Extended by David van Moolenbroek to continue using static buffers
for short inode names, so as to prevent important file system
services such as procfs from running out of memory at runtime.
Each /proc/service entry must have a unique label. With cloning,
multiple RS services may have the same label. Since we are not
actually interested in inactive services (for now), eliminate those
entries, leaving only the active service which will then indeed have
a unique label in the list. This resolves a procfs crash.
Previously, procfs would retrieve the rproc and rprocpub tables from
RS in two separate calls. This allowed for a race condition where the
tables could change in between the calls, resulting in a panic in
procfs under certain circumstances. RS now implements a new method
for getsysinfo that allows the retrieval of both tables at once.
This patch adds support for Unix98 pseudo terminals, that is,
posix_openpt(3), grantpt(3), unlockpt(3), /dev/ptmx, and /dev/pts/.
The latter is implemented with a new pseudo file system, PTYFS.
In effect, this patch adds secure support for unprivileged pseudo
terminal allocation, allowing programs such as tmux(1) to be used by
non-root users as well. Test77 has been extended with new tests, and
no longer needs to run as root.
The new functionality is optional. To revert to the old behavior,
remove the "ptyfs" entry from /etc/fstab.
Technical nodes:
o The reason for not implementing the NetBSD /dev/ptm approach is that
implementing the corresponding ioctl (TIOCPTMGET) would require
adding a number of extremely hairy exceptions to VFS, including the
PTY driver having to create new file descriptors for its own device
nodes.
o PTYFS is required for Unix98 PTYs in order to avoid that the PTY
driver has to be aware of old-style PTY naming schemes and even has
to call chmod(2) on a disk-backed file system. PTY cannot be its
own PTYFS since a character driver may currently not also be a file
system. However, PTYFS may be subsumed into a DEVFS in the future.
o The Unix98 PTY behavior differs somewhat from NetBSD's, in that
slave nodes are created on ptyfs only upon the first call to
grantpt(3). This approach obviates the need to revoke access as
part of the grantpt(3) call.
o Shutting down PTY may leave slave nodes on PTYFS, but once PTY is
restarted, these leftover slave nodes will be removed before they
create a security risk. Unmounting PTYFS will make existing PTY
slaves permanently unavailable, and absence of PTYFS will block
allocation of new Unix98 PTYs until PTYFS is (re)mounted.
As part of its built-in mmap emulation support for "none" file system
services, libfsdriver clears the VM cache upon exit. However, for
trivial file systems which do not even support reading from files, the
the VM cache need to be cleared either. With this patch, the VM cache
is cleared only when modified, so that such trivial file systems need
not be given CLEARCACHE permission.
While putnode requests should always succeed, very simple file system
services may not care about reference counts and thus about putnode
requests at all. For this reason, we now default to an OK response if
no fdr_putnode implementation is given.
The stat.st_ino field must always be filled with the inode number
given as part of the fdr_stat request anyway, so libfsdriver can
simply fill in the number and allow the file system not to bother.
Commit 723e513 erroneously removed a yield() call from VFS which was
necessary to get resumed pipe read/write threads to run before VFS
blocks on receive(). The removal caused those threads to run only
once VFS received another message, effectively slowing down activity
on pipes to a crawl in some cases.
Instead of readding the yield() call, this patch restructures the
get_work() code to go back through the main message loop even when no
new work is received, thus ensuring that newly started threads are
always activated without requiring a special case.
Previously, services would obtain the user ID of "service" through
getpwnam(3). While this approach is conceptually better, it also
imposes linking against libc which in turn causes problems with
printf(3), which already led to PFS no longer dropping privileges at
all. For now, we hardcode SERVICE_UID and use that instead.
In the future, two changes should allow removal of SERVICE_UID again:
- "service edit" should cause RS to request that a service (such as
PFS) drop privileges through SEF, using the user ID resolved by
service(8), or something similar;
- a future devfs should make it possible for inet to start without
root privileges altogether.
For VFS, initialization is a special case for processing work: PFS
and the ramdisk MFS must be fully mounted before VFS can process any
other requests, in particular from init(8). This case was handled by
receiving reply messages only from the FS service being mounted, but
this effectively disallowed PFS from calling setuid(2) at startup.
This patch lets VFS receive all messages during the mounting process,
but defer processing any new requests. As a result, the FS services
have a bit more freedom in what they can do during startup.
- If a large (>PIPE_BUF) pipe write is processed partially, only to be
followed by a write error condition, then the process is left in an
incorrect state, possibly causing VFS to crash on a subsequent call.
- If such a partially processed large pipe write ends up resulting in
an EPIPE error, no corresponding SIGPIPE signal is generated.
Thomas Cort [Wed, 25 Mar 2015 19:46:00 +0000 (15:46 -0400)]
mined: increase the size of the tgetent() buffer.
From the termcap section of the GNU termutils manual:
"There is no way you can tell how much space is needed, so the convention
is to allocate a buffer 2048 characters long and assume that is enough.
(Formerly the convention was to allocate 1024 characters and assume that
was enough. But one day, for one kind of terminal, that was not
enough.)"
Thomas Cort [Wed, 25 Mar 2015 18:48:08 +0000 (14:48 -0400)]
mined: remove !__STDC__ code blocks.
__STDC__ is used to mitigate the differences between K&R C and the
ANSI C standard. Nearly every compiler now supports ANSI C, so
there is no need to support non-standard compilers.
Thomas Cort [Wed, 25 Mar 2015 18:32:43 +0000 (14:32 -0400)]
mined: built without UNIX defined.
* Remove undef NULL, EOF, getchar, putchar
* Rename putchar, getchar, _putchar, _getchar to putch, getch, _putch,
_getch to avoid conflict with libc functions.
* Rename UP() to UP1() (for UP 1 line) to avoid conflict with UP
definition in termcap.h. Rename DN1 LF1 RT1 for consistency.
* Add termcap.h for prototypes for tputs and friends.
* Add libterminfo references to Makefile
* Add return value to _putch() to make it work as tputs expects.
* Make putch() call _putch()
* Remove UNIX ifdefs and all code in the !UNIX branches.
Thomas Cort [Sun, 22 Mar 2015 20:14:51 +0000 (16:14 -0400)]
mined1.c: remove i386 guard around escape sequences.
The escape sequences for the function keys used to be separated
out in older versions of Minix when they were different for m68k
and intel. Support for m68k was dropped and that code was
removed, leaving the ifdef i386. Since the sequences are the
same for i386 and arm, there is no need to keep the ifdef i386.
Thomas Cort [Sun, 22 Mar 2015 20:10:17 +0000 (16:10 -0400)]
mined.h: remove irrlevant comment.
It used to refer to several NIL_* definitions. Those were removed
in commit 6e25ad8b0a5606fc9351824adf9034d2ef7f7293 leaving the
comment with nothing to comment on.
rlfnb [Tue, 3 Mar 2015 20:23:40 +0000 (21:23 +0100)]
ALIX: No pci device at bus 0, dev 0, func 0
Seems like its a kind of convention introduced by Intel but not
mandatory from a PCI specification point of view, that the PCI host
controller resides on bus 0, device 0 function 0. At least tinybios
(the bios used by ALIX and WRAP) based appliances are not able to boot
with this change.
We already had a hack to ignore the precision, but the ACPI driver
requires an actual implementation--it prints garbage at the end of
some strings otherwise. This patch adds support for precision for
strings only, limiting printing to the given number of characters.
For all other specifiers, precision is still unsupported.
Previously, the bootloader would only provide a single memory range.
At least on VirtualBox, this memory range includes the ACPI tables,
which the kernel then happily overwrites when executing VM. Much of
the infrastructure to use a fullblown memory map is already in place;
this patch adds the last (and strangely missing) bit of generating
the memory map in a multiboot-compatible way.
It should be noted that both the bootloader and the kernel actually
violate the multiboot specification by not packing the structure for
the memory ranges. This is a NetBSD bug, but it is also a nonissue
for (our) practical purposes. It can be fixed without changing the
code added in this patch.
The original one-shot page patch (git-e321f65) did not account for the
possibility of pagefaults happening while copying memory in the
kernel. This allowed a simple cp(1) from vbfs to hang the system,
since VM was repeatedly requesting the same page from the file system.
With this fix, VM no longer tries to fetch the same memory-mapped page
from VFS more than once per memory handling request from the kernel.
In addition to fixing the original issue, this change should make
handling memory somewhat more robust and ever-so-slightly faster.
Test74 has been extended with a simple test for this case.
Lionel Sambuc [Thu, 5 Feb 2015 14:00:17 +0000 (14:00 +0000)]
Allow u-boot repository URL to be overridden
This allows the URL used to clone our specific version of u-boot to be
specified in the environment, instead of being hard-coded.
This new flexibility will be required by the new Continuous Integration
infrastructure, whose test nodes are in a network without direct
internet access.
Ben Gras [Thu, 11 Dec 2014 14:00:57 +0000 (15:00 +0100)]
ARM: can build with llvm, switch to EABI
. bitcode fixes
. switch to compiler-rt instead of netbsd libc functions
or libgcc for support functions for both x86 and arm
. minor build fixes
. allow build with llvm without crossbuilding llvm itself
. can now build minix/arm using llvm and eabi - without C++
support for now (hence crossbuilding llvm itself is turned off
for minix/arm)
Lionel Sambuc [Mon, 8 Dec 2014 10:32:14 +0000 (10:32 +0000)]
Restart policies: Add testing and ProcFS DB
- Expose in procfs the service status and supported recovery policies.
- This adds a test (testrelpol.sh) to exercise the restart policies of
the system services and drivers.
NOTE:
The policy support information is temporarily hardcoded in ProcFS, but
this has to be replaced by properly retrieving this information from
RS, which should in turn be setup on a per service basis, at
initialization time.
The new implementation of this library provides abstractions for
network drivers, and should be used for all network drivers from now
on. It provides the following functionality:
- a function call table abstraction, hiding the details of the
datalink protocol with simple parameters;
- a state machine for sending and receiving packets, freeing the
actual driver from keeping track of pending requests;
- an abstraction for copying data from and to the network driver,
freeing the actual driver from dealing with I/O vectors while at
the same time providing a copy implementation which is more
efficient than most current driver implementations;
- a generalized implementation of zero-copy port-based I/O;
- a clearer set of policies and defaults.
While the concept is very similar to lib{block,char,fs,input}driver,
one main difference is that libnetdriver now also takes care of SEF
initialization, mainly so that aspects such as recovery policies and
live-update aspects can be changed for all network drivers in a
single place. As always, for the case that the provided message loop
is too restrictive, a set of more low-level message processing
functions is provided.
The netdriver API has been designed so as to allow alleviation of one
current protocol bottleneck: the fact that at most one send request
and one receive request may be pending at any time. Changing this
aspect will however require a significant rewrite of libnetdriver,
and possibly debugging of drivers that are not able to cope with (in
particular) queuing multiple packets for transmission at once.
Beyond that, the design of the new API is based on the current
protocol, and may be changed/extended later to allow for non-ethernet
network drivers, exposure of link status, multicast address
configuration, suspend and resume, and any other features that are in
fact long overdue.
The expected argument name would include the instance number, which
is not only redundant in many cases (FOOETHn_n=arg.., "n" being the
instance number) and conflicted with what netconf(8) does, but some
drivers need to be able to see the arguments for all instances of its
driver type--for example, dp8390 needs to know how many earlier
instances have been configured to use PCI.
Lionel Sambuc [Wed, 19 Nov 2014 09:54:14 +0000 (10:54 +0100)]
Import a few manpages
The following manpages where contributed by
Jacob Adams <tookmund@gmail.com>:
- atnormalize.8
- autopart.8
- decomp16.1
- devsize.8
- rawspeed.8
- rotate.8
- update_bootcfg.8
- updateboot.8