sleeps in between. If it helps, good. If it doesn't, oh well, at
least we tried. pthread_create() returning EAGAIN has been observed in
real life at least on Linux (buildrump.sh issue #40)
the number of host cores, but that value is overkill for most uses,
especially with massively multicore hosts. Dozens of useless virtual
CPUs are relatively speaking expensive in terms of bootstrap time and
memory footprint. On the other end of the spectrum, defaulting to 2
might shake out some bugs from the qemu test runs.
a bit too future-proof. I think long is enough there (let's just
hope nobody redefines "nano"). Also, make seconds signed just in
case someone wants their clock to be in 1901.
have been possible for "readers" to reach visibility before "writer"
when another CPU took the lock, thus leading the previous owner to
incorrectly think that it still owned the lock in rw_write_held().
Also, remove duplicate clause from assert().
unified rumpuser_getparam(), and make it return a plist. The
contents can come e.g. from the env or a config file. Make
identifiers starting with an underscore denote system identifiers
which must be implemented by hypervisor. (yea, j/k about the plist bit)
Reduce the set of hypercalls to one: "do block i/o". This not only
eliminates a lot of pseudo-duplicate code, it also gives the
hypervisor a lot more freedom on how to optimize the i/o.
It's then the hypervisor's problem to translate it accordingly.
Now we no longer have to worry about the kernel having to know the
hypervisor's time and vice versa.
a spin mutex (i.e. does not relinquish cpu context while trying to
take the mutex).
Bump the hypercall interface version number. I'll be doing a bunch
of other cleanups to simplify the interface for the benefit of
alternative hypervisor implementations. I'll be riding this bump
and doing a second one only after I'm finished with all of the
changes.
component. This cleans up the generic hypercall interfaces from ones
specific to only one component. They should always have been private,
but the infrastructure to "make it so" didn't exist earlier.
no functional change
get processed. This applies to ones which were linked statically.
Unfortunately, that's where it got a bit tricky, since the dlsym()
interface searches the handle and all its dependencies. For the main
object the list of dependencies includes all the dynamic rump kernel
components that were included when the binary is linked. So, a long
story short, make only one pass through the objects to harvest all the
component entries, weed out the dupes, and initialize components from
an in-memory dupe-free list when so requested.
calls which are not supported on Linux and therefore cannot be
handled by the rump kernel side syscall emulation (not that they'd
be present in the calling binaries anyway).
arc4random() hacks in rump with stubs that call the host arc4random() to
get numbers that are hopefully actually random (arc4random() keyed with
stack junk is not). This should fix some of the currently failing anita
tests -- we should no longer generate duplicate "random" MAC addresses in
the test environment.
count. Remove now unused GETVECWORDn macro.
This is needed to make it work on alpha which use non-standard 64bit
values for the symbol hash table section, unlike all other archs.
slightly better in the multithreaded exec case in terms of partial
frames sent. Plus, it's theoretically a little cheaper.
There's still a gray area with partial transfer from sendmsg(),
but I'm not sure I care enough about some academic scenario to
start fixing it (it basically needs an OOB exec signaller).
the exec handshake to return.
In addition to being The Right Thing To Do, fixes some nasty
conditions for CLOEXEC fd's (or at least does so in theory, I
couldn't create any problems although I tried).
rump tcp/ip stack:
* sshd likes to fork and then re-exec itself
==> trap execve() and augment the env with the current parameters
essential to a rump kernel (kernel communication fd, information
about dup2'd file descriptors)
* sshd likes to play lots of games with pipes, socketpairs and dup{,2}()
==> make sure we do not close essential rump client descriptors:
dup() them to a safe place, except for F_CLOSEM where we
simply leave them alone. also, partially solved by the above,
make sure the process's set of rump kernel descriptors persists
over exec()
* sshd likes to chdir() before exec
==> for unix-style rump_sp(7) sockets save the full path on the
initial exec and use it afterwards. thread the path through
the environment in execve()
a wedge. This still lacks the proplibistic query of the sector
size and just assumes 512. It's good that we make asking a file's
size as simple as requiring one stat(), one open() and three (3)
different ioctls plus some proplist mumbojumbo. I'm surprised it's
available at all by means other than #wish.
code mostly from Taylor R Campbell, rant from me.
two or more syscall requests before any worker thread ran, we might
not have enough threads to handle the requests. In some scenarios
this could lead to a deadlock.
the kernel server is lost, the client will now automatically attempt
to reconnect.
Among other things, this makes it possible to "reboot" and restart
the TCP/IP stack from under firefox without any perceivable less
of service. If pages were loading at the time the TCP/IP server
was killed, there may be some broken links, but nothing a ctrl-r
cannot fix.
in the socket before we shut down. This way the response to the
syscall travels to the caller and they know things worked correctly
instead of having to just assume.
* don't hold spc mutex while sending data
* use send() for the banner to avoid SIGPIPE in case a client
connects and immediately goes away
* fix error path locking
* use kevent() instead of pollts() in the client. Apparently that
is the only sensible way for a library to support both multithreading
and signal-reentrancy in a race-free manner.
(can I catch all signals with one kevent instead of installing
NSIG different ones??)
* mark client comm descriptor non-blocking so that clients have
better signal-interruptibility (we now sleep in signal-accepting
kevent() instead of signal-masked recvfrom())
requests which have a 0-length response (such as copyin 0/0).
This change makes links(1) work against a rump kernel which contains
rumpnet_local. The presence of unix domain sockets caused links
to select() with 0 fds and a timeout, and because copyin never woke
up in the kernel the application blocked indefinitely.
dlsym(RTLD_NEXT) to lookup a host_syscall() function pointer which
is used instead of syscall() to communicate with the kernel server.
WARNING: popular opinion classifies this as "ugly code". if you
have a weak heart/mind/soul/sole meuniere, read max. 1 line of the
diff per day, preferably with food.
violent disconnect. Fixes some race conditions (maybe the one
occasionally showing up on tests/rump/rumpkern/t_stress).
thanks to schmonz for some discussion
It's pretty much a placeholder for now. One plan for the future
is to require some sort of authentication for superuser clients.
The code will need a little massage then, though, to prevent DoS
attacks.
