Thomas Veerman [Wed, 1 Feb 2012 11:34:40 +0000 (11:34 +0000)]
AVFS: only put mount point when it was used as one
When a mount operation fails and the FS exits, free_proc could try and
clean up resources associated with the mount point before the mount
thread itself can do that. However, the clean up procedure should only
clean up resources that were actually in use.
Thomas Veerman [Fri, 27 Jan 2012 11:50:11 +0000 (11:50 +0000)]
PM: extend srv_fork to set a specific UID
Currently, all servers and drivers run as root as they are forks of
RS. srv_fork now tells PM with which credentials to run the resulting
fork. Subsequently, PM lets VFS now as well.
This patch also fixes the following bugs:
- RS doesn't initialize the setugid variable during exec, causing the
servers and drivers to run setuid rendering the srv_fork extension
useless.
- PM erroneously tells VFS to run processes setuid. This doesn't
actually lead to setuid processes as VFS sets {r,e}uid and {r,e}gid
properly before checking PM's approval.
Tomas Hruby [Thu, 26 Jan 2012 11:39:40 +0000 (11:39 +0000)]
SMP - clock calibration spurious IRQ deadlock fix
- this patch fixes a deadlock which may occur if we get a
spurious interrupt while calibrating clocks during the boot
time. Since we never handle interrupts while in the kernel
(BKL locked) the interrupt code locks the lock. This is a
different situation, a corner case, boot time only. We do not
return to userspace but to the kernel, so the BKL is not
unlocked. So we need irq handler which leaves the BKL
unlocked. The clock handler does it already, this patch adds
a dummy spurious irq handler for the same reason. It is better
to handle the situation this way to keep the normal runtime
code simple.
Thomas Veerman [Thu, 19 Jan 2012 14:21:46 +0000 (14:21 +0000)]
Add support for survival of crashed FSs
When an FS crashes, VFS will clean up resources tied to that FS:
- Pending requests to the FS are canceled (i.e., fail with EIO)
- Threads waiting for a reply are stopped (i.e., fail with EIO)
- Open files are marked invalid. Future operations on a file descriptor
will cause EBADF errors.
- vmnt entry is cleared, so in-flight system calls that got past the
file descriptor check but not yet talking to the crashed FS, will
fail with EIO.
- The reference counter of the mount point is decreased, effectively
removing the crashed FS from the file system tree. Descendants of
this part of the tree are unreachable by means of a path, but can
still be unmounted by feeding the block special file to unmount(2).
This patch also gets rid of the "not a known driver endpoint" messages
during shutdown.
Thomas Veerman [Mon, 16 Jan 2012 11:42:29 +0000 (11:42 +0000)]
Use correct value for _NSIG
User processes can send signals with number up to _NSIG. There are a few
signal numbers above that used by the kernel, but should explicitly not
be included in the range or range checks in PM will fail.
The system processes use a different version of sigaddset, sigdelset,
sigemptyset, sigfillset, and sigismember which does not include a range
check on signal numbers (as opposed to the normal functions used by normal
processes).
This patch unbreaks test37 when the boot image is compiled with GCC/Clang.
Thomas Veerman [Thu, 12 Jan 2012 11:32:31 +0000 (11:32 +0000)]
AVFS: Return actual last dir when path is named by a symlink
Last_dir didn't consider paths that end in a symlink and hence didn't
actually return the last_dir when provided with one. For example,
/var/log is a symlink to /usr/log. Issuing `>/var/log' would trigger
an assert in AVFS, because /var/ is not the actual last directory; /usr/
is.
Last_dir now verifies the final component is not a symlink. If it is, it
follows the symlink and restarts finding of the last the directory.
Tomas Hruby [Tue, 25 Oct 2011 18:32:30 +0000 (18:32 +0000)]
SMP - asyn send SMP safe
- we must not deliver messages from/to unstable address spaces.
In such a case, we must postpone the delivery. To make sute
that a process which is expecting an asynchronous message does
not starve, we must remember that we skipped delivery of some
messages and we must try to deliver again once the source
address space is stable again.
Tomas Hruby [Wed, 26 Oct 2011 15:43:36 +0000 (15:43 +0000)]
SMP - fixed IPI livelock
- two CPUs can issue IPI to each other now without any hazzard
- we must be able to handle synchronous scheduling IPIs from
other CPUs when we are waiting for attention from another one.
Otherwise we might livelock.
Antoine Leca [Mon, 26 Dec 2011 16:33:18 +0000 (17:33 +0100)]
Allow clang for kernel compilation
Remove .ident sections, and force separations of .text and
.data sections into separate program headers, for the benefit
of the check done by MINIX boot monitor in multiboot mode.
Thomas Veerman [Wed, 11 Jan 2012 10:20:44 +0000 (10:20 +0000)]
Fix tll state bug
When a lock has read-serialized and read-only locks, releasing the read-
serialized lock would not set the state to read-only when no other locks
were pending.
Ben Gras [Fri, 23 Dec 2011 14:02:35 +0000 (15:02 +0100)]
fix for checking CLEAN-ness of ramdisk image
. pre-cleanflag ("old") mkfs generates without CLEAN flag,
causing boot not working because imgrd disappears after 1st
close
. fixed sanity check for this situation
. disable imgrd disappearing in memory driver so
readonly mount succeeds in case it happens anyway
Ben Gras [Thu, 22 Dec 2011 00:29:27 +0000 (01:29 +0100)]
mfs: clean flag
. also implement now-possible fsck -p option
. allows unconditional fsck -p invocation at startup,
only checking each filesystem if not marked clean
. mounting unclean is allowed but is forced readonly
. updating the superblock while mounted is now not
allowed by mfs - must be done (e.g. by fsck.mfs)
on an unmounted fs
. clean flag is unset by mfs on mounting, and set by
mfs on clean unmounting (if clean flag was set at
mount time)
Ben Gras [Thu, 22 Dec 2011 00:29:27 +0000 (01:29 +0100)]
mfs: restore readonly mounting
. use dirty marking hooks to check and warn
when inodes/bufs are marked dirty on a readonly
mounted fs
. add readonly mount checks to restore readonly
mounting
Thomas Veerman [Wed, 21 Dec 2011 10:52:51 +0000 (10:52 +0000)]
AVFS: Use scratchpad instead of m_in to pass around file descriptors
Some code relies on having the file descriptor in m_in.fd. Consequently,
m_in is not only used to provide syscall parameters from user space to
VFS, but also as a global variable to store temporary data within VFS.
This has the ugly side effect that m_in gets overwritten during core
dumping.*
To work around this problem VFS now uses a so called "scratchpad" to
store temporary data that has to be globally accessible. This is a simple
table indexed by process number, just like fproc. The scratchpad allows
us to store the buffer pointer and buffer size for suspended system calls
(i.e., read, write, open, lock) instead of using fproc. This makes fproc
a bit smaller and fproc iterators a bit faster. Moreover, suspension of
processes becomes simpler altogether and suspended operations on pipes
are now less of a special case.
* This patch fixes a bug where due to unexpected m_in overwriting a
coredump would fail, and consequently resources are leaked. The coredump
was triggered with:
$ a() { a; }
$ a
Thomas Veerman [Fri, 16 Dec 2011 09:17:37 +0000 (09:17 +0000)]
Don't repeat out-of-space messages
This patch makes PFS, EXT2 and MFS print only once that they're out of
space. After freeing up space and running out of space again, the message
will be printed again also.
Thomas Veerman [Fri, 16 Dec 2011 08:45:04 +0000 (08:45 +0000)]
Compare read/write buf size against SSIZE_MAX instead of "< 0"
The nbyte in read(int fildes, void *buf, size_t nbyte) is unsigned,
so although technically we're doing the same comparison, this is more
in line with POSIX.
The comparison was moved to read_write as that routine is used within
VFS to let it VFS write out coredumps.
Tomas Hruby [Tue, 20 Dec 2011 08:03:43 +0000 (08:03 +0000)]
ACPI - fixed initialization of pci briges irqtable
- if no IRQ table is found, we report that ACPI cannot map IRQ
correctly
- fixes mapping of IRQs in KVM because in this case we just fall
through and use the IRQ configured by BIOS. PCI still reports
that it failed to use ACPI. It is a hint if things go wrong.
Thomas Veerman [Fri, 9 Dec 2011 10:43:13 +0000 (10:43 +0000)]
Discard process' pending request upon incoming PM request
When a process wants something done from VFS, but VFS has no worker
threads available, the request is stored and executed later. However,
when PM also sends a request for that process at the same time, discard
the pending request from the process and give priority to PM. The request
PM sends is either an EXIT or a DUMPCORE request, so we're not interested
in executing the pending request anyway.
This driver can be loaded as an overlay on top of a real block
device, and can then be used to generate block-level failures for
certain transfer requests. Specifically, a rule-based system allows
the user to introduce (overt and silent) data corruption and errors.
It exposes itself through /dev/fbd, and a file system can be mounted
on top of it. The new fbdctl(8) tool can be used to control the
driver; see ``man fbdctl'' for details. It also comes with a test
set, located in test/fbdtest.
libblockdriver: clear IPC only on stateful restart
This removes a race condition when the block driver performs a
complete restart after a crash (the new default). If any user of
the driver finds out its new endpoint and sends a request to the
new driver instance before this instance has had the chance to
initialize, then its initialization would clear all IPC state and
thereby erroneously cancel the incoming request. Clearing IPC
state is only desired upon a stateful restart (where the driver's
endpoint is retained). This information is now passed to and used
by libblockdriver accordingly.