Previously during ipc copy, only the currently active task flags were
checked. This means the flags of whoever doing the actual copy was used
in the ipc. Now flags are stored in the ktcb and checked by the copy routine.
Current use of the flags is to determine short/full/extended ipc.
Benefits & Facts:
- Messages up to 2 kilobytes may be sent.
- Both parties may use non-disjoint user buffers. E.g. any userspace address.
- Userspace buffers can page fault.
- Page faults punish timeslice of only the faulting thread.
- Any number of extended ipcs can take place at any one time, since
only ktcbs of ipc parties are engaged. No global buffer is used.
- This also provides smp-safety benefit.
Disadvantages:
- There is triple copying penalty. This has to be done:
- Sender buffer to sender ktcb
- Sender ktcb to receiver ktcb
- Receiver ktcb to receiver buffer.
This is due to the fact that buffers can be on non-disjoint userspace addresses.
If you want to avoid disadvantages and lose some of the benefits,
(e.g. address freedom, shorter copy size) use FULL IPC.
- Added a full ipc send/recv test
- Removed non-zero value checking in r2 for ipc that was there
to catch inadvertent full ipc calls.
- Added correct hanlding for read/write mrs for current status of utcb.
TODO:
- Add mapping of every utcb to every task for privileged access so that
the kernel can access every utcb without switching spaces.
- Removal of same mappings
- Upon thread creation need to copy page tables accordingly i.e.
each task will have its own utcb mapped with USER access, but every
other utcb as kernel access only. Need to handle this case upon page
table copying.
- Added ARM register ipc usage explanation to glue/arm/message.h
- In the current design, the unused r2 register is a system register
that kernel checks for ipc flags such as:
- IPC type: e.g. full or extended.
- In extended IPC, MR index containing message buffer ptr.
- In extended IPC, message size
- Proper releasing of user pmd and pgds when a space is not used.
- Proper releasing of task, space ids.
- At occasions a starting thread gets bogus SPSR, this needs investigating.
- At a very rare occasion arch_setup_new_thread() had a kernel data abort during
register copying from one task to another. Needs investigating.
- Fixed potential concurrency bugs due to preemption being enabled.
- Introduced a new address space structure to better account for
address spaces and page tables.
- Currently executes fine up to forking. Will investigate.
- KIP's pointer to UTCB seems to work with existing l4lib ipc functions.
- Works up to clone()
- In clone we mmap() the same UTCB on each new thread - excessive.
- Generally during page fault handling, cloned threads may fault on the same page
multiple times even though a single handling would be enough for all of them.
Need to detect and handle this.
Added setting of utcb address to l4_thread_control.
This is going to be moved to exchange_registers() since we need to pass
both the utcb physical and virtual address and exregs fits such context
modification better than thread_control.
- Directory creation, file read/write is OK.
- Cannot reuse old task's fds. They are not recycled for some reason.
- Problems with fork/clone/exit. They fail for a reason.
It turned out we used one version of kmalloc for malloc() and another for kfree()!
Now fixed.
Added parent-child relationship to tasks. Need to polish handling CLONE_PARENT and THREAD.
l4_unmap now returns -1 if given range was only partially unmapped.
do_munmap() now only unmaps address ranges that have correspondence in
the unmapped vmas. Trying to unmap regions with no correspondent vmas
causes problems in corner cases, e.g. mm0 that tries to mmap its own
address space during initialisation would unmap its whole address space
and fail to execute.
Still testing sys_munmap(). It now correctly spots and unmaps the overlapping vma.
The issue now is that if a split occurs, we forgot to add same objects to new vma.
- Scheduler was increasing total priorities only when resuming tasks had 0 ticks.
This caused forked tasks that have parent's share of ticks to finish their jobs,
if these tasks exited quick enough, they would cause the total priorities to deduce
without increasing it in the first place. This is now fixed.
- Also strengthened rq locking, now both queues are locked before touching any.
- Also removed task suspends in irq, this would cause a race condition on ticks and
runqueues, since neither is protected against irqs.
- Implemented reasonable way to suspend task.
- A task that has a pending suspend would be interrupted
from its sleep via the suspender task.
- If suspend was raised and right after, task became about to sleep,
then scheduler wakes it up.
- If suspend was raised when task was in user mode, then an irq suspends it.
- Also suspends are checked at the end of a syscall so that if suspend was
raised because of a syscall from the task, the task is suspended before it
goes back to user mode.
- This mechanism is very similar to signals, and it may lead as a base for
implementing signal handling.
- Implemented common vma dropping for shadow vm object dropping and task exiting.
- Updated sleeping paths such that a task is atomically put into
a runqueue and made RUNNABLE, or removed from a runqueue and made SLEEPING.
- Modified vma dropping sources to handle both copy_on_write() and exit() cases
in a common function.
- Added the first infrastructure to have a pager to suspend a task and wait for
suspend completion from the scheduler.
A new scheduler replaces the old one.
- There are no sched_xxx_notify() calls that ask scheduler to change task state.
- Tasks now have priorities and different timeslices.
- One second interval is distributed among processes.
- There are just runnable and expired queues.
- SCHED_GRANULARITY determines a maximum running boundary for tasks.
- Scheduler can now detect a safe point and suspend a task.
Interruptible blocking is implemented.
- Mutexes, waitqueues and ipc are modified to have an interruptible nature.
- Sleep information is stored on the ktcb. (which waitqueue? etc.)
- test0 now forks 16 tasks that each modify a global variable.
- scheduler now gives 1/10th of a second per task. It also does not increase timeslice
of a task that has scheduled.
- When a memory is granted to the kernel, the distribution of this memory to memcaches
was calculated in a complicated way. This is now simplified.
- Fixed do_mmap() so that it returns mapped address, and various bugs.
- A child seems to fork with new setup, but with incorrect return value.
Need to use and test exregs() for fork + clone.
- Shmat searches an unmapped area if input arg is invalid, do_mmap()
should do this.
- Added mutex_trylock()
- Implemented most of exchange_registers()
- thread_control() now needs a lock for operations that can modify thread context.
- thread_start() does not initialise scheduler flags, now done in thread_create.
TODO:
- Fork/clone'ed threads should retain their context in tcb, not syscall stack.
- exchange_registers() calls in userspace need cleaning up.
Child needs rewound function stack in order to reach registers r9-r12
that have original userspace values. But we jump to return_from_syscall
without rewinding the stack. Therefore to ease context restore, we save
r9-r12 on the stack as well upon syscall entry.
This copies the parent kernel stack to child only for the part where
the previous context is saved. Then the child registers are modified
so that it would begin execution from returning of the system call.
sys_timer accumulates timer ticks into seconds, minutes, hours and days.
It's left to the user to calculate from days into a date. It is not yet
known if the calculation is even roughly correct.
Reduced 2 kmem_reclaim/grant calls into one kmem_control call.
- fixed is_err(x), was evaluating x twice, resulting in calling a
function x twice.
- Divided task initialisation into multiple parts.
- MM0 now creates a tcb for itself and maintains memory regions of its own.
- MM0's tcb is used for mmapping other tasks' regions. MM0 mmaps and prefaults
those regions, instead of the typical mmap() and fault approach used by
non-pager tasks.
For example there's an internal shmget_shmat() path to map in other tasks'
shm utcbs. Those mappings are then prefaulted into mm0's address space using
the default fault handling path.
- FS0 now reads task data into its utcb from mm0 via a syscall.
FS0 shmat()s to utcbs of other tasks, e.g. mm0 and test0.
FS0 then crashes, that is to be fixed and where this commit is left last.
Next issues: For every read fault, the fault must traverse the
vma's object stack until the page is found. The problem was that
we were only searching the first object, that object was a writable
shadow, and the shadow didn't have the read-only page, and the 0
return value was interpreted with IS_ERR() and failed, so address
0 was mapped into the location, and QEMU blew off.
Environment is backed by a special per-task file maintained by mm0 for each task.
This file is filled in by the env pager, by simple copying of env data into the
faulty page upon a fault. UTCB and all anon regions (stack) could use the same
scheme.
Fixed IS_ERR(x) to accept negative values that are above -1000 for errors. This
protects against false positives for pointers such as 0xE0000000.
modified: include/l4/generic/scheduler.h
modified: include/l4/macros.h
modified: src/arch/arm/exception.c
modified: tasks/fs0/include/linker.lds
modified: tasks/libl4/src/init.c
modified: tasks/libposix/shm.c
new file: tasks/mm0/include/env.h
modified: tasks/mm0/include/file.h
new file: tasks/mm0/include/lib/addr.h
deleted: tasks/mm0/include/lib/vaddr.h
modified: tasks/mm0/include/task.h
new file: tasks/mm0/include/utcb.h
new file: tasks/mm0/src/env.c
modified: tasks/mm0/src/fault.c
modified: tasks/mm0/src/file.c
modified: tasks/mm0/src/init.c
new file: tasks/mm0/src/lib/addr.c
modified: tasks/mm0/src/lib/idpool.c
deleted: tasks/mm0/src/lib/vaddr.c
modified: tasks/mm0/src/mmap.c
modified: tasks/mm0/src/shm.c
modified: tasks/mm0/src/task.c
new file: tasks/mm0/src/utcb.c
modified: tasks/test0/include/linker.lds
Headers 3 headers related to message registers and utcbs are now merged under
utcb.h in libl4. Some message register definitions used by the kernel are now
moved into kernel's glue/message.h. This avoids the duplication of same
definitions. Also the total number of mregs are now determined by arch-specific
kernel header, which is good.
Modified ipc handling so that from now on the kernel inspects and sets
the sender id if the receiver is receiving from L4_ANYTHREAD. This posed
a security problem since the receiver could not trust the sender for
sender information.
Boot files and tasks are now initialised together. Theads can ask for particular
space and thread ids, if they're unused. This enables us to get predefined ids for
known tasks such as the VFS task.
Fixes to README
Other minor fixes.
