From 6c7e614940fdd473417d84d8690a79a672edd083 Mon Sep 17 00:00:00 2001 From: David van Moolenbroek Date: Fri, 17 Jun 2016 18:09:52 +0000 Subject: [PATCH] SEF: identity transfer only after controlled crash Transparent (endpoint-preserving) restarts with identity transfer are meant to exercise the crash recovery system only. After *real* crashes, such restarts are useless at best and dangerous at worst, because no state integrity can be guaranteed afterwards. Thus, except after a controlled crash, it is best not to perform such restarts at all. This patch changes SEF such that identity transfer is successful only if the old process was the subject of a crash induced through "service fi". As a result, testrelpol.sh should continue to be able to use identity transfers for testing purposes, but any real crash will be handled more appropriately. This fixes #126. Change-Id: Idc17ac7b3dfee05098529cb889ac835a0cd03ef0 --- minix/lib/libsys/sef.c | 3 +++ minix/lib/libsys/sef_fi.c | 6 +++++- minix/lib/libsys/sef_init.c | 7 +++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/minix/lib/libsys/sef.c b/minix/lib/libsys/sef.c index 0c5938939..b19dd539a 100644 --- a/minix/lib/libsys/sef.c +++ b/minix/lib/libsys/sef.c @@ -17,6 +17,7 @@ endpoint_t sef_self_proc_nr; int sef_self_priv_flags; int sef_self_init_flags; int sef_self_receiving; +int sef_controlled_crash; /* Extern variables. */ EXTERN int sef_lu_state; @@ -84,6 +85,7 @@ void sef_startup() sef_self_priv_flags = priv_flags; sef_self_init_flags = init_flags; sef_lu_state = SEF_LU_STATE_NULL; + sef_controlled_crash = FALSE; old_endpoint = NONE; if(init_flags & SEF_LU_NOMMAP) { sys_upd_flags |= SF_VM_NOMMAP; @@ -139,6 +141,7 @@ void sef_startup() sef_self_priv_flags = priv_flags; sef_self_init_flags = init_flags; sef_lu_state = SEF_LU_STATE_NULL; + sef_controlled_crash = FALSE; } /*===========================================================================* diff --git a/minix/lib/libsys/sef_fi.c b/minix/lib/libsys/sef_fi.c index 3838fd8f8..3f8c0ea93 100644 --- a/minix/lib/libsys/sef_fi.c +++ b/minix/lib/libsys/sef_fi.c @@ -7,14 +7,18 @@ EXTERN __attribute__((weak)) int edfi_ctl_process_request(void *ctl_request); EXTERN int do_sef_fi_request(message *m_ptr); +EXTERN int sef_controlled_crash; + /*===========================================================================* * do_sef_fi_request * *===========================================================================*/ int do_sef_fi_request(message *m_ptr) { /* See if we are simply asked to crash. */ - if (m_ptr->m_lsys_fi_ctl.subtype == RS_FI_CRASH) + if (m_ptr->m_lsys_fi_ctl.subtype == RS_FI_CRASH) { + sef_controlled_crash = TRUE; panic("Crash!"); + } #if SEF_FI_ALLOW_EDFI /* Forward the request to the EDFI fault injector, if linked in. */ diff --git a/minix/lib/libsys/sef_init.c b/minix/lib/libsys/sef_init.c index e3c50ceee..2262a1651 100644 --- a/minix/lib/libsys/sef_init.c +++ b/minix/lib/libsys/sef_init.c @@ -31,6 +31,7 @@ EXTERN char* sef_debug_header(void); EXTERN endpoint_t sef_self_endpoint; EXTERN endpoint_t sef_self_priv_flags; EXTERN endpoint_t sef_self_init_flags; +EXTERN int sef_controlled_crash; #ifndef ST_STACK_REFS_BUFF_SIZE #define ST_STACK_REFS_BUFF_SIZE 1024 @@ -398,6 +399,12 @@ int sef_cb_init_identity_state_transfer(int type, sef_init_info_t *info) /* Restore stack refs. */ sef_llvm_stack_refs_restore(stack_buff); + if (sef_controlled_crash == FALSE) { + printf("SEF(%d): crash was not controlled, " + "aborting transparent restart\n", sef_self_endpoint); + return EGENERIC; /* actual error code does not matter */ + } + return OK; } -- 2.44.0