the unit inquiry data might change in case the drive got pulled
with ahci. so keep track if we locked the ctl in a local stack
variable instead of relying on that the inquiry data stays the
same.
matushita dvd-ram on thinkpad x301 hangs on the inquiry command
done from scsiverify(). not sure whats wrong with it, but at least
this makes the machine boot.
wait for the drives to become ready or missing in iaonline()
and iaverify() to prevent nobootprompt= race.
handle task file error status (this can happen for atapi)
under some circumstances and would hang the io if not
handled.
preventively poll interrupts from the checkdrive kproc in
case we loose interrupts (bad via machine).
implement bios handoff procedure.
make sure the port is idle before programming the port dma
regios in configdrive(), do not start command processing
on the port unless phylink has been established.
widgets that do not have Wampovrcap have ther default
amplifier parameters stored in the aydio function group.
only if the amp override bit is *not* set, then the widget
stores its own amplifier parameters and we have to query
its node id, otherwise the audio function group node id.
setting Asud in the cmd register is not needed, because
Apwr is (Asud|Apod) already. the problem really was that
the drive comes up with sstatus Spresent (001), so we never
spun it up because (p->sstatus & Sphylink) == 0 was never
met (Sphylink being a mask (011) overlaping Spresent bit).
the spinup wait loop has to run only for the staggered spinup
case (h->cap & Hss) and it should wait for the drive to be
detected by the phy, not just cold presence detect.
thinkpad r400 dvd drive was not recognized. port status
indicated present device but no Sphylink because the
device did not spin up. setting the Asud bit in ahciconfigdrive()
made it come up clean.
add scsciverify() call in iaverify() for atapi inquiry.
keep in some of the debug prints and add a *ahcidebug= boot
parameter to enable them.
bios takeover was broken. bad Ceecpmask (was 8, should be 0xFF)
causing it to miss the legacy control ecap and properly take
overship of the controller. also the order seems wrong, we
have to takeover before we do anything with the controller.
remove the pci config space 0xc0 = 0x2000 write. this the
uhci legacy register. its not anywhere in the ehci spec.
regarding the ohci spec, a overrun td might supply a full
packet of data. this change seemed to have caused nusb/kb to
fail with getting spurious zero byte reads. reverting for now.
implement SMM emulation driver handover in ohcireset(). this fixes
hang and defunct internal keyboard problems on a acer notebook.
dont spin forever waiting for the controller on soft reset in init().
check both, donehead pointer *and* interrupt status for
processed td event (Wdh) similar to the ohci spec example for
processed tds and unlink immidiately. acknowledge *all* the
interrupt status bits before masking. mask out unhandled
events.
various stuff:
check for christmas light interrupt status (cardbus controller
removed?)
add (missing?) break for Tddataovr error case in qhinterrupt().
(changed on sources, not clear why?)
mask interrupt events on shutdown() (from sources).
the syscallno check in syscallfmt() was wrong. the unsigned
syscall number was cast to an signed integer. so negative
values would pass the check provoking bad memory access from
kernel. the check also has an off by one. one has to check
syscallno >= nsyscalls instead of syscallno > nsyscalls.
access to the p->syscalltrace string was not protected
from modification in devproc. you could awake the process
and cause it to free the string giving an opportunity for
the kernel to access bad memory. or someone could kill the
process (pexit would just free it).
now the string is protected by the usual p->debug qlock. we
also keep the string arround until it is overwritten again
or the process exists. this has the nice side effect that
one can inspect it after the process crashed.
another problem was that our validaddr() would error() instead
of pexiting the current process. the code was changed to only
access up->s.args after it was validated and copied instead of
accessing the user stack directly. this also prevents a sneaky
multithreaded process from chaning the arguments under us.
in case our validaddr() errors, we cannot assume valid user
stack after the waserror() if block. use up->s.arg[0] for the
noted() call to avoid bad access.
newproc() didnt zero parentpid and kproc() didnt set it, so
kprocs ended up with random parent pid. this is harmless as
kprocs have no up->parent but it gives confusing results in
pstree(1).
now we zero parentpid in newproc(), and set it in sysrfork()
unless RFNOWAIT has been set.
assuming that this check tried to prevent the hostowner
from killing init, it is silly because init would just
handle the note.
with kbdfs, we actually want to send interrupt note to
the initial process group so instead of working arround
this with rfork(RFNOTEG|RFNAMEG), we remove the check.
these changes make the interrupt key available in the
console (before rio is started).
kbdfs: will now send a "interrupt" note to its invoking
process group in cooked mode.
bootrc: is now prepared to handle interrupts, mainly to
not accidently spawn a new bootargs prompt.
init: forwards the interrupt to the cpurc/termrc pgrp.
vncs: shields itself from kbdfs notegroup so interrrupt
wont kill the whole vnc session.
avoid double entries in the cache for copen() and properly handle
locking so we wont just give up if we cant lock the Mntcache entry,
but drop the cache lock, qlock the Mntcache entry, and then recheck
the cache.
general cleanup (cdev -> ccache, use eqchantdqid())
the lock order of page.Lock -> palloc.hashlock was
violated in cachedel() which is called from the
pager. change the code to do it in the right oder
to prevent deadlock.
change lookpage to retry on false hit. i assume that
a false hit means:
a) we'r low on memory -> cached page got uncached/reused
b) duppage() got called on the page, meaning theres another
cached copy in the image now.
paging in is expensive compared to the hashtable lookup, so
i think retrying is better.
cleanup fixfault, adding comments.
swaped pages use a 8bit refcount where as the Page uses a 16bit one.
this might be exploited with having a process having a single page
swaped out and then forking 255 times to make the swap map refcount
overflow and panic the kernel.
this condition is probably very rare. so instead of doubling the
size of the swap map, we add a single 32bit refcount swapalloc.xref
which will keep the combined refcount of all swap map entries who
exceeded 255 references.
zero swapimage.c in setswapchan() after closing it as the stat() call
below might error leaving a dangeling pointer.
attachimage()'s approach to handling newseg() error is flawed:
a) the the image is on the hash table, but ref is still 0, and
there is no segment/pages attached to it so nobody is going to
reclaim / putimage() it -> leak
b) calling pexit() would deadlock us because exec has acquired
up->seglock when calling attachimage(), so this would just deadlock.
the fix does the following:
attachimage() will putimage() and nexterror() if newseg() fails
instead of pexit(). this is less surprising.
exec now keeps the condition variable commit which is set once
we are commited / reached the point of no return and check this
variable in the highest waserror() handler and pexit() us there.
this way we have released up all the locks and pexit() will
cleanup.
note: this bug shouldnt us hit in with the current newseg()
implementation as it uses smalloc() which would wait to
satisfy the allocation instead of erroring.
kstrcpy() did not null terminate for < 4 byte buffers. fixed,
but i dont think there is any case where this can happen in
practice.
always set malloctag in kstrdup(), cleanup.
always use ERRMAX bounded kstrcpy() to set up->errstr, q->err
and note[]->msg. paranoia.
instead of silently truncating interface name in netifinit(),
panic the kernel if interface name is too long as this case
is clearly a mistake.
panic kernel when filename is too long for addbootfile() in
devroot. this might happen if your kernel configuration is
messed up.
in devproc status read handler the p->status, p->text and p->user
could overflow the local statbuf buffer as they where copied into
it with code like: memmove(statbuf+someoff, p->text, strlen(p->text)).
now using readstr() which will truncate if the string is too long.
make strncpy() usage consistent, make sure results are always null
terminated.
use fastclock timer (pit2) to measure cpufreq in guesscpuhz(). this
gives a bigger period minimizing the danger of overrun as pit2 runs
at the constant maximum period of 0x10000 ticks. also use smaller
loop increments (1000) and bigger maximum loop upper bound.
move the loops < ... check to the bottom of the loop so we get the
effective count *before* adding the next loop increment.
ilock() while doing measurements in guesscpuhz() to prevent accidents
with other processors reading fastclock or doing guesscpuhz()
in parralel.
export new i8253reset() function for apm to reset the timers after
a apm bios suspend.
we have to acquire p->seglock before we lock the individual
segments of the process and lock them. if we dont then pexit()
might free the segments before we can lock them causing the
"qunlock called with qlock not held, from ..." prints.
sometimes, the bios does not assign a interrupt line for pci
devices. this should not be fatal in case of mp ineterrupts
as long as there is intpin or msi can be used.
warn in intrenable() if we hit such a interrupt and set
irq to -1 to prevent it from getting enabled on the pic
or as isa interrupt in apic mode.
we used to only test the checksum of the PCMP structure referenced by
the _MP_ without checking _MP_ itself. now fixed.
geoff added some coherence() calls and comments in the mpstartup and
apic code which seems to be a good idea.
replace the various functions that searched for bios data structures by
a single sigsearch() one in pc/memory.c that will probe the various bios
data areas.
also, a new checksum() function was added that is to be used to validate
the structures found.
always make sure that there are child processes we can wait for
before sleeping.
put pwait() sleep into a loop and recheck. this is not strictly
neccesary but prevents accidents if there are spurious wakeups
or a bug.
once we set q->done = 1 in mountmux, the sleeper might return freeing q
so the wakeup might access invalid memory. we change the embedded Rendez
structure in the Mntrpc into a pointer to the sleeping procs up->sleep
rendez so the rendez is always going to be valid even if the rpc has been
freed.
the call to mntstats was moved before we set q->done also to prevent
accessing invalid memory.
wakeup cannot access r->sleep once we set r->done because the
sleeper might just return at this point making r invalid. make
a copy of the sleep rendez pointer before setting r->done.
allow the shadow framebuffer (softscreen) to be used with any
vga driver, not just vesa. this removes the ugly scr->paddr = 0
hack employed by vesa driver to force softscreen and adds a
softscreen vgactl message that can switch the feature on and off
at runtime.
softscreen can greatly improve graphics performance when bus
reads are slow even tho it disables hardware acceleration.
the limit for overqueueing was too small for stuff like fcp
on a fileserver connected with a standard 32K limit pipe like
ramfs.
fcp usesd 8K*16procs > 32K*2
the biggest queue limit used in the kernel is 256K making
the maximum queue bloat 2.5MB or 320K for standard pipes.
that should be big enougth to never happen in practice
unless there is a bug which we like to catch before we
exhaust all kernel memory.
