We do not support any PF functionality, nor do we intend to. However,
some NetBSD utilities rely on the presence of these files. Not all of
the files are installed. The NetBSD source seems rather inconsistent
in where from to include these files. We simply follow what NetBSD
does, though.
Change-Id: Ib244dfcc60b16ebc4697af22f71b7e014374b855
While still a small subset of the NetBSD headers, this set should
allow various additional utilities to be compiled without too many
MINIX3-specific changes (even if those utilities will not yet work).
Change-Id: Idc70e9901d584e960cd406f75f561dcc9a4ddb7d
While MFS failing to do I/O on a block is generally fatal, reading
the superblock at mount time is an exception: this case may occur
when the given partition is too small to contain the superblock.
Therefore, MFS should not crash or even report anything in this
case, but rather refuse to mount cleanly.
This fixes#121.
Change-Id: I11326b48922a0e0ebefecbb8eec7c428f985f2b3
Transparent (endpoint-preserving) restarts with identity transfer
are meant to exercise the crash recovery system only. After *real*
crashes, such restarts are useless at best and dangerous at worst,
because no state integrity can be guaranteed afterwards. Thus,
except after a controlled crash, it is best not to perform such
restarts at all. This patch changes SEF such that identity transfer
is successful only if the old process was the subject of a crash
induced through "service fi". As a result, testrelpol.sh should
continue to be able to use identity transfers for testing purposes,
but any real crash will be handled more appropriately.
This fixes#126.
Change-Id: Idc17ac7b3dfee05098529cb889ac835a0cd03ef0
The new asserts from git-29e004d exposed an issue in how VFS handles
aborting file system (FS) requests that are queued for a FS (as
opposed to sent to it) when that FS crashes. In that scenario, the
queued worker has its w_task set to NONE, because there is no ongoing
communication. However, worker_stop() is called on it regardless,
which used to abort the request only if w_task was not set to NONE,
leading to an improperly aborted request, a warning, and a VFS crash a
bit later. This patch changes worker_stop() so that w_task need not
be set to a valid endpoint for FS requests to be properly aborted.
Change-Id: Ib73db285e689ae4742b15cba26137bf340bc303b
Scripts for generating boot-to-ramdisk images are now available. These
can be used for example to boot from PXE or from a USB stick, as the
ramdisk are self-contained and do not rely on any block devices after
being loaded into RAM.
The image generation framework has also been slightly cleaned up in
order to better accomodate tarball sets bundling in images.
Change-Id: I65a176832bd0d6954b430fa8305f90af0bd606c1
This reverts commit 22ad44d6a9fa80d47806bf1897394569b6c15b8a.
With the MIB service implemented, this hack is no longer necessary.
Change-Id: Ic969c2dcecd6fc9ce283d1dda6518796869875e3
Some functions in lib/libc/net were disabled on MINIX3 only, but with
a few added header files they build just fine, even though some of
them rely on system functionality that has not yet been implemented.
Since the functionality is unlikely to be used in practice (because
it typically requires the use of protocol families that themselves are
not yet supported, such as IPv6), already enabling it right now helps
in building packages that rely on the functionality being present at
compile time, while not posing any practical risk of breaking the same
packages at run time.
Change-Id: Idee8e3963c9e300bde9575429f0e77b0565acaef
This patch aims to synchronize the basic process user and group ID
management, as well as the set[ug]id(2) and sete[ug]id(2) behavior,
with NetBSD. As it turns out, the main issue was missing support for
saved user and group IDs. This support is now added.
Since NetBSD's userland, which we are importing, may rely on NetBSD
specifics when it comes to security, we choose not to deviate from
NetBSD's behavior in any way here. A new test, test89, verifies the
correct behavior - it has been confirmed to pass on NetBSD as is.
Change-Id: I023935546d97ed01ffd8090f7793d336cceb0f4a
Commit git-c38dbb9 inadvertently broke local MINIX3-on-MINIX3 builds,
since its libc changes relied on VFS being upgraded already as well.
As a result, after installing the new libc, networking ceased to work,
leading to curl(1) failing later on in the build process. This patch
introduces transitional code that is necessary for the build process
to complete, after which it is obsolete again.
Change-Id: I93bf29c01d228e3d7efc7b01befeff682954f54d
For a reason currently unknown to us, the qemu-linaro emulator
sometimes produces a Prefetch Abort exception with a fault location
(IFAR) rather different from the location of the instruction being
executed (LR corrected by 4). So far it has been observed in the
__udivmodsi4 routine of various processes, where the fault address is
for the first byte of the next page after the current instruction,
which itself is 44-64 bytes away from the start of that next page.
The affected instruction does not perform any sort of memory access.
Short of debugging qemu-linaro itself, we have no choice but to
disable the assert that previously went off in case the IFAR and
corrected LR are not equal. Since we have not yet observed this case
on actual hardware, the kernel prints a warning when detecting such a
mismatch for the first time. For the qemu-linaro case, the kernel's
actual page fault handling logic already handles this strange case
just fine.
Change-Id: Ibd19e624149ab4e68bfe75b918ec1554b825a431
- fix the reinstallation (preserve-/home) option;
- remove support for just reinstalling the bootloader, as the main
purpose of this option (allowing an upgrade from the old MINIX
boot monitor to the NetBSD bootloader) is no longer needed and was
already broken;
- do not try to copy over /etc/motd.install: it no longer exists.
This resolves issue 106.
Change-Id: Iad3805d86c4806d725f9b285c2d4378670790f78
Currently, the BSD socket API is implemented in libc, translating the
API calls to character driver operations underneath. This approach
has several issues:
- it is inefficient, as most character driver operations are specific
to the socket type, thus requiring that each operation start by
bruteforcing the socket protocol family and type of the given file
descriptor using several system calls;
- it requires that libc itself be changed every time system support
for a new protocol is added;
- various parts of the libc implementations violate the asynchronous
signal safety POSIX requirements.
In order to resolve all these issues at once, the plan is to turn the
BSD socket calls into system calls, thus making the BSD socket API the
"native" ABI, removing the complexity from libc and instead letting
VFS deal with the socket calls.
The overall change is going to break all networking functionality. In
order to smoothen the transition, this patch introduces the fifteen
new BSD socket system calls, and makes libc try these first before
falling back on the old behavior. For now, the VFS implementations of
the new calls fail such that libc will always use the fallback cases.
Later on, when we introduce the actual implementation of the native
BSD socket calls, all statically linked programs will automatically
use the new ABI, thus limiting actual application breakage.
In other words: by itself, this patch does nothing, except add a bit
of transitional overhead that will disappear in the future. The
largest part of the patch is concerned with adding full support for
the new BSD socket system calls to trace(1) - this early addition has
the advantage of making system call tracing output of several socket
calls much more readable already.
Both the system call interfaces and the trace(1) support have already
been tested using code that will be committed later on.
Change-Id: I3460812be50c78be662d857f9d3d6840f3ca917f
The reorganization allows other libc system call wrappers (namely,
sendmsg and recvmsg) to perform I/O vector coalescing as well.
Change-Id: I116b48a6db39439053280ee805e0dcbdaec667a3
There is no reason to use a single message for nonoverlapping requests
and replies combined, and in fact splitting them out allows reuse of
messages and avoids various problems with field layouts. Since the
upcoming socketpair(2) system call will be using the same reply as
pipe2(2), split up the single message used for the latter. In order
to keep the used parts of messages at the front, start a transitional
phase to move the pipe(2) flags field to the front of its request.
Change-Id: If3f1c3d348ec7e27b7f5b7147ce1b9ef490dfab9
Previously, the libc sendto(3) and recvfrom(3) implementations would
blindly assume that any unrecognized socket is a raw-IP socket. This
is not only inconsistent but also messes with returned error codes.
Change-Id: Id0328f04ea8ca0968a4e8636bc441caa0c3579b7
- GCC >4.9:
Newer toolchains trigger more warnings, which by default are
treated as errors. Disable this while building the tools as this
will be a recurring problem in the future.
close#105
- FreeBSD: Fix some fetch.sh scripts which fails as FreeBSD's patch
fails to patch two .info files. We ignore this for the time being.
Change-Id: Ic669281db6c41005119ea8f76f78b5ec60e1b386
While BSD make support both $() and ${} around variables, the NetBSD
source tree uses only ${} by convention.
Imported software is left as is, and sometimes $() is used when the
containing Makefile/Makefile fragment is used both by GNU make and BSD
make, as it can happen for the tools, and other parts as well which are
compiled using the host make tool.
Change-Id: Ic7d480812fde53e7e3e95275a30a3b720c95cc15
At least it works again now. Sprofalyze should be made aware of the
kernel information page, though (i.e., /proc/ipcvecs).
Change-Id: Id4e5f6417ad152607c4e53b323b6f65ea4b10c6e
The NetBSD bootloader attempts to load NetBSD kernel modules for
"unusual" file systems. We do not support NetBSD kernel modules,
and thus, the bootloader gives us warnings about not being able
to load them, in particular when booting CD images. This patch
disables the NetBSD file system module autoload feature.
Change-Id: I55fce53b4bb0282b7d8a005192200fe466312f62
- test3: support running the test set from a pseudoterminal;
- test60: fix number conversion bug that caused chmod errors;
- test65: remove nonworking package installation instructions;
- testisofs: work around failure due to having a timezone set;
- testisofs: exclude extra RR_MOVED directory from output.
Change-Id: Ibfcc631de7e2f4da46bac3ad9de8d7c7cd7a6189
- Fix unmounting order of slices.
- Update pkgin pre-installation commands, make them as generic as
possible.
Change-Id: Ifaa4021fed048facca8d2a170aa65491feb37702
If this directory doesn't exist, pid files are not created, which create
issues when shutting down or rebooting.
Change-Id: I52dddb57aca4368b1775606e22818fba99d05bf6
input() is used to accept filenames when saving, regular
expressions when searching, and other input. It writes
the characters into buffers such as file and exp_buf and
others which are of length LINE_LEN.
To prevent writing beyond the end of the intended buffer,
truncate the input at LINE_LEN - 1 and ensure that the
string is NULL terminated.
Change-Id: I142baa8cfae38bdd7fa648d86559d6d9b8e7a7fd
In order to resolve page faults on file-mapped pages, VM may need to
communicate (through VFS) with a file system. The file system must
therefore not be the one to cause, and thus end up being blocked on,
such page faults. To resolve this potential deadlock, the safecopy
system was previously extended with the CPF_TRY flag, which causes the
kernel to return EFAULT to the caller of a safecopy function upon
getting a pagefault, bypassing VM and thus avoiding the loop. VFS was
extended to repeat relevant file system calls that returned EFAULT,
after resolving the page fault, to keep these soft faults from being
exposed to applications.
However, general UNIX I/O semantics dictate that if an I/O transfer
partially succeeded before running into a failure, the partial result
is to be returned. Proper file system implementations may therefore
end up returning partial success rather than the EFAULT code resulting
from a soft fault. Since VFS does not get the EFAULT code in this
case, it does not know that a soft fault occurred, and thus does not
repeat the call either. The end result is that an application may get
partial I/O results (e.g., a short read(2)) even on regular files.
Applications cannot reasonably be expected to deal with this.
Due to the fact that most of the current file system implementations
do not implement proper partial-failure semantics, this problem is not
yet widespread. In fact, it has only occurred on direct block device
I/O so far. However, the next generation of file system services will
be implementing proper I/O semantics, thus exacerbating the problem.
To remedy this situation, this patch changes the CPF_TRY semantics:
whenever the kernel experiences a soft fault during a safecopy call,
in addition to returning FAULT, the kernel also stores a mark in the
grant created with CPF_TRY. Instead of testing on EFAULT, VFS checks
whether the grant was marked, as part of revoking the grant. If the
grant was indeed marked by the kernel, VFS repeats the file system
operation, regardless of its initial return value. Thus, the EFAULT
code now only serves to make the file system fail the call faster.
The approach is currently supported for both direct and magic grants,
but is used only with magic grants - arguably the only case where it
makes sense. Indirect grants should not have CPF_TRY set; in a chain
of indirect grants, the original grant is marked, as it should be.
In order to avoid potential SMP issues, the mark stored in the grant
is its grant identifier, so as to discard outdated kernel writes.
Whether this is necessary or effective remains to be evaluated.
This patch also cleans up the grant structure a bit, removing reserved
space and thus making the structure slightly smaller. The structure
is used internally between system services only, so there is no need
for binary compatibility.
Change-Id: I6bb3990dce67a80146d954546075ceda4d6567f8
With this change, obtaining an existing free grant is no longer an
operation of O(n) complexity. As a result, the now-deprecated
getgrant/setgrant part of the grants API also no longer has a
performance advantage.
Change-Id: Ic19308a76924c6242f9784244a6b3600e561e0fe
The memory grant identifier for safecopies now includes a sequence
number in its upper bits, to prevent accidental reuse of a grant ID
after revocation and subsequent reallocation. This should increase
overall system robustness by a tiny amount, and possibly help catch
bugs in system services early on. For now, the lower 20 bits of the
grant ID are used as grant table slot index (thus allowing for up to
a million grants per process), and the next 11 bits of the (signed
32-bit) grant ID are used to store the per-slot sequence number. As
grant IDs are never exposed to userland, the split can be changed
later on without breaking the userland ABI.
Change-Id: Ic34be27ff2a45db0ea5db037a24eef9efcd9ca40
