told to kernel
- makes VM ask the kernel if a certain process is allowed
to map in a range of physical memory (VM rounds it to page
boundaries afterwards - but it's impossible to map anything
smaller otherwise so I assume this is safe, i.e. there won't
be anything else in that page; certainly no regular memory)
- VM permission check cleanup (no more hardcoded calls, less
hardcoded logic, more readable main loop), a loose end left
by GQ
- remove do_copy warning, as the ipc server triggers this but
it's no more harmful than the special cases already excluded
explicitly (VFS, PM, etc).
- allow PM to tell sys_runctl() whether to use delay call feature
- only use this feature in PM for delivering signals - not for exits
- do better error checking in PM on sys_runctl() calls
- rename SIGKREADY to SIGNDELAY
o Support for ptrace T_ATTACH/T_DETACH and T_SYSCALL
o PM signal handling logic should now work properly, even with debuggers
being present
o Asynchronous PM/VFS protocol, full IPC support for senda(), and
AMF_NOREPLY senda() flag
DETAILS
Process stop and delay call handling of PM:
o Added sys_runctl() kernel call with sys_stop() and sys_resume()
aliases, for PM to stop and resume a process
o Added exception for sending/syscall-traced processes to sys_runctl(),
and matching SIGKREADY pseudo-signal to PM
o Fixed PM signal logic to deal with requests from a process after
stopping it (so-called "delay calls"), using the SIGKREADY facility
o Fixed various PM panics due to race conditions with delay calls versus
VFS calls
o Removed special PRIO_STOP priority value
o Added SYS_LOCK RTS kernel flag, to stop an individual process from
running while modifying its process structure
Signal and debugger handling in PM:
o Fixed debugger signals being dropped if a second signal arrives when
the debugger has not retrieved the first one
o Fixed debugger signals being sent to the debugger more than once
o Fixed debugger signals unpausing process in VFS; removed PM_UNPAUSE_TR
protocol message
o Detached debugger signals from general signal logic and from being
blocked on VFS calls, meaning that even VFS can now be traced
o Fixed debugger being unable to receive more than one pending signal in
one process stop
o Fixed signal delivery being delayed needlessly when multiple signals
are pending
o Fixed wait test for tracer, which was returning for children that were
not waited for
o Removed second parallel pending call from PM to VFS for any process
o Fixed process becoming runnable between exec() and debugger trap
o Added support for notifying the debugger before the parent when a
debugged child exits
o Fixed debugger death causing child to remain stopped forever
o Fixed consistently incorrect use of _NSIG
Extensions to ptrace():
o Added T_ATTACH and T_DETACH ptrace request, to attach and detach a
debugger to and from a process
o Added T_SYSCALL ptrace request, to trace system calls
o Added T_SETOPT ptrace request, to set trace options
o Added TO_TRACEFORK trace option, to attach automatically to children
of a traced process
o Added TO_ALTEXEC trace option, to send SIGSTOP instead of SIGTRAP upon
a successful exec() of the tracee
o Extended T_GETUSER ptrace support to allow retrieving a process's priv
structure
o Removed T_STOP ptrace request again, as it does not help implementing
debuggers properly
o Added MINIX3-specific ptrace test (test42)
o Added proper manual page for ptrace(2)
Asynchronous PM/VFS interface:
o Fixed asynchronous messages not being checked when receive() is called
with an endpoint other than ANY
o Added AMF_NOREPLY senda() flag, preventing such messages from
satisfying the receive part of a sendrec()
o Added asynsend3() that takes optional flags; asynsend() is now a
#define passing in 0 as third parameter
o Made PM/VFS protocol asynchronous; reintroduced tell_fs()
o Made PM_BASE request/reply number range unique
o Hacked in a horrible temporary workaround into RS to deal with newly
revealed RS-PM-VFS race condition triangle until VFS is asynchronous
System signal handling:
o Fixed shutdown logic of device drivers; removed old SIGKSTOP signal
o Removed is-superuser check from PM's do_procstat() (aka getsigset())
o Added sigset macros to allow system processes to deal with the full
signal set, rather than just the POSIX subset
Miscellaneous PM fixes:
o Split do_getset into do_get and do_set, merging common code and making
structure clearer
o Fixed setpriority() being able to put to sleep processes using an
invalid parameter, or revive zombie processes
o Made find_proc() global; removed obsolete proc_from_pid()
o Cleanup here and there
Also included:
o Fixed false-positive boot order kernel warning
o Removed last traces of old NOTIFY_FROM code
THINGS OF POSSIBLE INTEREST
o It should now be possible to run PM at any priority, even lower than
user processes
o No assumptions are made about communication speed between PM and VFS,
although communication must be FIFO
o A debugger will now receive incoming debuggee signals at kill time
only; the process may not yet be fully stopped
o A first step has been made towards making the SYSTEM task preemptible
NR_TASKS in the endpoint macros. MAX_NR_TASKS defines the maximal number of
kernel tasks. It is unlikely that we will ever need this many tasks as the goal
is not to have such a difference in the future. For now it makes possible to
remove the limiting NR_TASKS from the endpoint code.
- the magic numbers ANY, NONE and SELF are kept for the compatibility with the
current userspace. It is OK as long as NR_PROCS is greater so they don't
colide with other endpoints
- the 32 bit endpoint_t value is split in half, lower 16 bits for process slot
number and upper half for generation number
- transition to a structured endpoint_t in the future possible
- sys_getbiosbuffer feature is gone (from kernel; available from vm)
- bump version number because munmap() calls that newly compiled binaries
will do trigger an ugly (but harmless) error message in older VM's
- some new VM calls and flags, the new IPC calls
- some new CR0 register bits
- added files for shared memory
now used for printing diagnostic messages through the kernel message
buffer. this lets processes print diagnostics without sending messages
to tty and log directly, simplifying the message protocol a lot and
reducing difficulties with deadlocks and other situations in which
diagnostics are blackholed (e.g. grants don't work). this makes
DIAGNOSTICS(_S), ASYN_DIAGNOSTICS and DIAG_REPL obsolete, although tty
and log still accept the codes for 'old' binaries. This also simplifies
diagnostics in several servers and drivers - only tty needs its own
kputc() now.
. simplifications in vfs, and some effort to get the vnode references
right (consistent) even during shutdown. m_mounted_on is now NULL
for root filesystems (!) (the original and new root), a less awkward
special case than 'm_mounted_on == m_root_node'. root now has exactly
one reference, to root, if no files are open, just like all other
filesystems. m_driver_e is unused.
. changed umount() and mount() to call 'service', so that it can include
a custom label, so that umount() works again (RS slot gets freed now).
merged umount() and mount() into one file to encode keep this label
knowledge in one file.
. removed obsolete RS_PID field and RS_RESCUE rescue command
. added label to RS_START struct
. vfs no longer does kill of fs process on unmount (which was failing
due to RS_PID request not working)
. don't assume that if error wasn't one of three errors, that no error
occured in vfs/request.c
mfs changes:
. added checks to copy statements to truncate copies at buffer sizes
(left in debug code for now)
. added checks for null-terminatedness, if less than NAME_MAX was copied
. added checks for copy function success
is changes:
. dump rs label
drivers.conf changes:
. added acl for mfs so that mfs can be started with 'service start',
so that a custom label can be provided
-script argument to service for crash recovery scripts
-config argument to service for driver resource configuration
restart command in service to restart a driver after a crash (for use in
crash recovery scripts).
down and refresh now take labels instead of pids.
verious changes in rs to make this work.
form. Subscriptions are regular expressions.
. different types are stored per key; currently u32 and/or string.
the same key can be referenced (publish, subscribe, check) as any type.
. notify()s are sent when subscriptions are triggered (publishing or
updating of matching keys); optionally, a subscribe flag sends
updates for all matching keys at subscription time, instead of only
after updates after subscribing
. all interfacing to ds is in /usr/src/lib/syslib/ds.c.
. subscribe is ds_subscribe
publish functions are ds_publish_<type>
retrieve functions are ds_retrieve_<type> (one-time retrieval of a value)
check functions are ds_check_<type> (check for updated key caller
subscribes to not yet checked for, or ESRCH for none)
. ramdisk driver updated with new ds interface
Added BUSC_PCI_DEV_NAME_S and BUSC_PCI_SLOT_NAME_S to support safecopies in PCI.
Added DL_WRITEV_S, DL_READV_S, DL_GETSTAT_S, DL_GRANT, and iovec_s_t to support
safecopies in ethernet drviers. Renamed DL_INIT to DL_CONF, and DL_INIT_REPLY
to DL_CONF_REPLY.
Added SYS_READBIOS and sys_readbios to read from BIOS data areas.
Added GET_KMESS_S for safecopy support in LOG.
Added sys_safe_insb and sys_safe_outsb.
and DEV_IOCTL_S as replacements for DEV_READ, DEV_WRITE, DEV_SCATTER,
DEV_GATHER and DEV_IOCTL. Instead of a direct address, the *_S commands
pass 'grant ids' to the drivers which are referenced through a new set
of copy calls (sys_safecopyfrom and sys_safecopyto). in order for this
copy to succeed, the grant must have previously been created in the
address space of the granter.
. bitmap manipulation functions moved to <minix/bitmap.h>
. HIGHPOS introduced as field containing high 32 bits of position in
device I/O message; TTY_FLAGS no longer used
. IO_GRANT field introduced for GRANTs, to replace ADDRESS
. REP_IO_GRANT field for un-SUSPEND messages introduced to indicate
grant for which I/O was done to disambiguate messages
. SYS_SAFECOPYFROM and SYS_SAFECOPYTO introduced as new calls
. SYS_PRIV_SET_GRANTS code introduced as a code to set the address and
size of the grant table in a process' own address space
. 'type' and 'direction' field of _ins* and _outs* I/O functions
are merged into one by ORing _DIO_INPUT/_DIO_OUTPUT and _DIO_BYTE/_DIO_WORD
etc. This allows for an additional parameter, _DIO_SAFE, which indicates
the address in another address space isn't actually an address, but
a grant id. Also needs an offset, for which fields had to be merged.
. SCP_* are field names for SYS_SAFECOPY* functions
. DIAGNOSTICS and GET_KMESS moved to their own range above DIAG_BASE,
added DIAGNOSTICS_S which is a grant-based variant of DIAGNOSTICS
. removed obsolete BINCOMPAT and SRCCOMPAT options
. added GRANT_SEG type for use in vircopy - allows copying to a grant
id (without offset)
. added _MINIX_IOCTL_* macros that decode information encoded by
_IO* macros in ioctl codes, used to check which grants are necessary
for an ioctl
. introduced the type endpoint_t for process endpoints, changed some
prototypes and struct field types to match
. renamed protected to prot for g++
. rename message field name macros from *PROC* to *ENDPT*,
both to reflect the new meaning and to use it to hunt down where
they are used
. _PM_SEG_FLAG in fd replaces funny segment loading construction by
PM in FS
. _MAX_MAGIC_PROC is the highest used proc number, including magic
constants such as (currently) ANY, NONE and SELF, used by the
endpoint macros to make sure they are encoded properly and no valid
endpoint number ever encodes to it.
. rename proc_nr in address copy struct to proc_nr_e (endpoint)
