Implemented a protocol between a client and its pager to
request and get a capability to ipc to another client of the pager.
Pager first ensures the request is valid from its client.
It then tries to use a greater capability that it possesses, to
produce a new capability that the client requested. Once the kernel
validates the correct one and replicates/reduces it to client's
need, it grants it to the client.
Pager handles client capability requests by using one of its own
capabilities to create a new one that suits the client's needs.
The current issue is that the kernel can have multiple caps and it
may not know which one is suitable for using to create one for the client.
The kernel knows this very well, so the solution would be to attempt to
use capabilities that roughly match (i.e. by type) and leave it to
the kernel to decide whether it is any powerful to suit client's needs.
In posix, test0 makes inter-space ipc for testing extended ipc. This
correctly fails when only the cap to ipc to pager is given to all tasks
in the container.
In order to overcome this problem, the tasks who fork for doing ipc to
each other make a request to the pager to get capabilities to do so.
Pager finds its own widened ipc capability over the container, replicates
it, validates and reduces it to desired boundaries (i.e. just ipc betw.
two spaces) and grants it as IMMUTABLE to requesting tasks.
This protocol may be useful in implementing a client/server capability
request relationship. Code builds but untested.
Modifying task_virt_to_page() so that it takes into account page
protections. If mm0 writes to a task page that is meant to be
read-only, (e.g. the zero page) the design is broken.
Every access to a task's page will take the page fault route,
and the page fault handler will return the page instead of 0.
bss segment may have some of it at the end of data, but the bits
that lie on a new page need to be mmaped as anonymous. When this
occured we were not passing the new page boundary but the last
data page where bss started
Thread ids now contain their container ids in the top 2 nibbles.
Threads on other containers can be addressed by changing those
two nibbles. The addressing of inter-container threads are
subject to capabilities.
Task ids are now unsigned as the container ids will need to be encoded
in the id fields as well.
For requests who require even more comprehensive id input, (such as
thread creation) also added is the container id so that threads
_could_ potentially be created in other containers as well.
Pagers can now share their own private capabilities with their
paged children, or their siblings with whom they have a common pager
ancestor.
Added flags CAP_SHARE_CHILD and CAP_SHARE_SIBLINGS for that.
Capabilities will be shared among collection of threads. A pager
will have a right to share its own capabilities with its space,
its thread group and its container.
Currently sharing is possible with only all of the caps. Next,
it will be support for cap splitting, granting, and partial sharing
and granting.
Removed dependency on hard-coded pager id. Pager id is now passed
as an environment string `pagerid' to tasks. Alternatively, this
could take space in the utcb of each task.
- Need to remove old versions
- Need to merge the two.
- Need to investigate occasional page fault on NMOP sequence. (resembles an error ipc_extended test)
Could be related to new page cache read/write routines.
test0 now successfully runs its beginning.
test0 SConscript has a dependency problem.
Issues to be investigated:
- vm_file and vnodes need to be merged fully in all functions.
- libposix shared page references need to be removed.
- Any references to VFS_TID, PAGER_TID need to be removed.
Changes:
It is now possible to use do_mmap() from within mm0.
- pager_new_virtual()/delete_virtual() return addresses that are
disjoint from find_unmapped_area() used by mmap() interface for
anonymous or not-fixed areas.
- find_unmapped_area() now uses task->map_start task->map_end instead
of task->start and task->end. task->start/end are still valid task
space addresses for mmap(), but finding a new address is limited to
map_start/map_end.
- We have both interfaces because mmap() is only useful for backed-files.
When the pager needs to access a user memory range for example, that is
not backed by a file and thus we need to use pager_new_virtual() instead
of mmap() for mapping.
It might be a good idea to simply use mmap() from inside the pager and prefault it
as a conventional way of mapping internal buffers. Will be investigated.
- This would open the way that all internal buffer mapping is
done in a standard way
- Standard syscalls would be possible to use from within the pager.
