use resrcwait() when waiting for memory to become available. randomize
the sleep time and properly restore old process status in case tsleep()
gets interrupted.
filesystems do not handle i/o errors well (cwfs will abandon the blocks),
and temporary exhaustion of kernel memory (because of too many i/o's in
parallel) causes read and write on the partition to fail.
i think it is better to wait for the memory to become available in
this case. the single allocation is at max SDmaxio bytes, which makes
it likely to become available. if we havnt even enought fo that, then
rebooting the machine would be the best option. (aux/reboot)
the fist problem is that qopen() might return nil and that kstrdup() will
sleep, so we should try to avoid holding the mntalloc lock. so we move
the kstrdup() and qopen() calls before the Mnt allocation, and properly
recover the memory if we fail later.
the second problem was that we error(Eshort) after we already created the Mnt
when returnlen < sizeof(f.version). this check has to happen *before* we
even attempt to allocate the Mnt structures. note that we only copy the
version string once everything is in the clear, so the semantics of the
user buffer not being modified in case of error is not changed.
a little cleanup in muxclose(), getting rid of mntptfree()...
pread does not guarantee that it would read all the data asked for.
But acme usage of disk assumes that. This issues as many reads as
needed to make acme work when read returns less data than it wanted.
pbs failed to load (silently loading garbage) 9BOOTFAT from start
cluster beyond FFFF because we ignored the low word from the
directory entry. now taking the high 16 bit of the directory's
start cluster into account.
Fsprotoclone() is not supposed to raise error, but return nil.
ipopen() seemed to assume otherwise as it setup error label
before calling Fsprotoclone(). fix ipopen(), make Fsprotoclone()
return nil instead of raising error.
Fsprotocone():
qopen() and qbypass() can fail and return nil, so make sure
the connection was not partially created by checking if read
and write queues have been setup by the protocol create hanler.
on error, free any resources of the partial connection and
error out.
netlogopen(): check malloc() error.
the initial fontresize() might fail but its error code is ignored
potentially leaving f->cacheimage == nil. make sure we call
fontresize() in loadchar() when theres no cacheimage and check the
return value to avoid nil pointer dereference.
instead of trying to resize the segment (which will not work when
the kernel picks the address as it will allocate right before
the base of the topmost segment), we create the mux segment with the
maximum size needed (arround 1.4MB) for OPEN_MAX filedescriptors.
buf slots will be reused and slots get demand paged once used.
1 the config string was grabbed Aoehsz too far into the packet due to using the wrong pointer to start.
2 never accept a response with tag Tmgmt or Tfree.
3 defend against "malicious" responses; ones with a response Aoehdr.type != request Aoehdr.type. this previously could
cause the initiator to crash.
4 vendor commands were improperly filtered out.
the integer division instructions are emulated with _div()
function patched in by 5l which does not handle conditional
execution. so do not optimize away the branch in that case.
specifing -d on the command line now only disables synchronous
drawing events.
- use threaded mouse and keyboard to allow for asynchronous
receoption of quit messages. this allows plot to exit before drawing
is completed. for programs like mapdemo, this is important.
there were two things that needed to get fixed as a result
- replace fprint(2, ...); exits("bad"); with sysfatal. also get rid
of stdio.
- dpoint needed a mach-dependentent (sic) version. otherwise
points on a resized screen will not be properly placed.
Charles Forsyth described the problem below in:
http://9fans.net/archive/2013/04/190
In a few cases, the kernel will use pprint to put a diagnostic on the
standard error (file descriptor 2). One of those is a warning that the
process has used more than 100 file descriptors. That message is possibly
obsolete and could be removed, but there are others, such as notifying an
uncaught trap that are probably helpful to make visible. In any case, as
things stand, a busy exportfs might have many file descriptors open,
provoking the diagnostic. Unfortunately, aux/listen and aux/listen1 connect
file descriptor 2 to the incoming network connection. If the connection's
protocol is not a simple, unstructured, textual one, diagnostics on the
standard error will cause confusion, in particular to devmnt.c if 9p is used.
/rc/bin/service files that start applications that run special protocols
might want to redirect file descriptor 2; alternatively, perhaps aux/listen
shouldn't redirect fd 2 by default: the few commands that do connect the remote
user to shells, or equivalent, including telnetd and sshd could dup 1 to 2
when that was sensible.
the software cursor starts flickering and reacts bumby if a process
spends most of its time with drawlock acquired because the timer interrupt
thats supposed to redraw the cursor fails to acquire the lock at the time
the timer fires.
instead of trying to draw the cursor on the screen from a timer interrupt
30 times per second, devmouse now creates a process calling cursoron() and
cursoroff() when the cursor needs to be redrawn. this allows the swcursor
to schedule a redraw while holding the drawlock in swcursoravoid() and
cursoron()/cursoroff() are now able to wait for a qlock (drawlock) because
they get called from process context.
the overall responsiveness is also improved with this change as the cursor
redraw rate isnt limited to 30 times a second anymore.
from ehci spec:
The buffer pointer list in the qTD is long enough to support a maximum
transfer size of 20K bytes. This case occurs when all five buffer pointers
are used and the first offset is zero. A qTD handles a 16Kbyte buffer
with any starting buffer alignment.
overriding aborttime in udpquery() makes no sense. it causes
recursive queries to extend the timeout infinitely. nobody
but the issuer of the request should modify aborttime.
*alen has to be initialized to the size of the buffer
by the caller, and we are supposed to put the real
size of the address in there, but not copy more than
the original *alen value (truncate).
in wpa2, the rsc field of the eapol message3 is the packet number for
*group* messages that the ap will use as there is no separate group
key message. in wpa1, we use it for the peerwise key.
the kernel uses fixed area (TSTKTOP, TSTKSIZ) of the address
space to temporarily map the new stack segment for exec. for
386 and arm, this area was right below the stack segment which
has the problem that the program can map arbitrary segments
there (even readonly).
alpha and ppc dont have this problem as they map the temporary
exec stack *above* the user reachable stack segement and segattach
prevents one from mapping anything above or overlaping the stack.
lots of arch code assumes USTKTOP being the end of userspace
address space and changing this to TSTKTOP would work, but results
in lots of hard to test changes.
instead, we'r going to map the temporary stack programmatically
finding a hole in the address space where to map it. we also lift
the size limitation for arguments and allow arguments to fill
the whole new stack segement.
the TSTKTOP and TSTKSIZ are not used anymore so they where removed.
references:
http://9fans.net/archive/2013/03/203http://9fans.net/archive/2013/03/202http://9fans.net/archive/2013/03/197http://9fans.net/archive/2013/03/195http://9fans.net/archive/2013/03/181
store errno on the private process stack so its always per process
and not just per memory space. errno itself becomes a macro
dereferencing int *_errnoloc; which is initialized from main9.s
pointing to the private stack location.
various fixes in programs that just imported errno variable with
"extern int errno;" instead of including <errno.h>.
in ape close(), do the real filedescriptor _CLOSE() *after* we cleared
the _fdinfo[] slot because once closed, we dont own the slot anymore and
another process doing open() can trash the slot. make sure open() retuns
fd < OPEN_MAX.
double check in _startbuf() holding mux->lock if the fd is already buffered
preveting running double copyprocs on a fd.
dont zero the mux->rwant/ewant bitmaps at the end of select() as we do not
hold the mix->lock.
in _closebuf() kill copyproc while holding the mux->lock to make sure the
copyproc isnt holding it at the time it is killed. run kill() multiple times
to make sure the proc is gone.
python uses processes sharing memory. it requires at least fopen() to
be called by multiple threads at once so we introduce _IO_newfile()
which allocates the FILE structure slot under a lock.
diskparts fails on thinkpad x200 sdcard reader if we dont
give the unit some time to startup. the device took about
100ms to become ready so status poll loop with a long
timeout would be overkill.
1. Go group spotted that a slightly-obscured pointer move was done by AMOVL not AMOVQ.
2. Inspecting the code further, I noticed that other pointer types were set to TLONG not TIND,
causing similar truncation of pointers to 32 bits.
add PASS_MAX to limits.h for ape, and make getpass respect it. also increase the size of
the maximum passwords (we use long ones at work). Needed for native port of SVN (in progress).
the kernel would go into endless loop when stating "stats" and "ifstats"
files and the network interface having no connections, or otherwise return
wrong stat info.
