spectacular bug. cmpswap() had a sign extension bug
using sign extending MOV to load the old compare
value and LDXRW using zero extension while the CMP
instruction compared 64 bit registers.
this caused cmpswap with negative old value always
to fail.
interestingly, libc's version of this function was
fine.
C99 requires that if intXX_t types are defined, int_fastxx_t and
int_leastxx_t types are defined as well. We define all three to
be identical (intXX_t == int_fastXX_t == int_leastXX_t).
This makes the flagfmt parser more robust and accepting
a looser input language — namely by allowing whitespace
around specifier fields and ignoring any empty fields.
Long flagfmts can thus be pleasingly displayed:
flagfmt='
a, b, c, C:cache,
m:mtpt mountpoint,
s:srvn srvname'
The mount() and bind() syscalls return -1 on error,
and the mountid sequence number on success.
The manpage states that the mountid sequence number
is a positive integer, but the kernels implementation
currently uses a unsigned 32-bit integer and does not
guarantee that the mountid will not become negative.
Most code just cares about the error, so test for
the -1 error value only.
mischief provided the following test that shows the issue:
ramfs -S crash
aux/9pcon /srv/crash <<EOF
Tversion 8192 9P2000
Tattach 0 -1 $user ''
Tcreate 0 dir 020000000777 0
Tattach 5 -1 $user ''
Twalk 5 6 dir
Tread 6 0 512
EOF
the problem is that lib9p wrongly allowed reads on closed fids,
due to the permission check only considering the lower 2 bits.
a closed fid has fid->omode == -1 and it would pass on read for:
(-1 & 3) == 3 == OEXEC
the following change explicitely checks for for the closed case
and also rejects writes on directories (they are rejected on
open/create, but a broken 9p client could still issue the request).
when reclaiming pages from an image, always reclaim all
the hash chains equally. that way, we avoid being biased
towards the chains at the start of the Image.pghash[] array.
images can be in two states: active or inactive. inactive
images are the ones which are not used by program while
active ones aare.
when reclaiming pages, we should try to reclaim pages
from inactive images first and only if that set becomes
exhausted attempt to release text pages and attempt to
reclaim pages from active images.
when we run out of Image structures, it makes only sense
to reclaim pages from inactive images, as reclaiming pages
from active ones will never free any Image structures.
change putimage() to require a image already locked and
make it unlock the image. this avoids many pointless
unlock()/lock() sequences as all callers of putimage()
already had the image locked.
- nil check pl_blue allocation, and don't do it every time pl_rtdraw is called
- fix re-adding previously removed flushimage calls
- correct format for pointer
- sysfatal in pl_drawinit on error
if we do 'CAT(foo bar, baz quux)', the resulting token row
should have 3 tokens: 'foo', 'barbaz', 'quux'.
tested by jonasa, rebuilding /sys/src, perl, netsurf, and nuklear.
Modify aux/kbdfs to work with neo2 layout.
- add new modifier, increase limit on layers.
- Add Kaltgr for mod3
- Add mod4
This change only implements the alphanumeric
block of the keyboard in the kbmap, as neo2
is mainly used for blind typing and is not
needed that much anywhere else, this leaves
the numpad like it is.
(Thanks, jstsmthrgk@jstsmthrgk.eu)
grow selection from point of click, not start of selection region.
starting at the beginning of the selection region causes the match
logic to kick in, which is confusing.
the caller of macexpand() needs one more byte in
the buffer to append peekc.
make macexpand() actually check for buffer overflow.
just use strdup() to duplicate include file name
instead of the hunk dance.
move GETC() macro in cc.h
looks like linux changed the device tree names for
the memory node:
4b17654f51 (diff-ac03c9402b807c11d42edc9e8d03dfc7)
this fixes the memory size detection with latest firmware
on raspberry pi4-b (4GB) for kenji.
with scroll-wheel scrolling, this case can happen with the
command window:
umbraticus → cinap: create fullscreen file buffer by right-clicking in cmd window
slookup() copies to symb, so use the symb[NSYMB] buffer directly
to declare type conversion functions and get rid of the arbitrary
sized local buffer. replace sprint() with snprint().
We used to treat all operators as right associative,
which means that we would evaluate them incorrecty.
For example, '2 - 1 + 1' would evaluate as '2 - (1 + 2)',
instead of '(2 - 1) + 1'.
This adds an assoc parameter to struct pri, and then uses
it to decide how to evaluate operators.
when pushing expressions in cpp, particularly complex ones could
overflow the stack and silently corrupt our data structures. add
checks when we push, and bump the stack size up.
for floating point operations, reuse the return register
on the right hand side if it has higher complex number
than the left hand side to conserve registers.
this makes the following code compile, that was previously
run out of floating point register:
float
f(float r[15])
{
return (r[0] + (r[1] * (r[2] + r[3] * (r[4] + r[5] * (r[6] + r[7] * (r[8] + r[9] * (r[10] + r[11] * (r[12] + r[13] * r[14]))))))));
}
the downside is that this produces extra move operations.
BurnZeZ reported this the other day. It seems like if we have
a pipeline that looks like:
fn foo{cat < <{echo hi}}
then the '<' will get merged in /env/'fn#foo'. This change
fixes pcmd to add a space. It looks to me like this is the
only token that can get merged this way by pcmd.
The previous patch to plumb non-whitespace segments was
confusing due to lack of visual feedback. This removes
the empty selecton plumb behavior, and instead makes
triple clicking work to get a plumbable selection.
when running ndb configuration, we might inherit the ipgw=
attribute from the ipnet pointing to our own ip address
(we are the default gateway). ignore such entries.
do not add default routes with gateway equal to our own
local (ip4) or link-local ip address (ipv6).
mysbrk() was only used in gethunk() and should not be
called by anyone, so dont export the symbol.
simplify gethunk() using brk().
double allocation size on each call until we reach
1000*NHUNK.
use signed long for nhunk as alignment rountin might
make it negative and handle that case.
for gethunk() to work, all allocators have to use it,
including allocations done by libc thru malloc(),
so the fake allocation functions are mandatory for
everyone.
to avoid duplication the code is moved to cc/compat
and prototypes provided in new cc/compat.h header.
the assemblers share gethunk() cc/macbody but are compiled
without compat.c, so calls such as getenv() trigger malloc()
which does its own sbrk() calls, breaking the continuity
of the hunk.
so this change needs another revision. until then, this is
backed out.
the compilers and linkers use ther own memory allocator.
free memory is between hunk and hunk+nhunk. allocation
works by checking if nhunk is bigger or equal to the
amount needed, and if not, repeatedly call gethunk()
until there is. after that, the allocated amount is added
from hunk and subtracted from nhunk by the user.
the problem was when the needed amount was bigger than
the default NHUNK size gethunk() allocates per call.
gethunk() would not actually grow nhunk, but instead
just set hunk and nhunk variables to the last allocated
block. this resulted in a infinite loop of calls to
gethunk() until sbrk() would hit the maximum size for
the BSS segment.
this change makes gethunk() actually grow the hunk space,
increasing nhunk, and only updating hunk when nhunk was
previously zero. we assume that mysbrk() retuns increasing
addresses and that the space between the previous hunk+nhunk
and the new block base returned by mysbrk() is usable.
the real problem is that gethunk() does not grow the allocation
but just allocates a new hunk, so repeated calls to gethunk()
wont make nhunk grow to satisfy the allocation.
this will be fixed in a upcoming commit.
The swcursor used a 32x32 image for saving/restoring
screen contents for no reason.
Add a doflush argument to swcursorhide(), so that
disabling software cursor with a double buffered
softscreen is properly hidden. The doflush parameter
should be set to 0 in all other cases as swcursordraw()
will flushes both (current and previours) locations.
Make sure swcursorinit() and swcursorhide() clear the
visibility flag, even when gscreen is nil.
Remove the cursor locking and just do everything within
the drawlock. All cursor functions such as curson(),
cursoff() and setcursor() will be called drawlock
locked. This also means &cursor can be read.
Fix devmouse cursor reads and writes. We now have the
global cursor variable that is only modified under
the drawlock. So copy under drawlock.
Move the pc software cursor implementation into vgasoft
driver, so screen.c does not need to handle it as
a special case.
Remove unused functions such as drawhasclients().
most pc's are multiprocessors these days, that use apic or
msi interrupts, then the irq does not matter anymore. and
uefi does not even assign irq to pci devices anymore. if
we have a problem enabling an interrupt, we will print.
Some UEFI implementations use random UUID based DUID instead of
ethernet address, but use ethernet derived link-local addresses.
So extract the MAC from our IPv6 address.
memory returned by rampage() is not zeroed, so we have to
zero it ourselfs. apparently, this bug didnt show up as we
where zeroing conventional low memory before the new memory
map code. also rampage() never returns nil.
error handling in portreset() was wrong. we called closedev()
on the device without changing the reference.
just call portdetach() when the reset fails.
This replaces the memory map code for both pc and pc64
kernels with a unified implementation using the new
portable memory map code.
The main motivation is to be robust against broken
e820 memory maps by the bios and delay the Conf.mem[]
allocation after archinit(), so mp and acpi tables
can be reserved and excluded from user memory.
There are a few changes:
new memreserve() function has been added for archinit()
to reserve bios and acpi tables.
upareserve() has been replaced by upaalloc(), which now
has an address argument.
umbrwmalloc() and umbmalloc() have been replaced by
umballoc().
both upaalloc() and umballoc() return physical addresses
or -1 on error. the physical address -1 is now used as
a sentinel value instead of 0 when dealing with physical
addresses.
archmp and archacpi now always use vmap() to access
the bios tables and reserve the ranges. more overflow
checks have been added.
ramscan() has been rewritten using vmap().
to handle the population of kernel memory, pc and pc64
now have pmap() and punmap() functions to do permanent
mappings.
This is a generic memory map for physical addresses. Entries
can be added with memmapadd() giving a range and a type.
Ranges can be allocated and freed from the map. The code
automatically resolves overlapping ranges by type priority.
Fix the inconsistent use of ether->mem. Always use physical
addresses. Let ether8390 convert to virtual addresses using
KADDR() when we have to copy data in/out.
in ndb, we use the ethernet mac to identify the client.
in dhcpv6, there is just a uniqueue device id that
might even be generated randomly. to find the ethernet
address of a client, check the duid type and only use
it when the dudid is of type 1 (link layer) or 3 (link
layer address + time) and the link layer address type
is 1 (ethernet). otherwise, assume the source ip is
a link local address and extract it from that.
this hack works for thinkpad t495, which uses random
uuid based client duid.
the previous mkfile had a sneaky hack that would use
sed to delete the first 2 lines of hex output to strip
the 32 byte long a.out header for apbootstrap and rebootcode.
use 8l -H3 flag to strip the header from the output file.
Output buffering is automatically disabled when reading from stdin.
In this case, supplying the -b flag ought to be redundant. However,
since Bflag was being XORed into the flag set - rather than simply
ORed - supplying -b would actually enable output buffering.
while technically a 32 bit ptrdiff_t is in spec on
systems with 64 bit ponters as long as we guarantee
that individual objects are small enough, this can
confuse legitimate code, so lets fix this.
This fixes token pasting, making it expand when
it should expand, and paste before expansion when
it should paste before expanding.
#define CAT(a, b) a ## b
#define BAR 3
#define FOO CAT(BAR, 3)
FOO
now produces 33, while
#define CAT(a, b) a ## b
#define EOF (-1)
#define NOP(x) x
NOP(CAT(foo, EOF))
CAT(,EOF)
CAT(,)
produces
fooEOF
(-1)
<empty>
respectively.
ccom may be called multiple times on the same
node, via 'goto loop' calls from the commute
label, OADD, and a few other places.
Casts to void could null out the LHS of the
node, which would cause the compiler to crash
if the cast was revisited due to one of these
cases, because we tried frobbing n->left.
Now, if n->left is nil, we just return.w
Fix inconsistencies between programs and their usage
messages, correct instances where information seems
to be missing or lost. This includes missing arguments,
making usage consistent with manuals, and so on.
we emitted an error on heredoc tags, but we
continued on, and added a heredoc entry to
the list, with a tag that we couldn't handle.
when processing this heredoc, rc would segfault.
fix: don't add a heredoc to the list on error.
We used to have a padding int in the structure
after the next pointer, to align it to 16 bytes.
On 64 bit architectures, the pointer was already
8 bits, so the padding misaligned things to 20
bytes.
This fixes it so that we're explcit about the
data alignment we want, instead of hoping that
the various sizes line up.
with the latest changes to shr(3), we can use ORCLOSE on
the control file to get the mount in the share automatically
removed when the server exits or something goes wrong during
postsharesrv().
do not expose postfd() and sharefd() functions. they where
undocumented and leak the control file descriptors.
the rc & operator changes stdin to /dev/null, so we
have to do the <[0=1] inside the {}
this never showed up as an issue because many
fileservers just read 9p messages from standard
output.
when the control mountpoint side gets removed, close
mount channel immediately. this is usefull for implementing
automatic cleanup with ORCLOSE create mode.
this makes sure that when postsharesrv() fails (for
example because the shr file already exists), the
worker process gets killed and all file descriptors
to devusb get closed.
allow reading the control file of a process and return
its pid number. if the process has exited, return an error.
this can be usefull as a way to test if a process is
still alive. and also makes it behave similar to
network protocol directories.
another side effect is that processes who erroneously
open the ctl file ORDWR would be allowed todo so as
along as they have write permission and the process is
not a kernel process.
it appears that too many fileservers rely on the fileserver
process sharing the filedescriptors with children of the
caller to postmntsrv() or threadpostmntsrv().
restoring previous behaviour for now.
sshreadproc() needs to be started after opening the sshfd file
descriptor.
fsnetproc() needs to run in the same filedescriptor group as
the fileserver.
run the usb hub poll "work()" proc in the same filedescriptor
group as the fileserver by forking the process in Srv.start
callback.
this also prevents the usbbusy filedescriptor from being kept
open by the fileserver process.
mike from eff0ff.net reported the following:
> I was running a second instance of rio inside a rio window and
> suddenly weird things started happening. The second instance started
> imposing arbitrary limits on the size of its windows and refused to
> resize some of its windows when its own window was resized.
> Turns out this happens if rio's screen is 3 times as high as wide
> because of a tiny mistake in its goodrect function.
... and kindly provided a patch. thanks!
with the -s flag, we should read 9P messages from
standard *INPUT* (fd 0) and write responses to
standard *OUTPUT* (fd 1).
before these servers where reading from fd 1,
assuming they where both the same files.
it is unclear how Srv.nopipe flag should work inside
postmountserv(). if a server wants to serve on stdio
descriptors, he can just call srv() after initializing
Srv.infd and Srv.outfd.
The Srv.leavefdsopen hack can be removed now that acme
win has been fixed.
in case listensrv() is called with a previously active Srv,
we have to make sure that per connection state is zeroed
out (locks and reference conuts).
also, dont assume anything about the Ref structure. there
might be implementations that have a spinlock in them.
loadrevinfo() would fail on a empty log portion due
to a bug in the previous commit.
the loop is supposed to skip all bytes until we encounter
a empty line. the loop starts at the beginning of a line
so when we encounter a \n, we have to terminate, otherwise
read bytes until we see \n (end of a line) and then read
another and test the condition again.
progarg[0] can be assigned to elem directly as it is a
copy in kernel memory, so the char proelem[64] buffer
is not neccesary.
do the close-on-exit outside of the segment lock. there
is no reason to keep the segment table locked.
the user buffer could be changed while we parse it resulting
in a different number of watchpoints than initially calculated.
so add a check to the parse loop so we wont overflow the
watchpoint array.
in case the calling process changes its arguments under us, it could
happen that the final argument string lengths become bigger than
initially calculated. this is fine as we still make sure we wont
overflow the stack segment, but we could overrun into the tos
structure at the end of the stack. so change the limit to the
base of the tos, not the end of the stack segment.
writes to /proc/n/notepg and /proc/n/note should be able to write
at ERRMAX-1 bytes, not ERRMAX-2.
simplify write to /proc/n/args by just copying to local buf first
and then doing a kstrdup(). the value of Proc.nargs does not matter
when Proc.setargs is 1.
Section 6.5.15 of the C99 spec requires that if
one argument of a ?: expression is a null pointer
constant, and the other has a pointer type T*, then
the type of the expression is T*.
We were attempting to follow this rule, however,
we only handled literal expressions when checking
for null pointers.
This change looks through casts, so 'nil' and 'NULL',
and their expansion '(void*)0' are all detected as
null pointer constants.
devproc assumes that when we hold the Proc.debug qlock,
the process will be prevented from exiting. but there is
another race where the process has already exited and
the Proc* slot gets reused. to solve this, on process
creation we also have to acquire the debug qlock while
initializing the fields of the process. this also means
newproc() should only initialize fields *not* protected
by the debug qlock.
always acquire the Proc.debug qlock when changing strings
in the proc structure to avoid doublefree on concurrent
update. for changing the user string, we add a procsetuser()
function that does this for auth.c and devcap.
remove pgrpnote() from pgrp.c and replace by static
postnotepg() in devproc.
avoid the assumption that the Proc* entries returned by
proctab() are continuous.
fixed devproc permission issues:
- make sure only eve can access /proc/trace
- none should only be allowed to read its own /proc/n/text
- move Proc.kp checks into procopen()
pid reuse was not handled correctly, as we where only
checking if a pid had a living process, but there still
could be processes expecting a particular parentpid or
noteid.
this is now addressed with reference counted Pid
structures which are organized in a hash table.
read access to the hash table does not require locks
which will be usefull for dtracy later.
Currently upas/fs plumbs modify messages only if the flag
changes are made by another imap connection. If the flag
changes are made within the running upas/fs no modify message
is plumbed.
This changes upas/fs to set the modify flag if we made the
change ourself. It also moves the flag setting before the
imap read, so that we don't clobber flag changes coming
from the imap server with our own flags.
(Thanks Tobias Heinicke)
replace machine specific userinit() by a portable
implemntation that uses kproc() to create the first
process. the initcode text is mapped using kmap(),
so there is no need for machine specific tmpmap()
functions.
initcode stack preparation should be done in init0()
where the stack is mapped and can be accessed directly.
replacing the machine specific userinit() allows some
big simplifications as sysrfork() and kproc() are now
the only callers of newproc() and we can avoid initializing
fields that we know are being initialized by these
callers.
rename autogenerated init.h and reboot.h headers.
the initcode[] and rebootcode[] blobs are now in *.i
files and hex generation was moved to portmkfile. the
machine specific mkfile only needs to specify how to
build rebootcode.out and initcode.out.
to prevent deadlock on media unbind (which is called with
the interface wlock()'ed), the medias reader processes
that unbind was waiting for used to discard packets when
the interface could not be rlocked.
this has the unfortunate side effect that when we change
addresses on a interface that packets are getting lost.
this is problematic for the processing of ipv6 router
advertisements when multiple RA's are getting received
in quick succession.
this change removes that packet dropping behaviour and
instead changes the unbind process to avoid the deadlock
by wunlock()ing the interface temporarily while waiting
for the reader processes to finish. the interface media
is also changed to the mullmedium before unlocking (see
the comment).
avm fritzbox uses very long RA period so it effectively only
responds after a router solicitation. when there are multiple
fritzbox routers on the lan, then while configuring one prefix
of the first RA, the ip stack can drop the second router
advertisement and we would never get the second route.
packets can always get lost. so we just keep on sending router
solicitations (up to 3 times) to make sure we got all the RA's.
This patch makes 3 changes:
- It makes upas/fs send plumb messages when a message
changes in the background (eg, someone on another imap
connection opens a message and sets the read flag)
- It makes faces not complain when it gets one of these
new modify messages.
- It makes acme/Mail update the flags in the display
when it gets one of these messages.
on systems with serial console and graphics such as the raspberry pi,
it is nice to get a system shell on the serial console even when no
monitor is connected.
the console command runs a command or the system shell under
a new instance of kbdfs, optionally providing a serial console
when $console environment variable is set.
comparing m with MACHP() is wrong as m is a constant on 386.
add procflushothers(), which flushes all processes except up
using common procflushmmu() routine.
procflushmmu() returns once all *OTHER* processors that had
matching processes running on them flushed ther tlb/mmu state.
the caller of procflush...() takes care of flushing "up" by
calling flushmmu() later.
if the current process matched, then that means m->flushmmu
would be set, and hzclock() would call flushmmu() again.
to avoid this, we now check up->newtlb in addition to m->flushmmu
in hzclock() before calling flushmmu().
we also maintain information on which process on what processor
to wait for locally, which helps making progress when multiple
procflushmmu()'s are running concurrently.
in addition, this makes the wait condition for procflushmmu()
more sophisticated, by validating if the processor still runs
the selected process and only if it matchatches, considers
the MACHP(nm)->flushmmu flag.
The code had a nested use of the follow() function that could cause +=+
and -=- to register as ++ and --. The first follow() to execute could
consume a character and match and then the second follow() could consume
another character and match. For example i-=-10 would result in a syntax
error and i-=- would decrement i.
(imported from plan9port commit f1dd3f065a97f57bf59db2e3284868e181734159)
the change to support no-execute bits broke the original
raspberry pi1, as it uses backwards compatible page table
format.
to use the XN bit, subpage AP bits have to be disabled
using the XP bit in CP15 Control Register c1 Bit 23.
When plumbing an address like `3-`, Acme selects line 1,
and similarly `3+` selects line 5.
The same problem can be observed for character addresses (`#123+`)
but _not_ for ones like `+`, `.+` or `/foo/+`:
The problem only occurs when a number is followed by a direction (`-`/`+`).
Following along with the example `3-` through `address` (in addr.c):
We read `3` into `c` and match the `case` on line 239.
The `while` loop on line 242ff reads additional digits into `c`
and puts the first non-digit back by decrementing the index `q`.
Then we find the range for line 3 on line 251 and continue.
On the next iteration, we set `prevc` to the last `c`,
but since that part read ahead _into `c`_,
`c` is currently the _next_ character we will read, `-`,
and now `prevc` is too.
Then in the case block (line 210) the condition on line 211 holds
and Acme believes that it has read two `-` in sequence
and modifies the range to account for the “first” `-`.
The “second” `-` gets applied after the loop is done, on line 292.
So the general problem is:
While reading numbers, Acme reads the next character after the number into `c`.
It decrements the counter to ensure it will read it again on the next iteration,
but it still uses it to update `prevc`.
This change solves the problem by reading digits into `nc` instead.
This variable is used to similar effect in the block for directions (line 212)
and fills the role of “local `c` that we can safely use to read ahead” nicely.
(imported from plan9front a82a8b6368274d77d42f526e379b74e79c137e26)
To reproduce, create a column with at least two windows and resize
acme to have almost zero height.
(imported from plan9port commit 76b9347a5fa3a0970527c6ee1b97ef1c714f636b)
when a process does an exec syscall, procsetup() is called and
we have to disable the debug watchpoint registers. just clearing
p->dr is not enougth as we are not going thru a procsave() and
procrestore() cycle which would disable and reload the saved
debug registers.
instead of clearing debug registers in procfork(), we should
clear the saved debug registers before a process goes to die
(pexit() calls sched() with up->state = Moribund) as the Proc
structure can get reused for kernel processes (kproc) which
never call procfork() and would therefore have debug registers
loaded.
do incremental imap fetches after startup, fixes validity handling,
record flags correctly when we aren't in the process of directly
updating a message, fixes off by one in flag parsing, fixes
mis-indexing messages in sync when we get an unsolicited fetch
response.
for better system diagnostics, we *ALWAYS* want to record the parent
pid of a user process, regardless of if the child will post a wait
record on exit or not.
for that, we reverse the roles of Proc.parent and Proc.parentpid so
Proc.parentpid will always be set on rfork() and the Proc.parent
pointer will point to the parent's Proc structure or is set to nil
when no wait record should be posted on exit (RFNOWAIT flag).
this means that we can get the pid of the original parent process
from /proc, regardless of the the child having rforked with the
RFNOWAIT flag. this improves the output of pstree(1) somewhat if
the parent is still alive. note that theres no guarantee that the
parent pid is still valid.
the conditions are unchanged:
a user process that will post wait record has:
up->kp == 0 && up->parent != nil && up->parent->pid == up->parentpid
the boot process is:
up->kp == 0 && up->parent == nil && up->parentpid == 0
and kproc's have:
up->kp != 0 && up->parent == nil && up->parentpid == 0
this is a reimplementation of infernos os(1) command, which
allows running commands in the underhying host operating
system when inferno runs in hosted mode (emu). but unlike
inferno, we want to use it to run commands on the client
side of a inferno or drawterm session from the plan9 cpu
server, so it defaults to /mnt/term/cmd for the mountpoint.
Previously, reads of wctl files would return one byte less than
requested as the returned string must be null terminated. Now we pass
the actual size of the allocated buffer to the handler, which is large
enough to accommodate a trailing partial rune and terminating null
byte.
Ori_B reports that his controller gets stuck in the ahciencreset()
wait loop. so we implement a 1000 ms timeout. we replace delay()
with esleep() as we are always called from the ledkproc().
blink() could enter infinite delay loop as well, so instead of
waiting for the message to get transmitted we exit making it
non-blocking (we will get called again anyway).
the access to the controller map[] was wrong in ledkproc(). the
index is the controller number, not the drive number!
Support for 'path=', 'uname=', 'gname=', 'size=', and 'atime=' pax
headers is useful. Others are ignored, possibly with a warning.
We were running into missing support with the 'go' extraction.
At the same time, this cleans up the way that we handle paths,
getting rid of static buffers with hidden space at the front.
when making outgoing connections, the source ip was selected
by just iterating from the first to the last interface and
trying each local address until a route was found. the result
was kind of hard to predict as it depends on the interface
order.
this change replaces the algorithm with the route lookup algorithm
that we already have which takes more specific desination and
source prefixes into account. so the order of interfaces does
not matter anymore.
Tar specifies that a filename ending with '/' is a directory. We were
incorrectly looking at the short name. This meant that when we have long
filenames with a '/' at the 100th character, we would decide it was a
directory.
This change uses the long name when deciding the size for extraction,
and trusts the header size when just skipping forward in the stream.
extract1() expects two extra bytes to be avilabe before
fname buffer so it can prepend ./ before the name. this
used to be the case with name(), but was violated when
long name support was added and getname() was used in
place of name() which did not reserve the 2 extra bytes.
this change reserves two extra bytes in the getname()'s
static buffer and also removes the extra copy as name()
already makes a copy.
Since numeric timezone offsets are relative to GMT, initialise zone to
GMT so tm2sec(2) does not assume local time.
Note that if strtotm encounters a timezone *string* and consequently
overwrites zone then we will end up in the same mess since tm2sec(2)
only deals with GMT or local time.
there was a race between the sendproc putting the request on
the sreqrd[] id and the recvproc handling the response, and
potentially freeing the request before the sendproc() was
finished with the request (or the fid).
so we defer allocating a request id and putting it on the
sreqrd[] stage after we have completely generated the
request in vpack(). this prevents the handling of the request
before it is even sent.
this also means that the SReq should not be touched after
calling sendpkt(), submitreq(), submitsreq().
secondly, putsfid() needs to acquire the RWLock to make sure
sendproc() is finished with the request. the scenario is that
recvproc() can call respond() on the request before sendproc()
has unlocked the SFid.
move digest pointer into Mtree structrue and embed it into Idx struct
(which is embedded in Message) to avoid one level of indirection
during mtreecmp().
get rid of mtreeisdup(). instead we have mtreeadd() return the old
message in case of a collision. this avoids double lookup.
increase the hash table size for henter() and make it a prime.
on 386, the kernel memory region is mapped using huge 4MB pages
(when supported by the cpu). so the uncached pte manipulation
does not work to map the cursor data with uncached attribute.
instead, we allocate a memory page using newpage() and map
it globally using vmap(), which maps it uncached.
after issuing CR_RESETEP command, we have to invalidate
the endpoints output context buffer so that the halted/error
status reflects the new state. not doing so resulted in
the halted state to be stuck and we continued issuing
endpoint reset commands when we where already recovered.
handle the devusb Ep.clrhalt flag from devusb that userspace
uses to force a endpoint reset on the next transaction.
for servers that handle incoming network connections and authentication,
change the owner of the network connection file to the authenticated user
after successfull authentication.
note that we set the permissions as well to 0660 because old devip used
to unconditionally set the bits.
permission checking had the "other" and "owner" bits swapped plus incoming
connections where always owned by "network" instead of the owner of
the listening connection. also, ipwstat() was not effective as the uid
strings where not parsed.
this fixes the permission checks for data/ctl/err file and makes incoming
connections inherit the owner from the listening connection.
we also allow ipwstat() to change ownership to the commonuser() or anyone
if we are eve.
we might have to add additional restrictions for none at a later point...
we want devip to get reattached after hostowner has been written. factotum
already handles this with a private authdial() routine that mounts devip
when it is not present. so we detach devmnt before starting factotum,
and attach once factotum finishes.
the locking in proctext() is wrong. we have to acquire Proc.seglock
when reading segments from Proc.seg[] as segments do not
have a private freelist and can therefore be reused for other
data structures.
once we have Proc.seglock acquired, check that the process pid
is still valid so we wont accidentally read some other processes
segments. (for both proctext() and procctlmemio()). this also
should give better error message to distinguish the case when
the process did segdetach() the segment in question before we
could acquire Proc.seglock.
declare private functions as static.
there was a small window between modifying mmutop and switching the
asid where the core could bring in the new entries under the old asid
into the tlb due to speculation / prefetching.
this change moves the entering of the page tables into mmutop after
setttbr() to prevent this scenario.
due to us switching to the resereved asid 0 on procsave()->putasid(),
the only asid that could have potentially been poisoned would be asid 0
which does not have any user mappings. so this did not show any noticable
effect.
when a process state has not been saved (Proc.mach != nil)
then the contents of Proc.sched should be considered invalid.
to approximate a stacktrace in this case, we use the error
stack and get a stacktrace from the last waserror() call.
pexit() and pprint() can get called outside of a syscall
(from procctl()) with a process that is in active note
handling and require floating point in the kernel on amd64
for aesni (devtls).
This fixes ocaml on non-x86 architectures, where we have code
that looks like:
#define Fl_head ((uintptr_t)(&sentinel.first_field))
Without this change, we get an error about a non-constant
initializer. This change takes the checks for pointers and
makes them apply to all expressions. It also makes the checks
stricter, preventing the following from compiling to junk:
int x;
int y = 42;
int *p = &x + y
the following code reproduces the crash:
void
foo(void)
{
}
void
main(int argc, char **argv)
{
(void)(1 ? (void)0 : foo());
}
the problem is that side() gives a false positive on the OCOND
with later constant folding eleminating the acutal side effect
and OCAST ending up with two nested OCATS with the nested one
being zapped (type == T).
make exec() clear the per process error string
to avoid spurious errors and confusion.
the errstr() syscall used to always swap the
maximum buffer size with memmove(), which is
problematic as this gives access to the garbage
beyond the NUL byte. worse, newproc(), werrstr()
and rerrstr() only clear the first byte of the
input buffer. so random stack rubble could be
leaked across processes.
we change the errstr() syscall to not copy
beyond the NUL byte.
the manpage also documents that errstr() should
truncate on a utf8 boundary so we use utfecpy()
to ensure proper NUL termination.
kvik writes:
dnsquery(8) prints the interactive prompt on stdout together with
query results, making scripted usage unnecessarily difficult.
A straightforward solution is prompting on stderr instead: as
practiced by rc(1), among many others -- promptly taking care of
the issue:
; echo 9front.org mx | ndb/dnsquery >[2]/dev/null
kvik writes:
I needed to convert the RSA private key that was laying around in
secstore into a format understood by UNIX® tools like SSH.
With asn12rsa(8) we can go from the ASN.1/DER to Plan 9 format, but not
back - so I wrote the libsec function asn1encodeRSApriv(2) and used it in
rsa2asn1(8) by adding the -a flag which causes the full private key to be
encoded and output.
the idea is to catch bugs and make kernel exploitation
harder by mapping the kernel text section readonly
and everything else no-execute.
l.s maps the KZERO address space using 2MB pages so
to get the 4K granularity for the text section we use
the new ptesplit() function to split that mapping up.
we need to set EFER no-execute enable bit early
in apbootstrap so secondary application processors
will understand the NX bit in our shared kernel page
tables. also APBOOTSTRAP needs to be kept executable.
rebootjump() needs to mark REBOOTADDR page executable.
mischief reports:
this assembler input assembles with 6a but makes 6l crash.
// 6a l.s
// 6l l.6
// _intrr: unknown relation: TEXT in _intrr
// 6l 511: suicide: sys: trap: fault write addr=0x18 pc=0x20789c
TEXT noteret(SB), 1, $-4
CLI
JMP _intrestore // works when commented
TEXT _intrr(SB), 1, $-4
_intrestore:
RET
TEXT _main(SB), 1, $-4
RET
the user should not be able to change the cache
attributes for a segment in segattach() as this
can cause the same memory to be mapped with
conflicting attributes in the cache.
SG_TEXT should always be mapped with SG_RONLY
attribute. so fix data2txt() to follow the rules.
fault() now has an additional pc argument that is
used to detect fault on a non-executable segment.
that is, we check on read fault if the segment
has the SG_NOEXEC attribute and the program counter
is within faulting page.
a portable SG_NOEXEC segment attribute was added to allow
non-executable (physical) segments. which will set the
PTENOEXEC bits for putmmu().
in the future, this can be used to make non-executable
stack / bss segments.
the SG_DEVICE attribute was added to distinguish between
mmio regions and uncached memory. only matterns on arm64.
on arm, theres the issue that PTEUNCACHED would have
no bits set when using the hardware bit definitions.
this is the reason bcm, kw, teg2 and omap kernels use
arteficial PTE constants. on zynq, the XN bit was used
as a hack to give PTEUNCACHED a non-zero value and when
the bit is clear then cache attributes where added to
the pte.
to fix this, PTECACHED constant was added.
the portable mmu code in fault.c will now explicitely set
PTECACHED bits for cached memory and PTEUNCACHED for
uncached memory. that way the hardware bit definitions
can be used everywhere.
on the 2GB and 4GB raspberry pi 4 variants, there are two
memory regions for ram:
[0x00000000..0x3e600000)
[0x40000000..0xfc000000)
the framebuffer is somewhere at the end of the first
GB of memory.
to handle these, we append the region base and limit
of the second region to *maxmem= like:
*maxmem=0x3e600000 0x40000000 0xfc000000
the mmu code has been changed to have non-existing
ram unmapped and mmukmap() now uses small 64K pages
instead of 512GB pages to avoid aliasing (framebuffer).
the VIRTPCI mapping has been removed as we now have
a proper vmap() implementation which assigns vritual
addresses automatically.
this adds a 4GB KMAP window into the kernel address space
so we can access all physical ram on raspberry pi 4 for
user pages.
note that kernel memory above KZERO is still limited
to 1GB because of DMA restrictions.
according to the following linux change, BCM2711 uses a different
method for changing pullup/down mode:
abcfd09286 (diff-cf078559c38543ac72c5db99323e236d)
gpiomeminit() was broken, using virtual address for the gpio physseg
instead of the physical one.
cleanup the code, avoid repetition by declaring static u32int *regs
variable. make local variable names consistent.
the raspberry pi 4 has a new interrupt controller and
pci support, so get rid of intrenable() macro and
properly make intrenable function with tbdf argument.
the raspberry pi4 firmware refuses to enable the GIC interrup controller
for arm64 when the .img file is not a multiple of 4 bytes. yes, this
is insane and nowhere documented.
the new raspberry pi 4 firmware for arm64 seems to have
broken atag support. so we now parse the device tree
structure to get the bootargs and memory configuration.
Ori Bernstein had Sunrise Point-H USB 3.0 xHCI Controller that would mysteriously
crash on the 5th ENABLESLOT command. This was reproducable by even just allocating
slots in a loop right after init.
It turns out, the 1.2 spec extended the Max Scratchpad Buffers in HCSPARAMS2 so our
driver would not allocate enougth scratchpad buffers and controller firmware would
crash once it went beyond our allocated scratchpad buffer array.
This change also fixes:
- ignore bits 16:31 in PAGESIZE register
- preserve bits 10:31 in the CONFIG register
- handle ADDESSDEV command failure (so it can be retried)
preallocate 2% of user pages for page tables and MMU structures
and keep them mapped in the VMAP range. this leaves more space
in the KZERO window and avoids running out of kernel memory on
machines with large amounts of memory.
when a operation receives a chain of OINDEX nodes as its operands,
each indexing step used to allocate a new index register. this
is wastefull an can result in running out of fixed registers on 386
for code such as: x = a[a[a[a[i]]]].
instead we attempt to reuse the destination register of the operation
as the index register if it is not otherwise referenced. this results
in the index chain to use a single register for index and result and
leaves registers free to be used for something usefull instead.
for 6c, try to avoid R13 as well as BP index base register.
For ape, we never enabled warnings in cflags.
Turning it on brings up a lot of warnings. Most are noise,
but a few caught unused variables and trunctaions of pointers.
to smaller integers (int, long).
A few warnings remain.
To reproduce:
gs -q -dNOPAUSE -dSAFER '-sDEVICE=ppmraw' '-sOutputFile=/dev/null' <<.
%!PS-Adobe-3.0 EPSF-3.0
%%BoundingBox: -0 -0 100 100
/size_from 10000 def
/size_step 500 def
/size_to 65000 def
/enlarge 1000 def
%/bigarr 65000 array def
0
size_from size_step size_to {
pop
1 add
} for
/buffercount exch def
/buffersizes buffercount array def
0
size_from size_step size_to {
buffersizes exch 2 index exch put
1 add
} for
pop
/buffers buffercount array def
0 1 buffercount 1 sub {
/ind exch def
buffersizes ind get /cursize exch def
cursize string /curbuf exch def
buffers ind curbuf put
cursize 16 sub 1 cursize 1 sub {
curbuf exch 255 put
} for
} for
/buffersearchvars [0 0 0 0 0] def
/sdevice [0] def
enlarge array aload
{
.eqproc
buffersearchvars 0 buffersearchvars 0 get 1 add put
buffersearchvars 1 0 put
buffersearchvars 2 0 put
buffercount {
buffers buffersearchvars 1 get get
buffersizes buffersearchvars 1 get get
16 sub get
254 le {
buffersearchvars 2 1 put
buffersearchvars 3 buffers buffersearchvars 1 get get put
buffersearchvars 4 buffersizes buffersearchvars 1 get get 16 sub put
} if
buffersearchvars 1 buffersearchvars 1 get 1 add put
} repeat
buffersearchvars 2 get 1 ge {
exit
} if
%(.) print
} loop
.eqproc
.eqproc
.eqproc
sdevice 0
currentdevice
buffersearchvars 3 get buffersearchvars 4 get 16#7e put
buffersearchvars 3 get buffersearchvars 4 get 1 add 16#12 put
buffersearchvars 3 get buffersearchvars 4 get 5 add 16#ff put
put
buffersearchvars 0 get array aload
sdevice 0 get
16#3e8 0 put
sdevice 0 get
16#3b0 0 put
sdevice 0 get
16#3f0 0 put
currentdevice null false mark /OutputFile (%pipe%echo gotce)
.putdeviceparams
1 true .outputpage
.rsdparams
%{ } loop
0 0 .quit
%asdf
.
under heavy load, factotum can return a "too much activity" error,
which upas/smtpd and upas/smtp should consider a temporary error
instead of a permanent one.
implicit casts would cause spurious "result of operation not used"
warnings such as ape's stdio putc() macro.
make (void) casts non-ops when the casted expression has no
side effects. this avoid spurious warning with ape's assert()
macro.
for historical reasons, kenfs stores directory entries in pre 9p2000
format with directories having the QPDIR bit 31 set in the qid path.
however, the 64 bit fileserver allows 64 bit qid paths.
given that we do not support pre 9p2000 clients and do not rely on
the QPDIR, but want to keep the block check tags consistent, we will
*INVERT* the QPDIR bit in directory entry qid paths for directories.
this preserves the on-disk semantics (for < 31 bit qmax) but does
not complicate qid generation and recovery. also makes it easy to
convert between directory entry qid and 9p format.
C99 comments have been the default in compilers for something like 20 years
now. This means we don't need to remember to turn it on when porting software,
and gets rid of cryptic errors about unterminated character constants when
someone writes something like:
// Didn't need to...
We still accept the flag to avoid breaking mkfiles, but we do nothing with it.
This also removes the documentation, since the option does nothing now.
This change imports a few warnings and minor fixes from Charles branch
here: https://bitbucket.org/plan9-from-bell-labs/plan9.
The changes included here:
changeset: 1374:9185dc017be0
summary: declare castucom; move a declaration into order;
use cast instead of ULL suffix
changeset: 1353:5fe8380b1818
summary: supporting functions:
1. castucom to match unlikely mask operation;
2. be sure to snap both sides of pointer subtraction completely;
3. add extra operators as side-effect free
changeset: 1352:90058c092d66
summary: 1. correct result type for mixed-mode assignment operators
2. detect divide by zero (erik);
3. detect masks misformed by sign-extension;
4. diagnose mixed old/new prototypes
To complement the new cl-routes field, the bootp static routes option has been
renamed to cf-routes and the network/gateway pairs are separated with a right
arrow.
key exchange with git@github.com fails as they appear to try to
negotiate a mac algorithm even tho we use an AEAD cipher which
does not use a mac algorithm.
the work around is to supply a dummy mac algorithm that they
can negotiate to make them happy.
always clean AND invalidate caches before dma read,
never just invalidate as the buffer might not be
aligned to cache lines...
we have to invalidate caches again *AFTER* the dma
read has completed. the processor can bring in data
speculatively into the cache while the dma in in
flight.
Amavect wrote:
> mkone and mkmany have backwards targets for installing man pages.
> This patch makes 'mk man' actually work for mkfiles that include mkone.
> mkmany is not easily fixed without breaking changes.
> It may go without saying that external repos should write their own mkfiles.
we override atag memory on reboot, so preserve
the memsize learned from atag as *maxmem plan9
variable. the global memsize variable is not
needed anymore.
avoid trashing the following atag when zero
terminating the cmdline string.
zero memory after plan9.ini variables.
the Ipselftab is designed to not require locking on read
operation. locking the selftab in ipselftabread() risks
deadlock when accessing the user buffer creates a fault.
remove unused fields from the Ipself struct.
initialize the rate limits when the device gets
bound, not when it is created. so that the
rate limtis get reset to default when the ifc
is reused.
adjust the burst delay when the mtu is changed.
this is to make sure that we allow at least one
full sized packet burst.
make a local copy of ifc->m before doing nil
check as it can change under us when we do
not have the ifc locked.
specify Ebound[] and Eunbound[] error strings
and use them consistently.
remove references to the unused Conv.car qlock.
ipifcregisterproxy() is called with the proxy
ifc wlock'd, which means we cannot acquire the
rwlock of the interfaces that will proxy for us
because it is allowed to rlock() multiple ifc's
in any order. to get arround this, we use canrlock()
and skip the interface when we cannot acquire the
lock.
the ifc should get wlock'd only when we are about
to modify the ifc or its lifc chain. that is when
adding or removing addresses. wlock is not required
when we addresses to the selfcache, which has its
own qlock.
mark reader process pointers with (void*)-1 to mean
not started yet. this avoids the race condition when
media unbind happens before the kproc has set its
Proc* pointer. then we would not post the note and
the reader would continue running after unbind.
etherbind can be simplified by reading the #lX/addr
file to get the mac address, avoiding the temporary
buffer.
when the exclusive monitor is cleared, a event is generated
which we can use to wake up idlehands. that way we do not
need to wait for the next timer interrupt until a cpu takes
work from the run queue.
