Depending on the use case the grow size may be too large to fit into
address space holes. Instead of failing try with smaller sizes until
it either worked or doesn't make sense anymore (< 1MB).
Pages that are freed are added to the tail of the list while allocation
candidates are taken from the head. Therefore pages that have been free
the longest are preferred, making immediate re-use less likely.
Also avoid looking for pages if the free count already tells that the
allocation can't be fulfilled.
This allows to use the debug features of the guarded heap also on
allocations made through the object cache API. This is obivously
horrible for performance and uses up huge amounts of memory, so the
initial and grow sizes are adjusted accordingly.
Note that this is a rather simple hack, using the object_cache pointer
to transport the allocation size. The alignment is neglected completely.
The call to _MakeSpace() may move the extent data from the indirect
array (kept in a heap allocation) to the direct one kept inside the
class. In that case the lastExtent pointer would become stale and
further use of it would've lead to suboptimal extents in the best case
to reading/writing at the wrong point in files and possibly corruption
of another allocation in the worst (both unlikely though).
To mitigate that we now re-initialize the pointer to the correct location
if we hit the cache limit.
Also made the use of the start variable more understandable. Instaed of
decrementing it (possibly wrapping) when an extent wasn't going to be
used and later adding the vector index again, just increment whenever
we actually move to the next extent.
For bad things to happen a few conditions needed to come together though:
1. There needed to be multiple vectors that could be combined with the
existing last extent.
2. There first needed to be more extents than the cache limit and that
number then had to decrease below the cache limit again.
3. The memory needed to stay intact after being freed up until after the
evaluation (or similar enough data had to be written to it).
At least the last one was guaranteed to not be true anymore since we
re-introduced overwritting freed memory with 0xdeadbeef in the slab,
therefore nastily hiding this. I'm not sure that the first condition is
ever met either (probably the vectors are combined beforehand so that
there never are multiple adjacent ones) at least for the normal use case
(the page writer writing back pages). I was at least unable to reproduce
an actual file corruption in my testing.
Just the out of bounds access to the stale pointer happened rather easily
though and is now at least fixed.
Further in the process the flat argument size is rounded up, but the
actual allocation was done with the unaligned size causing an access
beyond the allocation when later copying the flat arguments. It didn't
do any actual harm as the block sizes of our allocator(s) use elements
that have at least such an alignment.
This is a very simple heap implementation that allocates memory so that
the end of each allocation always coincides with a page end and is
followed by a guard page which is marked non-present. Out of bounds
access (both read and write) therefore cause a crash (unhandled page
fault).
Note that this allocator is neither speed nor space efficient, indeed it
wastes huge amounts of pages and address space so it is quite easy to
hit limits. It is intended as a pure debug feature.
This adds a pair of functions vm_prepare_kernel_area_debug_protection()
and vm_set_kernel_area_debug_protection() to set a kernel area up for
page wise protection and to actually protect individual pages
respectively.
It was already possible to read and write protect full areas via area
protection flags and not mapping any actual pages. For areas that
actually have mapped pages this doesn't work however as no fault, at
which the permissions could be checked, is generated on access.
These new functions use the debug helpers of the translation map to mark
individual pages as non-present without unmapping them. This allows them
to be "protected", i.e. causing a fault on read and write access. As they
aren't actually unmapped they can later be marked present again.
Note that these are debug helpers and have quite a few restrictions as
described in the comment above the function and is only useful for some
very specific and constrained use cases.
They can be used to mark pages as present/non-present without actually
unmapping them. Marking pages as non-present causes every access to
fault. We can use that for debugging as it allows us to "read protect"
individual kernel pages.
Getting the object slab does a hash lookup which needs to be protected
by the cache lock. Otherwise the hash table may be resized or otherwise
modified while we do the lookup, leading to errors.
* The vm86 code or the code running in virtual 8086 mode may clobber the
%fs register that we use for the CPU dependent thread local storage
(TLS). Previously the vm86 code would simply restore %fs on exit, but
this doesn't always work. If the thread got unscheduled while running
in virtual 8086 mode and was then rescheduled on a different CPU, the
vm86 exit code would restore the %fs register with the TLS value of
the old CPU, causing anything using TLS in userland to crash later on.
Instead we skip the %fs register restore on exit (as do the other
interrupt return functions) and explicitly update the potentially
clobbered %fs by calling x86_set_tls_context(). This will repopulate
the %fs register with the TLS value for the right CPU. Fixes#8068.
* Made the static set_tls_context() into x86_set_tls_context() and made
it available to others to faciliate the above.
* Sync the vm86 specific interrupt code with the changes from hrev23370,
using the iframe pop macro to properly return. Previously what was
pushed in int_bottom wasn't poped on return.
* Account for the time update macro resetting the in_kernel flag and
reset it to 1, as we aren't actually returning to userland. This
didn't cause any harm though as only the time tracking is using that
flag so far.
* Some minor cleanup.
We don't need to explicitly track the covered/covering nodes per mount
after all. In fs_unmount() we iterate through all vnodes multiple times
anyway and can deal with the covers/covered_by vnodes there. Also, the
root vnode doesn't need to be handled specially anymore.
* Add support function vfs_get_mount_point(), so a file system can get
its own mount point (i.e. the node it covers). Re-added
fs_mount::covers_vnode for that purpose -- the root node isn't know to
the VFS before the mount() hook returns.
* Add function vfs_bind_mount_directory() which bind-mounts a directory
to another. The Vnode::covers/covered_by mechanism is used, so this
isn't true bind-mounting, but sufficient for what we need ATM and
cheaper as well. The vnodes connected thus aren't tracked yet, which
is needed for undoing the connection when unmounting.
* get_vnode_name(): Don't use dir_read() to read the directory. Since we
have already resolved vnode to the covered vnode, we don't want the
dirents to be "fixed" to refer to the covering nodes. Such a vnode
simply wouldn't be found.
* Introduce Vnode flags for covered and covering. Can be used as a quick
check when one doesn't already hold sVnodeLock.
* Rename resolve_mount_point_to_volume_root() to
resolve_vnode_to_covering_vnode().
* Adjust all code that deals with transitions between mount points and
volume root vnodes to generally support covered/covering vnodes.
Bring the changes that aren't package management related and the ones
that are but don't take effect as long as they are ignored by the build
system into the master.
Summary of changes:
* Introduce private header <directories.h> with constants for a good
deal of paths that should usually be retrieved via find_directory().
* Replace hard-coded paths by using find_directory() or the
<directories.h> constants (e.g. in drivers and the kernel).
* Add find_directory() constants needed for package management.
* Add __HAIKU_ABI_NAME and B_HAIKU_ABI_NAME macros.
* src/apps/deskbar: BeMenu.* -> DeskbarMenu.*,
DeskBarUtils.* -> DeskbarUtils.*
* Change deskbar menu settings directory from ~/config/be to
~/config/settings/deskbar.
* Other smaller cleanups, changes, and fixes.
* this avoids spurious errno changes leaking into application code,
which could become confused - i.e. 'rm' on a gcc4 build would always
prompt for confirmation
I spend a couple of hours hunting down the behavioural difference
between gcc2- and gcc4-builds and it turns out that the reason for that
is that gcc4's libstdc++-code initializes its own locale data via the
POSIX calls, which trigger (correct) errno value changes, which were the
ones leaking into application code.
* add errno_private.h, which defines the __set_errno() macro with
and without tracing
* instead of setting errno manually, all libroot's code now invokes
__set_errno(), which makes it much easier to trace changes to errno
* redirect glibc's use of __set_errno() to our own version
* update copyrights of locale backend files
Multibyte-support has been rewritten to use ICU as backend.
While this does not necessarily work properly in every aspect
(e.g. the shell still has [different] problems with multibyte-
characters now), it does fix#6263 and #7700.
* add implementations for the following multibyte-related
functions:
btwoc()
mblen()
mbrlen()
mbrtowc()
mbsinit()
mbtowc()
wcrtomb()
wcswidth()
wctob()
wctomb()
* the implementation of the above function live in a symbol
named __<name>, the above symbol names are defined as a weak
alias to the internal ones - TODO: we need to make sure to
only invoked the internal functions (i.e. prepended with __)
in order to avoid problems with symbol preemption.
* deactivate the limited mb implementation we provided before,
as well as respective stuff from glibc
* add actual converter methods MultibyteToWchar() and WcharToMultibyte()
to locale backend and implement them in the ctype subpart
* add management code for maintaining converters referenced by mbstate_t
Validate the candidate child device a bit more by checking the device ID
and the base and subclass of the device. We don't even know if the child
is still on the PCI bus and some firmware may mark disabled devices by
simply invalidating one of these values. Possibly fixes#8111.
Added TODO concerning that we might not want to fail at all since we
ensure that we matched all devices after routing preparation at which
state we would notice any missing child devices anyway.
