traditionally, the pc kernel mapped the first 8MB of physical
address space. when the kernel size grows beyond that memory mapping,
it will crash on boot and theres no checking in the build process
making sure it fits.
with the pc64 kernel, it is not hard to always map the whole
kernel memory image from KZERO to end[], so that the kernel will
always fit into the initial mapping.
we can improve performance alot by using webfs which
does http keep alives for us, so connection setup
overhead is eleminated.
fix 9p flushes and double frees.
we can avoid some flickering when removing the software cursor
from the shadow framebuffer by avoiding the flushscreenimage()
call.
once the cursor is redrawn, we flush the combined rect of its
old and new position in one go.
werrstr() takes a format string as its first argument.
a common error is to pass user controlled string buffers
into werrstr() that might contain format string escapes
causing werrstr() to take bogus arguments from the stack
and crash.
so instead of doing:
werrstr(buf);
we want todo:
werrstr("%s", buf);
or if we have a local ERRMAX sized buffer that we can override:
errstr(buf, sizeof buf);
this fixes a potential format string problem where the
error string is passed to werrstr() as fmt. also, the
directory comparsion is simplified in this version using
a helper function.
when dial is called with a generic dialstring, it will try
/net and /net.alt in sequence. error out if the /net dial
gets interrupted and do not continue dialing /net.alt.
reduce stack usage by using the swaping nature of errstr()
instead of keeping two error string buffers on the stack.
theres a race where procstopwait() is interrupted by a note,
setting p->pdbg to nil *before* acquiering the lock and
and pexit() and procctl() accessing it assuming it doesnt
change under them while they are holding the lock.
previously, if dial was interrupted by an alarm or other note while connecting to a host that resolved to multiple ips, dial would ignore the interruption and try the next host. now dial properly returns with error when it is interrupted.
vmware in efi mode brings application processors up
with CR4 = 0 (pse disabled) which makes us page fault
when accessing the ap's pdb which might be in a 4MB
mapping when the boot processor used pse to setup
page tables.
so we unconditionally enable pse in apbootstrap
(and disable pae in case of surprises).
bug: as jpm pointed out, when we run aux/wpa in rio window
and delete the window, aux/wpa was killed as it shared the
note group of the window.
fix: fork the notegroup.
x230 booted in efi only (no csp) mode hangs
when traditional i8042reset() keyboard reset
is tried.
so we try acpireset() first which discoveres
and writes the acpi reset register.
instead of including kernel and config in the efi
fat image, we can just include the loaders and
read the plan9.ini and kernel from iso filesystem
just like the bios loaders.
the uartmini enable function used to override the baud
register so the effecive baudrate was always set to
115200 baud.
now the default baudrate of 9600 is set correctly and can
be changed in the console= boot parameter.
thanks aap and hiro for debugging, pizza and beer :)
having the memconf() (*e820=) last clutters the screen.
do it first, so we can read *acpi= and *bootscreen=
prints.
we want to continue using tftp even when the /cfg/pxe/$ether
file is not found. only when we detect no pxe/dhcp session,
then we switch to local filesystem (non-network boot).
to make it possible to mark the bootscreen framebuffer
as write combining in early initialization, mtrr() is
changed not not to error() but to return an error string.
as bootscreen() is used before multiprocessor initialization,
we have to synchronize the mtrr's for every processor as
it comes online. for this, a new mtrrsync() function is
provided that is called from cpuidentify() if mtrr support
is indicated.
the boot processor runs mtrrsync() which snarfs the
registers. later, mtrrsync() is run again from the
application processors which apply the values from the
boot processor.
checkmtrr() from mp.c was removed as its task is also
done by mtrrsync() now.
rampage() cannot be used after meminit(), so test for
conf.mem[0].npage != 0 and use xalloc()/mallocalign()
instead. this allows us to use vmap() early before
mmuinit() which is needed for bootscreeninit() and
acpi.
to get memory for page tables, pc64 needs a lowraminit().
with EFI, the RSDT pointer is passed in *acpi= parameter
from the efi loader. as the RSDT is ususally at the end of
the physical address space (and not to be found in
bios areas), we cannot KMAP() it so we need to vmap().
to get the right data size of a file, the revlog needs to have been
opened and the metaheader parsed. as an optimization, we used to
open revlog only on the first read resulting revlogs with metaheaders
having the wrong size returned by fstat() until the first read().
tar relies on fstat() giving the correct file size, so just open
the revlog on open. reading directories can still yield the wrong
size but it is not that critical.
there was a memory corruption bug caused by us enabling the
ps2mouseputc() handler *before* initializing packetsize.
once we enabled the handler, mouse interrupts could come
in and advance the packet buffer index (nb) beyond the
buffer boundaries.
as ps2mouseputc() only checked for ++nb == packetsize, once
nb was advanced beyond the packetsize, it would continue writing
beyond the buffer and corrupt memory with each mouse packet byte.
solution is to initialize packetsize *before* enabling the
handler, and also do a >= check in ps2mouseputc() in case the
packetsize gets changed to a smaller value at runtime.
we used to set RD flag in requests unconditionally, which
is fine by the standard but some dns server administrators
seem to use it as a denial of service indicator (for ther
non recursive authoritative nameservers) and ignore the
request.
so only set the RD flag when talking to local dns servers.
alexchandel got the kernel to crash with divide error
on qemu 2.1.2/macosx at this location. probably
caused by perfticks()/tsc being wrong or accounttime()
not having been called yet from timer interrupt yet for
some reason.
the syscall stubs (for amd64) currently have a unconditional
spill of the first (register) argument to the stack.
sysr1 (and _nsec) are exceptional in that they do not
take any arguments, so the stub is writing unconditionally
to ther first argument slot on the stack.
i could avoid emiting the spill in the syscall stubs for
sysr1 but that would also break truss which assumes fixed
instruction sequence from stub start to the syscall number.
i'm not going to complicate the syscall stubs just for
sysr1 (_nsec is not used in 9front), but just add a dummy
argument to sysr1 definition that can receive the bogus
argument spill.
devip can only handle Maskconv+1 conversations per
protocol depending on how many bits it uses in the
qid to encode the conversation number.
we check this when the protocol gets registered.
if we do not do this, the kernel will mysteriously
panic when the conversaion numbers collide which
took some time to debug.
the numbers from /dev/sysstat overflow on 32bit, so have
to do subtraction modulo 2^32 as we calculate with 64bit
integers.
thanks mischief for reporting this.
WHAT WHERE THEY *THINKING*??!?!
unlike seek, the (new) nsec syscall (not used in 9front libc)
returns the time value in register (from nix), so do the same
for compatibility.
memfillcolor() used to write longs in host byte
order which is wrong. have to always use little
endian.
to simplify, moved little endian conversion into
memsetl() and memsets() avoiding code duplication.
file->parent can be nil when the file has been previously removed.
removefile() deals with this, so skip the permission check in
that case and let removefile() error out.
some of us run auth servers from home that are used by multiple
servers on the internet. when the home authserver becomes unreachable,
services on the outside servers stop working. so we thought about
specifing a secondary auth servers for backup when the primary
server is not reachable.
this changes authdial() to consult multiple auth= entries in
the authdom= or dom= tuples, trying each one in order until
dial() succeeds.
from segattach(2):
Va and len specify the position of the segment in the
process's address space. Va is rounded down to the nearest
page boundary and va+len is rounded up. The system does not
permit segments to overlap. If va is zero, the system will
choose a suitable address.
just rounding up len isnt enougth. we have to round up va+len
instead of just len so that the span [va, va+len) is covered
even if va is not page aligned.
kenjis example:
print("%p\n",ap); // 206cb0
ap = segattach(0, "shared", ap, 1024);
print("%p\n",ap); // 206000
term% cat /proc/612768/segment
Stack defff000 dffff000 1
Text R 1000 6000 1
Data 6000 7000 1
Bss 7000 7000 1
Shared 206000 207000 1
term%
note that 0x206cb0 + 0x400 > 0x20700.
RFC2104 defines HMAC for keys bigger than the 64 byte block
size as follows:
Applications that use keys longer than B (64) bytes will
first hash the key using H (the hash function) and then
use the resultant L byte string as the actual key to HMAC.
this is a work in progress implementation of the ayiya (anything
in anything) protocol as used by sixxs.net. hiro tested it and it
worked for him, but progress has stalled as sixxs.net rejected my
request for an account and ignored my emails since.
after running ip/ipconfig -6, we are unable to ping our
own link-local address and the arp daemon sends out useless
neighbor solicitation requests to itself. this change
adds an arp entry for our ipv6 address. however, this
must not be done for tentative interface configuration.
allocate the Iplifc structure on the stack instead.
i assuming that it was allocated on heap in fear of
causing stack oveflow. on 386, this adds arround
88 bytes on the stack but it doesnt seem to cause
any trouble. (checked with poolcheck after ctl write)
we have to recheck the condition under tod lock, otherwise
another process can come in and updated tod.last and
tod.off and once we have the lock, we would make time
jump backwards.
unify the keyboard and mouse readers into one using the hid
report parser for both. remove the keyboard protocol handling,
as it is now handled by hid parser and all we get is a sequence
of keycodes in Hiddev.k[] which we diff for up/down and translate
to pc scancodes.
in backwards mode, the roles of the aan filters need to be
reversed. add "-n address" option to import to override the
announce address for the aan server part (default tcp!*!0).
mischief got babble error with his mobile phone as we used to
read at max 64 bytes for the data response phase. his device
has 512 byte packet size.
thans to mischief for the patience.
ipifcunbind() could error out from ipifcremlifc() and Medium.unbind()
*after* decrementing ifc->conv->inuse! move the decrement after
calling these functions.
make ipifcremlifc() never raise error but return error string.
the only places where it could error is when it calls into
medium functions like Medium.remroute() and Medium.remmulti().
Ignore these errors as they could happen when the ethernet driver
crashed (think imported ethernet device or usb ethernet
in userspace), so we will be able to unbind.
add waserror() handlers as neccesary to deal with errors from
Medium.addmulti(), Medium.areg() and arpenter() to properly
unlock the data structures.
the allow command now takes an optional uid argument for the user
to be granted temporary god status on the fileserver for maintenance.
this was kenji okomotos idea, so thanks :)
remove wstatallow and writeallow flags. instead, we have global:
int allowed;
that contains the uid of the currently allowed user id or -1
if permission checking is globally disabled for the fileserver.
when zero, normal permission checking takes place.
added int isallowed(File*) function that returns non-zero when the
context is the console, or the allowed user. this is also used internally
by iaccess(), so all the extra code of in the callers of iaccess()
is gone now.
dont conflate allowed user with noauth flag and auto-allow on ream.
the installer already knows about noauth and allow flags so theres no
problem with bootstraping.
when mountmux() completes a request for another process, enforce odering
of the loads and stores to the request prior to writing q->done = 1
so mntflushfree() sees q->done != 0 only when the request has actually
completed. otherwise, the q->done = 1 store could have been reordered
before the load from q->z, reading from already freed request and causing
spurious wakeups.
removing unused mntstats callback.
use nil for pointers instead of 0.
_sl reported crash:
stats 593: suicide: sys: trap: fault write addr=0xffffffff8258d1b0 pc=0x204cc7
; acid 593
/proc/593/text:amd64 plan 9 executable
/sys/lib/acid/port
/sys/lib/acid/amd64
acid: lstk()
notejmp(ret=0x1,j=0x40ac90)+0x13 /sys/src/libc/amd64/notejmp.c:10
alarmed(a=0xffffffff8258d1b0,s=0x7ffffeffea58)+0x3f /sys/src/cmd/stats.c:718
notifier+0x3e /sys/src/libc/port/atnotify.c:15
acid:
note how a in alarmed is a kernel address!
the first Ureg* argument is passed to the note handler in the
RARG (BX) register, which was not loaded when returning to
userspace from syscall() thru forkret(). fix by returning thru
noteret() from syscall().
old iostats failed to work when builidng the kernel due to old bugs
that where already fixed in exportfs. instead of backporting the fixes,
reimplement iostats as a filter that sits between exportfs and the
process mount. from users perspective, theres no difference.
the result is much smaller and can handle everything that exportfs
can like /srv.
Xqdol() used to take quadratic time because of strcat(),
the code isnt really needed as list2str() aready does the
same thing in linear time without the strcat().
add estrdup() which uses emalloc() so allocation error are
catched.
move strdups() of name from callers into newvar().
avoid recursion of conclist(), and avoid copying of word
strings by providing Newword() function which doesnt copy
the word string.
the 6c compiler reserves R14 and R15 for extern register variables,
which is used by the kernel to hold the m and up pointers. until
now, the meaning of R14 and R15 was undefined for userspace and
extern register would not work as the kernel trashes R14 and R15
on syscalls. with this change, user extern registers R14 and R15
are zeroed on exec and otherwise preserved across syscalls. so
userspace *could* use them for per process variables like the
kernel does.
use Ureg.bp (RARG) for syscall number instead of Ureg.ax. this is
less confusing and mirrors the amd64 calling convention.
addpage() should not be called with the display locked as it
calls showpage1() which sleeps when there are too many
processes active.
the bug was triggered by plumbing to trigger the addpage().
