make vfs & filesystems use failable copying

Change the kernel to add features to vircopy and safecopies so that transparent copy fixing won't happen to avoid deadlocks, and such copies fail with EFAULT. Transparently making copying work from filesystems (as normally done by the kernel & VM when copying fails because of missing/readonly memory) is problematic as it can happen that, for file-mapped ranges, that that same filesystem that is blocked on the copy request is needed to satisfy the memory range, leading to deadlock. Dito for VFS itself, if done with a blocking call. This change makes the copying done from a filesystem fail in such cases with EFAULT by VFS adding the CPF_TRY flag to the grants. If a FS call fails with EFAULT, VFS will then request the range to be made available to VM after the FS is unblocked, allowing it to be used to satisfy the range if need be in another VFS thread. Similarly, for datacopies that VFS itself does, it uses the failable vircopy variant and callers use a wrapper that talk to VM if necessary to get the copy to work. . kernel: add CPF_TRY flag to safecopies . kernel: only request writable ranges to VM for the target buffer when copying fails . do copying in VFS TRY-first . some fixes in VM to build SANITYCHECK mode . add regression test for the cases where - a FS system call needs memory mapped in a process that the FS itself must map. - such a range covers more than one file-mapped region. . add 'try' mode to vircopy, physcopy . add flags field to copy kernel call messages . if CP_FLAG_TRY is set, do not transparently try to fix memory ranges . for use by VFS when accessing user buffers to avoid deadlock . remove some obsolete backwards compatability assignments . VFS: let thread scheduling work for VM requests too Allows VFS to make calls to VM while suspending and resuming the currently running thread. Does currently not work for the main thread. . VM: add fix memory range call for use by VFS Change-Id: I295794269cea51a3163519a9cfe5901301d90b32
2014-01-16 14:22:13 +01:00
parent 8c277f99f4
commit 565f13088f
58 changed files with 705 additions and 296 deletions
--- a/kernel/system/do_copy.c
+++ b/kernel/system/do_copy.c
@@ -10,7 +10,9 @@
 */

 #include "kernel/system.h"
+#include "kernel/vm.h"
 #include <minix/type.h>
+#include <assert.h>

 #if (USE_VIRCOPY || USE_PHYSCOPY)

@@ -75,8 +77,16 @@ int do_copy(struct proc * caller, message * m_ptr)
  if (bytes != (phys_bytes) (vir_bytes) bytes) return(E2BIG);

  /* Now try to make the actual virtual copy. */
-  return( virtual_copy_vmcheck(caller, &vir_addr[_SRC_],
+  if(m_ptr->CP_FLAGS & CP_FLAG_TRY) {
+	int r;
+	assert(caller->p_endpoint == VFS_PROC_NR);
+	r = virtual_copy(&vir_addr[_SRC_], &vir_addr[_DST_], bytes);
+	if(r == EFAULT_SRC || r == EFAULT_DST) return r = EFAULT;
+	return r;
+  } else {
+	return( virtual_copy_vmcheck(caller, &vir_addr[_SRC_],
 			  	&vir_addr[_DST_], bytes) );
+  }
 }
 #endif /* (USE_VIRCOPY || USE_PHYSCOPY) */

--- a/kernel/system/do_safecopy.c
+++ b/kernel/system/do_safecopy.c
@@ -17,6 +17,7 @@

 #include "kernel/system.h"
 #include "kernel/kernel.h"
+#include "kernel/vm.h"

 #define MAX_INDIRECT_DEPTH 5	/* up to how many indirect grants to follow? */

@@ -32,7 +33,7 @@ static int safecopy(struct proc *, endpoint_t, endpoint_t,
 *				verify_grant				     *
 *===========================================================================*/
 int verify_grant(granter, grantee, grant, bytes, access,
-	offset_in, offset_result, e_granter)
+	offset_in, offset_result, e_granter, flags)
 endpoint_t granter, grantee;	/* copyee, copyer */
 cp_grant_id_t grant;		/* grant id */
 vir_bytes bytes;		/* copy size */
@@ -40,6 +41,7 @@ int access;			/* direction (read/write) */
 vir_bytes offset_in;		/* copy offset within grant */
 vir_bytes *offset_result;	/* copy offset within virtual address space */
 endpoint_t *e_granter;		/* new granter (magic grants) */
+u32_t *flags;			/* CPF_* */
 {
 	static cp_grant_t g;
 	static int proc_nr;
@@ -96,6 +98,8 @@ endpoint_t *e_granter;		/* new granter (magic grants) */
 			return EPERM;
 		}

+		if(flags) *flags = g.cp_flags;
+
 		/* Check validity. */
 		if((g.cp_flags & (CPF_USED | CPF_VALID)) !=
 			(CPF_USED | CPF_VALID)) {
@@ -241,6 +245,7 @@ int access;			/* CPF_READ for a copy from granter to grantee, CPF_WRITE
 	endpoint_t new_granter, *src, *dst;
 	struct proc *granter_p;
 	int r;
+	u32_t flags;
 #if PERF_USE_COW_SAFECOPY
 	vir_bytes size;
 #endif
@@ -269,7 +274,7 @@ int access;			/* CPF_READ for a copy from granter to grantee, CPF_WRITE

 	/* Verify permission exists. */
 	if((r=verify_grant(granter, grantee, grantid, bytes, access,
-	    g_offset, &v_offset, &new_granter)) != OK) {
+	    g_offset, &v_offset, &new_granter, &flags)) != OK) {
 			printf(
 		"grant %d verify to copy %d->%d by %d failed: err %d\n",
 				grantid, *src, *dst, grantee, r);
@@ -298,6 +303,13 @@ int access;			/* CPF_READ for a copy from granter to grantee, CPF_WRITE
 	}

 	/* Do the regular copy. */
+	if(flags & CPF_TRY) {
+		int r;
+		/* Try copy without transparently faulting in pages. */
+		r = virtual_copy(&v_src, &v_dst, bytes);
+		if(r == EFAULT_SRC || r == EFAULT_DST) return EFAULT;
+		return r;
+	}
 	return virtual_copy_vmcheck(caller, &v_src, &v_dst, bytes);
 }

--- a/kernel/system/do_safememset.c
+++ b/kernel/system/do_safememset.c
@@ -47,7 +47,7 @@ int do_safememset(struct proc *caller, message *m_ptr) {

 	/* Verify permission exists, memset always requires CPF_WRITE */
 	r = verify_grant(dst_endpt, caller_endpt, grantid, len, CPF_WRITE,
-			 g_offset, &v_offset, &new_granter);
+			 g_offset, &v_offset, &new_granter, NULL);

 	if (r != OK) {
 		printf("safememset: grant %d verify failed %d", grantid, r);
--- a/kernel/system/do_umap_remote.c
+++ b/kernel/system/do_umap_remote.c
@@ -64,7 +64,7 @@ int do_umap_remote(struct proc * caller, message * m_ptr)
 	cp_grant_id_t grant = (cp_grant_id_t) offset;

        if(verify_grant(targetpr->p_endpoint, grantee, grant, count,
-                0, 0, &newoffset, &newep) != OK) {
+                0, 0, &newoffset, &newep, NULL) != OK) {
                printf("SYSTEM: do_umap: verify_grant in %s, grant %d, bytes 0x%lx, failed, caller %s\n", targetpr->p_name, offset, count, caller->p_name);
 		proc_stacktrace(caller);
                return EFAULT;
--- a/kernel/system/do_vumap.c
+++ b/kernel/system/do_vumap.c
@@ -78,7 +78,7 @@ int do_vumap(struct proc *caller, message *m_ptr)

 	if (source != SELF) {
 		r = verify_grant(source, endpt, vvec[i].vv_grant, size, access,
-			offset, &vir_addr, &granter);
+			offset, &vir_addr, &granter, NULL);
 		if (r != OK)
 			return r;
 	} else {
@@ -103,7 +103,7 @@ int do_vumap(struct proc *caller, message *m_ptr)
 			/* This call may suspend the current call, or return an
 			 * error for a previous invocation.
 			 */
-			return vm_check_range(caller, procp, vir_addr, size);
+			return vm_check_range(caller, procp, vir_addr, size, 1);
 		}

 		pvec[pcount].vp_addr = phys_addr;