no longer possible to return both partial results and an error
for a single transfer. This simplifies the interaction between the
caller and the driver, as the I/O vector no longer needs to be copied
back. Also, drivers are now no longer supposed to decide based on the
layout of the I/O vector when a transfer should be cut short. Put
simply, transfers are now supposed to either succeed completely, or
result in an error.

After this patch, the state of the various pieces is as follows:
- block protocol: stable
- libbdev API: stable for synchronous communication
- libblockdriver API: needs slight revision (the drvlib/partition API
  in particular; the threading API will also change shortly)
- character protocol: needs cleanup
- libchardriver API: needs cleanup accordingly
- driver restarts: largely unsupported until endpoint changes are
  reintroduced

As a side effect, this patch eliminates several bugs, hacks, and gcc
-Wall and -W warnings all over the place. It probably introduces a
few new ones, too.

Update warning: this patch changes the protocol between MFS and disk
drivers, so in order to use old/new images, the MFS from the ramdisk
must be used to mount all file systems.
2011-11-23 14:06:37 +01:00
David van Moolenbroek
b02c260ecb Miscellaneous legacy cleanup 2011-11-07 22:20:55 +01:00
Thomas Veerman
90cde23c19 Cleanup more resources upon exit 2011-09-16 10:16:57 +00:00
Thomas Veerman
200b9d7339 Unmap drivers upon exit 2011-09-16 10:16:00 +00:00
Thomas Veerman
78183bddff Let FSes exit themselves upon system shutdown
During shutdown all processes are semi-exited and FSes are unmounted.
This semi-exit causes trouble for FUSE mounts as they still need access
to file descriptors and working directory in order to unmount.
2011-08-26 15:17:53 +00:00
Thomas Veerman
ae2159c371 Fix locking issues with back calls from FSes 2011-08-19 14:17:35 +00:00
Thomas Veerman
a6bd3f4a22 Merge AVFS and APFS 2011-08-17 13:40:36 +00:00