use resrcwait() when waiting for memory to become available. randomize
the sleep time and properly restore old process status in case tsleep()
gets interrupted.
filesystems do not handle i/o errors well (cwfs will abandon the blocks),
and temporary exhaustion of kernel memory (because of too many i/o's in
parallel) causes read and write on the partition to fail.
i think it is better to wait for the memory to become available in
this case. the single allocation is at max SDmaxio bytes, which makes
it likely to become available. if we havnt even enought fo that, then
rebooting the machine would be the best option. (aux/reboot)
the fist problem is that qopen() might return nil and that kstrdup() will
sleep, so we should try to avoid holding the mntalloc lock. so we move
the kstrdup() and qopen() calls before the Mnt allocation, and properly
recover the memory if we fail later.
the second problem was that we error(Eshort) after we already created the Mnt
when returnlen < sizeof(f.version). this check has to happen *before* we
even attempt to allocate the Mnt structures. note that we only copy the
version string once everything is in the clear, so the semantics of the
user buffer not being modified in case of error is not changed.
a little cleanup in muxclose(), getting rid of mntptfree()...
pread does not guarantee that it would read all the data asked for.
But acme usage of disk assumes that. This issues as many reads as
needed to make acme work when read returns less data than it wanted.
pbs failed to load (silently loading garbage) 9BOOTFAT from start
cluster beyond FFFF because we ignored the low word from the
directory entry. now taking the high 16 bit of the directory's
start cluster into account.
Fsprotoclone() is not supposed to raise error, but return nil.
ipopen() seemed to assume otherwise as it setup error label
before calling Fsprotoclone(). fix ipopen(), make Fsprotoclone()
return nil instead of raising error.
Fsprotocone():
qopen() and qbypass() can fail and return nil, so make sure
the connection was not partially created by checking if read
and write queues have been setup by the protocol create hanler.
on error, free any resources of the partial connection and
error out.
netlogopen(): check malloc() error.
the initial fontresize() might fail but its error code is ignored
potentially leaving f->cacheimage == nil. make sure we call
fontresize() in loadchar() when theres no cacheimage and check the
return value to avoid nil pointer dereference.
instead of trying to resize the segment (which will not work when
the kernel picks the address as it will allocate right before
the base of the topmost segment), we create the mux segment with the
maximum size needed (arround 1.4MB) for OPEN_MAX filedescriptors.
buf slots will be reused and slots get demand paged once used.
1 the config string was grabbed Aoehsz too far into the packet due to using the wrong pointer to start.
2 never accept a response with tag Tmgmt or Tfree.
3 defend against "malicious" responses; ones with a response Aoehdr.type != request Aoehdr.type. this previously could
cause the initiator to crash.
4 vendor commands were improperly filtered out.
the integer division instructions are emulated with _div()
function patched in by 5l which does not handle conditional
execution. so do not optimize away the branch in that case.
specifing -d on the command line now only disables synchronous
drawing events.
- use threaded mouse and keyboard to allow for asynchronous
receoption of quit messages. this allows plot to exit before drawing
is completed. for programs like mapdemo, this is important.
there were two things that needed to get fixed as a result
- replace fprint(2, ...); exits("bad"); with sysfatal. also get rid
of stdio.
- dpoint needed a mach-dependentent (sic) version. otherwise
points on a resized screen will not be properly placed.
Charles Forsyth described the problem below in:
http://9fans.net/archive/2013/04/190
In a few cases, the kernel will use pprint to put a diagnostic on the
standard error (file descriptor 2). One of those is a warning that the
process has used more than 100 file descriptors. That message is possibly
obsolete and could be removed, but there are others, such as notifying an
uncaught trap that are probably helpful to make visible. In any case, as
things stand, a busy exportfs might have many file descriptors open,
provoking the diagnostic. Unfortunately, aux/listen and aux/listen1 connect
file descriptor 2 to the incoming network connection. If the connection's
protocol is not a simple, unstructured, textual one, diagnostics on the
standard error will cause confusion, in particular to devmnt.c if 9p is used.
/rc/bin/service files that start applications that run special protocols
might want to redirect file descriptor 2; alternatively, perhaps aux/listen
shouldn't redirect fd 2 by default: the few commands that do connect the remote
user to shells, or equivalent, including telnetd and sshd could dup 1 to 2
when that was sensible.
the software cursor starts flickering and reacts bumby if a process
spends most of its time with drawlock acquired because the timer interrupt
thats supposed to redraw the cursor fails to acquire the lock at the time
the timer fires.
instead of trying to draw the cursor on the screen from a timer interrupt
30 times per second, devmouse now creates a process calling cursoron() and
cursoroff() when the cursor needs to be redrawn. this allows the swcursor
to schedule a redraw while holding the drawlock in swcursoravoid() and
cursoron()/cursoroff() are now able to wait for a qlock (drawlock) because
they get called from process context.
the overall responsiveness is also improved with this change as the cursor
redraw rate isnt limited to 30 times a second anymore.
from ehci spec:
The buffer pointer list in the qTD is long enough to support a maximum
transfer size of 20K bytes. This case occurs when all five buffer pointers
are used and the first offset is zero. A qTD handles a 16Kbyte buffer
with any starting buffer alignment.
overriding aborttime in udpquery() makes no sense. it causes
recursive queries to extend the timeout infinitely. nobody
but the issuer of the request should modify aborttime.
