The NetBSD boot loader loads automatically the kernel module appropriate
for the detected root file system; it is preset at "ffs". The MINIX3fs
support does not reset the underlying global variable, since there are
no use for this on MINIX. As a result, the boot loader searches for
/ffs.kmod, and issues two warnings about "module failure to open/load."
If the provided path was only a single component (i.e., without
slashes), then last_dir would return early and skip the symlink
detection (i.e., check whether the path ends in a symlink and resolve
that first before returning). This bug triggered an assert in open
which expects that an advance after an last_dir (with VMNT_WRITE lock)
does not yield another vmnt lock.
The assert was meant as an additional check to the assert in link.c:198.
The reasoning behind the assert in link.c:198 is that once you've
obtained a write lock on a vmnt, you can't get an additional read lock
on the same vmnt. However, that does not always hold for the assert in
path.c:281 where the situation could be that you've obtained a read lock
and managed to get another read lock (this is possible). In other words,
the assert in path.c:281 is not the right place to check for that
situation.
- Fix locking bug when unable to send DEV_SELECT request. Upon failure
VFS tried to cancel the select operation, but this failed due to trying
to lock a filp that was already locked to send the request in the first
place. Do_select_request now handles locking of filps itself instead of
relying on the caller to do it. This fixes a crash when killing INET.
- Fix failure to revive a process after a non-blocking select operation
yielded no ready select operations when replying DEV_SEL_REPL1.
- Improve readability by using OK, SUSPEND, and standard error values as
results instead of having separate macros in select.
- Don't print not having a driver for a major device; after killing a driver
select will trigger this printf.
. harmonize bsd.lib.mk and bsd.man.mk with netbsd files
. throw out minix section 3 (library calls) manpages,
replaced by netbsd ones that are now installed
There is important information about booting non-ack images in
docs/UPDATING. ack/aout-format images can't be built any more, and
booting clang/ELF-format ones is a little different. Updating to the
new boot monitor is recommended.
Changes in this commit:
. drop boot monitor -> allowing dropping ack support
. facility to copy ELF boot files to /boot so that old boot monitor
can still boot fairly easily, see UPDATING
. no more ack-format libraries -> single-case libraries
. some cleanup of OBJECT_FMT, COMPILER_TYPE, etc cases
. drop several ack toolchain commands, but not all support
commands (e.g. aal is gone but acksize is not yet).
. a few libc files moved to netbsd libc dir
. new /bin/date as minix date used code in libc/
. test compile fix
. harmonize includes
. /usr/lib is no longer special: without ack, /usr/lib plays no
kind of special bootstrapping role any more and bootstrapping
is done exclusively through packages, so releases depend even
less on the state of the machine making them now.
. rename nbsd_lib* to lib*
. reduce mtree
. we cannot use the boot monitor to print the system diag buffer
. for serial, we do nothing, just reset, everything is already printed
. for not-serial, we print the current diag buffer using direct video
memory access from the kernel
Add guard pages to the top of the stack to catch overflow errors.
Moreover, fix a bug where libmthread would keep using a stack that was
just deallocated; a detached thread would deallocate its own stack after
it was finished running).
With -n -b file, a.out boot images can be used for CD booting;
with the new -n -B file option, plain binary (like bootxx_cd9660)
can be used instead.
Restore working the -h and -f options while there.
And add a new -F option for 2.8MB floppy image.
Register file timestamps
Remember the path tables in the primary descriptor
Put the size of the parent directory in the \1 entry, not own size
Allow the use of -b option without -a
Notes:
* Still missing the man page
* Filenames are still trimmed to 12 characters, because of
8.3 MS-DOS inherited compatibility (ISO9660 level 1);
also note that 7.4 or 9.2 filenames are accepted though
* Final . at end of filenames without extension is still missing
* VMS-compatible ;1 version suffix is still omitted
* Limit of 65,535 directories in path tables is not checked
Instead of using rootdev= or ramimagedev= in the boot monitor
which are changed to numbers and cannot be used with other
loaders, rootdevname= or ramimagename= are (MINIX-style)
device names always stored as strings.
Patch by Antoine Leca.
Kernels and system services are stored in a single directory in the
/boot/minix/ and rotated like /boot/images. /boot/minix_latest slink
is created automatically.
System serives are prefixed by "modNN_" to allow to easily load them
using "mod*" pattern.
Boot stuff dependencies from NetBSD.
Patch by Antoine Leca. Relocated to src/sys.
The port is using the same libminc.a as usual MINIX services (and does
not use NetBSD libkern); the headers imported from NetBSD sys/ tree
have been kept to a minimum (still numbers higher than 30 though.)
Note the peculiar way to use libraries (libsa, libi386, etc.): the
source code is shared, but each component builds its own copy of the
library, with its own set of preprocessor defines.
Also following functionality was added:
- Add install_master to the installboot from NetBSD.
- Check if enough space for bootxx.
Old installboot was renamed to installboot_minix.
- When cancelling ioctls, VFS did not remember which file descriptor
to cancel and sent bogus to the driver.
- Select state was not cleaned up when select()ing process was
interrupted.
- Process trying to do a system call at the exact same time as a user
trying to interrupt the process, could cause the system call worker
thread to overwrite state belonging to the worker thread trying to
exit the process. This led to hanging threads and eventual system hang
when this happens often enough.
When a mount operation fails and the FS exits, free_proc could try and
clean up resources associated with the mount point before the mount
thread itself can do that. However, the clean up procedure should only
clean up resources that were actually in use.
Currently, all servers and drivers run as root as they are forks of
RS. srv_fork now tells PM with which credentials to run the resulting
fork. Subsequently, PM lets VFS now as well.
This patch also fixes the following bugs:
- RS doesn't initialize the setugid variable during exec, causing the
servers and drivers to run setuid rendering the srv_fork extension
useless.
- PM erroneously tells VFS to run processes setuid. This doesn't
actually lead to setuid processes as VFS sets {r,e}uid and {r,e}gid
properly before checking PM's approval.
- this patch fixes a deadlock which may occur if we get a
spurious interrupt while calibrating clocks during the boot
time. Since we never handle interrupts while in the kernel
(BKL locked) the interrupt code locks the lock. This is a
different situation, a corner case, boot time only. We do not
return to userspace but to the kernel, so the BKL is not
unlocked. So we need irq handler which leaves the BKL
unlocked. The clock handler does it already, this patch adds
a dummy spurious irq handler for the same reason. It is better
to handle the situation this way to keep the normal runtime
code simple.
- this is a temporary change which makes images compiled for SMP
boot in SMP mode by default.
- this change is needed until we can configure the multiboot
images from the boot loader again.
When an FS crashes, VFS will clean up resources tied to that FS:
- Pending requests to the FS are canceled (i.e., fail with EIO)
- Threads waiting for a reply are stopped (i.e., fail with EIO)
- Open files are marked invalid. Future operations on a file descriptor
will cause EBADF errors.
- vmnt entry is cleared, so in-flight system calls that got past the
file descriptor check but not yet talking to the crashed FS, will
fail with EIO.
- The reference counter of the mount point is decreased, effectively
removing the crashed FS from the file system tree. Descendants of
this part of the tree are unreachable by means of a path, but can
still be unmounted by feeding the block special file to unmount(2).
This patch also gets rid of the "not a known driver endpoint" messages
during shutdown.
User processes can send signals with number up to _NSIG. There are a few
signal numbers above that used by the kernel, but should explicitly not
be included in the range or range checks in PM will fail.
The system processes use a different version of sigaddset, sigdelset,
sigemptyset, sigfillset, and sigismember which does not include a range
check on signal numbers (as opposed to the normal functions used by normal
processes).
This patch unbreaks test37 when the boot image is compiled with GCC/Clang.
Last_dir didn't consider paths that end in a symlink and hence didn't
actually return the last_dir when provided with one. For example,
/var/log is a symlink to /usr/log. Issuing `>/var/log' would trigger
an assert in AVFS, because /var/ is not the actual last directory; /usr/
is.
Last_dir now verifies the final component is not a symlink. If it is, it
follows the symlink and restarts finding of the last the directory.
- change AcpiOsRemoveInterruptHandler() to print a warning
instead of panic.
- we do the same in AcpiOsInstallInterruptHandler().
Signed-off-by: Tomas Hruby <thruby@few.vu.nl>
- we must not deliver messages from/to unstable address spaces.
In such a case, we must postpone the delivery. To make sute
that a process which is expecting an asynchronous message does
not starve, we must remember that we skipped delivery of some
messages and we must try to deliver again once the source
address space is stable again.
- when kernel copies from userspace, it must be sure that the TLB
entries are not stale and thus the referenced memory is correct
- everytime we change a process' address space we set p_stale_tlb
bits for all CPUs.
- Whenever a cpu finds its bit set when it wants to access the
process' memory, it refreshes the TLB
- it is more conservative than it needs to be but it has low
overhead than checking precisely
- two CPUs can issue IPI to each other now without any hazzard
- we must be able to handle synchronous scheduling IPIs from
other CPUs when we are waiting for attention from another one.
Otherwise we might livelock.
- necessary barriers to prevent reordering
- has_pending() takes a special argument that tells the code
whether we are scanning for asynchronous message or something
else.
- has_pending() is not used directly anymore
- the new functions are wrappings around has_pending() to make
the use more comfortable.
- these functions should become static inline eventually
Remove .ident sections, and force separations of .text and
.data sections into separate program headers, for the benefit
of the check done by MINIX boot monitor in multiboot mode.
When a lock has read-serialized and read-only locks, releasing the read-
serialized lock would not set the state to read-only when no other locks
were pending.
. pre-cleanflag ("old") mkfs generates without CLEAN flag,
causing boot not working because imgrd disappears after 1st
close
. fixed sanity check for this situation
. disable imgrd disappearing in memory driver so
readonly mount succeeds in case it happens anyway
. also implement now-possible fsck -p option
. allows unconditional fsck -p invocation at startup,
only checking each filesystem if not marked clean
. mounting unclean is allowed but is forced readonly
. updating the superblock while mounted is now not
allowed by mfs - must be done (e.g. by fsck.mfs)
on an unmounted fs
. clean flag is unset by mfs on mounting, and set by
mfs on clean unmounting (if clean flag was set at
mount time)
Signed-off-by: Ben Gras <ben@minix3.org>
. use dirty marking hooks to check and warn
when inodes/bufs are marked dirty on a readonly
mounted fs
. add readonly mount checks to restore readonly
mounting
Signed-off-by: Ben Gras <ben@minix3.org>
. No functional change
. Only serves to get hooks to do checks in
. e.g. should things be marked dirty when we are
mounted readonly
Signed-off-by: Ben Gras <ben@minix3.org>
Some code relies on having the file descriptor in m_in.fd. Consequently,
m_in is not only used to provide syscall parameters from user space to
VFS, but also as a global variable to store temporary data within VFS.
This has the ugly side effect that m_in gets overwritten during core
dumping.*
To work around this problem VFS now uses a so called "scratchpad" to
store temporary data that has to be globally accessible. This is a simple
table indexed by process number, just like fproc. The scratchpad allows
us to store the buffer pointer and buffer size for suspended system calls
(i.e., read, write, open, lock) instead of using fproc. This makes fproc
a bit smaller and fproc iterators a bit faster. Moreover, suspension of
processes becomes simpler altogether and suspended operations on pipes
are now less of a special case.
* This patch fixes a bug where due to unexpected m_in overwriting a
coredump would fail, and consequently resources are leaked. The coredump
was triggered with:
$ a() { a; }
$ a
This patch makes PFS, EXT2 and MFS print only once that they're out of
space. After freeing up space and running out of space again, the message
will be printed again also.
The nbyte in read(int fildes, void *buf, size_t nbyte) is unsigned,
so although technically we're doing the same comparison, this is more
in line with POSIX.
The comparison was moved to read_write as that routine is used within
VFS to let it VFS write out coredumps.
- if no IRQ table is found, we report that ACPI cannot map IRQ
correctly
- fixes mapping of IRQs in KVM because in this case we just fall
through and use the IRQ configured by BIOS. PCI still reports
that it failed to use ACPI. It is a hint if things go wrong.
When a process wants something done from VFS, but VFS has no worker
threads available, the request is stored and executed later. However,
when PM also sends a request for that process at the same time, discard
the pending request from the process and give priority to PM. The request
PM sends is either an EXIT or a DUMPCORE request, so we're not interested
in executing the pending request anyway.
This driver can be loaded as an overlay on top of a real block
device, and can then be used to generate block-level failures for
certain transfer requests. Specifically, a rule-based system allows
the user to introduce (overt and silent) data corruption and errors.
It exposes itself through /dev/fbd, and a file system can be mounted
on top of it. The new fbdctl(8) tool can be used to control the
driver; see ``man fbdctl'' for details. It also comes with a test
set, located in test/fbdtest.
This removes a race condition when the block driver performs a
complete restart after a crash (the new default). If any user of
the driver finds out its new endpoint and sends a request to the
new driver instance before this instance has had the chance to
initialize, then its initialization would clear all IPC state and
thereby erroneously cancel the incoming request. Clearing IPC
state is only desired upon a stateful restart (where the driver's
endpoint is retained). This information is now passed to and used
by libblockdriver accordingly.
The test script now resolves the device node into a <label,minor>
pair, so that the blocktest driver itself no longer has to. This
removes blocktest's dependency on VFS' internal data structures.
Also allow blocktest to be linked using with gcc/clang.
This patch provides basic protection against damage resulting from
differently compiled servers blindly copying tables to one another.
In every getsysinfo() call, the caller is provided with the expected
size of the requested data structure. The callee fails the call if
the expected size does not match the data structure's actual size.
This stops the printer driver from hanging the entire system when
/dev/lp is opened on systems that do not have a parallel port. With
this change, the printer driver shuts down immediately after loading
on such systems.
Using sendrec directly only results in problems. While it is not
clear whether using fs_sendrec is the best option, it is at least
an improvement.
Also remove some legacy cruft.
Each block driver now gets to specify whether it is a disk block
driver, which implies it wants the library to handle getting and
setting partitions for it.
The NetBSD libc provides a mechanism to have versions of system calls.
By 'renaming' symbols to a new version, freshly compiled programs will
automatically use the new symbol iff they use the proper header files. The
old, not renamed, version of the symbol will still exist (after being moved
to the compat directory), so old programs can still link.
Since MINIX doesn't support dynamic linking, the whole rename mechanism
doesn't really work for us. However, removing it would create a huge diff
with the current NetBSD libc.
A lot of the compat code relies on things we don't (seem to) have, and
therefore does not get built and linked. This causes trouble for tools like
autoconf, which will fail to find the renamed symbols. For example,
currently select gets renamed to __select50 in libc. Autoconf looks for
'select' and doesn't find it and reports we don't have it. This is where
the compat.S stub comes into play: it generates the old symbols and jumps to
the new symbols. However, as this is done in one object file, all renamed
symbols get linked together, causing binaries to be huge. This patch fixes
that by generating an object file for each renamed symbol.
This patch also makes the MISSING_SYSCALLS more complete and marginally
reduces the diff with NetBSD.
The implementation is in libblockdriver, and works transparently for
all block drivers. The new btrace(8) tool can be used to control block
tracing; see ``man btrace'' for details.
. always install them (overwrite)
. source minix one from /etc/defaults/rc.conf
so that it'll get read on existing installs
without overwriting rc.conf (doesn't happen by default
as it's user-editable), needed for new netconf system
. reported by Tenkawa
This patch separates the character and block driver communication
protocols. The old character protocol remains the same, but a new
block protocol is introduced. The libdriver library is replaced by
two new libraries: libchardriver and libblockdriver. Their exposed
API, and drivers that use them, have been updated accordingly.
Together, libbdev and libblockdriver now completely abstract away
the message format used by the block protocol. As the memory driver
is both a character and a block device driver, it now implements its
own message loop.
The most important semantic change made to the block protocol is that
it is no longer possible to return both partial results and an error
for a single transfer. This simplifies the interaction between the
caller and the driver, as the I/O vector no longer needs to be copied
back. Also, drivers are now no longer supposed to decide based on the
layout of the I/O vector when a transfer should be cut short. Put
simply, transfers are now supposed to either succeed completely, or
result in an error.
After this patch, the state of the various pieces is as follows:
- block protocol: stable
- libbdev API: stable for synchronous communication
- libblockdriver API: needs slight revision (the drvlib/partition API
in particular; the threading API will also change shortly)
- character protocol: needs cleanup
- libchardriver API: needs cleanup accordingly
- driver restarts: largely unsupported until endpoint changes are
reintroduced
As a side effect, this patch eliminates several bugs, hacks, and gcc
-Wall and -W warnings all over the place. It probably introduces a
few new ones, too.
Update warning: this patch changes the protocol between MFS and disk
drivers, so in order to use old/new images, the MFS from the ramdisk
must be used to mount all file systems.
. clang-linked binaries were not calling global constructors, as the
code to do so wasn't in csu/ and linked
. it does work for gcc as it uses its self-supplied crt{begin,end} code
. this commit copies netbsd's crt{begin,end}.S, which contains
constructor/destructor calling code, called from .init and .fini
sections already accumulated by the linker. the _init function was already
called by the C startup code before calling main.
. based on work by Antoine Leca
. make procfs check it
. detects pm/procfs mismatches
. was triggered by ack/clang pm/procfs:
add padding to mproc struct to align ack/clang layout
to fix this
. always compile acpi, with clang, so never have
build/clean inconsistencies; can be enabled (i.e. run
at boot time) by setting acpi variable in the boot monitor
. always strip binaries with the right strip cmd, so never
have ack/elf strip inconsistencies
. rc script and service know to look in /usr/pkg/.. for
extra binaries and conf files
. service split into parsing config and doing RS request
so that a new utility (printconfig) can just print the
config in machine-parseable format for netconf integration
. converted all base system eth drivers/netconf
. detect both formats in /etc/rc
. generate new format in setup
. obsoletes /etc/fstab.local: everything can go in /etc/fstab
. put shutdown/reboot/halt and a copy of /usr/adm/wtmp
(/etc/wtmp) on root FS so that we can do shutdown checks before
mounting /usr
. new fstab format makes getfsent() and friends work
Import libpuffs and our port of libpuffs. The port was done as part of
GSoC 2011 FUSE project, done by Evgeniy Ivanov. The librefuse import
did not require any porting efforts. Libpuffs has been modified to
understand our VFS-FS protocol and translate between that and PUFFS. As
an example that it works, fuse-ntfs-3g from pkgsrc can be compiled and
used to mount ntfs partitions:
mount -t ntfs-3g <device> <mountpoint>
FUSE only works with the asynchronous version of VFS. See <docs/UPDATING> on
how to run AVFS.
This patch further includes some changes to mount(1) and mount(2) so it's
possible to use file systems provided by pkgsrc (note: manual modifications
to /etc/system.conf are still needed. There has been made an exception for
fuse-ntfs-3g, so it already as an entry).
This patch fixes most of current reasons to generate compiler warnings.
The changes consist of:
- adding missing casts
- hiding or unhiding function declarations
- including headers where missing
- add __UNCONST when assigning a const char * to a char *
- adding missing return statements
- changing some types from unsigned to signed, as the code seems to want
signed ints
- converting old-style function definitions to current style (i.e.,
void func(param1, param2) short param1, param2; {...} to
void func (short param1, short param2) {...})
- making the compiler silent about signed vs unsigned comparisons. We
have too many of those in the new libc to fix.
A number of bugs in the test set were fixed. These bugs were never
triggered with our old libc. Consequently, these tests are now forced to
link with the new libc or they will generate errors (in particular tests 43
and 55).
Most changes in NetBSD libc are limited to moving aroudn "#ifndef __minix"
or stuff related to Minix-specific things (code in sys-minix or gen/minix).
The "bdev" library provides basic primitives for file systems to talk
to block device drivers, hiding the details of the underlying protocol
and interaction model.
This version of libbdev is rather basic. It is planned to support the
following features in the long run:
- asynchronous requests and replies;
- recovery support for underlying block drivers;
- retrying of failed I/O requests.
The commit also changes our block-based file systems (mfs, ext2, isofs)
to make use of libbdev.
While no problems have been observed in practice yet, modern compilers
may reorder memory access operations, and that could lead to problems
with memory-mapped I/O typically done by drivers. This patch prevents
any potentially problematic reordering by the compiler in the ATL2
driver.
In addition, this patch removes a number of gcc/clang warnings.
While no problems have been observed in practice yet, modern compilers
may reorder memory access operations, and that could lead to problems
with memory-mapped I/O typically done by drivers. This patch prevents
any potentially problematic reordering by the compiler in the AHCI
driver.
This patch adds support for executing multiple concurrent requests on
different devices on the same AHCI controller. The libdriver library
has been extended to include a generic multithreading interface, and
the AHCI driver has been extended to make use of this interface.
The original version of this code has been written by Arne Welzel.
In certain cases, a process ID may be reused between two lazy updates
of procfs's PID table. If the new associated process slot has a lower
index than the old one, this will trigger an assert in vtreefs, as the
new PID name entry is added before the old one is removed. This patch
fixes the problem by always first removing old PID name entries before
adding new ones.
Bug reported by Stephen Hatton.
PUFFS file systems need to make back calls for every operation we
send to them. Consequently, they cannot handle block reads and writes
themselves. Instead, the root file system has to do it (for now).
When the mount operation causes an FS to make a back call, AVFS now
concludes that every block read and write for that FS has to go
through the root file system.
. add bsd-style MLINKS to minix man set, restoring aliases
(e.g. man add64 -> int64)
. update daily cron script to run makewhatis and restore makewhatis
in man Makefile (makedb), restores functionality of man -k
. netbsd imports of man, mdocml, makewhatis, libutil, apropos
. update man.conf with manpage locations, restoring man [-s] <section>
. throws out some obsolete manpages
In some places it was assumed that PATH_MAX does not include a
terminating null character.
Increases PATH_MAX to 1024 to get in sync with NetBSD. Required some
rewriting in AVFS to keep memory usage low (the stack in use by a thread
is very small).
. move cache size heuristic from mfs there
so mfs and ext2 can share it
. add vfs credentials retrieving function, with
backwards compatability from previous struct
format, to be used by both ext2 and mfs
. fix for ext2 - STATICINIT was fed no.
of bytes instead of no. of elements, overallocating
memory by a megabyte or two for the superblock
During shutdown all processes are semi-exited and FSes are unmounted.
This semi-exit causes trouble for FUSE mounts as they still need access
to file descriptors and working directory in order to unmount.
- Remove unused code
- Use standard functions declared in common.c
- Change tests to do a runtime test for the max name length of a path
component (aka NAME_MAX). The actual value might differ from the hard
coded NAME_MAX depending on the file system used.
. default jemalloc is not too easy to compile without threads
libraries/types
. non-default malloc has odd virtual address space binge problem
. switch to ack/minix malloc in old libc for now
. move mfs-specific struct, constants to mfs/, so
mfs-specific, on-disk format structs and consts are
fully isolated from generic structs and functions
. removes de and readfs utils
Let's suppose that /usr/tmp exists and one wants /usr/tmp/a/b
If one runs "mkdir -p /usr/tmp/a/b/" (the '/' at the end is
important), then a "File exists" error comes up. Example:
$ rm -rf /usr/tmp/a
$ mkdir -p /usr/tmp/a/b/
/usr/tmp/a/b/: File exists
This breaks gcc47 installation when C++ is enabled, and this
isn't the behaviour of mkdir on NetBSD nor Linix.
This patch fixes the above issue by dropping the trailing '/'.
. workaround for clang's stdint.h __STDC_HOSTED__ test
that causes the host stdint.h to be ignored for -ffreestanding,
causing a type to be double-defined in the kernel
. only use for single-page invalidations initially
. shows tiny but statistically significant performance
improvement; will be more helpful in certain VM debug
modes
. ipc wants to know about processes that get
signals, so that it can break blocking ipc operations
. doing it for every single signal is wasteful
and causes the annoying 'no slot for signals' message
. this fix tells vm on a per-process basis it (ipc)
wants to be notified, i.e. only when it does any ipc calls
. move ipc config to separate config file while we're at it
- BSD-licensed Code gratefully taken from the project at
http://en.sourceforge.jp/projects/sfnet_vassertlinuxsdk/
- For more information on vmware VAssert, a powerful debugging
facility usable under vmware, see:
www.vmware.com/pdf/ws65_vassert_programming.pdf
The bsd signal names are out-of-order compared to the minix ones.
I found out (the hard way) that the (MINIX-descending) ordered list of
signals in <sys/signal.h> does not match the (BSD-descending) ordered
list of signals in usr/src/lib/libc/nbsd_libc/gen/sig{name,list}.c
Beyond being unfortunate, it prevents the trap command of ash to handle
correctly a named signal; a funny test case is
#!/bin/sh
trap 'echo trapping signal BUS' BUS
trap 'echo trapping signal 10 (USR1)' 10
trap # show me what is currently trapped
As a quick workaround, I disabled the use of the libc-provided
sys_sig{name,list} arrays for ash, and reverted to the hand-made array
which is used by the less capable MINIX libc. It allowed me to use
pkgsrc.
. needed for netbsd libc dns resolution
. points to minix nonamed
. /etc/resolv.conf should have the real info
(written by netconf / dhcp client)
. nonamed should be phased out but will probably
be around for the 'old' libc
. fold 2 exception-in-kernel cases (pagefault and rest)
into 1
. for exceptions that occur in kernel, don't just print
kernel stacktrace (typically that is just the exception
handler) but also the stacktrace of when the exception
happened
. don't install minix <termcap.h> as libterminfo
has its own (but still install it in /usr/include.ack)
. forget minix termcap functions in -lcompat_minix
. make commands use -lterminfo in netbsd libc compile mode
. speeds up mkdep (i.e. world builds) significantly
. have to keep minix /bin/sed for a while because previous
usr/etc/rc depends on it
. force mkdep to use /usr/bin/sed for speedup
Improves cache locality by grouping together dependency generation
with building for each program instead of doing a whole-tree dep
generation phase followed by a whole-tree build phase
. it's a good extra interface to have but doesn't
meet standardised functionality
. applications (in pkgsrc) find it and expect
full functionality the minix mmap doesn't offter
. on the whole probably better to hide these functions
(mmap and friends) until they are grown up; the base system
can use the new minix_* names
. MAP_SHARED was used to implement sysv shared memory
. used to signal shareable memory region to VM
. assumptions about this situation break when processes
use MAP_SHARED for its normal, standardised meaning
POSIX truncate specification says "Upon successful completion, if
the *file size is changed*, this function shall mark for update the
st_ctime and st_mtime fields of the file." This patch prevents
changing of the date fields when the size stays the same.
. Feature to do a 'release' into a permanent
and usable FS hierarchy, usable with chroot
. Just like the temporary staging hierarchy really
. Useful to checking out and building the latest
version of minix from a host minix; to
(1) make an uptodate minix jail, and
(2) make a sterile, reproducible jail environment, and
(3) use as disposable environment in which moving /usr/pkg
is ok
(i.e. pkgsrc bulk builds)
. strerror() assumes this
. remove generated libminc/errlist.c
. errno's in <sys/errno.h> have to be in sorted order
. filtering out some errno.h in Makefile lets us use near-stock
errlist.awk
* VFS and installed MFSes must be in sync before and after this change *
Use struct stat from NetBSD. It requires adding new STAT, FSTAT and LSTAT
syscalls. Libc modification is both backward and forward compatible.
Also new struct stat uses modern field sizes to avoid ABI
incompatibility, when we update uid_t, gid_t and company.
Exceptions are ino_t and off_t in old libc (though paddings added).
Now users can choose between libsys, libsys + libminc and
libsys + libc. E.g. PUFFS/FUSE servers need libsys + libc while
old servers can use libsys + libminc.
- the pointers must be flagged as volatile because otherwise they
might be "optimized" by a compiler. It is a common good
practice to access the registers this way, the keyword is in C
for a reason.
- for instance, in eeprom_eerd() when polling a register the
compiler, under certain conditions, may decide upon the first
read and if it does not break the loop it assumes that the
value is not going to change and thus stays in an infinite
loop.
1. ack, a.out, minix headers (moved to /usr/include.ack),
minix libc
2. gcc/clang, elf, netbsd headers (moved to /usr/include),
netbsd libc (moved to /usr/lib)
So this obsoletes the /usr/netbsd hierarchy.
No special invocation for netbsd libc necessary - it's always used
for gcc/clang.
. if the build target is invoked again for the install target, the
stack sizes aren't set properly. A workaround is to only build
and not install the servers. (Installing them doesn't really make
sense anyway.)
The opendir(3) function was setting errno to ENOTDIR even
when the directory existed and was opened successfully. This
caused git to falsely detect an error.
This change moves the errno assignment into the failure code
block. It also adds a test to test24 to check for errno
changing when opendir(3) returns success.
Some packages are in multiple categories (one example is
devel/libgetopt). This broke the IF statement because
${CATEGORIES} got expanded to "cat1 cat2". The proper
variable to use is PKGPATH.
Add two makefiles to manage compiling packages with NetBSD libc.
* minix.libc.mk contains the proper CFLAGS/LDFLAGS
* pkgsrchooks.mk contains the logic for setting the flags.
* update bmake
Several pkg-config files were added to help pkgsrc learn about
the c, minlib, and compat_minix libraries.
. remove a few asserts in the kernel and 64bi library
that are not compatible with the timing code
. change the TIME_BLOCKS code a little to work in-kernel
3 sets of libraries are built now:
. ack: all libraries that ack can compile (/usr/lib/i386/)
. clang+elf: all libraries with minix headers (/usr/lib/)
. clang+elf: all libraries with netbsd headers (/usr/netbsd/)
Once everything can be compiled with netbsd libraries and headers, the
/usr/netbsd hierarchy will be obsolete and its libraries compiled with
netbsd headers will be installed in /usr/lib, and its headers
in /usr/include. (i.e. minix libc and current minix headers set
will be gone.)
To use the NetBSD libc system (libraries + headers) before
it is the default libc, see:
http://wiki.minix3.org/en/DevelopersGuide/UsingNetBSDCode
This wiki page also documents the maintenance of the patch
files of minix-specific changes to imported NetBSD code.
Changes in this commit:
. libsys: Add NBSD compilation and create a safe NBSD-based libc.
. Port rest of libraries (except libddekit) to new header system.
. Enable compilation of libddekit with new headers.
. Enable kernel compilation with new headers.
. Enable drivers compilation with new headers.
. Port legacy commands to new headers and libc.
. Port servers to new headers.
. Add <sys/sigcontext.h> in compat library.
. Remove dependency file in tree.
. Enable compilation of common/lib/libc/atomic in libsys
. Do not generate RCSID strings in libc.
. Temporarily disable zoneinfo as they are incompatible with NetBSD format
. obj-nbsd for .gitignore
. Procfs: use only integer arithmetic. (Antoine Leca)
. Increase ramdisk size to create NBSD-based images.
. Remove INCSYMLINKS handling hack.
. Add nbsd_include/sys/exec_elf.h
. Enable ELF compilation with NBSD libc.
. Add 'make nbsdsrc' in tools to download reference NetBSD sources.
. Automate minix-port.patch creation.
. Avoid using fstavfs() as it is *extremely* slow and unneeded.
. Set err() as PRIVATE to avoid name clash with libc.
. [NBSD] servers/vm: remove compilation warnings.
. u32 is not a long in NBSD headers.
. UPDATING info on netbsd hierarchy
. commands fixes for netbsd libc
#if inside macro call is undefined behaviour under the C standard
(3.8.3 paragraph 10 for C90, 6.8.10 paragraph 11 for C99).
The same effect can be achieved with a slightly more verbose construct,
putting the whole macro call inside the #ifdef/#else/#endif.
. Handle more compiler names, including most cross-compilers.
. Allows to use acd(1) and [whatever-]acc to designate ACK compiler.
. Do not abort (on COMPILER_TYPE not defined) if the compiler name
is not recognized.
sys_umap now supports only:
- looking up the physical address of a virtual address in the address space
of the caller;
- looking up the physical address of a grant for which the caller is the
grantee.
This is enough for nearly all umap users. The new sys_umap_remote supports
lookups in arbitrary address spaces and grants for arbitrary grantees.
to upstream.
- revert to upstream version of function prototypes for
setting the uid and gid fields of the archive_entry.
- move uid/gid overflow checks into header_common().
- use archive_set_error() instead of fprintf() for getting
error message text back to the main program.
and minor fixes:
. add ack/clean target to lib, 'unify' clean target
. add includes as library dependency
. mk: exclude warning options clang doesn't have in non-gcc
. set -e in lib/*.sh build files
. clang compile error circumvention (disable NOASSERTS for release builds)
Several pkgsrc packages under the games category won't install
without a games group. This change adds the group with gid 13,
the default games gid on NetBSD.
The file timestamps in archives created by libarchive all had
dates in the year 2038. It was caused by a bit shift in
archive_write_set_format_ustar which shifted 1 instead of 1ull.
- time stops if there is no activity and the timer expired before
we halted the cpu
- restart_local_timer() checks if the timer has expired and if so it
restarts it
- we do the same when switching back to userspace
- when ACPI does not find mappings for pci brdiges, do no panic,
only report a warning and continue to a fallback which uses
only the root bus IRQ routing table. Fail only if that is not
present.
Make test40 behave better. It should create its own subdirectory to
conduct its tests and should not write to /tmp. Also, the master-slave
terminal pair it tries to open might be in use; it should try to obtain
another pair. These changes allow the test to be run multiple times
simultaneously from different paths (to test select() more intensively).
- skip processes that are not asynsending to the target
- do not clear whole asynsend table upon IPC permission error
- be more accepting when one table entry is bogus later on
- Remove redundant code.
- Always wait for the initial reply from an asynchronous select request,
even if the select has been satisfied on another file descriptor or
was canceled due to a serious error.
- Restart asynchronous selects if upon reply from the driver turns out
that there are deferred operations (and do not forget we're still
interested in the results of the deferred operations).
- Do not hang a non-blocking select when another blocking select on
the same filp is still blocking.
- Split blocking operations in read, write, and exceptions (i.e.,
blocking on read does not imply the write will block as well).
- Some loops would iterate over OPEN_MAX file descriptors instead of
the "highest" file descriptor.
- Use proper internal error return values.
- A secondary reply from a synchronous driver is essentially the same
as from an asynchronous driver (the only difference being how the
answer is received). Merge.
- Return proper error code after a driver failure.
- Auto-detect whether a driver is synchronous or asynchronous.
- Remove some code duplication.
- Clean up code (coding style, add missing comments, put all select
related code together).
Before safecopies, the IO_ENDPT and DL_ENDPT message fields were needed
to know which actual process to copy data from/to, as that process may
not always be the caller. Now that we have full safecopy support, these
fields have become useless for that purpose: the owner of the grant is
*always* the caller. Allowing the caller to supply another endpoint is
in fact dangerous, because the callee may then end up using a grant
from a third party. One could call this a variant of the confused
deputy problem.
From now on, safecopy calls should always use the caller's endpoint as
grant owner. This fully obsoletes the DL_ENDPT field in the
inet/ethernet protocol. IO_ENDPT has other uses besides identifying the
grant owner though. This patch renames IO_ENDPT to USER_ENDPT, not only
because that is a more fitting name (it should never be used for I/O
after all), but also in order to intentionally break any old system
source code outside the base system. If this patch breaks your code,
fixing it is fairly simple:
- DL_ENDPT should be replaced with m_source;
- IO_ENDPT should be replaced with m_source when used for safecopies;
- IO_ENDPT should be replaced with USER_ENDPT for any other use, e.g.
when setting REP_ENDPT, matching requests in CANCEL calls, getting
DEV_SELECT flags, and retrieving of the real user process's endpoint
in DEV_OPEN.
The changes in this patch are binary backward compatible.
asynchronous message resulted in an error.
The model here is that:
- Iff a sender wishes to be notified, the sender MUST check for errors
BEFORE sending another asynchronous message.
The reason is that in order to remember the error code, we can't clean up
the message table and hence we risk running out of table space. This is
less of a problem when the sender enables notifications only for errors.
completed (successfully or not). AMF_NOTIFY_ERR can be used if the sender
only wishes to be notified in case of an error (e.g., EDEADSRCDST). A new
endpoint ASYNCM will be the sender of the notification.
Dhcp only works if devices are configured with a broadcast source
address at the begining as it currently uses raw ip sockets and the
sockets sets the source address. It is a quick hack and proper hdcpd
fix is preferable
A sort of quick hack for dhcpd to work as a client with lwip server.
- The functionality is not changed unless --lwip switch is supplied.
dhcpd does not use broadcast udp sockets but some sort of raw
sockets and changes their behavior during their life by ioctls.
- I thought there is no need to polute lwip just to make dhcp client
work. Instead I decided to twist the client a little bit.
- It is so far the only big collision I found between inet and lwip.
lwip server needs to include struct udp_io_hdr but must not include
struct udp-hdr as it conflicts with its internal type. So it is split
into to files now.
- on driver restarts, reopen devices on a per-file basis, not per-mount
- do not assume that there is just one vnode per block-special device
- update block-special files in the uncommon mounting success paths, too
- upon mount, sync but also invalidate affected buffers on the root FS
- upon unmount, check whether a vnode is in use before updating it
This library includes various random and minix-specific functions
included in the Minix libc. Most of them should be part of libsys,
and in general it would be nice to extinguish this library over
time.
- Remove sanity checks for initialized mutexes and condition variables. This
significantly boosts performance. The checks can be turned back on by
compiling libmthread with MTHREAD_STRICT. According to POSIX operations on
uninitialized variables are a MAY fail if, therefore allowing this
optimization.
- Test59 has to be accommodated to the lack of sanity checks on uninitialized
variables in the library. It specifically tests for them and will run into
segfaults when the checks are absent in the library.
- Fix a few bugs related to the scheduler
- Do some general code cleanups
. when switching from the base pkg_install to the pkgin pkg_install,
the version number changed, causing a compatability problem if the
old base system binary was inadvertently left behind.
. this change checks for that situation by specifically invoking
the pkgin instance of pkg_install and telling the user to install
it if it doesn't exist.
This patch include various fixes to NBSD includes.
- unistd.h: Avoid different linkages on non-_NETBSD_SOURCE
compilation;
- stdlib.h: remove devname declaration.
- sys/select.h: Add _MINIX specific flags.
- limits.h: Add SYMLOOP_MAX and SYMLINK_MAX
- time.h: Fix CLOCKS_PER_SEC and remove BSD's timer_t, as it
confuses minix own specific timers.
- utmp.h: Set Minix-specific paths and use Minix utmp format.
- param.h: Do not set BSD4_4, as this mostly means sa_len in
struct sock_addr.
- arch/i386/include/param.h: include <machine/vmparam.h> to
add PAGE_SIZE and related macros, defined round_page() and
trunc_page() for minix compatibility.
- dirent.h: remove DIRBLKSIZ and fix d_ino/d_fileno.
- sys/dir.h: ADD from existing includes and edit include
conditions.
- sys/dirent.h: include <minix/dirent.h>, fix d_ino/d_fileno.
- sys/fd_set.h: set default FD_SETSIZE at __MINIX_OPENMAX, as
the default NetBSD value is too big and cause vfs to return
an error.
- sys/cdefs.h: Always include <minix/ansi.h>
- minix/paths.h: Add Minix-specific paths.
- minix/dirent.h: ADD, keep only "direct" and "flex"definitions.
- minix/types.h: include <minix/ansi.h>
- sys/Makefile: add sys/dirent.h and statfs.h (forgot!)
- minix/Makefile: add minix/dirent.h
nbsd_include/minix-port.patch updated accordingly.
This patch fixes some wrong error code number in nbsd libc's sys/errno.h
and adds new ones.
As in NetBSD the errno.h is used to automatically generate errlist.c array,
EBADCPU set to 1000 to be a bit too large, so we instruct the awk script
to stop at EDEADEPT (ELAST).
This patch changes the NBSD libc stat implemenation and adds
fstat (and headers), taken from current libc.
It also adds weaks alias to functions in the resolver that
were removed from public use in NetBSD but that are still
used by Minix, and fixes a NetBSD non-REENTRANT bug in
in gen/initdir.c.
This patch add a few weak_alias forgotten, so that non-internal
symbols are defined to be used from application.
Modifying only the minix-specific part, this patch needs no update
to minix-port.patch.
This patch changes the system mk scripts to enable compilation
of programs using the BSD make system to compile with the new
libc.
In details, it does the following:
- it always defines the __MINIX make variable. This can be used,
in porting applications, to specialize Makefiles for Minix.
- If the environment variable NBSD is set to something different
than 'no' and if the compiler is not ack, set NBSD_LIBC to 'yes'.
This will set the destination lib directory to '/usr/netbsd/lib'
and set up CPPFLAGS and LDFLAGS to use new libc's includes and
library directory.
This patch moves more includes (most of them, to tell the truth) to
common/include directory. This completes the list of includes needed
to compile current trunk with the new libc (but to do that you need
more patches in queue).
This patch also contains some modification (for compilation with new
headers) to the common includes under __NBSD_LIBC, the define used
in mk script to specialize compilation with new includes.
. helps debugging output; you can see the difference
between parent and child easily (it's sometimes
confusing to see an expected endpoint number with
an unexpected name, i.e. before exec())
. when processes crash after fork and before exec, it's
an instant hint that that's what's going on, instead of
it being the parent (endpoint numbers don't usually convey
this)
. name returns to 'normal' after exec(), so *F isn't visible
normally at all. (Except for for RS which forks apparently.)
This patch mainly copies and modifies files existing in
the current libc implementing minix specific functions.
To keep consisten with the NetBSD libc, we remove
namespace stubs and we use "namespace.h" and weak
links.
This patch add the proper .if/.else/.endif to the Makefiles,
and cleans a bit some includes.
The patch containing all changes required by Minix is
nbsd_include/minix-port.patch
This patch includes the required modifications (summarized
in common/lib/libc/minix-port.patch) to make the common
part of the NetBSD libc to compile and work under Minix.
This patch contains changes to NetBSD libc code base to make it
compile and work on Minix. Some of them are due to actual NetBSD
libc bugs, as we're compiling it in non-reentrant mode and with
a.out support, something not exactly frequent in NetBSD.
Others are proper fixes to port it to Minix (mostly sa_len
parameter missing in socket and a few mmap from files).
This patch imports the unmodified current version of NetBSD libc.
The NetBSD includes are in /nbsd_include, while the libc code itself is
split between lib/nbsd_libc and common/lib/libc.
This patch moves further includes (the network part and lib.h) in common/.
It is the last part to get the netbsd libc to compile under minix. Further moves will be needed as we get the netbsd libc to compile minix itself.
Also, this patch add #ifndef's to termios.h, as it create problems with netbsd's namespace.h.
. use bmake for pkgsrc instead, reads mk.conf from /usr/pkg/etc/mk.conf
. tracking bmake from pkgsrc eases tracking pkgsrc
. further disentangles pkgsrc from base system, reducing maintenance
burden of pkgsrc
Headers that will be shared between old includes and NetBSD-like includes
are moved into common/include tree. They are still copied in /usr/include
in 'make includes', so compilation and programs aren't be affected.
pkgsrc binary packages.
rationale:
. pkg_install (which is the pkg_* tools) is entangled with pkgsrc,
not with minix, so tracking it from pkgsrc (easier than with
base system) makes more sense
. simplifies upstreaming minix specific changes for pkg_* tools
. reduce pkgsrc-in-basesystem maintenance burden
Take into account the ALL and ALL_SYS cases when constructing proper
symmetrical IPC send masks. Fix system.conf accordingly, to keep
userland processes from sending to several non-interface servers and
drivers. Also fix IS's F4 formatting.
From now on, the "ipc" directive in system.conf refers to process names
instead of labels, similar to the "control" directive. The old, more
fine-grained approach is deemed unnecessary and cumbersome at this time.
As side effects, this patch unbreaks late IPC permission computation as
well as the filter driver.
M include/Makefile
A include/minix/input.h
M include/minix/com.h
M drivers/tty/keyboard.c
M drivers/tty/tty.c
M drivers/tty/tty.h
M include/minix/syslib.h
M lib/libsys/Makefile
A lib/libsys/input.c
- kernel maintains a cpu_info array which contains various
information about each cpu as filled when each cpu boots
- the information contains idetification, features etc.
- flush TLB of processes only if the page tables has been changed and
the page tables of this process are already loaded on this cpu which
means that there might be stale entries in TLB. Until now SMP was
always flushing TLB to make sure everything is consistent.
- every pci device which implements _PRT acpi method is considered to
be a pci-to-pci bridge
- acpi driver constructs a hierarchy of pci-to-pci bridges
- when pci driver identifies a pci-to-pci bridge it tells acpi driver
what is the primary and the secondary bus for this device
- when pci requests IRQ routing information from acpi, it passes the
bus number too to be able to identify the device accurately
- accidentaly this wasn't part of the SMP merge and the implementation
remained uncomplete with the timer keeping ticking periodically
- APIC timer is set for a signel shot and restarted everytime it
expires. This way we can keep the AP's trully idle
- the timer is restarted a little later before leaving to userspace
- LAPIC_TIMER_ICR is written before LAPIC_LVTTR so the newest value is
used
- fixed spurious and error interrupt handlers
- not to hog the system the warning isn't reported every time, just
once every 100 times, similarly for the spurious PIC interrupts
With this change, suggested by Gautam Tirumala, ports for pkgin and
pkg_install are cleaner and so easier to upstream. Presumably other
ports will be smoother too.
There doesn't seem to be a reason SSIZE_MAX was so small to begin with.
- regions were preivous stored in a linked list, as 'normally'
there are just 2 or 3 (text, data, stack), but that's slow
if lots of regions are made with mmap()
- measurable performance improvement with gcc and clang
this is a fix for e.g. the situation where lots of processes die
instantly, and PM has to send an asyn msg for each one to VFS, and
panics if there are too many. there are likely more situations in
which this table should be dependent on the no. of processes.
reported by pikpik on #minix3.
Before, the 'main thread' of a process was never taken into account anywhere in
the library, causing mutexes not to work properly (and consequently, neither
did the condition variables). For example, if the 'main thread' (that is, the
thread which is started at the beginning of a process; not a spawned thread by
the library) would lock a mutex, it wasn't actually locked.
- a different set of MSRs and performance counters is used on AMD
- when initializing NMI watchdog the test for Intel architecture
performance counters feature only applies to Intel now
- NMI is enabled if the CPU belongs to a family which has the
performance counters that we use
- sometimes the system needs to know precisely on what type of cpu is
running. The cpu type id detected during arch specific
initialization and kept in the machine structure for later use.
- as a side-effect the information is exported to userland
- the Intel architecture cycle counter (performance counter) does not
count when the CPU is idle therefore we use busy loop instead of
halting the cpu when there is nothing to schedule
- the downside is that handling interrupts may be accounted as idle
time if a sample is taken before we get out of the nested trap and
pick a new process
- when profiling is compiled in kernel includes a 64M buffer for
sample
- 64M is the default used by profile tool as its buffer
- when using nmi profiling it is not possible to always copy sample
stright to userland as the nmi may (and does) happen in bad moments
- reduces sampling overhead as samples are copied out only when
profiling stops
- if profile --nmi kernel uses NMI watchdog based sampling based on
Intel architecture performance counters
- using NMI makes kernel profiling possible
- watchdog kernel lockup detection is disabled while sampling as we
may get unpredictable interrupts in kernel and thus possibly many
false positives
- if watchdog is not enabled at boot time, profiling enables it and
turns it of again when done
- profile --nmi | --rtc sets the profiling mode
- --rtc is default, uses BIOS RTC, cannot profile kernel the presetted
frequency values apply
- --nmi is only available in APIC mode as it uses the NMI watchdog, -f
allows any frequency in Hz
- both modes use compatible data structures
- when kernel profiles a process for the first time it saves an entry
describing the process [endpoint|name]
- every profile sample is only [endpoint|pc]
- profile utility creates a table of endpoint <-> name relations and
translates endpoints of samples into names and writing out the
results to comply with the processing tools
- "task" endpoints like KERNEL are negative thus we must cast it to
unsigned when hashing
. update release.sh's notion of where packages are
. update release.sh's notion of how many files are on root
as -xdev won't work anymore to separate /usr from /
- contributed by Bjorn Swift
- adds process accounting, for example counting the number of messages
sent, how often the process was preemted and how much time it spent
in the run queue. These statistics, along with the current cpu load,
are sent back to the user-space scheduler in the Out Of Quantum
message.
- the user-space scheduler may choose to make use of these statistics
when making scheduling decisions. For isntance the cpu load becomes
especially useful when scheduling on multiple cores.
- when a process is migrated to a different CPU it may have an active
FPU context in the processor registers. We must save it and migrate
it together with the process.
- EBADCPU is returned is scheduler tries to run a process on a CPU
that either does not exist or isn't booted
- this change was originally meant to deal with stupid cpuid
instruction which provides totally useless information about
hyper-threading and MPS which does not deal with ht at all. ACPI
provides correct information. If ht is turned off it looks like some
CPUs failed to boot. Nevertheless this patch may be handy for
testing/benchmarking in the future.
- this makes sure that each process always run with updated TLB
- this is the simplest way how to achieve the consistency. As it means
significant performace degradation when not require, this is nto the
final solution and will be refined
- RTS_VMINHIBIT flag is used to stop process while VM is fiddling with
its pagetables
- more generic way of sending synchronous scheduling events among cpus
- do the x-cpu smp sched calls only if the target process is runnable.
If it is not, it cannot be running and it cannot become runnable
this CPU holds the BKL
- APIC timer always reprogrammed if expired
- timer tick never happens when in kernel => never immediate return
from userspace to kernel because of a buffered interrupt
- renamed argument to lapic_set_timer_one_shot()
- removed arch_ prefix from timer functions
- any cpu can use smp_schedule() to tell another cpu to reschedule
- if an AP is idle, it turns off timer as there is nothing to
preempt, no need to wakeup just to go back to sleep again
- if a cpu makes a process runnable on an idle cpu, it must wake it up
to reschedule
- sys_schedule can change only selected values, -1 means that the
current value should be kept unchanged. For instance we mostly want
to change the scheduling quantum and priority but we want to keep
the process at the current cpu
- RS can hand off its processes to scheduler
- service can read the destination cpu from system.conf
- RS can pass the information farther
- pressing 'B' on the serial cnsole prints statistics for BKL per cpu.
- 'b' resets the counters
- it presents number of cycles each CPU spends in kernel, how many
cycyles it spends spinning while waiting for the BKL
- it shows optimistic estimation in how many cases we get the lock
immediately without spinning. As the test is not atomic the lock may
be already held by some other cpu before we actually try to acquire
it.
- cross-address space copies use these slots to map user memory for
kernel. This avoid any collisions between CPUs
- well, we only have a single CPU running at a time, this is just to
be safe for the future
- machine information contains the number of cpus and the bsp id
- a dummy SMP scheduler which keeps all system processes on BSP and
all other process on APs. The scheduler remembers how many processes
are assigned to each CPU and always picks the one with the least
processes for a new process.
- apic_send_ipi() to send inter-processor interrupts (IPIs)
- APIC IPI schedule and halt handlers to signal x-cpu that a cpu shold
reschedule or halt
- various little changes to let APs run
- no processes are scheduled at the APs and therefore they are idle
except being interrupted by a timer time to time
- tsc_ctr_switch is made cpu local
- although an x86 specific variable it must be declared globaly as the
cpulocal implementation does not allow otherwise
- each CPU has its own runqueues
- processes on BSP are put on the runqueues later after a switch to
the final stack when cpuid works to avoid special cases
- enqueue() and dequeue() use the run queues of the cpu the process is
assigned to
- pick_proc() uses the local run queues
- printing of per-CPU run queues ('2') on serial console
- APs configure local timers
- while configuring local APIC timer the CPUs fiddle with the interrupt
handlers. As the interrupt table is shared the BSP must not run
- APs wait until BSP turns paging on, it is not possible to safely
execute any code on APs until we can turn paging on as well as it
must be done synchronously everywhere
- APs turn paging on but do not continue and wait
- to isolate execution inside kernel we use a big kernel lock
implemented as a spinlock
- the lock is acquired asap after entering kernel mode and released as
late as possible. Only one CPU as a time can execute the core kernel
code
- measurement son real hw show that the overhead of this lock is close
to 0% of kernel time for the currnet system
- the overhead of this lock may be as high as 45% of kernel time in
virtual machines depending on the ratio between physical CPUs
available and emulated CPUs. The performance degradation is
significant
- kernel detects CPUs by searching ACPI tables for local apic nodes
- each CPU has its own TSS that points to its own stack. All cpus boot
on the same boot stack (in sequence) but switch to its private stack
as soon as they can.
- final booting code in main() placed in bsp_finish_booting() which is
executed only after the BSP switches to its final stack
- apic functions to send startup interrupts
- assembler functions to handle CPU features not needed for single cpu
mode like memory barries, HT detection etc.
- new files kernel/smp.[ch], kernel/arch/i386/arch_smp.c and
kernel/arch/i386/include/arch_smp.h
- 16-bit trampoline code for the APs. It is executed by each AP after
receiving startup IPIs it brings up the CPUs to 32bit mode and let
them spin in an infinite loop so they don't do any damage.
- implementation of kernel spinlock
- CONFIG_SMP and CONFIG_MAX_CPUS set by the build system
- most global variables carry information which is specific to the
local CPU and each CPU must have its own copy
- cpu local variable must be declared in cpulocal.h between
DECLARE_CPULOCAL_START and DECLARE_CPULOCAL_END markers using
DECLARE_CPULOCAL macro
- to access the cpu local data the provided macros must be used
get_cpu_var(cpu, name)
get_cpu_var_ptr(cpu, name)
get_cpulocal_var(name)
get_cpulocal_var_ptr(name)
- using this macros makes future changes in the implementation
possible
- switching to ELF will make the declaration of cpu local data much
simpler, e.g.
CPULOCAL int blah;
anywhere in the kernel source code
- kernel turns on IO APICs if no_apic is _not_ set or is equal 0
- pci driver must use the acpi driver to setup IRQ routing otherwise
the system cannot work correctly except systems like KVM that use
only legacy (E)ISA IRQs 0-15
- PCI must query ACPI, if (IO)APIC is in use, for the routing
information and change the ILR (interrupt line register) of each
device accordingly so drivers use the right IRQ.
- 99% of the code is Intel's ACPICA. The license is compliant with BSD
and GNU and virtually all systems that use ACPI use this code, For
instance it is part of the Linux kernel.
- The only minix specific files are
acpi.c
osminixxf.c
platform/acminix.h
and
include/minix/acpi.h
- At the moment the driver does not register interrupt hooks which I
believe is mainly for handling PnP, events like "battery level is
low" and power management. Should not be difficult to add it if need
be.
- The interface to the outside world is virtually non-existent except
a trivial message based service for PCI driver to query which device
is connected to what IRQ line. This will evolve as more components
start using this driver. VM, Scheduler and IOMMU are the possible
users right now.
- because of dependency on a native 64bit (long long, part of c99) it
is compiled only with a gnu-like compilers which in case of Minix
includes gcc llvm-gcc and clang
- kernel exports DSDP (the root pointer where ACPI parsing starts) and
apic_enabled in the machine structure.
- ACPI driver uses DSDP to locate ACPI in memory. acpi_enabled tell
PCI driver to query ACPI for IRQ routing information.
- the ability for kernel to use ACPI tables to detect IO APICs. It is
the bare minimum the kernel needs to know about ACPI tables.
- it will be used to find out about processors as the MPS tables are
deprecated by ACPI and not all vendorsprovide them.
- kernel compile was broken with gcc as putchar() was added by gcc in
stacktrace.c
- add -fno-builtin everywhere to avoid such problems in the future
- -fno-builtin in kernel now redundant
This makes it easier to
- have non-base system drivers (get clobbered by global system.conf)
- have drivers as packages (can't touch global system.conf)
- make configs part of the drivers/servers instead of in global file
(makes system parts more self-contained)
file descriptor passing, PFS does some back calls to VFS. For example, to
verify the validity of a path provided by a process and to tell VFS it must
copy file descriptors from one process to another.
- check the DF status flag after each command
- increase I/O timeout from 15 to 30 seconds
- share some code between ATA and ATAPI after all
- produce more accurate errors on DIOCEJECT
- rename AHCI_ID_SIZE to the more appropriate ATA_ID_SIZE
- rearrange ahci.h in a now more sensible way
patch to allow MINIX to boot from ext2.
To create a setup with MINIX on ext2, follow these steps:
- Assumptions:
- there exists a primary partition c0dApB with a MINIX installation
with GRUB support (/boot/image_latest exists on /dev/c0dApB)
- there exists a free primary partition c0dCpD
- Create an ext2 filesystem on c0dApB (from Linux, until Tthom
has ported mke2fs)
- Follow these steps (from a MINIX CD with ext2 support, another MINIX
installation (not c0dApB) or Linux >= 2.6.35):
mkdir /mnt/mfs /mnt/ext2
mount /dev/c0dApBs0 /mnt/mfs
mount /dev/c0dApBs1 /mnt/mfs/home
mount /dev/c0dApBs2 /mnt/mfs/usr
mount /dev/c0dCpD /mnt/ext2
synctree -f /mnt/mfs /mnt/ext2
echo root=/dev/c0dCpD > /mnt/ext2/etc/fstab
(note: no subpartitions used because that would confuse an unmodified
bootloader)
- Add the new MINIX installation to GRUB according to steps 7&8 in
http://wiki.minix3.org/en/SummerOfCode2010/MultiBoot/HowTo
this is to force invocations of these utils for ack to be
explicitly named such, so in the future binutils can be installed
in /usr/pkg without the g- prefix.
- this function returns a ritcher description of available memory
- is ACPI compliant, ACPI data structures are excluded from free
memory list
- available memory exported to Minix in a backwards compatible manner
- fallback to the old method if this function not available (old
hardware)
This eliminates a race condition between the disk driver calling
sys_statectl(SYS_STATE_CLEAR_IPC_REFS) as part of driver_announce(),
and the root MFS calling sendrec(DEV_OPEN) on the disk driver.
- for better readability xpp is substitued by sender
- makes sure that the dequeued sender has p_q_link == NULL and that
this condition holds when enqueuing the sender again. This is a
sanity check to make sure that the new sender is not enqueued
already
- Before this change the dequeued sender's p_q_link may not be NULL
and it was only set to NULL when enqueued again
- enabling writing in COW once phys block is reference only once is racy if VM
is preemptible. original memory location may get overwritten before COW copies
the memory
- problem when DEBUG_RACE is on and a big problem for SMP
- removes p_delivermsg_lin item from the process structure and code
related to it
- as the send part, the receive does not need to use the
PHYS_COPY_CATCH() and umap_local() couple.
- The address space of the target process is installed before
delivermsg() is called.
- unlike the linear address, the virtual address does not change when
paging is turned on nor after fork().
- FPU context is stored only if conflict between 2 FPU users or while
exporting context of a process to userspace while it is the active
user of FPU
- FPU has its owner (fpu_owner) which points to the process whose
state is currently loaded in FPU
- the FPU exception is only turned on when scheduling a process which
is not the owner of FPU
- FPU state is restored for the process that generated the FPU
exception. This process runs immediately without letting scheduler
to pick a new process to resolve the FPU conflict asap, to minimize
the FPU thrashing and FPU exception hadler execution
- faster all non-FPU-exception kernel entries as FPU state is not
checked nor saved
- removed MF_USED_FPU flag, only MF_FPU_INITIALIZED remains to signal
that a process has used FPU in the past
- A staging directory is always used to avoid oversized images;
- As a consequence, the zero-filling is removed so no more "out of
space" errors should be printed to the console;
- The root and usr partition sizes are computed so less space should be
wasted (the root partition gets extra 1MB zones and 64 inodes for
run-time though and hardlinks/holes make the used space slightly less
than expected); USRMB (and the new ROOTMB) are now used to enforce
a minimum size rather than set the size;
- TMPDISK1-3 are renamed to more meaningful names (and TMPDISK2 is
dropped because a separate tmp directory is no longer needed);
- The ramdisks are truncated at the end to save memory (not sure
whether it is actually released though).
There seems to have been a broken assumption in the fpu context
restoring code. It restores the context of the running process, without
guarantee that the current process is the one that will be scheduled.
This caused fpu saving for a different process to be triggered without
fpu hardware being enabled, causing an fpu exception in the kernel. This
practically only shows up with DEBUG_RACE on. Fix my thruby+me.
The fix
. is to only set the fpu-in-use-by-this-process flag in the
exception handler, and then take care of fpu restoring when
actually returning to userspace
And the patch
. translates fpu saving and restoring to c in arch_system.c,
getting rid of a juicy chunk of assembly
. makes osfxsr_feature private to arch_system.c
. removes most of the arch dependent code from do_sigsend
- Remove unused includes.
- Add include guards to headers.
- Use unsigned variables in case they're never going to hold a negative
value. This causes GCC's complaints to disappear and should make flexelint
a lot happier, too.
- Make functions private when they're used only within a module.
- Remove unused variables.
- Add casts where appropriate.
- substituted the use of the m_source message field by
caller->p_endpoint in kernel calls. It is the same information, just
passed more intuitively.
- the last dependency on m_type field is removed.
- do_unused() is substituted by a check for NULL.
- this pretty much removes the depency of kernel calls on the general
message format. In the future this may be used to pass the kcall
arguments in a different structure or registers (x86-64, ARM?) The
kcall number may be passed in a register already.
- removes dependency of do_safecopy() on the m_type field of the kcall
messages.
- instead of do_safecopy() figuring out what action is requested, the
correct safecopy method is called right away.
- Currently the cpu time quantum is timer-ticks based. Thus the
remaining quantum is decreased only if the processes is interrupted
by a timer tick. As processes block a lot this typically does not
happen for normal user processes. Also the quantum depends on the
frequency of the timer.
- This change makes the quantum miliseconds based. Internally the
miliseconds are translated into cpu cycles. Everytime userspace
execution is interrupted by kernel the cycles just consumed by the
current process are deducted from the remaining quantum.
- It makes the quantum system timer frequency independent.
- The boot processes quantum is loosely derived from the tick-based
quantas and 60Hz timer and subject to future change
- the 64bit arithmetics is a little ugly, will be changes once we have
compiler support for 64bit integers (soon)
-Makefile updates
-Update mkdep
-Build fixes/warning cleanups for some programs
-Restore leading underscores on global syms in kernel asm files
-Increase ramdisk size
ask to map in oxpcie i/o memory and support serial i/o for it in the
kernel. set oxpcie=<address> in boot monitor (retrieve address using
pci_debug=1 output). (no sanity checking is done on the address
currently.) disabled by default.
The change also contains some other minor cleanup (a new serial.h to set
register info common to UART and the OXPCIe card, in-kernel memory
mapping a little more structured and env_get() to get sysenv variables
without knowing about the params_buffer).
In this second phase, scheduling is moved from PM to its own
scheduler (see r6557 for phase one). In the next phase we hope to a)
include useful information in the "out of quantum" message and b)
create some simple scheduling policy that makes use of that
information.
When the system starts up, PM will iterate over its process table and
ask SCHED to take over scheduling unprivileged processes. This is
done by sending a SCHEDULING_START message to SCHED. This message
includes the processes endpoint, the parent's endpoint and its nice
level. The scheduler adds this process to its schedproc table, issues
a schedctl, and returns its own endpoint to PM - as the endpoint of
the effective scheduler. When a process terminates, a SCHEDULING_STOP
message is sent to the scheduler.
The reason for this effective endpoint is for future compatibility.
Some day, we may have a scheduler that, instead of scheduling the
process itself, forwards the SCHEDULING_START message on to another
scheduler.
PM has information on who schedules whom. As such, scheduling
messages from user-land are sent through PM. An example is when
processes change their priority, using nice(). In that case, a
getsetpriority message is sent to PM, which then sends a
SCHEDULING_SET_NICE to the process's effective scheduler.
When a process is forked through PM, it inherits its parent's
scheduler, but is spawned with an empty quantum. As before, a request
to fork a process flows through VM before returning to PM, which then
wakes up the child process. This flow has been modified slightly so
that PM notifies the scheduler of the new process, before waking up
the child process. If the scheduler fails to take over scheduling,
the child process is torn down and the fork fails with an erroneous
value.
Process priority is entirely decided upon using nice levels. PM
stores a copy of each process's nice level and when a child is
forked, its parent's nice level is sent in the SCHEDULING_START
message. How this level is mapped to a priority queue is up to the
scheduler. It should be noted that the nice level is used to
determine the max_priority and the parent could have been in a lower
priority when it was spawned. To prevent a CPU intensive process from
hawking the CPU by continuously forking children that get scheduled
in the max_priority, the scheduler should determine in which queue
the parent is currently scheduled, and schedule the child in that
same queue.
Other fixes: The USER_Q in kernel/proc.h was incorrectly defined as
NR_SCHED_QUEUES/2. That results in a "off by one" error when
converting priority->nice->priority for nice=0. This also had the
side effect that if someone were to set the MAX_USER_Q to something
else than 0, then USER_Q would be off.
- this patch only renames schedcheck() to switch_to_user(),
cycles_accounting_stop() to context_stop() and restart() to
+restore_user_context()
- the motivation is that since the introduction of schedcheck() it has
been abused for many things. It deserves a better name. It should
express the fact that from the moment we call the function we are in
the process of switching to user.
- cycles_accounting_stop() was originally a single purpose function.
As this function is called at were convenient places it is used in
for other things too, e.g. (un)locking the kernel. Thus it deserves
a better name too.
- using the old name, restart() does not call schedcheck(), however
calls to restart are replaced by calls to schedcheck()
[switch_to_user] and it calls restart() [restore_user_context]
model to an instance-based model. Each ethernet driver instance is now
responsible for exactly one network interface card. The port field in
/etc/inet.conf now acts as an instance field instead.
This patch also updates the data link protocol. This update:
- eliminates the concept of ports entirely;
- eliminates DL_GETNAME entirely;
- standardizes on using m_source for IPC and DL_ENDPT for safecopies;
- removes error codes from TASK/STAT replies, as they were unused;
- removes a number of other old or unused fields;
- names and renames a few other fields.
All ethernet drivers have been changed to:
- conform to the new protocol, and exactly that;
- take on an instance number based on a given "instance" argument;
- skip that number of PCI devices in probe iterations;
- use config tables and environment variables based on that number;
- no longer be limited to a predefined maximum of cards in any way;
- get rid of any leftover non-safecopy support and other ancient junk;
- have a correct banner protocol figure, or none at all.
Other changes:
* Inet.conf is now taken to be line-based, and supports #-comments.
No existing installations are expected to be affected by this.
* A new, select-based asynchio library replaces the old one.
Kindly contributed by Kees J. Bot.
* Inet now supports use of select() on IP devices.
Combined, the last two changes together speed up dhcpd
considerably in the presence of multiple interfaces.
* A small bug has been fixed in nonamed.
- this panic may be unnecessarily triggered if PM gets the delayed
stop signal from kernel before it gets reply from VFS to the UNPAUSE
call.
- after this change PM does not proceed to delivering the signal until
the reply from VFS is received. Perhaps PM could deliver the signal
straight away as it knows that the process does not run. Possibly
i dangerous.
- the signal is deliverd immediately after the UNPAUSE reply as the
pending signals are always checked at the moment.
it does this by
- making all processes interruptible by running out of quantum
- giving all processes a single tick of quantum
- picking a random runnable process instead of in order, and
from a single pool of runnable processes (no priorities)
This together with very high HZ values currently provokes some race conditions
seen earlier only when running with SMP.
- rs does not assume hz==60
- rs adjusts its timeout ticks by the system clock frequency
- drivers have time to reply if hz is set too high (e.g. 1000+) for
instance when debugging
- this patch substitutes *xpp for sender to increase readability of
mini_receive().
- makes sure that the dequeued sender has p_q_link == NULL and that
this condition holds when enqueuing the sender again.
- it is a sanity check to make sure that the new sender is not
enqueued already. Before this change the dequeued sender's p_q_link
may not be NULL and it was only set to NULL when enqueued again.
A new call to vm lets processes yield a part of their memory to vm,
together with an id, getting newly allocated memory in return. vm is
allowed to forget about it if it runs out of memory. processes can ask
for it back using the same id. (These two operations are normally
combined in a single call.)
It can be used as a as-big-as-memory-will-allow block cache for
filesystems, which is how mfs now uses it.
- deadlock() is more verbose in case of a detected deadlock. First, it
lists all processses in the deadlock group. Then it prints the proc
extra info, not only stack trace and register dump
- this patch moves the former printslot() from arch_system.c to
debug.c and reimplements it slightly. The output is not changed,
however, the process information is printed in a separate function
print_proc() in debug.c as such a function is also handy in other
situations and should be publicly available when debugging.
RS CHANGES:
- Crash recovery is now implemented like live update. Two instances are kept
side by side and the dead version is live updated into the new one. The endpoint
doesn't change and the failure is not exposed (by default) to other system
services.
- The new instance can be created reactively (when a crash is detected) or
proactively. In the latter case, RS can be instructed to keep a replica of
the system service to perform a hot swap when the service fails. The flag
SF_USE_REPL is set in that case.
- The new flag SF_USE_REPL is supported for services in the boot image and
dynamically started services through the RS interface (i.e. -p option in the
service utility).
- Fixed a free unallocated memory bug for core system services.
this patch changes the way pagefaults are delivered to VM. It adopts
the same model as the out-of-quantum messages sent by kernel to a
scheduler.
- everytime a userspace pagefault occurs, kernel creates a message
which is sent to VM on behalf of the faulting process
- the process is blocked on delivery to VM in the standard IPC code
instead of waiting in a spacial in-kernel queue (stack) and is not
runnable until VM tell kernel that the pagefault is resolved and is
free to clear the RTS_PAGEFAULT flag.
- VM does not need call kernel and poll the pagefault information
which saves many (1/2?) calls and kernel calls that return "no more
data"
- VM notification by kernel does not need to use signals
- each entry in proc table is by 12 bytes smaller (~3k save)
boot is a normal binary with a.out again. use 'cdbootblock,' a CDBOOT
variant of bootblock, both from bootblock.s, as the first boot image
that then loads boot, exactly like the bootblock loads boot when booting
from harddisk. the sector numbers (2048 byte iso sectors) are patched in
by writeisofs, like installboot does for bootblock. bootblock unchanged.
- while PM implements fork also for RS it needs to remember what to
schedule and what not. PM_SCHEDULED flag serves this purpose.
- PM only schedules processes that are descendaints of init, i.e. normal
user processes
- after a process is forked PM schedules for the first time only
processes that have PM_SCHEDULED set. The others are handled iether
by kernel or some other scheduler
map_copy_ph_block is replaced by map_clone_ph_block, which can
replace a single physical block by multiple physical blocks.
also,
. merge map_mem.c with region.c, as they manipulate the same
data structures
. NOTRUNNABLE removed as sanity check
. use direct functions for ALLOC_MEM and FREE_MEM again
. add some checks to shared memory mapping code
. fix for data structure integrity when using shared memory
. fix sanity checks
- This patch removes the time slice split between parent and child in
fork.
- The time slice of the parent remains unchanged and the child does
not have any.
- If the process has a scheduler, the scheduler must assign the
quantum and priority of the new process and let it run.
- If the child does not inherit a scheduler, it is scheduled by the
dummy default kernel policy. (servers, drivers, etc.)
- In theory, the scheduler can change the quantum even of the parent
process and implement any policy for splitting the quantum as
neither the parent nor the child are runnable. Sending the
out-of_quantum message on behalf of the processes may look like the
right solution, however, the scheduler would probably handle the
message before the whole fork protocol is finished. This way the
scheduler has absolute control when the process should become
runnable.
- this is a small addition to the userspace scheduling.
proc_kernel_scheduler() tests whether to use the default scheduling
policy in kernel. It is true if the process' scheduler is NULL _or_
self. Currently none of the tests was complete.
- it is not neccessary to test whether the scheduler is a system
process as the process already head permissions to make this call.
- it is better to test whether the scheduler has permission to make
changes to this process before testing whether the values are valid.
VFS CHANGES:
- dmap table no longer statically initialized in VFS
- Dropped FSSIGNON svrctl call no longer used by INET
INET CHANGES:
- INET announces its presence to VFS just like any other driver
RS CHANGES:
- The boot image dev table contains all the data to initialize VFS' dmap table
- RS interface supports asynchronous up and update operations now
- RS interface extended to support driver style and flags
SYSLIB CHANGES:
- DS calls to publish / retrieve labels consider endpoints instead of u32_t.
VFS CHANGES:
- mapdriver() only adds an entry in the dmap table in VFS.
- dev_up() is only executed upon reception of a driver up event.
INET CHANGES:
- INET no longer searches for existing drivers instances at startup.
- A newtwork driver is (re)initialized upon reception of a driver up event.
- Networking startup is now race-free by design. No need to waste 5 seconds
at startup any more.
DRIVER CHANGES:
- Every driver publishes driver up events when starting for the first time or
in case of restart when recovery actions must be taken in the upper layers.
- Driver up events are published by drivers through DS.
- For regular drivers, VFS is normally the only subscriber, but not necessarily.
For instance, when the filter driver is in use, it must subscribe to driver
up events to initiate recovery.
- For network drivers, inet is the only subscriber for now.
- Every VFS driver is statically linked with libdriver, every network driver
is statically linked with libnetdriver.
DRIVER LIBRARIES CHANGES:
- Libdriver is extended to provide generic receive() and ds_publish() interfaces
for VFS drivers.
- driver_receive() is a wrapper for sef_receive() also used in driver_task()
to discard spurious messages that were meant to be delivered to a previous
version of the driver.
- driver_receive_mq() is the same as driver_receive() but integrates support
for queued messages.
- driver_announce() publishes a driver up event for VFS drivers and marks
the driver as initialized and expecting a DEV_OPEN message.
- Libnetdriver is introduced to provide similar receive() and ds_publish()
interfaces for network drivers (netdriver_announce() and netdriver_receive()).
- Network drivers all support live update with no state transfer now.
KERNEL CHANGES:
- Added kernel call statectl for state management. Used by driver_announce() to
unblock eventual callers sendrecing to the driver.
. rename testshm.sh to test.sh so all test scripts are called test.sh
. delete msg* tests as msg* functionality isn't implemented
. add ipc/test.sh that runs all test.sh scripts in the subdirs
this patch does not add or change any functionality of do_ipc(), it
only makes things a little cleaner (hopefully).
Until now do_ipc() was responsible for handling all ipc calls. The
catch is that SENDA is fairly different which results in some ugly
code like this typecasting and variables naming which does not make
much sense for SENDA and makes the code hard to read.
result = mini_senda(caller_ptr, (asynmsg_t *)m_ptr, (size_t)src_dst_e);
As it is called directly from assembly, the new do_ipc() takes as
input values of 3 registers in reg_t variables (it used to be 4,
however, bit_map wasn't used so I removed it), does the checks common
to all ipc calls and call the appropriate handler either for
do_sync_ipc() (all except SENDA) or mini_senda() (for SENDA) while
typecasting the reg_t values correctly. As a result, handling SENDA
differences in do_sync_ipc() is no more needed. Also the code that
uses msg_size variable is improved a little bit.
arch_do_syscall() is simplified too.
reverse order to easily support variadic arguments. Thus, instead of
using the proper stdarg.h macros (that nowadays are
compiler-dependent), it may be tempting to directly take the address of
the last argument and considering it as the start of an array. This is
a shortcut that avoid looping to get all the arguments as the CPU
already pushed them on the stack before the call to the function.
Unfortunately, such an assumption is strictly compiler-dependent and
compilers are free to move the last argument on the stack, as a local
variable, and return the address of the location where the argument was
stored, if asked for. This will break things as the rest of the array's
argument are stored elsewhere (typically, a couple of words above the
location where the argument was stored).
This patch fixes the issue by allowing ACK to take the shortcut and
enabling gcc/llvm-gcc to follow the right way.
- IPC_FLG_MSG_FROM_KERNEL status flag is returned to userspace if the
receive was satisfied by s message which was sent by the kernel on
behalf of a process. This perfectly reliale information.
- MF_SENDING_FROM_KERNEL flag added to processes to be able to set
IPC_FLG_MSG_FROM_KERNEL when finishing receive if the receiver
wasn't ready to receive immediately.
- PM is changed to use this information to confirm that the scheduling
messages are indeed from the kernel and not faked by a process.
PM uses sef_receive_status()
- get_work() is removed from PM to make the changes simpler
- there are cycles wasted in the IPC call due to a fairly compliacted
way of copying messages from userland to kernel. Sometimes this
complicated way (generic though) is used even for copying within the
kernel address space, sometimes it is used for copying in case _no_
copying is necessary. The goal of this patch is to improve this a
little bit.
- the places where a copy is from user to kernel use the
copy_msg_from_user() kernel-kernel copies are turned into
assignments and BuildNotifyMessage uses the delivery buffers to
avoid copying.
- copy_msg_from_user() was introduced when removing the system task
and is about 2/3 faster then using the current mechanism
(phys_copy). It also avoids the PHYS_COPY_CATCH macro. Assignment is
also faster and no copy is the fastest ;-) so perhaps there will be
some hardly noticable performance gain besides the clean up.
- cotributed by Bjorn Swift
- In this first phase, scheduling is moved from the kernel to the PM
server. The next steps are to a) moving scheduling to its own server
and b) include useful information in the "out of quantum" message,
so that the scheduler can make use of this information.
- The kernel process table now keeps record of who is responsible for
scheduling each process (p_scheduler). When this pointer is NULL,
the process will be scheduled by the kernel. If such a process runs
out of quantum, the kernel will simply renew its quantum an requeue
it.
- When PM loads, it will take over scheduling of all running
processes, except system processes, using sys_schedctl().
Essentially, this only results in taking over init. As children
inherit a scheduler from their parent, user space programs forked by
init will inherit PM (for now) as their scheduler.
- Once a process has been assigned a scheduler, and runs out of
quantum, its RTS_NO_QUANTUM flag will be set and the process
dequeued. The kernel will send a message to the scheduler, on the
process' behalf, informing the scheduler that it has run out of
quantum. The scheduler can take what ever action it pleases, based
on its policy, and then reschedule the process using the
sys_schedule() system call.
- Balance queues does not work as before. While the old in-kernel
function used to renew the quantum of processes in the highest
priority run queue, the user-space implementation only acts on
processes that have been bumped down to a lower priority queue.
This approach reacts slower to changes than the old one, but saves
us sending a sys_schedule message for each process every time we
balance the queues. Currently, when processes are moved up a
priority queue, their quantum is also renewed, but this can be
fiddled with.
- do_nice has been removed from kernel. PM answers to get- and
setpriority calls, updates it's own nice variable as well as the
max_run_queue. This will be refactored once scheduling is moved to a
separate server. We will probably have PM update it's local nice
value and then send a message to whoever is scheduling the process.
- changes to fix an issue in do_fork() where processes could run out
of quantum but bypassing the code path that handles it correctly.
The future plan is to remove the policy from do_fork() and implement
it in userspace too.
Currently a sequence of messages between a sender A and a receiver B of the
form: A.asynsend(M1, B); A.send(M2, B) may result in the receiver receiving
M1 first and then M2 or viceversa. This patch makes sure that the original
order M1, M2 is always preserved.
Note that the order of a hypotetical sequence A.asynsend(M1, B);
A.asynsend(M2, B) is already guaranteed by the implementation of
asynsend by design. Other senda-based wrappers can define their own
semantics.
- ack assumes that the direction flag in eflags is clear when
assigning two structures. It is implemented by a call to a built-in
function which is like memcpy but needs the flag to be clear
otherwise rubish is copied. This patch fixes the kernel entries.
struct return. For example, GCC and LLVM comply with this (tested on IA32).
ACK doesn't seem to follow this convention and expects the caller to clean up
the stack. Compiling hand-written ACK-compliant assembly code (returning a
struct) with GCC or LLVM used to break things (4-bytes misaligned stack).
The patch fixes this problem.
- When the cpu halts, the interrupts are enable so the cpu may be
woken up. When the interrupt handler returns but another interrupt
is available it is also serviced immediately. This is not a problem
per-se. It only slightly breaks time accounting as idle accounted is
for the kernel time in the interrupt handler.
- As the big kernel lock is lock/unlocked in the smp branch in the
time acounting functions as they are called exactly at the places
we need to take the lock) this leads to a deadlock.
- we make sure that once the interrupt handler returns from the nested
trap, the interrupts are disabled. This means that only one
interrupt is serviced after idle is interrupted.
- this requires the loop in apic timer calibration to keep reenabling
the interrupts. I admit it is a little bit hackish (one line),
however, this code is a stupid corner case at the boot time.
Hopefully it does not matter too much.
IPC changes:
- receive() is changed to take an additional parameter, which is a pointer to
a status code.
- The status code is filled in by the kernel to provide additional information
to the caller. For now, the kernel only fills in the IPC call used by the
sender.
Syslib changes:
- sef_receive() has been split into sef_receive() (with the original semantics)
and sef_receive_status() which exposes the status code to userland.
- Ideally, every sys process should gradually switch to sef_receive_status()
and use is_ipc_notify() as a dependable way to check for notify.
- SEF has been modified to use is_ipc_notify() and demonstrate how to use the
new status code.
- before enabling paging VM asks kernel to resize its segments. This
may cause kernel to segfault if APIC is used and an interrupt
happens between this and paging enabled. As these are 2 separate
vmctl calls it is not atomic. This patch fixes this problem. VM does
not ask kernel to resize the segments in a separate call anymore.
The new segments limit is part of the "enable paging" call. It
generalizes this call in such a way that more information can be
passed as need be or the information may be completely different if
another architecture requires this.
- if an exception occurs in kernel and this exception is not handled
in an sane way and the kernel crashes, it also dumps what was loaded
in the general purpose registers exactly at the time of the
exception to help to debug the problem
the kernel. They are not used atm, but having them in trunk allows them
to be easily used when needed. To set a breakpoint that triggers when
the variable foo is written to (the most common use case), one calls:
breakpoint_set(vir2phys((vir_bytes) &foo), 0,
BREAKPOINT_FLAG_MODE_GLOBAL |
BREAKPOINT_FLAG_RW_WRITE |
BREAKPOINT_FLAG_LEN_4);
It can later be disabled using:
breakpoint_set(vir2phys((vir_bytes) &foo), 0,
BREAKPOINT_FLAG_MODE_OFF);
There are some limitations:
- There are at most four breakpoints (hardware limit); the index of the
breakpoint (0-3) is specified as the second parameter of
breakpoint_set.
- The breakpoint exception in the kernel is not handled and causes a
panic; it would be reasonably easy to change this by inspecing DR6,
printing a message, disabling the breakpoint and continuing. However,
in my experience even just a panic can be very useful.
- Breakpoints can be set only in the part of the address space that is
in every page table. It is useful for the kernel, but to use this for
user processes would require saving and restoring the debug registers
as part of the context switch. Although the CPU provides support for
local breakpoints (I implemened this as BREAKPOINT_FLAG_LOCAL) they
only work if task switching is used.
forget about the dirtypde bitmap and WIPEPDE/DONEPDE macros too.
check if mapping happens to already be in place, and if so, don't
reload cr3 (on the account of that mapping, that is).
don't reload cr3 unconditionally.
UPDATING INFO:
20100317:
/usr/src/etc/system.conf updated to ignore default kernel calls: copy
it (or merge it) to /etc/system.conf.
The hello driver (/dev/hello) added to the distribution:
# cd /usr/src/commands/scripts && make clean install
# cd /dev && MAKEDEV hello
KERNEL CHANGES:
- Generic signal handling support. The kernel no longer assumes PM as a signal
manager for every process. The signal manager of a given process can now be
specified in its privilege slot. When a signal has to be delivered, the kernel
performs the lookup and forwards the signal to the appropriate signal manager.
PM is the default signal manager for user processes, RS is the default signal
manager for system processes. To enable ptrace()ing for system processes, it
is sufficient to change the default signal manager to PM. This will temporarily
disable crash recovery, though.
- sys_exit() is now split into sys_exit() (i.e. exit() for system processes,
which generates a self-termination signal), and sys_clear() (i.e. used by PM
to ask the kernel to clear a process slot when a process exits).
- Added a new kernel call (i.e. sys_update()) to swap two process slots and
implement live update.
PM CHANGES:
- Posix signal handling is no longer allowed for system processes. System
signals are split into two fixed categories: termination and non-termination
signals. When a non-termination signaled is processed, PM transforms the signal
into an IPC message and delivers the message to the system process. When a
termination signal is processed, PM terminates the process.
- PM no longer assumes itself as the signal manager for system processes. It now
makes sure that every system signal goes through the kernel before being
actually processes. The kernel will then dispatch the signal to the appropriate
signal manager which may or may not be PM.
SYSLIB CHANGES:
- Simplified SEF init and LU callbacks.
- Added additional predefined SEF callbacks to debug crash recovery and
live update.
- Fixed a temporary ack in the SEF init protocol. SEF init reply is now
completely synchronous.
- Added SEF signal event type to provide a uniform interface for system
processes to deal with signals. A sef_cb_signal_handler() callback is
available for system processes to handle every received signal. A
sef_cb_signal_manager() callback is used by signal managers to process
system signals on behalf of the kernel.
- Fixed a few bugs with memory mapping and DS.
VM CHANGES:
- Page faults and memory requests coming from the kernel are now implemented
using signals.
- Added a new VM call to swap two process slots and implement live update.
- The call is used by RS at update time and in turn invokes the kernel call
sys_update().
RS CHANGES:
- RS has been reworked with a better functional decomposition.
- Better kernel call masks. com.h now defines the set of very basic kernel calls
every system service is allowed to use. This makes system.conf simpler and
easier to maintain. In addition, this guarantees a higher level of isolation
for system libraries that use one or more kernel calls internally (e.g. printf).
- RS is the default signal manager for system processes. By default, RS
intercepts every signal delivered to every system process. This makes crash
recovery possible before bringing PM and friends in the loop.
- RS now supports fast rollback when something goes wrong while initializing
the new version during a live update.
- Live update is now implemented by keeping the two versions side-by-side and
swapping the process slots when the old version is ready to update.
- Crash recovery is now implemented by keeping the two versions side-by-side
and cleaning up the old version only when the recovery process is complete.
DS CHANGES:
- Fixed a bug when the process doing ds_publish() or ds_delete() is not known
by DS.
- Fixed the completely broken support for strings. String publishing is now
implemented in the system library and simply wraps publishing of memory ranges.
Ideally, we should adopt a similar approach for other data types as well.
- Test suite fixed.
DRIVER CHANGES:
- The hello driver has been added to the Minix distribution to demonstrate basic
live update and crash recovery functionalities.
- Other drivers have been adapted to conform the new SEF interface.
swapcontext, and makecontext).
- Fix VM to not erroneously think the stack segment and data segment have
collided when a user-space thread invokes brk().
- Add test51 to test ucontext functionality.
- Add man pages for ucontext system calls.
implementations for these functions, we lean on GNU builtin functions
for using them, so these declarations are also conditional on using
a GNU compiler.
Move archtypes.h to include/ dir, since several servers require it. Move
fpu.h and stackframe.h to arch-specific header directory. Make source
files and makefiles aware of the new header locations.
-Convert the include directory over to using bsdmake
syntax
-Update/add mkfiles
-Modify install(1) so that it can create symlinks
-Update makefiles to use new install(1) options
-Rename /usr/include/ibm to /usr/include/i386
-Create /usr/include/machine symlink to arch header files
-Move vm_i386.h to its new home in the /usr/include/i386
-Update source files to #include the header files at their
new homes.
-Add new gnu-includes target for building GCC headers
this change
- makes panic() variadic, doing full printf() formatting -
no more NO_NUM, and no more separate printf() statements
needed to print extra info (or something in hex) before panicing
- unifies panic() - same panic() name and usage for everyone -
vm, kernel and rest have different names/syntax currently
in order to implement their own luxuries, but no longer
- throws out the 1st argument, to make source less noisy.
the panic() in syslib retrieves the server name from the kernel
so it should be clear enough who is panicing; e.g.
panic("sigaction failed: %d", errno);
looks like:
at_wini(73130): panic: sigaction failed: 0
syslib:panic.c: stacktrace: 0x74dc 0x2025 0x100a
- throws out report() - printf() is more convenient and powerful
- harmonizes/fixes the use of panic() - there were a few places
that used printf-style formatting (didn't work) and newlines
(messes up the formatting) in panic()
- throws out a few per-server panic() functions
- cleans up a tie-in of tty with panic()
merging printf() and panic() statements to be done incrementally.
process waiting for" logic, which is duplicated a few times in the
kernel. (For a new feature for top.)
Introducing it and throwing out ESRCDIED and EDSTDIED (replaced by
EDEADSRCDST - so we don't have to care which part of the blocking is
failing in system.c) simplifies some code in the kernel and callers that
check for E{DEADSRCDST,ESRCDIED,EDSTDIED}, but don't care about the
difference, a fair bit, and more significantly doesn't duplicate the
'blocked-on' logic.
- Make the bootstrap /etc/mk be populated from the newly checked out source
- Don't chmod 755 all of /etc
- For the 'real' /etc/mk installing, let the /etc/mk ownership and permission
come from the mtree file, delete the contents of /etc/mk, then copy the .mk
files over and set reasonable permissions and ownership. (So that the .mk
get updated from the real usr/src/ copies, and no other junk if anything,
after the bootstrap phase, whatever happened there.)
- as thre are still KERNEL and IDLE entries, time accounting for
kernel and idle time works the same as for any other process
- everytime we stop accounting for the currently running process,
kernel or idle, we read the TSC counter and increment the p_cycles
entry.
- the process cycles inherently include some of the kernel cycles as
we can stop accounting for the process only after we save its
context and we start accounting just before we restore its context
- this assumes that the system does not scale the CPU frequency which
will be true for ... long time ;-)
have malloc/free, alloc_contig/free_contig and mmap/munmap nicely
paired up.
memory uses malloc/free instead of mmap/munmap as it doesn't have
to be contiguous for the ramdisks (and it might help if it doesn't!).
- we don't need to test this in kernel as we always have interrupts
disabled
- if interrupts are enabled in kernel, it is only at very carefully
chosen places. There are no such places now.
- there are no tasks running, we don't need TASK_PRIVILEGE priviledge anymore
- as there is no ring 1 anymore, there is no need for level0() to call sensitive
code from ring 1 in ring 0
- 286 related macros removed as clean up
- no kernel tasks are runnable
- clock initialization moved to the end of main()
- the rest of the body of clock_task() is moved to bsp_timer_int_handler() as
for now we are going to handle this on the bootstrap cpu. A change later is
possible.
* Userspace change to use the new kernel calls
- _taskcall(SYSTASK...) changed to _kernel_call(...)
- int 32 reused for the kernel calls
- _do_kernel_call() to make the trap to kernel
- kernel_call() to make the actuall kernel call from C using
_do_kernel_call()
- unlike ipc call the kernel call always succeeds as kernel is
always available, however, kernel may return an error
* Kernel side implementation of kernel calls
- the SYSTEm task does not run, only the proc table entry is
preserved
- every data_copy(SYSTEM is no data_copy(KERNEL
- "locking" is an empty operation now as everything runs in
kernel
- sys_task() is replaced by kernel_call() which copies the
message into kernel, dispatches the call to its handler and
finishes by either copying the results back to userspace (if
need be) or by suspending the process because of VM
- suspended processes are later made runnable once the memory
issue is resolved, picked up by the scheduler and only at
this time the call is resumed (in fact restarted) which does
not need to copy the message from userspace as the message
is already saved in the process structure.
- no ned for the vmrestart queue, the scheduler will restart
the system calls
- no special case in do_vmctl(), all requests remove the
RTS_VMREQUEST flag
- copies a mesage from/to userspace without need of translating
addresses
- the assumption is that the address space is installed, i.e. ldt and
cr3 are loaded correctly
- if a pagefault or a general protection occurs while copying from
userland to kernel (or vice versa) and error is returned which gives
the caller a chance to respond in a proper way
- error happens _only_ because of a wrong user pointer if the function
is used correctly
- if the prerequisites of the function do no hold, the function will
most likely fail as the user address becomes random
- switch_address_space() implements a switch of the user address space
for the destination process
- this makes memory of this process easily accessible, e.g. a pointer
valid in the userspace can be used with a little complexity to
access the process's memory
- the switch does not happed only just before we return to userspace,
however, it happens right after we know which process we are going
to schedule. This happens before we start processing the misc flags
of this process so its memory is available
- if the process becomes not runnable while processing the mics flags
we pick a new process and we switch the address space again which
introduces possibly a little bit more overhead, however, it is
hopefully hidden by reducing the overheads when we actually access
the memory
- the syscalls are pretty much just ipc calls, however, sendrec() is
used to implement system task (sys) calls
- sendrec() won't be used anymore for this, therefore ipc calls will
become pure ipc calls
- the system task initialization code does not really need to be part
of the system task process. An earlier initialization in kernel is
cleaner as it does not only initialize the syscalls but also irq
hooks etc.
- VFS: check for negative sizes in all truncate calls
- VFS: update file size after truncating with fcntl(F_FREESP)
- VFS: move pos/len checks for F_FREESP with l_len!=0 from FS to VFS
- MFS: do not zero data block for small files when fully truncating
- MFS: do not write out freed indirect blocks after freeing space
- MFS: make truncate work correctly with differing zone/block sizes
- tests: add new test50 for truncate call family
- put asmconv in /usr/bin so it can be invoked without absolute path
- make it ignore .end in gnu output mode so that it can be invoked
without '|| true' in the gnu lib makefiles and it doesn't produce the
messy error message
- PM: get rid of umap warning
- sprofalyze.pl: update with recently added servers and drivers
- sprofalyze.pl: properly truncate process names for sample matching
kernel (sys task). The main reason is that these would have to become
cpu local variables on SMP. Once the system task is not a task but a
genuine part of the kernel there is even less reason to have these
extra variables as proc_ptr will already contain all neccessary
information. In addition converting who_e to the process pointer and
back again all the time will be avoided.
Although proc_ptr will contain all important information, accessing it
as a cpu local variable will be fairly expensive, hence the value
would be assigned to some on stack local variable. Therefore it is
better to add the 'caller' argument to the syscall handlers to pass
the value on stack anyway. It also clearly denotes on who's behalf is
the syscall being executed.
This patch also ANSIfies the syscall function headers.
Last but not least, it also fixes a potential bug in virtual_copy_f()
in case the check is disabled. So far the function in case of a
failure could possible reuse an old who_p in case this function had
not been called from the system task.
virtual_copy_f() takes the caller as a parameter too. In case the
checking is disabled, the caller must be NULL and non NULL if it is
enabled as we must be able to suspend the caller.
Some cases were fixed by declaring the function void, others were fixed
by adding a return <value> statement, thereby avoiding potentially
incorrect behavior (usually in error handling).
Some enum correctness in boot.c.
- taskcall.c is 3x in the trunk as part of libc, libsysutil and
libsys. It should be only part of libsys.
- only system process should be linked with libsys, therefore using
raw _taskcall() in service.c is replaced by _syscall()
- the same for minix_rs.c
- lib/other/sys_eniop.c can go without replacement as it is part of
syslib
- Make open(2) more POSIX compliant
- Add a test case for dangling symlinks and open() syscall with O_CREAT and
O_EXCL on a symlink.
- Update open(2) man page to reflect change.
ow that the image has grown beyond the 1.44M that fits on a floppy.
(previously, the floppy emulation mode was used for cd's.)
the boot cd now uses 'no emulation mode,' where an image is provided on
the cd that is loaded and executed directly. this is the boot monitor.
in order to make this work (the entry point is the same as where the
image is loaded, and the boot monitor needs its a.out header too) and
keep compatability with the same code being used for regular booting, i
prepended 16 bytes that jumps over its header so execution can start
there.
to be able to read the CD (mostly in order to read the boot image),
boot has to use the already present 'extended read' call, but address
the CD using 2k sectors.
There is not that much use for it on a single CPU, however, deadlock
between kernel and system task can be delected. Or a runaway loop.
If a kernel gets locked up the timer interrupts don't occure (as all
interrupts are disabled in kernel mode). The only chance is to
interrupt the kernel by a non-maskable interrupt.
This patch generates NMIs using performance counters. It uses the most
widely available performace counters. As the performance counters are
highly model-specific this patch is not guaranteed to work on every
machine. Unfortunately this is also true for KVM :-/ On the other
hand adding this feature for other models is not extremely difficult
and the framework makes it hopefully easy enough.
Depending on the frequency of the CPU an NMI is generated at most
about every 0.5s If the cpu's speed is less then 2Ghz it is generated
at most every 1s. In general an NMI is generated much less often as
the performance counter counts down only if the cpu is not idle.
Therefore the overhead of this feature is fairly minimal even if the
load is high.
Uppon detecting that the kernel is locked up the kernel dumps the
state of the kernel registers and panics.
Local APIC must be enabled for the watchdog to work.
The code is _always_ compiled in, however, it is only enabled if
watchdog=<non-zero> is set in the boot monitor.
One corner case is serial console debugging. As dumping a lot of stuff
to the serial link may take a lot of time, the watchdog does not
detect lockups during this time!!! as it would result in too many
false positives. 10 nmi have to be handled before the lockup is
detected. This means something between ~5s to 10s.
Another corner case is that the watchdog is enabled only after the
paging is enabled as it would be pure madness to try to get it right.
- the prototype changes to
_cpuid(u32_t *eax, u32_t *ebx, u32_t *ecx, u32_t *edx)
- this makes possible to use all the features of the cpuid instruction as
described in the Intel specs
Main changes:
- COW optimization for safecopy.
- safemap, a grant-based interface for sharing memory regions between processes.
- Integration with safemap and complete rework of DS, supporting new data types
natively (labels, memory ranges, memory mapped ranges).
- For further information:
http://wiki.minix3.org/en/SummerOfCode2009/MemoryGrants
Additional changes not included in the original Wu's branch:
- Fixed unhandled case in VM when using COW optimization for safecopy in case
of a block that has already been shared as SMAP.
- Better interface and naming scheme for sys_saferevmap and ds_retrieve_map
calls.
- Better input checking in syslib: check for page alignment when creating
memory mapping grants.
- DS notifies subscribers when an entry is deleted.
- Documented the behavior of indirect grants in case of memory mapping.
- Test suite in /usr/src/test/safeperf|safecopy|safemap|ds/* reworked
and extended.
- Minor fixes and general cleanup.
- TO-DO: Grant ids should be generated and managed the way endpoints are to make
sure grant slots are never misreused.
- if debugging on serial console is enabled typing Q kills the system. It is
handy if the system gets locked up and the timer interrupts still work. Good
for remote debugging.
- NOT_REACHABLE reintroduced and fixed. It should be used for marking code which
is not reachable because the previous code _should_ not return. Such places
are not always obvious
- allow mounting with "none" block device
- allow unmounting by mountpoint
- make VFS aware of file system process labels
- allow m3_ca1 to use the full available message size
- use *printf in u/mount(1), as mount(2) uses it already
- fix reference leaks for some mount error cases in VFS
SYSLIB CHANGES:
- SEF framework now supports a new SEF Init request type from RS. 3 different
callbacks are available (init_fresh, init_lu, init_restart) to specify
initialization code when a service starts fresh, starts after a live update,
or restarts.
SYSTEM SERVICE CHANGES:
- Initialization code for system services is now enclosed in a callback SEF will
automatically call at init time. The return code of the callback will
tell RS whether the initialization completed successfully.
- Each init callback can access information passed by RS to initialize. As of
now, each system service has access to the public entries of RS's system process
table to gather all the information required to initialize. This design
eliminates many existing or potential races at boot time and provides a uniform
initialization interface to system services. The same interface will be reused
for the upcoming publish/subscribe model to handle dynamic
registration / deregistration of system services.
VM CHANGES:
- Uniform privilege management for all system services. Every service uses the
same call mask format. For boot services, VM copies the call mask from init
data. For dynamic services, VM still receives the call mask via rs_set_priv
call that will be soon replaced by the upcoming publish/subscribe model.
RS CHANGES:
- The system process table has been reorganized and split into private entries
and public entries. Only the latter ones are exposed to system services.
- VM call masks are now entirely configured in rs/table.c
- RS has now its own slot in the system process table. Only kernel tasks and
user processes not included in the boot image are now left out from the system
process table.
- RS implements the initialization protocol for system services.
- For services in the boot image, RS blocks till initialization is complete and
panics when failure is reported back. Services are initialized in their order of
appearance in the boot image priv table and RS blocks to implements synchronous
initialization for every system service having the flag SF_SYNCH_BOOT set.
- For services started dynamically, the initialization protocol is implemented
as though it were the first ping for the service. In this case, if the
system service fails to report back (or reports failure), RS brings the service
down rather than trying to restart it.
- clean up kernel section of minix/com.h somewhat
- remove ALLOCMEM and VM_ALLOCMEM calls
- remove non-safecopy and minix-vmd support from Inet
- remove SYS_VIRVCOPY and SYS_PHYSVCOPY calls
- remove obsolete segment encoding in SYS_SAFECOPY*
- remove DEVCTL call, svrctl(FSDEVUNMAP), map_driverX
- remove declarations of unimplemented svrctl requests
- remove everything related to swapping to disk
- remove floppysetup.sh
- remove traces of rescue device
- update DESCRIBE.sh with new devices
- some other small changes
- allow core file offsets with high bit set
- repair and enable gcc-compiled binary support
- fix bug leading to random command execution
- remove obsolete ptrace.2 manpage
RS CHANGES:
- RS retains information on both labels and process names now. Labels for boot
processes are configured in the boot image priv table. Process names are
inherited from the in-kernel boot image table.
- When RS_REUSE is specified in do_up, RS looks for an existing slot having the
same process name as the one we are about to start. If one is found with
an in-memory copy of its executable image, the image is then shared between
the two processes, rather than copying it again. This behavior can be specified
by using 'service -r' when starting a system service from the command line.
- if "debug_fkeys" boot monitor variable is set to 0:
- pass Fn, Shift+Fn, Ctrl+Fn, Shift+Ctrl+Fn to applications
- don't start IS
- update termcap files with function key, color, end key support
- optionally vectorize I/O requests to work around hardware bugs
- extend default buffer size to cover MFS's default maximum request size
- use mmap directly, rather than alloc_contig
- add 'nil' checksum type for comparison with layout
- minor style corrections
SYSLIB CHANGES:
- SEF must be used by every system process and is thereby part of the system
library.
- The framework provides a receive() interface (sef_receive) for system
processes to automatically catch known system even messages and process them.
- SEF provides a default behavior for each type of system event, but allows
system processes to register callbacks to override the default behavior.
- Custom (local to the process) or predefined (provided by SEF) callback
implementations can be registered to SEF.
- SEF currently includes support for 2 types of system events:
1. SEF Ping. The event occurs every time RS sends a ping to figure out
whether a system process is still alive. The default callback implementation
provided by SEF is to notify RS back to let it know the process is alive
and kicking.
2. SEF Live update. The event occurs every time RS sends a prepare to update
message to let a system process know an update is available and to prepare
for it. The live update support is very basic for now. SEF only deals with
verifying if the prepare state can be supported by the process, dumping the
state for debugging purposes, and providing an event-driven programming
model to the process to react to state changes check-in when ready to update.
- SEF should be extended in the future to integrate support for more types of
system events. Ideally, all the cross-cutting concerns should be integrated into
SEF to avoid duplicating code and ease extensibility. Examples include:
* PM notify messages primarily used at shutdown.
* SYSTEM notify messages primarily used for signals.
* CLOCK notify messages used for system alarms.
* Debug messages. IS could still be in charge of fkey handling but would
forward the debug message to the target process (e.g. PM, if the user
requested debug information about PM). SEF would then catch the message and
do nothing unless the process has registered an appropriate callback to
deal with the event. This simplifies the programming model to print debug
information, avoids duplicating code, and reduces the effort to print
debug information.
SYSTEM PROCESSES CHANGES:
- Every system process registers SEF callbacks it needs to override the default
system behavior and calls sef_startup() right after being started.
- sef_startup() does almost nothing now, but will be extended in the future to
support callbacks of its own to let RS control and synchronize with every
system process at initialization time.
- Every system process calls sef_receive() now rather than receive() directly,
to let SEF handle predefined system events.
RS CHANGES:
- RS supports a basic single-component live update protocol now, as follows:
* When an update command is issued (via "service update *"), RS notifies the
target system process to prepare for a specific update state.
* If the process doesn't respond back in time, the update is aborted.
* When the process responds back, RS kills it and marks it for refreshing.
* The process is then automatically restarted as for a buggy process and can
start running again.
* Live update is currently prototyped as a controlled failure.
- MFS, df(1), fsck(1), badblocks(8), de(1x) now compute the
superblock's s_firstdatazone value if the on-disk value is zero
- mkfs(1) sets s_firstdatazone in the superblock to zero if the
on-disk field is too small to store the actual value
- more agressive mkfs(1) inode number heuristic, copied from r5261
- Revise VFS-FS protocol and update VFS/MFS/ISOFS accordingly.
- Clean up MFS by removing old, dead code (backwards compatibility is broken by
the new VFS-FS protocol, anyway) and rewrite other parts. Also, make sure all
functions have proper banners and prototypes.
- VFS should always provide a (syntactically) valid path to the FS; no need for
the FS to do sanity checks when leaving/entering mount points.
- Fix several bugs in MFS:
- Several path lookup bugs in MFS.
- A link can be too big for the path buffer.
- A mountpoint can become inaccessible when the creation of a new inode
fails, because the inode already exists and is a mountpoint.
- Introduce support for supplemental groups.
- Add test 46 to test supplemental group functionality (and removed obsolete
suppl. tests from test 2).
- Clean up VFS (not everything is done yet).
- ISOFS now opens device read-only. This makes the -r flag in the mount command
unnecessary (but will still report to be mounted read-write).
- Introduce PipeFS. PipeFS is a new FS that handles all anonymous and
named pipes. However, named pipes still reside on the (M)FS, as they are part
of the file system on disk. To make this work VFS now has a concept of
'mapped' inodes, which causes read, write, truncate and stat requests to be
redirected to the mapped FS, and all other requests to the original FS.
/etc CHANGES:
- /etc/drivers.conf has been renamed to /etc/system.conf. Every entry in
the file is now marked as "service" rather than driver.
- user "service" has been added to password file /etc/passwd.
- docs/UPDATING updated accordingly, as well as every other mention to the old
drivers.conf in the system.
RS CHANGES:
- No more distinction between servers and drivers.
- RS_START has been renamed to RS_UP and the old legacy RS_UP and RS_UP_COPY
dropped.
- RS asks PCI to set / remove ACL entries only for services whose ACL properties
have been set. This change eliminates unnecessary warnings.
- Temporarily minimize the risk of potential races at boot time or when starting
a new service. Upcoming changes will eliminate races completely.
- General cleanup.
The old deadlock code was misplaced and unable to deal with asynchronous
IPC primitives (notify and senda) effectively. As an example, the following
sequence of messages allowed the deadlock detection code to
trigger a false positive:
1. A.notify(B)
2. A.receive(B)
3. B.receive(A)
1. B.notify(A)
The solution is to run the deadlock detection routine only when a process is
about to block in mini_send() or mini_receive().
KERNEL CHANGES:
- The kernel only knows about privileges of kernel tasks and the root system
process (now RS).
- Kernel tasks and the root system process are the only processes that are made
schedulable by the kernel at startup. All the other processes in the boot image
don't get their privileges set at startup and are inhibited from running by the
RTS_NO_PRIV flag.
- Removed the assumption on the ordering of processes in the boot image table.
System processes can now appear in any order in the boot image table.
- Privilege ids can now be assigned both statically or dynamically. The kernel
assigns static privilege ids to kernel tasks and the root system process. Each
id is directly derived from the process number.
- User processes now all share the static privilege id of the root user
process (now INIT).
- sys_privctl split: we have more calls now to let RS set privileges for system
processes. SYS_PRIV_ALLOW / SYS_PRIV_DISALLOW are only used to flip the
RTS_NO_PRIV flag and allow / disallow a process from running. SYS_PRIV_SET_SYS /
SYS_PRIV_SET_USER are used to set privileges for a system / user process.
- boot image table flags split: PROC_FULLVM is the only flag that has been
moved out of the privilege flags and is still maintained in the boot image
table. All the other privilege flags are out of the kernel now.
RS CHANGES:
- RS is the only user-space process who gets to run right after in-kernel
startup.
- RS uses the boot image table from the kernel and three additional boot image
info table (priv table, sys table, dev table) to complete the initialization
of the system.
- RS checks that the entries in the priv table match the entries in the boot
image table to make sure that every process in the boot image gets schedulable.
- RS only uses static privilege ids to set privileges for system services in
the boot image.
- RS includes basic memory management support to allocate the boot image buffer
dynamically during initialization. The buffer shall contain the executable
image of all the system services we would like to restart after a crash.
- First step towards decoupling between resource provisioning and resource
requirements in RS: RS must know what resources it needs to restart a process
and what resources it has currently available. This is useful to tradeoff
reliability and resource consumption. When required resources are missing, the
process cannot be restarted. In that case, in the future, a system flag will
tell RS what to do. For example, if CORE_PROC is set, RS should trigger a
system-wide panic because the system can no longer function correctly without
a core system process.
PM CHANGES:
- The process tree built at initialization time is changed to have INIT as root
with pid 0, RS child of INIT and all the system services children of RS. This
is required to make RS in control of all the system services.
- PM no longer registers labels for system services in the boot image. This is
now part of RS's initialization process.
- gas2ack cannot handle all variants of some instructions. Until this issues is
addressed, this patch places a big warning where appropriate. This code is not
supposed to change frequently.
- add new "control" config directive, to let drivers restart drivers
(by Jorrit Herder)
- fix bug causing system processes to be started twice sometimes
- fix resource leak (PCI ACLs) when child fails right after exec
- fix resource leak (memory) when child exec fails at all
- fix race condition setting VM call privileges for new child
- make dev_execve() return a proper result, and check this result
- remove RS_EXECFAILED, as it should behave exactly like RS_EXITING
- add more clarifying comments about starting servers
- local APIC timer used as the source of time
- PIC is still used as the hw interrupt controller as we don't have
enough info without ACPI or MPS to set up IO APICs
- remapping of APIC when switching paging on, uses the new mechanism
to tell VM what phys areas to map in kernel's virtual space
- one more step to SMP
based on code by Arun C.
- idle task becomes a pseudo task which is never scheduled. It is never put on
any run queue and never enters userspace. An entry for this task still remains
in the process table for time accounting
- Instead of panicing if there is not process to schedule, pick_proc() returns
NULL which is a signal to put the cpu in an idle state and set everything in
such a way that after receiving and interrupt it looks like idle task was
preempted
- idle task is set non-preemptible to avoid handling in the timer interrupt code
which make userspace scheduling simpler as idle task does not need to be
handled as a special case.
- the gnu .S are compiled with __ASSEMBLY__ macro set which allows us to
conditionaly remove C stuff from the proc.h file when included in assembly
files
- new proc_is_runnable() macro to test whether process is runnable. All tests
whether p_rts_flags == 0 converted to use this macro
- pick_proc() calls removed from enqueue() and dequeue()
- removed the test for recursive calls from pick_proc() as it certainly cannot
be called recursively now
- PREEMPTED flag to mark processes that were preempted by enqueueuing a higher
priority process in enqueue()
- enqueue_head() to enqueue PREEMPTED processes again at the head of their
current priority queue
- NO_QUANTUM flag to block and dequeue processes preempted by timer tick with
exceeded quantum. They need to be enqueued again in schedcheck()
- next_ptr global variable removed
- after a trap to kernel, the code automatically switches to kernel
stack, in the future local to the CPU
- k_reenter variable replaced by a test whether the CS is kernel cs or
not. The information is passed further if needed. Removes a global
variable which would need to be cpu local
- no need for global variables describing the exception or trap
context. This information is kept on stack and a pointer to this
structure is passed to the C code as a single structure
- removed loadedcr3 variable and its use replaced by reading the %cr3
register
- no need to redisable interrupts in restart() as they are already
disabled.
- unified handling of traps that push and don't push errorcode
- removed save() function as the process context is not saved directly
to process table but saved as required by the trap code. Essentially
it means that save() code is inlined everywhere not only in the
exception handling routine
- returning from syscall is more arch independent - it sets the retger
in C
- top of the x86 stack contains the current CPU id and pointer to the
currently scheduled process (the one right interrupted) so the mode
switch code can find where to save the context without need to use
proc_ptr which will be cpu local in the future and therefore
difficult to access in assembler and expensive to access in general
- some more clean up of level0 code. No need to read-back the argument
passed in
%eax from the proc structure. The mode switch code does not clobber
%the general registers and hence we can just call what is in %eax
- many assebly macros in sconst.h as they will be reused by the apic
assembly
- preemption handled in the clock timer interrupt handler, not in the clock task
- more achitecture independent clock timer handling code
- smp ready as each CPU can have its own timer
- fixes a problem in inodes truct definitions. The original definitions use
posix types. These types don't have well defined size. Therefore when
compiling mkfs on a different system natively the inodes sizes do not match.
This patch replaces the posix types with interger types of the same size and
signedness as the original types in use.
- The primary reason is that mkfs and installboot need to run natively during
the cross compilation (host and target versions are compiled). There is a
collision of include files though. E.g. a.out.h is very minix-specific.
Therefore some files we moved and replaced by stubs that include the original
file if compiling on or for Minix :
include/a.out.h -> include/minix/a.out.h
include/sys/dir.h -> include/minix/dir.h
include/dirent.h -> include/minix/dirent.h
include/sys/types.h -> include/minix/types.h
- This does not break any native compilation on Minix. Other headers that were
including the original files are changed according to include directly the
new, minix specific location not to pick up the host system includes while
cross-compiling.
- role of this patch is to make rebasing of the build branch simpler until the
new build system is merged
- the PIC master and slave irq handlers don't pass the irq hook pointer but just
the irq number. It gives a little bit more information to the C handler as the
irq number is not lost
- the irq code path is more achitecture independent. i386 hw interrupts are
called irq and whereever the code is arch independent enough hw_intr_
functions are called to mask/unmask interrupts
- the legacy PIC is not the only possible interrupt controller in the x86 world,
therefore the intr_(un)mask functions were renamed to signal their
functionality explicitly. APIC will add their own.
- masking and unmasking PIC interrupt lines is removed from assembler and all
the functionality is rewriten in C and moved to i8259.c
- interrupt handlers have to unmask the interrupt line if all irq handlers are
done. Assembler does not do it anymore
told to kernel
- makes VM ask the kernel if a certain process is allowed
to map in a range of physical memory (VM rounds it to page
boundaries afterwards - but it's impossible to map anything
smaller otherwise so I assume this is safe, i.e. there won't
be anything else in that page; certainly no regular memory)
- VM permission check cleanup (no more hardcoded calls, less
hardcoded logic, more readable main loop), a loose end left
by GQ
- remove do_copy warning, as the ipc server triggers this but
it's no more harmful than the special cases already excluded
explicitly (VFS, PM, etc).
IS:
- do not use p_getfrom_e for a process that is sending
- register with TTY only function keys that are used
- various header and formatting fixes
- proper shutdown code
TTY:
- restore proper Ctrl+F1 dump contents
isofs:
- don't even try to call sys_exit()
- an asmconv based tool for conversion from GNU ia32 assembly to ACK assembly
- in contrast to asmconv it is a one way tool only
- as the GNU assembly in Minix does not prefix global C symbols with _ gas2ack
detects such symbols and prefixes them to be compliant with the ACK convention
- gas2ack preserves comments and unexpanded macros
- bunch of fixes to the asmconv GNU->ACK direction
- support of more instructions that ACK does not know but are in use in Minix
- it is meant as a temporary solution as long as ACK will be a supported
compiler for the core system
- MFS and mkfs(1) now perform extra sanity checks
- fsck(1) can now deal with inode tables extending beyond the file
system's first 4GB
- badblocks(8) no longer writes out the superblock for no reason
- mkfs(1) no longer crashes when given no parameters
- more(1) no longer crashes when standard output is redirected
that some hardware had
- clear DMA_ST_INT after DMA - fixes infinite number of interrupts
that some hardware had
- initial ATAPI DMA implementation, doesn't actually increase performance
on my test hardware so possibly not right yet, disabled by default
debugging info on panic: decode segment selectors and descriptors, now moved
to arch-specific part, prototypes added; sanity checking in debug.h made
optional with vmassert().
be used concurrently. pass the function in eax instead; this gets rid
of the global variable. also execute the function directly if we're
already trapped into the kernel.
revert of u32_t endpoint_t to int (some code assumes endpoints are
negative for negative slot numbers).
- allow PM to tell sys_runctl() whether to use delay call feature
- only use this feature in PM for delivering signals - not for exits
- do better error checking in PM on sys_runctl() calls
- rename SIGKREADY to SIGNDELAY
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
NR_TASKS in the endpoint macros. MAX_NR_TASKS defines the maximal number of
kernel tasks. It is unlikely that we will ever need this many tasks as the goal
is not to have such a difference in the future. For now it makes possible to
remove the limiting NR_TASKS from the endpoint code.
It removes the no more existing marcos (XPIPE XPOPEN XDOPEN XLOCK XSELECT) and
replaces them with the new ones from servers/vfs/const.h No more dependency on
NR_TASKS macro.
- all macros in consts.h that depend on NR_TASKS replaced by a FP_BLOCKED_ON_*
- fp_suspended removed and replaced by fp_blocked_on. Testing whether a process
is supended is qeual to testing whether fp_blocked_on is FP_BLOCKED_ON_NONE or
not
- fp_task is valid only if fp_blocked_on == FP_BLOCKED_ON_OTHER
- no need of special values that do not colide with valid and special endpoints
since they are not used as endpoints anymore
- suspend only takes FP_BLOCKED_ON_* values not endpoints anymore
- suspend(task) replaced by wait_for(task) which sets fp_task so we remember who
are we waiting for and suspend sets fp_blocked_on to FP_BLOCKED_ON_OTHER to
signal that we are waiting for some other process
- some functions should take endpoint_t instead of int, fixed
- marks code path that should be unreachable (never executed)
- if hit, panics and reports the problem
- the end of main() marked as such. The SMP changes need some magic with stack
switching before the AP can be started as they need to run on the boot stack
before figuring out what is their own stack. As main() uses the boot stack to,
we need to switch to to the stack of BSP before executing the last part of
main() which needs to be in a separate function so we can jump to it.
Therefore restart() won't be the last call in main() which may be confusing.
The macro can/should be used in other such places too.
- the magic numbers ANY, NONE and SELF are kept for the compatibility with the
current userspace. It is OK as long as NR_PROCS is greater so they don't
colide with other endpoints
- the 32 bit endpoint_t value is split in half, lower 16 bits for process slot
number and upper half for generation number
- transition to a structured endpoint_t in the future possible
- headers use the endpoint_t in syslib.h and the implmentation was using int
instead. Both uses endpoint_t now
- every variable named like proc, proc_nr or proc_nr_e of type endpoint_t has
name proc_ep now
- endpoint_t defined as u32_t not int
shared with the kernel, mapped into kernel address space;
kernel is notified of its location. kernel segment size is
increased to make it fit.
- map in kernel and other processes that don't have their
own page table using single 4MB (global) mapping.
- new sanity check facility: objects that are allocated with
the slab allocator are, when running with sanity checking on,
marked readonly until they are explicitly unlocked using the USE()
macro.
- another sanity check facility: collect all uses of memory and
see if they don't overlap with (a) eachother and (b) free memory
- own munmap() and munmap_text() functions.
- exec() recovers from out-of-memory conditions properly now; this
solves some weird exec() behaviour
- chew off memory from the same side of the chunk as where we
start scanning, solving some memory fragmentation issues
- use avl trees for freelist and phys_ranges in regions
- implement most useful part of munmap()
- remap() stuff is GQ's for shared memory
addr and taddr don't have to be defined any more, so that <sys/mman.h>
can be included for proper prototypes of munmap() and friends.
- rename our GETPID to MINIX_GETPID to avoid a name conflict with
other sources
- PM needs its own munmap() and munmap_text() to avoid sending messages
to VM at the startup phase. It *does* want to do that, but only
after initialising. So they're called again with unmap_ok set to 1
later.
- getnuid(), getngid() implementation
- If allocation of a new buffer fails, use an already-allocated
unused buffer if available (low memory conditions)
- Allocate buffers dynamically, so memory isn't wasted on wrong-sized
buffers.
- No more _MAX_BLOCK_SIZE.
- no longer have kernel have its own page table that is loaded
on every kernel entry (trap, interrupt, exception). the primary
purpose is to reduce the number of required reloads.
Result:
- kernel can only access memory of process that was running when
kernel was entered
- kernel must be mapped into every process page table, so traps to
kernel keep working
Problem:
- kernel must often access memory of arbitrary processes (e.g. send
arbitrary processes messages); this can't happen directly any more;
usually because that process' page table isn't loaded at all, sometimes
because that memory isn't mapped in at all, sometimes because it isn't
mapped in read-write.
So:
- kernel must be able to map in memory of any process, in its own
address space.
Implementation:
- VM and kernel share a range of memory in which addresses of
all page tables of all processes are available. This has two purposes:
. Kernel has to know what data to copy in order to map in a range
. Kernel has to know where to write the data in order to map it in
That last point is because kernel has to write in the currently loaded
page table.
- Processes and kernel are separated through segments; kernel segments
haven't changed.
- The kernel keeps the process whose page table is currently loaded
in 'ptproc.'
- If it wants to map in a range of memory, it writes the value of the
page directory entry for that range into the page directory entry
in the currently loaded map. There is a slot reserved for such
purposes. The kernel can then access this memory directly.
- In order to do this, its segment has been increased (and the
segments of processes start where it ends).
- In the pagefault handler, detect if the kernel is doing
'trappable' memory access (i.e. a pagefault isn't a fatal
error) and if so,
- set the saved instruction pointer to phys_copy_fault,
breaking out of phys_copy
- set the saved eax register to the address of the page
fault, both for sanity checking and for checking in
which of the two ranges that phys_copy was called
with the fault occured
- Some boot-time processes do not have their own page table,
and are mapped in with the kernel, and separated with
segments. The kernel detects this using HASPT. If such a
process has to be scheduled, any page table will work and
no page table switch is done.
Major changes in kernel are
- When accessing user processes memory, kernel no longer
explicitly checks before it does so if that memory is OK.
It simply makes the mapping (if necessary), tries to do the
operation, and traps the pagefault if that memory isn't present;
if that happens, the copy function returns EFAULT.
So all of the CHECKRANGE_OR_SUSPEND macros are gone.
- Kernel no longer has to copy/read and parse page tables.
- A message copying optimisation: when messages are copied, and
the recipient isn't mapped in, they are copied into a buffer
in the kernel. This is done in QueueMess. The next time
the recipient is scheduled, this message is copied into
its memory. This happens in schedcheck().
This eliminates the mapping/copying step for messages, and makes
it easier to deliver messages. This eliminates soft_notify.
- Kernel no longer creates a page table at all, so the vm_setbuf
and pagetable writing in memory.c is gone.
Minor changes in kernel are
- ipc_stats thrown out, wasn't used
- misc flags all renamed to MF_*
- NOREC_* macros to enter and leave functions that should not
be called recursively; just sanity checks really
- code to fully decode segment selectors and descriptors
to print on exceptions
- lots of vmassert()s added, only executed if DEBUG_VMASSERT is 1
remembering the origin and cursor position as that feature didn't
really work properly anyway
- tty: map in video and font memory using a vm call, access it from C,
thereby eliminating pesky weird segment calls and assembly to access it,
and unbreaks loadfont (Roman Ignatov)
- bios_wini: fix bios_wini by allocating a <1MB buffers for it
- memory: preallocate ramdisk, makes it a bit faster (and doesn't
fail halfway if you allocate a huge one)
- floppy: use <1MB buffer
- ramdisk proto: because of the 2x1 page reservations, binaries
got a little fatter and didn't fit on the ramdisk any more.
increase it.
for each symbol, usually answering those "why is does my binary have
such a lot of BSS" questions.
- stop binpackage looking in /var/spool for package files.
- let makewhatis recognize .Sh as heading name
- setup, fsck, df: allow >4kB block sizes painlessly
- mkfs: new #-of-inodes heuristic that depends on kb, not
on blocks; i've run out of inodes on my /usr
- asmconv: don't silently truncate .aligns to 16 bytes
- ipc* commands for shared memory support
- only print a line for every boot process if 'verbose' variable set to
nonzero; reason: with serial output, the long output
significantly slows down frequent reboots, and causes 'scroll damage'
that in some cases is pretty bad. also the verbose output doesn't tell
you the one thing you might want to know about a process: how much memory
is it using? or how much memory is everything using?
- short format does print out total memory allocated for processes
- sys_getbiosbuffer feature is gone (from kernel; available from vm)
- bump version number because munmap() calls that newly compiled binaries
will do trigger an ugly (but harmless) error message in older VM's
- some new VM calls and flags, the new IPC calls
- some new CR0 register bits
- added files for shared memory
- [ABCD]_INDEX are not used anywhere
- value of *_SELECTOR is now calculated using the *_INDEX value so changing the
index does not break the selector
- TSS is now the last of the global selectors. There will be TSS per CPU on SMP
and the number will vary depending on the maximal supported number of CPUs
configured
- pproc_addr is not neccessary to get the address of a process if we know its
number
- local proc variables in system calls implementation (sys_task) conflicts with
the global proc array of all process, therefore the variable were renamed to
proc_nr as they hold the process number
- Modified the setup script to use the netconf script for the network
configuration:
- Moved step 2 to step 8 and renamed the steps in between.
- Autopart adapted to print step 3 instead of step 4.
- a better name for architecture specific init function
- some of x86 init code must execute in protected mode
- prot_init() removed from this function and still called in cstart() Imho this
should be called from the architecture specific assembly not cstart. cstart
perform Minix monitor specific tasks and will be touched once another
bootloader is in use, e.g. booting via tftp, therefore we keep it as is for
now.
- this is a backport from the SMP code which requires this. Merging will be simpler
If an exception happens in kernel while the kernel is booting and no processes
are running yet, saved_proc == NULL and priting any process related information
results in dumping rubish.
This check is mostly useful when debugging kernel stuff. Should _never_ happen
on a production kernel.
This is a backport form the SMP branch. Not required here, it only makes life
for SMP easier. And future merging too.
- filling the IDT is removed from prot_init()
- struct gate_table_s is a public type
- gate_table_pic is a global array as it is used by APIC code too
- idt_copy_vectors() is also global and used by idt_init() as well as
apic_idt_init()
- idt_init() is called right after prot_init() in system_init()
bin_img=1 in the boot monitor will make sure that during the boot procedure the
mfs binary that is part of the boot image is the only binary that is used to
mount partitions. This is useful when for some reason the mfs binary on disk
malfunctions, rendering Minix unable to boot. By setting bin_img=1, the binary
on disk is ignored and the binary in the boot image is used instead.
- 'service' now accepts an additional flag -r. -r implies -c. -r instructs RS
to first look in memory if the binary has already been copied to memory and
execute that version, instead of loading the binary from disk. For example,
the first time a MFS is being started it is copied (-c) to memory and
executed from there. The second time MFS is being started this way, RS will
look in memory for a previously copied MFS binary and reuse it if it exists.
- The mount and newroot commands now accept an additional flag -i, which
instructs them to set the MS_REUSE flag in the mount flags.
- The mount system call now supports the MS_REUSE flag and invokes 'service'
with the -r flag when MS_REUSE is set.
- /etc/rc and the rc script that's included in the boot image check for the
existence of the bin_img flag in the boot monitor, and invoke mount and
newroot with the -i flag accordingly.
- Prepared mount system call to accept multiple mount flags
instead of just read_only (however, it remains backwards
compatible).
- Updated the man mount(2) to reflect new header file usage.
- Updated badblocks, newroot, mount, and umount commands to use the
new header file.
- When one does a select on a file descriptor that is meaningless for that particular file type, select shall indicate that the file descriptor is ready for that particular operation and that the file descriptor has no exceptional condition pending.
o Don't call vm_willexit() more than once upon normal process exit
o Correct two cases of indenting of the no-discussion-possible kind
o Perform slightly stricter ptrace(2) checks:
- process calling ptrace must be target process's parent
- process must call wait/waitpid before using ptrace on stopped child
- no ptrace on zombies
o Allow user processes to use ptrace(T_STOP) to stop an active child
Kernel:
o Remove s_ipc_sendrec, instead using s_ipc_to for all send primitives
o Centralize s_ipc_to bit manipulation,
- disallowing assignment of bits pointing to unused priv structs;
- preventing send-to-self by not setting bit for own priv struct;
- preserving send mask matrix symmetry in all cases
o Add IPC send mask checks to SENDA, which were missing entirely somehow
o Slightly improve IPC stats accounting for SENDA
o Remove SYSTEM from user processes' send mask
o Half-fix the dependency between boot image order and process numbers,
- correcting the table order of the boot processes;
- documenting the order requirement needed for proper send masks;
- warning at boot time if the order is violated
RS:
o Add support in /etc/drivers.conf for servers that talk to user processes,
- disallowing IPC to user processes if no "ipc" field is present
- adding a special "USER" label to explicitly allow IPC to user processes
o Always apply IPC masks when specified; remove -i flag from service(8)
o Use kernel send mask symmetry to delay adding IPC permissions for labels
that do not exist yet, adding them to that label's process upon creation
o Add VM to ipc permissions list for rtl8139 and fxp in drivers.conf
Left to future fixes:
o Removal of the table order vs process numbers dependency altogether,
possibly using per-process send list structures as used for SYSTEM calls
o Proper assignment of send masks to boot processes;
some of the assigned (~0) masks are much wider than necessary
o Proper assignment of IPC send masks for many more servers in drivers.conf
o Removal of the debugging warning about the now legitimate case where RS's
add_forward_ipc cannot find the IPC destination's label yet
determine which packages and package sources to include on the
installation media, as opposed to including everything in the
PACKAGEDIR AND PACKAGESOURCEDIR directories.
VMWare Workstation 6.x would previously die when running MINIX 3 with an
IOSPACE assertion and several error messages about multiply registered
I/O ports. The assertion is triggered when we probe for BAR sizes in
record_bar(). The solution: The PCI driver now disables I/O and mem
access before probing for BAR sizes.
Bumped up NR_PCIDEV and NR_PCIBUS, since Workstation 6.x virtualizes
more PCI buses and devices.
* (c) copyright 1987 by the Vrije Universiteit, Amsterdam, The Netherlands.
* See the copyright notice in the ACK home directory, in the file "Copyright".
*/
#include<arch.h>
#include"object.h"
wr_arhdr(fd,arhdr)
registerstructar_hdr*arhdr;
{
charbuf[AR_TOTAL];
registerchar*c=buf;
registerchar*p=arhdr->ar_name;
registerinti=14;
while(i--){
*c++=*p++;
}
put2((int)(arhdr->ar_date>>16),c);c+=2;
put2((int)(arhdr->ar_date),c);c+=2;
*c++=arhdr->ar_uid;
*c++=arhdr->ar_gid;
put2(arhdr->ar_mode,c);c+=2;
put2((int)(arhdr->ar_size>>16),c);c+=2;
put2((int)(arhdr->ar_size),c);
wr_bytes(fd,buf,(long)AR_TOTAL);
}
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
