* With the previous commit, we can now move functions that require
calling mmu_map_physical_memory to where they should have been
originally. This also allows the SMP safe mode menu entries to
be properly generated, now that smp_init is called prior to
main().
Change-Id: I05ddca5273b11cb4846021664c1ea2cf8ba723b7
* mmu_map_physical_address will get called prior to calling main()
which leaves us without a heap, malloc, and new. Instead, use
the kernel args physical allocated range array, and then
convert to our allocated memory region type on-demand.
Change-Id: I265fd165ef7143681e8e40c3686fda1a583c20dc
The call to smp_... is not working since it relies on gKernelArgs being
fully initialized, which it isn't at this stage in the EFI loader. Jessica
says that in order to have that happen, the heap would also need to be
initialized early, which it also is not.
At least you can now force a safe videomode, which is enough for me to
be able to test video drivers.
* install syscall handlers in compatibility mode.
* copy the syscall entry in the compatibility commpage, ATM only for Intel
SYSENTER.
* copy the thread exit handler in the compatibility commpage.
Change-Id: Ic350799938815194377d8a4560cb106fe7366cc6
* File locks created by flock should only apply for the file descriptor
that was used to lock the file. Another fd on the same file should then
be denied access (calling flock should fail).
* fcntl based locks, however, are in a separate namespace and are global
to a team.
* This issue was found when running webkitpy test suite, and should close
ticket #13795.
* Don't use session or team as comparison in release_advisory_lock(), as
that information might not be available anymore (e.g. when called from
Team::~Team()). This fixes#14121.
Change-Id: I9efb96cfcefe7e72b0060220c635a665e7e643cc
Co-authored-by: Axel Dörfler <axeld@pinc-software.de>
* This gives us a solid automatic entry point to u-boot
* A uEnv.txt specifies the fdt file name
* This should work on any modern u-boot for most architectures
* Non-mmc targets will likely need some work
Change-Id: I9a00316a213a15e85d3f2e18574d64920d9bdb76
* x86_64_signal_handler_compat is a dump of x86 x86_signal_frame_function().
* the x86 compiler should be used to produce this code, which ends up in the
commpage.
Change-Id: I03da02c376f67ff83dbaba9bcb144da726463996
* x86 uses a commpage with 32-bit addresses, incompatible with the one used for
x86_64. For this reason, a compatibility commpage is needed to support a 32-bit
userland on x86_64.
* define ADDRESS_TYPE as a macro for addr_t (default) or uint32 (for the 32-bit
commpage).
* team_create_thread_start_internal() will use clone_commpage_area() with
KERNEL_USER_DATA_BASE or clone_commpage_compat_area() with
KERNEL_USER32_DATA_BASE, to setup the correct commpage.
* real_time_clock (in compatibility mode) also updates the compatibility
commpage with real time data.
Change-Id: I61605077ce0beabab4439ef54edd1eae26f26fd2
* define ELF32_COMPAT to enable ELF32 macros.
* add a flag ELF_LOAD_USER_IMAGE_TEST_EXECUTABLE to only check the format.
It will be used by load_image_internal() to check which mode to use when
loading an image.
* in arch_elf_relocate_rel(), switch to elf_addr instead of addr_t, which
would be the wrong size for elf32 on x86_64.
* the ELF compat loader reuses the relevant parts of elf.cpp and arch_elf.cpp,
excluding for instance load_kernel_add_on() or dump functions.
Change-Id: Ifa47334e5adefd45405a823a3accbd12eee5b116
* only for Intel sysenter/sysexit.
* the entry function processes stack arguments as follows:
we look up the syscall in the table, find the number of arguments.
reserve place on the stack for the arguments.
copy arguments on the stack
pop register arguments
call the syscall function
place the return value in ax and dx registers.
* TODO: we need to store the arguments somewhere for the post-syscall tracing.
* the thread exit stub is 32-bit, for the time being use hexadecimal instructions.
Change-Id: Ie5c502eb596d4fa7613d238de80643566bc19ed8
* also adjust BOOT_GDT_SEGMENT_COUNT for x86, the definition is used by the
boot loader.
* add some 32-bit definitions.
* add a UserTLSDescriptor class, this will be used by 32-bit threads.
Change-Id: I5b1d978969a1ce97091a16c9ec2ad7c0ca831656
the x86_64 compat syscall entry needs size and offset of parameters to
handle them correctly to the syscall function. struct extended_syscall_info
and struct syscall_parameter_info provide parameter count, size and offsets.
Change-Id: I7e5c7b6e19e757b28b43c3b3419b7071fae321f8
use x86 as default sSearchPathSubDir in compatibility mode.
use the generic memset/memcpy when x86_64 is the primary arch.
Change-Id: Ib464c308ff97f7ae2482ef4c037de1b1bb2bf61b
the standard x86 implementation uses the commpage, which is difficult to setup. we could
also use the C++11 version instead.
Change-Id: I4be7e3466082ff2c91bc32bef377a664ce65f3fc
* A Node/Partition cannot be member of two lists at once. This
resolves an issue where a partition cannot be found later
due to corruption of a NodeList.
* The kernel's advisory locking implemenation must not be used if the
file system has its own (ie. network file systems).
* Added ASSERT to free_vnode() that assures there is no locking left;
I recently had a lot of them around.
Since wait_for_objects can wait on sems, threads and ports in addition
to FDs, limiting to RLIMIT_NOFILES as in the select/poll case does not
work. Since space is allocated for the wait objects in kernel memory,
limiting their number to a valid range is still desireable.
The limit is now placed at the sum of max sem, thread and port count
plus RLIMIT_NOFILES.
This also fixes a signed vs. unsigned comparison warning in
check_max_fds introduced in hrev51866.
It was limited to a uint32 and could for example be overflown by the
slab MemoryManager that uses size_t on a 64 bit system.
This aligns the signature with create_area() that already uses size_t
for the size argument.
Note that the function is currently private, so the impact should be
limited.
* Show old page table location and provide more feedback
* 16 int32 * 0x10000000 > sizeof(int32), fix to uint32
Change-Id: Ib68c34f5d3c6bfa1da53241e6586c07e4e494750
Output-only events (B_EVENT_ERROR, B_EVENT_DISCONNECTED and
B_EVENT_INVALID, with B_EVENT_INVALID masked out before passing down
events) are used to indicate error, so they should not be notified if
the vnode does not have select().
Bug: 13965
Output-only events (B_EVENT_ERROR, B_EVENT_DISCONNECTED and
B_EVENT_INVALID, with B_EVENT_INVALID masked out before passing down
events) are used to indicate error, so they should not be notified if
the device does not have Select().
Bug: 13965
Output-only events (B_EVENT_ERROR, B_EVENT_DISCONNECTED and
B_EVENT_INVALID, with B_EVENT_INVALID masked out before passing down
events) are used to indicate error, so they should not be notified if
the filesystem does not explicitly provide an fd_select() override.
Bug: 13965
* use MergeObject even if we don't need the merged object: the rule does what
is needed and is standardly used for instance in libroot.so.
* add a grist to source files for the bootstrap glue.
SMAP will generated page faults when the kernel tries to access user pages unless overriden.
If SMAP is enabled, the override instructions are written where needed in memory with
binary "altcodepatches".
Support is enabled by default, might be disabled per safemode setting.
Change-Id: Ife26cd765056aeaf65b2ffa3cadd0dcf4e273a96
gcc does re-align the stack in the main() function prologue, however,
we still need to set the right alignment for other cases: thread entry,
.init and .fini code that is executed before main() is called or after
it has returned, and signal handlers which may use a separate stack.
Part of #10509
* avoid assignment in if statements
* use boolean conditions
* use copy_from_user_value/copy_to_user_value instead of user_memcpy
* no functional changes except user buffer addresses check in:
_user_get_next_disk_device_id(), _user_get_disk_system_info(),
_user_get_next_disk_system_info(), _user_find_disk_system()
* remove TODO "Add user address checks and check return values of user_memcpy()!".
It appears as if there is a typo in printf_size.c; it makes
no sense to compare an unitialized variable in such a way.
Since `info->width` is referenced later on in the variable
assignment, it seems possible that the intended statement
was to place the larger of the values between `info->width`
and `info->prec` into `width`.
Fixes CID 609431.
korli: Patch applied in cddfcf2f87
was incomplete. This patch completes with what upstream did in 2004:
fa5753eede.patch
Signed-off-by: Jérôme Duval <jerome.duval@gmail.com>
Previously dead teams were always returned (as needed for wait/waitpid).
Using waitid it should however be possible to omit the WEXITED flag to
only get stopped (WUNTRACED | WSTOPPED) or continued (WCONTINUED) teams.
Adjust the other caller of the _kern_wait_for_child syscall, used by the
various less specific wait* functions, to always include WEXITED. This
avoids having to special case waitid in the syscall interface or with an
extra flag.
Add a check to ensure that any of these flags is set to avoid the now
possible case of nothing being specified. This fails with B_BAD_VALUE
(EINVAL) as on other systems.
On other systems their values are usually aliased. We defined them as
two different values, but didn't handle WSTOPPED anywhere. The check
is now simply extended to cover both bits.
When wait_for_child was called with a child argument equal to the
current team, the team was locked again to check if it was a child of
itself.
This is now handled the same way as on other systems, where this case
results in ECHILD (and not EINVAL).
It was discussed and introduced based on docs that some systems
need this to shutdown properly. I can find no mention of this in
ACPICA or ACPI docs.
This needs to be re-evalutad, as all my shutdowns been successful
after disabling it and I can't locate where this info came from
or if it actually helped.
See 1316462ab0 for original commit
and bug 12306 on current shutdown issue.
Previously I had intended to take the simpler route and just lock the
already-inserted team before setting the io_context (as in prior commits),
but after hearing some reports from users that some other seemingly
unrelated KDLs had possibly cleared up after the first iteration of
that fix, I decided to go with this route instead.
Now we do not insert the team into the parent and hash and send the
notification until just before the team's main thread is actually started;
i.e. we now initialize not only io_context but also the team's args, VM
address space, and user data (and if creation of any of these fails
we do not inset the team into the hash at all.)
Since the team structure was not locked at all while this initialization
was taking place, any number of race-dependent bugs could have been
caused by this on multicore systems.
The KDL in #13861 was apparently caused by a NULL io_context. I read over
the Team code and have applied the following fixes here as a result:
1. A NULL io_context is entirely possible, as implied by the NULL check
before deinitializing it in Team's destructor, so account for that.
2. Team objects have a class-wide lock which must be acquired before
directly accessing class members, so use that here.
First part of the fix for #13861.
calloc, when multiplying to find the true size of memory desired
by a user, will occasionally overflow if the numbers are too
large. This commit makes calloc ensure that the multiplication
does not overflow by dividing the result by one of the numbers,
and checking to ensure that the result is equal to the other
number. If there is overflow, it is treated as an OOM error.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
The glue code pushed 12 bytes to the stack, breaking the 16-byte stack
alignment requirement. This would be fixed by the main() prologue from
gcc, but all "init" and "fini" code (static/global constructors/ destructors)
would run with a misaligned stack.
This was already fixed for x86_64 in hrev49731. Note that the fix here
is slightly different, the pointer is realigned after it is saved to EBP
and the function epilogue restores it from EBP, so no changes to crtn.S are
needed.
The base VMCache class changed to the generic_ types with their
introduction in in *2011* (435c43f591),
but these classes were never properly adapted. These functions should not
be called here (they panic() -- but the base class only returns B_ERROR,
so that is a difference at least.)
Found by Clang's -Woverloaded-virtual.
- Don't remove .eh_frame in the linker scripts, as this saves little
space in practice, and results in debug binaries of the runtime loader
not being properly debuggable due to missing canonical frame
information.
* When SystemProfiler::_MaybeNotifyProfilerThreadLocked() is called
and the conditions are right, it will lock the thread's scheduler
spinlock and unblock it. Internally, the unblock will enqueue the
thread into the run queue, which causes a ThreadEnqueuedInRunQueue
event for SystemProfiler. Since the conditions haven't changed, it
now went into _MaybeNotifyProfilerThreadLocked again (this time
from the profiler thread context). In there, it will try to lock
the profiler thread's scheduling spinlock, which is already locked
by the other thread (which is firmly sleeping). Deadlock, KDL.
* Before unblocking the profiler thread, unset fWaitingProfilerThread
so that further events will not try to unblock it again.
Under normal conditions this will behave identically. But when using LD_PRELOAD
or the like, some shared objects (and dependencies) are loaded before the
app image is, and on the secondary arch on hybrid builds, will fail to load
any of their dependencies due to sSearchPathSubDir not being set.
Fixes#12214, which had plagued users of libroot_debug for a long time now.
This should have been done along with the time_t change, but I forgot
to check this then.
Technically this breaks ABI against BeOS, but:
1. BeOS used an int32, so we'd already slightly broken ABI here
2. Only one thing at HaikuArchives (VMwareAddons) and one recipe at HaikuPorts
(samba) uses this function at all.
If it turns out some critical BeOS app uses this, then I guess we can enclose
GCC2 guards around it, but since I can't find any evidence of that, I'm
pushing it without them for now.
This reverts commit 2960780faa.
Sorry for the noise; I thought I'd run a compile but apparently it was
only a partial one.
It seems that the netboot core is linked into the main bootloader
no matter the build configuration, which means that since this one
function was called, the linker tried to resolve all the other symbols
from that static library. Which of course failed.
The NetStack.h header is currently not usable from C code. So while
net_stack_init() is called from platform code, we cannot call
net_stack_cleanup() from OpenFirmware's platform_start_kernel().
Thus call it directly from main()'s cleanup TODO, having assured
that the function is a no-op when no network stack was initialized.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
The UDP service does not own the UDP sockets. When shutting down,
inform the bound sockets that the service is no longer available.
This allows subsequent method calls to error out cleanly.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
Add a cleanup function net_stack_cleanup() that calls a new NetStack::ShutDown() method.
Make sure this method works even if the network stack was never initialized.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
It is currently done in both ~EthernetService() and ~NetStack().
Since NetStack is where it's added and where an explicit accessor function is provided,
choose that location.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
* With the amd64 architecture, the stack fault exception got a new
meaning: it is raised when an instruction tries to access a
non-canonical address, and the stack is referenced in the
instruction (e.g. by its addressing mode).
So unlike on x86, this is not a fatal exception and shouldn't
trigger a KDL -- instead, it is to be treated like a general
protection fault, terminating the team which caused it.
* Fixes#13744
For readers waiting in select() or simply in read(),
B_SELECT_DISCONNECTED notification didn't wake them anymore.
Now, cascade notifications to be sure to wake them, either
on POLLHUP, POOLERR/B_SELECT_ERROR or, at worst, from read().
See #7859 for details.
* Eventually BoardSetups and target boards will go away.
* Include all known fdt's in the mmc image
* This gets us closer to target board-less arm
* Changing hardware is as simple as plugging a new fdt
into u-boot's startup script.
* Drop my original rpi1 work. We're targetting ARMv7
minimum.
* gcc will emit 64-bit (_8) atomic functions on 32-bit
powerpc architectures. This stubs them out for now
with a warning.
* We could do more here, but i'm just getting PPC
bootstrapped to get the nightly builds going again.
* We could also just completely drop PPC.. but it was
pretty close pre-pm... so I'd hate to lose that work.
Both the user-mode syscalls.h and the kernel-mode one define it
as an int32, not a time_t, and as it's a timezone offset not
an actual time, there's no reason it needs to be one.
Various symbolic links (/bin, for example) in the root directory have
no read, write or execute permissions. This prevents non-privileved users
from logging in.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
Fixes#13530.
The same wording was used for two unrelated things: using the VESA
driver, and forcing a specific resolution. Relabel the menu items to
make it clear that they are not related.
fixes#8887
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
This allows the loader to skip BFS partitions that don't contain
a bootable system. Useful when you have a BFS data partition that
comes before the system partition when iterated over.
Currently, only the UEFI loader actually returns more than one
possible partition.
* This allows KPath to not allocate a buffer when initialized
without path.
* Added test cases for this.
* Added test for LockBuffer().
* Enhanced tests to allow building them in debug mode.
* Moved calling vfs_normalize_path() into own private method.
* Improved error codes; B_NO_MEMORY is now only returned if the
allocation actually failed.
* If used with LAZY_ALLOC, Path() and LockBuffer() are now allowed
to return a NULL path.
* Normalize() now returns the error code that vfs_normalize_path()
returns.
* Leaf() now returns "" instead of "/" for the root. It's not used
outside of KPath.
* Adapted RemoveLeaf() to deal with this correctly.
* "KPath = string" no longer changes the buffer size.
* Added missing operator tests for =, ==, and !=.
* IOBuffer::FreeVirtualVecCookie() did not put the last physical page
back. This was only an issue in case GetNextVirtualVec() wasn't
iterated through the end, for example in case of an error.
* Fixed the condition when to put back a physical page; the current
solution will also work with the generic page mapper implementation.
* This fixes the low hanging fruits of Ingo's comment in #5777.
* Both functions need to wait when encountering a busy vnode, in order
not to create a race condition in combination with get_vnode().
* This should fix both #5262, and #9839.
* I did not implement Ingo's suggestion to burden the file systems with
solving the problem for the following reasons:
- I think the file system interface should be as simple as possible.
- I can't think of a possible locking issue at least for BFS.
- The solution on the file system side would look pretty similar to
what the VFS already does or has to do (minus controlling the locking
directly), so it would cause quite a functional duplication.
* Solves #13388 and likely a bunch of other bug reports.
* While this *is* an issue that can potentially be serious,
there really isn't a risk of data loss or a system
instability, only broken PCI devices. Show warning and
keep going.
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
This patch was never applied after GSoC 2012. Rebase the parts that
still apply so we can close the ticket.
Fixes#9490.
* Whilst in WcharToMultibyte, we correctly convert our UTF-32
wchar characters to multibyte, the same wasn't done in
MultibyteToWchar. Now, if we detect a leading surrogate,
we'll re-read the multibyte sequence with space for a UTF-16
pair, which allows U16_GET to correctly convert the UTF-16
byte sequence into the needed UTF-32 codepoint.
Fixes#13184.
* We don't have kernel/userspace access to UEFI at this point
either, and with some firmware, if we don't keep the
runtime memory identity mapped, then the loader dies. This
will fix booting on such machines, and shouldn't have any
impact on already working machines.
* Maintain a list of all MESSAGING_DEVICE_PATH and
MEDIA_DEVICE_PATH handles, so we can avoid adding devices
multiple times.
* Split up platform_add_boot_device() into separate functions
for better readability (add_cd_devices, add_boot_device_for_image,
etc.).
* This is useful for UEFI, as we can then add the device that
contains the UEFI loader, as well as all CD devices. As a
result, if the device with the UEFI loader doesn't contain
a bootable BFS partition, it will then attempt the same for
CD devices.
This allows me to find and boot disks and cds(*)
platform_add_boot_device tries to find the disk of the EFI partition
As on other platforms if boot disk isn't found platform_add_block_devices
will be called.
platform_add_block_devices will find all block devices that arn't partitions as
they are handled by Haiku already.
Currently first found suitable partition will be selected.
TODO:
* pass in partition UUID's as boot-loader arg to setup boot for
any partition.
* Better cd detection
* Better disk_identifier
*) vfs_boot.cpp is very restrictive when it comes to booting cds.
It either do very Anyboot check where boot partition should be at offset 0,
which isn't true for EFI. In my case it's not even on that disk.
Or it only allow data session partition types.
This is currently failing as the Anyboot partition type is BFS.
This is an implementation of pthread barriers pursuant to the relevant specification.
Barriers are essentially a special case of conditional variables,
such that all threads waiting on one are woken up when the number of
waiters reaches a number provided at the initialization of the barrier.
In view of that, this implementation mimics the implementation of pthread_cond,
except it is more specialized and self-contained.
Signed-off-by: Jérôme Duval <jerome.duval@gmail.com>
* Fixes problems with setting the partition name after uninitializing
a partition in DriveSetup. Previously, UninitializeJob() was
followed by SetStringJob(), but the kernel was updating the
change counter for the parent partition when uninitializing a
partition, leading to SetStringJob() having an incorrect change
counter for the parent partition. Now the parent change counter
will be correct when SetStringJob() runs.
* Ingo rightly noticed that the defer_signals counter is reinitialized on
thread's user area creation. Setting the flag THREAD_CREATION_FLAG_DEFER_SIGNALS
indeed gives the expected behavior, deferring signals until undefer_signals() is
called in the child thread. Thanks for the review and fix suggestion.
* Added a simple test showing the values of the defer_signals counter after fork().
* Also defer signals while registering fork hooks.
* While malloc provides fork heap hooks which lock the heaps and unlock/reinit,
malloc_debug provides empty hooks.
* Ideas suggested by Ingo, patch reviewed by him. Thanks a lot!
* Also call fork parent hooks on failure.
* Solve locks-up when combining multithreading and process forking, should help
with #13111.
If WP is not enabled then the kernel can freely write to read-only user
pages, which breaks copy-on-write.
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
This is separate to the VESA driver, as the VESA driver requires
using the VBE BIOS. Under UEFI, we don't have the VBE BIOS, nor
are we able to switch modes after leaving UEFI Boot Services, so
a dumb framebuffer driver seemed like the easier way to approach
the problem.
The framebuffer & vesa drivers now test for the presence of the
VESA_MODES_BOOT_INFO boot item to distinguish between which driver
to use. Also added check for the VESA mode count to determine
whether to add the VESA_MODES_BOOT_INFO item.
UEFI video updated to explicitly zero out the VESA and EDID
boot data.
The SpinLocker was always initialized to fThread->time_lock even though
fThread may be NULL. This looks like a simple oversight as the rest of
the method handles fThread being NULL and the team variants of these
timers have very similar logic and do the NULL check as well.
This fixes the last remaining KDL in the posixtestsuite.
Chunks may be physically contiguous, but virtually disjoint. Adding
physical addresses may cause ranges to be merged incorrectly.
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
While struct tm makes things more confusing than they need to be,
nothing in the API prevents handling those. So let's just accept them.
Fixes some strange cases in the cookie test suite (with a cookie set to
expire in year 101 B.C.)
Some libraries buildsystems (eg. zlib) somehow prevent the symbol from
being exported. We should fix that, but binaries with missing symbols
are already out there, so we need to handle them in any case.
The format for the .comment string changed at some point, and this
fallback code would always fail for files built only with "new" versions
of gcc.
Also consider gcc 5 to be ABI version 4, since it is still compatible
with the old ABI (and provides a new one side by side).
See https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html
for infos on GCC ABI changes in GCC 5.
This however doesn't help with the 64bit float operations that
gcc emits when assigning the physical framebuffer address in kernel_args,
which is a packed struct...
* Commit 337c4ccf introduced usage of plain memcpy in
get_next_frame_no_debugger(), when the frame is already
known to be on the kernel stack. However, it also needs
to check that the end of the frame is still within the
stack bounds. Otherwise this can cause a KDL if bp does
not point to a valid complete frame anymore and is
near a page boundary. Although with commit e477b10c such
cases should already be avoided, it's still safer to
check this here in case of e.g. analyzing broken stacks.
* No need to continue walking the stack when a zero return
address is found, only bogus frames will follow
* Fixes KDLs seen when using the system profiler, due to
a bug that will be fixed in the next commit...
