* gcc will emit 64-bit (_8) atomic functions on 32-bit
powerpc architectures. This stubs them out for now
with a warning.
* We could do more here, but i'm just getting PPC
bootstrapped to get the nightly builds going again.
* We could also just completely drop PPC.. but it was
pretty close pre-pm... so I'd hate to lose that work.
Both the user-mode syscalls.h and the kernel-mode one define it
as an int32, not a time_t, and as it's a timezone offset not
an actual time, there's no reason it needs to be one.
Various symbolic links (/bin, for example) in the root directory have
no read, write or execute permissions. This prevents non-privileved users
from logging in.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
Fixes#13530.
The same wording was used for two unrelated things: using the VESA
driver, and forcing a specific resolution. Relabel the menu items to
make it clear that they are not related.
fixes#8887
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
This allows the loader to skip BFS partitions that don't contain
a bootable system. Useful when you have a BFS data partition that
comes before the system partition when iterated over.
Currently, only the UEFI loader actually returns more than one
possible partition.
* This allows KPath to not allocate a buffer when initialized
without path.
* Added test cases for this.
* Added test for LockBuffer().
* Enhanced tests to allow building them in debug mode.
* Moved calling vfs_normalize_path() into own private method.
* Improved error codes; B_NO_MEMORY is now only returned if the
allocation actually failed.
* If used with LAZY_ALLOC, Path() and LockBuffer() are now allowed
to return a NULL path.
* Normalize() now returns the error code that vfs_normalize_path()
returns.
* Leaf() now returns "" instead of "/" for the root. It's not used
outside of KPath.
* Adapted RemoveLeaf() to deal with this correctly.
* "KPath = string" no longer changes the buffer size.
* Added missing operator tests for =, ==, and !=.
* IOBuffer::FreeVirtualVecCookie() did not put the last physical page
back. This was only an issue in case GetNextVirtualVec() wasn't
iterated through the end, for example in case of an error.
* Fixed the condition when to put back a physical page; the current
solution will also work with the generic page mapper implementation.
* This fixes the low hanging fruits of Ingo's comment in #5777.
* Both functions need to wait when encountering a busy vnode, in order
not to create a race condition in combination with get_vnode().
* This should fix both #5262, and #9839.
* I did not implement Ingo's suggestion to burden the file systems with
solving the problem for the following reasons:
- I think the file system interface should be as simple as possible.
- I can't think of a possible locking issue at least for BFS.
- The solution on the file system side would look pretty similar to
what the VFS already does or has to do (minus controlling the locking
directly), so it would cause quite a functional duplication.
* Solves #13388 and likely a bunch of other bug reports.
* While this *is* an issue that can potentially be serious,
there really isn't a risk of data loss or a system
instability, only broken PCI devices. Show warning and
keep going.
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
This patch was never applied after GSoC 2012. Rebase the parts that
still apply so we can close the ticket.
Fixes#9490.
* Whilst in WcharToMultibyte, we correctly convert our UTF-32
wchar characters to multibyte, the same wasn't done in
MultibyteToWchar. Now, if we detect a leading surrogate,
we'll re-read the multibyte sequence with space for a UTF-16
pair, which allows U16_GET to correctly convert the UTF-16
byte sequence into the needed UTF-32 codepoint.
Fixes#13184.
* We don't have kernel/userspace access to UEFI at this point
either, and with some firmware, if we don't keep the
runtime memory identity mapped, then the loader dies. This
will fix booting on such machines, and shouldn't have any
impact on already working machines.
* Maintain a list of all MESSAGING_DEVICE_PATH and
MEDIA_DEVICE_PATH handles, so we can avoid adding devices
multiple times.
* Split up platform_add_boot_device() into separate functions
for better readability (add_cd_devices, add_boot_device_for_image,
etc.).
* This is useful for UEFI, as we can then add the device that
contains the UEFI loader, as well as all CD devices. As a
result, if the device with the UEFI loader doesn't contain
a bootable BFS partition, it will then attempt the same for
CD devices.
This allows me to find and boot disks and cds(*)
platform_add_boot_device tries to find the disk of the EFI partition
As on other platforms if boot disk isn't found platform_add_block_devices
will be called.
platform_add_block_devices will find all block devices that arn't partitions as
they are handled by Haiku already.
Currently first found suitable partition will be selected.
TODO:
* pass in partition UUID's as boot-loader arg to setup boot for
any partition.
* Better cd detection
* Better disk_identifier
*) vfs_boot.cpp is very restrictive when it comes to booting cds.
It either do very Anyboot check where boot partition should be at offset 0,
which isn't true for EFI. In my case it's not even on that disk.
Or it only allow data session partition types.
This is currently failing as the Anyboot partition type is BFS.
This is an implementation of pthread barriers pursuant to the relevant specification.
Barriers are essentially a special case of conditional variables,
such that all threads waiting on one are woken up when the number of
waiters reaches a number provided at the initialization of the barrier.
In view of that, this implementation mimics the implementation of pthread_cond,
except it is more specialized and self-contained.
Signed-off-by: Jérôme Duval <jerome.duval@gmail.com>
* Fixes problems with setting the partition name after uninitializing
a partition in DriveSetup. Previously, UninitializeJob() was
followed by SetStringJob(), but the kernel was updating the
change counter for the parent partition when uninitializing a
partition, leading to SetStringJob() having an incorrect change
counter for the parent partition. Now the parent change counter
will be correct when SetStringJob() runs.
* Ingo rightly noticed that the defer_signals counter is reinitialized on
thread's user area creation. Setting the flag THREAD_CREATION_FLAG_DEFER_SIGNALS
indeed gives the expected behavior, deferring signals until undefer_signals() is
called in the child thread. Thanks for the review and fix suggestion.
* Added a simple test showing the values of the defer_signals counter after fork().
* Also defer signals while registering fork hooks.
* While malloc provides fork heap hooks which lock the heaps and unlock/reinit,
malloc_debug provides empty hooks.
* Ideas suggested by Ingo, patch reviewed by him. Thanks a lot!
* Also call fork parent hooks on failure.
* Solve locks-up when combining multithreading and process forking, should help
with #13111.
If WP is not enabled then the kernel can freely write to read-only user
pages, which breaks copy-on-write.
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
This is separate to the VESA driver, as the VESA driver requires
using the VBE BIOS. Under UEFI, we don't have the VBE BIOS, nor
are we able to switch modes after leaving UEFI Boot Services, so
a dumb framebuffer driver seemed like the easier way to approach
the problem.
The framebuffer & vesa drivers now test for the presence of the
VESA_MODES_BOOT_INFO boot item to distinguish between which driver
to use. Also added check for the VESA mode count to determine
whether to add the VESA_MODES_BOOT_INFO item.
UEFI video updated to explicitly zero out the VESA and EDID
boot data.
The SpinLocker was always initialized to fThread->time_lock even though
fThread may be NULL. This looks like a simple oversight as the rest of
the method handles fThread being NULL and the team variants of these
timers have very similar logic and do the NULL check as well.
This fixes the last remaining KDL in the posixtestsuite.
Chunks may be physically contiguous, but virtually disjoint. Adding
physical addresses may cause ranges to be merged incorrectly.
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
While struct tm makes things more confusing than they need to be,
nothing in the API prevents handling those. So let's just accept them.
Fixes some strange cases in the cookie test suite (with a cookie set to
expire in year 101 B.C.)
Some libraries buildsystems (eg. zlib) somehow prevent the symbol from
being exported. We should fix that, but binaries with missing symbols
are already out there, so we need to handle them in any case.
The format for the .comment string changed at some point, and this
fallback code would always fail for files built only with "new" versions
of gcc.
Also consider gcc 5 to be ABI version 4, since it is still compatible
with the old ABI (and provides a new one side by side).
See https://gcc.gnu.org/onlinedocs/libstdc++/manual/using_dual_abi.html
for infos on GCC ABI changes in GCC 5.
This however doesn't help with the 64bit float operations that
gcc emits when assigning the physical framebuffer address in kernel_args,
which is a packed struct...
* Commit 337c4ccf introduced usage of plain memcpy in
get_next_frame_no_debugger(), when the frame is already
known to be on the kernel stack. However, it also needs
to check that the end of the frame is still within the
stack bounds. Otherwise this can cause a KDL if bp does
not point to a valid complete frame anymore and is
near a page boundary. Although with commit e477b10c such
cases should already be avoided, it's still safer to
check this here in case of e.g. analyzing broken stacks.
* No need to continue walking the stack when a zero return
address is found, only bogus frames will follow
* Fixes KDLs seen when using the system profiler, due to
a bug that will be fixed in the next commit...
BeRometer works now.
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
This is a private API, but some apps used it anyway. We don't need a
complete implementation to at least make BeRoMeter run.
Fixes#5146.
The code was resetting the pointer to NULL, instead of setting the
pointed char to null-terminate the string. The result was resolving the
current directory later on, instead of the parent as requested.
This only happened when calling open_from with O_CREAT, and a name with
sub-directories inside it. The boot loader never does that, so the code
wasn't used until now.
Fixes#12941.
Thanks to mt for spotting the problem.
This separates the objects required for the various boot
loaders, allowing the build system to be able to build
for different targets alongside each other. Currently
only done for bios_ia32 vs efi, as both loaders will be
needed for the x86_64 images.
The HashMap constructor was called before the heap is initialized,
ending up calling malloc from the OpenHashMap constructor.
Oddly it was still working on x86 but broke other platforms.
Instead we add a Lookup() static method to Partition,
which by default walks gPartitions for the id,
and recursively calls itself on the children lists.
This means we must add a partition even temporarily to gPartitions
before Scan()ing it though.
Signed-off-by: François Revol <revol@free.fr>
EFI boot needs -fpic but all boot code was built with -fno-pic.
This is now set accordingly in HAIKU_BOOT_CCFLAGS and
HAIKU_BOOT_C++FLAGS.
Also setup compile flags for EFI platform.
* Only set HAIKU_BOOT_PLATFORM to bios_ia32 if not defined
* Add gnuefi build feature
* Introduce BOOT_LDFLAGS, and move options for passing to linker
into ArchitectureSetup
* x86_64 compile fixes for warnings in boot loader
* loader/elf.cpp: don't include ELF32 support when targeting EFI
* relocation_func.cpp: copy of the relocation code from gnuefi
to make _relocate extern "C", and avoid including <efilib.h>
* boot_loader_efi.ld: copy of gnuefi's elf_x86_64_efi.lds,
modified to include support for C++ constructors, etc. Keep in
sync with the gnuefi package
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
The #pragma weak does not work, the symbol is not defined and when
already defined, it is not made weak. Moreover, it does not make the
symbol global so we need to declare it with a FUNCTION.
If we want the symbol to be weak, then we should use .weak to do so. The
_longjmp symbol should also be changed to match, in that case.
Fixes#12912.
A few weeks back, I spotted in the Musl FAQ that they apparently ship
empty libm.a and libpthread.a files (https://www.musl-libc.org/faq.html),
which they said was for POSIX compatibility. A bit of digging got me to
http://pubs.opengroup.org/onlinepubs/9699919799/utilities/c99.html which
says:
> It is unspecified whether the libraries libc.a, libl.a, libm.a, libpthread.a,
> librt.a, [OB] [Option Start] libtrace.a, [Option End] libxnet.a, or liby.a
> exist as regular files. The implementation may accept as -l option-arguments
> names of objects that do not exist as regular files.
So to follow the letter of the law, we only need to have the "c99" command
accept these; however, it appears all Linux and BSD cstdlibs accept them
no matter what compliance mode is in effect.
Discussed with PulkoMandy. This will make HaikuPorts' job a lot easier...
- This is how it is named in other versions of elf.h (Linux, glibc, possibly more)
- ELF_MAGIC is used by libelf for the same thing, and the defines conflicts,
breaking libelf build on Haiku.
The boot still crashes some time later, but at least it is easier to
test now.
- PackageFS included in the net boot archive
- Tell the system it is booted "from image" when netbooting
* The Haiku specific notes contain a structure size field, now.
* Change the type of the count and size fields in the Haiku specific
notes to uint32 also for 64 bit ELF. The size field for a note is a
uint32 anyway.
* Add function core_dump_write_core_file(). It writes a core file for
the current thread's team. The file format is similar to that of
other OSs (i.e. ELF with PT_LOAD segments and a PT_NOTE segment), but
most of the notes are Haiku specific (infos for team, areas, images,
threads). More data will probably need to be added.
* Add team flag TEAM_FLAG_DUMP_CORE, thread flag
THREAD_FLAGS_TRAP_FOR_CORE_DUMP, and Team property coreDumpCondition,
a condition variable available while a core dump is progress. A
thread that finds its flag THREAD_FLAGS_TRAP_FOR_CORE_DUMP set before
exiting the kernel to userland calls core_dump_trap_thread(), which
blocks on the condition variable until the core dump has finished. We
need the team's threads to stop so we can get their CPU state (and
have a generally unchanging team state while writing the core file).
* Add user debugger message B_DEBUG_WRITE_CORE_FILE. It causes
core_dump_write_core_file() to be called for the team.
* Dumping core as an immediate effect of a terminal signal has not been
implemented yet, but that should be fairly straight forward.
Similar to arch_get_debug_cpu_state(), but the thread whose CPU state
to retrieve is specified. Works only for threads that aren't running,
and on x86-64 we can get the FPU state only when the thread was
interrupted in userland.
Not implemented for the incomplete architecture ports.
This resolves a TODO: We used thread_interrupt() to wake up the thread
from an interruptable wait. However, if the thread was already in the
kernel and about to start waiting, that would have no effect and the
thread would wait anyway. Now there's the new non-blockable signal
SIGNAL_DEBUG_THREAD, which is sent to the thread instead, making sure
that thread doesn't start waiting.
* When a watched directory contains a mount point, we need to resolve
the actual parent directory of the mount point in the file system to
serve the monitor.
* Added a directory argument for notify_{stat/attribute}_changed().
* This allows to watch only a directory, and get the notifications for
all of its files, not just add/remove entry notifications.
* Use print format macros to fix the 64 bit build.
* Correct a typo in the shift of the trigger mode definition. As the
value is 0 either way, this does not make a functional difference.
* Use macros instead of values in comparisons.
- Termios: cf{get,set}{i,o}speed can handle arbitrary speed values.
- The value is stored in the appropriate fields of the termios structure
in this case. The old constants (stored in the flags) are preserved
for BeOS binary compatibility.
- Adjust the FTDI FT232* driver to accept custom rates, by replacing the
hardcoded regster values with a function that will compute it
according to FTDI documentation (confirmed giving the same values for
the existing baudrates).
* Reverts f3e381dd
* Details in #12633
* For some unknown reason, this change breaks an Intel Core 2
system from booting (Dell Optiplex 960, E8400)
* If anyone has any ideas on why, let me know :-)
The heap implementation of the runtime_loader was switched to the one
of the bootloader in 6f0994d but was since updated independently.
To keep the diff between the two implementations as small as possible,
the bootloader implementation was first copied to the runtime_loader
and then some features not relevant in the runtime_loader (like the
special large allocation handling) have been removed and the
runtime_loader specific features (grow_heap, add_area) have been
reintegrated. But basically this applies 96689a5..HEAD of
src/system/boot/loader/heap.cpp to the runtime_loader heap.
This brings in the switch from a linked list to a splay tree based
free chunk management. Since the allocation counts in the runtime_loader
are rather small, this does not perceptibly affect performance in either
direction though.
The needed storage space for tracking the allocation size was not
accounted for when growing the heap. Since the growth size is always
rounded up to a multiple of 32KiB, this did almost never matter as the
new allocation wouldn't need the full size. If the allocation did
happen to need the full size however, the newly added area would always
be too small. As the allocation attempt was simply restarted after each
successful growth, this lead to an endless loop creating small new
areas, which would then quickly starve the system for memory.
Haiku does not yet support certain features related to POSIX threads.
Constants used to test for the presence of these features should
therefore be left undefined, according to the POSIX spec, but are
currently set to -1. This can cause software built on Haiku to
incorrectly detect the presence of these features.
* unistd.h: Undefine _POSIX_THREAD_ATTR_STACKADDR,
_POSIX_THREAD_PRIORITY_SCHEDULING feature constants.
* conf.cpp: __sysconf: Return -1 for unsupported features.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
This commit replaces the placeholder implementation of sbrk(), which
operated on a process' heap, with real implementations of brk() and
sbrk() that adjust a process' program break.
* unistd.h: Add standard definitions of brk() and sbrk(); include
stdint.h for intptr_t.
* thread.cpp: Recognize RLIMIT_AS and RLIMIT_DATA resource limits
(both currently unlimited); order limit identifiers alphabetically.
* arch-specific.cpp: Remove sbrk_hook().
* malloc_debug_api.cpp: Remove sbrk_hook().
* unistd/Jamfile: Build brk.c instead of sbrk.c.
* unistd/brk.c: Add.
* unistd/sbrk.c: Delete (placeholder implementation).
* libroot_stubs.c: Remove sbrk_hook().
* libroot_stubs_legacy.c: Remove sbrk_hook().
* src/tests/.../posix/Jamfile: Build brk_test.c.
* brk_test.c: Add (simple unit test that demonstrates behaviour of
sbrk()).
Signed-off-by: Jérôme Duval <jerome.duval@gmail.com>
The anonymous namespace makes type definitions local to the translation
unit (like static does for objects). For pretty much any type not shared
across multiple files this is what one wants to happen (and might
erroneously expect to happen automatically).
This commit solves some actual collisions that were present:
* The VFS and the rootfs both used an incompatible VnodeHash struct for
their BOpenHashTable.
* XSI semaphores and message queues both used queued_thread, Ipc and
IpcHashTableDefinition.
For release builds these did not cause problems as the types were fully
inlined. Debug builds would crash at boot however because parts of a
BOpenHashTable<VnodeHash> from the rootfs meant to operate on struct
rootfs_vnode would be applied to one from the VFS expecting struct
vnode.
As such collisions are violations of the one definition rule, the code
is at fault and unfortunatley the compiler isn't required to diagnose
such problems across translation units (which isn't actually trivial).
This can lead to subtle and hard to debug problems and it's therefore
best to avoid leaking types into the global namespace whenever possible.
The opendir and closedir/free_dircookie hooks were called with
mismatched vnode. It seems only googlefs is actually affected by this,
since all other fs without a get_vnode_name just don't are about the
passed vnode arg to closedir and free_dircookie.
Now I should really get some sleep!
Reduce duplication of code by
* Removing from elf_common.h definitions available in os/kernel/elf.h
* Deleting elf32.h and elf64.h
* Renaming elf_common.h to elf_private.h
* Updating source to build using public and private ELF header files
together
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
The use of an unreliable test for relocatability effectively broke
runtime_loader's support for non-position-independent executables, as it
would insist on randomly positioning these files' segments in memory
anyway causing the program to quickly crash.
With this change runtime_loader uses the object type specified in the
file's header to determine whether its segments can be safely relocated,
restoring support for non-PI executables.
Fixes#12427.
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
* Add -fgnu89-inline flag for libroot/posix/glibc
* Change __GNUC__ == 4 to __GNUC__ >= 4
Signed-off-by: Adrien Destugues <pulkomandy@pulkomandy.tk>
Fixes#11990, most of the changes had already been done.
* devfs: set st_rdev to the inode number of the node being queried. This
may not be the best thing to do, as it does not match what is set in
st_dev for other files, so it can't be used to find which device
stores a particular file. I'm not sure if st_rdev is actually used that
way anywhere, however.
* vfs: do not clobber st_rdev with -1 for "special" (device) files.
Refactor the code a little so setting the common attributes is done in
a single place.
Fixes#12390.
POSIX requires SIGTTOU to be sent to a process in a background process
group that tries to change the foreground process group ID associated
with its controlling terminal, unless the process is ignoring SIGTTOU or
the calling thread is blocking it. Previously the code checked the
former condition but not the latter, making it possible for calls to
tcsetpgrp() to get stuck in a loop and never return.
Should fix#3417.
Signed-off-by: Augustin Cavalier <waddlesplash@gmail.com>
Changed from white on red background, to yellow on black
(neutral) background. Red on black made it look like a
warning, whereas yellow feels more informative.
* This should fix ticket #4157, although I probably have missed
something.
* In any case, it no longer messes with the ref counts of the
file descriptor, and the race condition in put_fd() should be
gone.
* It's still rather messy all in all.
* Each io_context now has a "inherit_fds" member that decides whether
or not this context allows to inherit FDs to its children.
* This replaces the former O_CLOEXEC mechanism.
Previously the thread member was overwritten with the freeing thread
when a page was freed, leading to confusion when hitting unallocated
pages due to the debugger message still stating "allocated by thread".
Track the freeing thread separately as it might be interesting to know
both, which thread initially allocated and which thread eventually freed
an allocation.
These are always allocated using an area. The allocation size is
increased as to guarantee the availability of a suitable address. The
pages between the allocation info and the actual, aligned start address
and the pages past the allocation end are then protected.
This commit also fixes corruption of the allocation info for large
allocations that used areas. The alignment wasn't taken into account
when calculating the amount of space needed. The alignment could then
lead to rounding down the allocation start such that it would overlap
with the allocation info.
It provides a way for filesystems to cache a lookup failure and
therefore prevents repeated lookups of missing entries. This is a
common scenario for example in command lookup and compiling, where
each directory in PATH or each include directory is searched for the
given entry.
* Using native assembly functions would be a lot faster,
but would require quite a bit of changes to glibc.
* This gets arm linking for now... I'd personally like
to see musl in here in the future for gcc4 images. (pre-R2)
The individual debug heap implementations are now exposed via a
structure of function pointers and a common frontend dispatches the
malloc and malloc_debug APIs through them.
The MALLOC_DEBUG environment variable can be used to select the guarded
heap by adding 'g', otherwise the debug heap is used as the default.
Consequently the separate libroot_guarded is not needed anymore and has
been removed.
To allow the use of environment variables this early, init_env_post_heap
has been added and the heap dependent atfork() moved there. This allowed
to fold the code of init_heap_post_env into init_heap so the former has
been removed.
fts.c:
- Our fts functions were imported from FreeBSD and consequently did not
use the same weak alias methodology that most of our glibc-derived
POSIX functions do. These subsequently wound up clashing with the
implementation of said functions in current versions of coreutils,
resulting in assertion failures when e.g. running a program through
stdbuf, since the BSD-derived functions had different flag constraints
than their GNU peers. Consequently, this change adjusts the fts_*
family of functions to similarly be exported as weak symbols so they
can be preempted.
- B_DEBUG_MESSAGE_CONTINUE_THREAD now checks if the thread in question
is in a suspended state rather than waiting on the debug nub port, and
if so, handles resuming it automatically. This allows the continue message
to be used on the main thread of a team that was freshly created under
debug control without the API user having to be cognizant of the distinction.
- According to POSIX, these functions should map to whatever's appropriate
for the platform's intmax_t size, which in our case is a 64-bit integer.
Our (2004) implementation, however, was calling the 32-bit variations of
strto*(), leading to truncation for larger values.
* This closes#12114 again; while not POSIX, it's just a line away.
* Removed exect() from the header -- not sure where this came from.
but I can't find anything about it on the net.
* Consolidated use of asterisk style in exec.cpp.
* When creating the port of the registrar's authentication manager, we
now set it manually, so that the user/group functions work.
* This allows LaunchDaemon::_StartSession() to set up the user, and
groups as needed.
* get_roster_port_name() is no longer needed.
* This also removes the app_server restart code from the debug
server -- this will be done by the launch_daemon in the future.
* Instead of letting the kernel search for the syslog port, the
daemon now registers itself with the kernel (which even solves
a TODO).
* A port is created for the actual log messages from the launch_daemon,
and used on start.
* However, the SyslogTest does not yet work, due to the BMessage <->
KMessage communication problems.
* These methods don't really work yet, as BMessage doesn't support
replying with a KMessage; the request is received, but the reply
never gets to the target.
* This is actually working already, although we cannot reproduce all
the features of the former Bootscript yet. This is without any
dependency support in launch_daemon.
* All shell activity like cleaning out /tmp, setting up the environment,
setting the time, etc. is not yet working.
* This enables a mechanism to profile almost the complete boot process
(starting with main2()), if SYSTEM_PROFILER is defined to 1.
* You can access the profiling data using "profile -r".
* Fixes sharing semantics, so non-shared semaphores in non-shared
memory do not become shared after a fork.
* Adds two new system calls: _user_mutex_sem_acquire/release(),
which reuse the user_mutex address-hashed wait mechanism.
* Named semaphores continue to use traditional sem_id semaphores.
If it was already determined that the memory is within the kernel
stack, a simple memcpy is enough.
This allows capturing kernel stack traces in situations where a fault
handler cannot be installed (i.e. where one is already installed).
The concept of entry point in COFF is actually different than in ELF.
In COFF, the entry point is actually a "descriptor" (pointer) to the actual
start code. So we patch the entry point address when calling objcopy.
Now my old Performa 5400/180 actually starts the loader correctly \o/
* We don't change the data cache (and other) settings.
Interesting to know their state on each platform.
* Not used by default as it needs called after
serial-init in u-boot
* The changes for pi2 support led to the virtual addresses overlapping
with the page table again on the beagle, because the kernel address
space overlaps with the physical RAM identity mapped. Try to find a
memory range in a way that will work in both cases.
The stack base and end addresses are stored in TLS slots that are
prepared when enabling stack traces and filled in lazily on use for
each thread. This avoids the need of calling get_thread_info to get
these values.
Also simplifies the code somewhat due to proper frame skipping support.
It can be used to get a stack trace of the current thread. Note that
this works by walking frame pointers and will not produce anything
useful if an application is compiled with the frame pointers omitted.
The stack base and end addresses have to be provided as arguments and
are used to check that the frame pointers fall within that range. These
values are thread specific and can be retrieved with get_thread_info().
No other sanity checks (like checking for loops in the linked list) are
done.
This is a simplified rewrite of the stack trace code from the kernel
debugger.
As this code is common to x86 and x86_64 but is not generic across
architectures I introduced x86_common as a directory to put such
sources.
Extend the get_nearest_symbol_at_address() private runtime_loader
export to include imageName and exactMatch arguments.
The imageName holds the SONAME of the image, if available, so cannot
neccessarily be extracted from the image path.
Whether or not there was an exact match, i.e. the symbol with its size
contains the address, is now returned in exactMatch.
This adds libroot_guarded.so to the HaikuDevel package. It is the same
as libroot_debug with the debug heap swapped out for the guarded heap.
The guarded heap has some useful features that make it desirable to use
while having the disadvantage of a large memory and address space
overhead which make it unusable in some situations. Therefore the
guarded heap cannot simply replace the debug heap but should still be
made available. As the heap init needs to happen even before having
environment variables, the heap to use can not be chosen dynamically.
Exposing them through their own libraries is the next best thing.
When enabled (using heap_debug_dump_allocations_on_exit(true) or
MALLOC_DEBUG=e) this causes a dump of all remaining allocations when
libroot_debug is unloaded. It uses terminate_after to be called as
late as possible.
When combined with alloc stack traces this makes for a nice if a bit
crude leak checker. Note that a lot of allocations usually remain
even at that stage due to statically, lazyly and globally allocated
stuff from the various system libraries where it isn't necessarily
worth the overhead to free them when the program terminates anyway.
When configured to do so (using heap_debug_set_stack_trace_depth(depth)
or MALLOC_DEBUG=s<depth>) the guarded heap now captures stack traces on
alloc and free.
A crash due to hitting a guard page or an already freed page now dumps
these stack traces. In the case of use-after-free one can therefore see
both where the allocation was done and where it was freed.
Note that there is a hardcoded maximum stack trace depth of 50 and that
the alloc stack trace takes away space from the free stack trace which
uses up the rest of that maximum.
The get_stack_trace syscall generates a stack trace using the kernel
debugging facilities and copies the resulting return address array to
the preallocated buffer from userland. It is only possible to get a
stack trace of the current thread.
The lookup_symbol syscall can be used to look up the symbol and image
name corresponding to an address. It can be used to resolve symbols
from a stack trace generated by the get_stack_trace syscall. Only
symbols of the current team can be looked up. Note that this uses
the symbol lookup of the kernel debugger which does not support lookup
of all symbols (static functions are missing for example).
This is meant to be used in situations where more elaborate stack trace
generation, like done in the userland debugging helpers, is not possible
due to constraints.
For it to be available we build malloc_debug in C++11 mode when not
using GCC2. Note that max_align_t is not in the std namespace in GCC4
versions prior to GCC 4.9. The extra "using namespace std" is there to
be forward compatible once we update.
These were here for debugging purposes, as often it is a sign of
inconsistencies. However, for USB disks this is a normal occurence
when someone janks out of the device without unmounting first.
Make sure we log these cases though, as it still helps debugging.
Fix sponsered by http://www.izcorp.com
This allows for something similar as was implemented in 217f090 but
makes it optional and configurable.
The MALLOC_DEBUG environment variable now can take "a<size>" to set
the default alignment to the specified size. Note that not all
alignments may be supported depending on the heap implementation.
This reverts commit 217f090f9e.
At least for the guarded heap this completely defeats the purpose. If
software requires a certain alignment it should request it using
memalign explicitly instead of assuming it.
* based on current glibc sysdeps/nptl/bits/libc-lock.h file.
* include missing headers which were previously included by libc-lock.h.
* This fixes#11182.
* drop my fdt tests
* we have to call fdt parsing code *after* cpu_init (why?)
* pass fdt pointer to all FDT support calls to avoid confusion
once we get into the kernel land
* look for PL011 compatible uart and use it
* Add some saftey checks to serial putc code to avoid null*
* fdt_node_check_compatible returns 0 on success not 1
* fdt_get_device_reg needs to add the SOC base to the result
* fdt_get_device_reg might need to add the second range cell
instead of reg?
The comparison to decide whether or not to reuse the name buffer when
renaming a rootfs entry was reversed. For renames where the new name
was longer than the old one this resulted in writing beyond the name
buffer and corrupting random kernel memory.
A likely candidate for this to be triggered was when a audio cd was
renamed due to a CDDB lookup, as the placeholder "Audio CD" is quite
short and the actual CD name is usually longer.
Fixes: #10259. Possibly fixes the related #9528 and #9858.
* Move more code into fdt_support
* We now can query FDT registers based on name or alias
* Return addr_t where it makes sense
* Copyright change ok'ed by mmu_man
* This isn't be best long-term place for this code,
will likely move to some generic FDT support code.
* We pass a path like "/soc/gpio" and get back the
base physical register address in memory minus
the range offset.
* The existing code set the first available pa and va to
the end of the page dirctory.
* The arm mmu code was attempting to identity map (va==pa)
the memory, but also wanted memory to be in kernel space.
This allocation method isn't possible on all boards
(including the pi)
* We're adjusting the dynamic ram to KERNEL_LOAD_BASE
plus the max size of the kernel. (which is what most
other platforms are doing)
* The Raspberry pi 2 uses a new SoC which differs slightly
from the Raspberry Pi 1.
* Someday these two board targets could go away when we get
FDT support.
* To while there was some compatibility between
BCM2708 and BCM2805, it makes the BCM2806 changes
more confusing. We don't have any valueable BCM2708
targets.
I misread the condition and broke this in 0687a01. Thanks to Axel for
reviewing!
* Refactor the code again to move all the error checking at the top of
the function, to make it easier to read.
The API allows to create driver settings which are not added to the
global list, however those were left partially uninitialized, and there
was no way to cleanly delete them.
Tag such unattached settings with a ref_count of -1, and have
delete_driver_settings check for this and handle the case correctly.
Note: #10494 comment 2 says the settings for packagefs shouldn't be
added to the kernel driver settings list, which is why I went with this
solution. An alternative would be always using the list and the
reference counting, but I don't know what the consequences are.
Fixes#10494.
* This is not allowed by strdup POSIX specs and GCC may use its builtin
strdup which doesn't check for it.
* also refactor parse_driver_settings_string to create the
settings_handle using settings_new, to reduce code duplication.
Sorry, I can't test all cases when building from Haiku.
Including <new> after the fs shell wrapper makes the compiler fail
because new needs a size_t argument (not an fssh_size_t). But including
it before also fails because it includes C++ typedefs without the fssh
wrapper, leading to conflicts.
Undefining size_t just for the include of <new> isn't very clean, but
seems to work. new gets a size_t argument as it should and the other
typedefs aren't conflicting.
* Add an fs-shell compatible version of BOpenHashTable in the fs_shell
to keep it working. The header is renamed to KOpenHashTable to avoid a
conflict with the OpenHashTable.h available in private/shared which is
not API compatible.
- When normalizing paths of the preloaded modules to their final mounted
path, remove them from the hash table before updating their path. Otherwise,
the remove would fail due to the hash no longer matching, which in turn
would cause the code in question to introduce an infinite loop in the
hash table's internal link list due to manually rewriting the next link.
* offsetof is not allowed on non-POD types so we need to use
offset_of_member (gcc2 accepts offsetof, and C++11 relaxed the
constraints on where it is allowed so it should work there too)
* we have offset_of_member as a workaround until we switch to C++11,
move it from khash (which is soon to be removed) to list.h which is the
other place where it is used (for this one single call in our whole
codebase)
Also fix a typo in vfs.cpp.
As a result of the refactoring for OpenHashTable, the iterator semantics
have changed a bit, such that the end of the table is no longer signalled
by the iterator returning NULL. This wasn't taken into account during
refactoring, which would lead to various places returning the last item
in the list in the case where no matching item was found, causing e.g.
drivers not to be loaded properly. This fixes the boot hang regressions
introduced in hrev48640.
Could lead to wrongly setting the TYPE_MINUTE flag for an invalid (>59)
number of minutes. Harmless, as that flag is never used.
For completeness, also set the flag for seconds (also never used).
Fixes#11552.
gcc2 was relying on the c99 functions being there, but they are not in
the std namespace.
* Disable the C99 functions and macros in C++ mode
* Redefine them as inline functions in cmath in the std namespace.
Fixes#7396.
I had a KDL when trying to read an audio CD which apparently uses this
as a copy protection scheme.
I don't know if this is the right place to do this, the KDL would happen
further down when the intel partitionning system or bfs would try to
read data from the disk at offset -2048.
While the partitioning system does publish partitions as block
devices and report their size in stat(), the old BeOS-style
drivers have no means of reporting it this way.
So we fall back to ioctl(B_GET_GEOMETRY) to find out the size.
This avoids having to copy the strings.
For now we disregard argv[] as it is not remapped before
being used in add_stage2_driver_settings() and is not used
by the linux entry point.
This makes the overo loader panic at the same place as
the beagle xm one now, even though it fails to display
anything with the default RAM size since we allocate
the framebuffer beyond 128MB...
* Always include last caller and lock value on both UP and MP path.
* Change lock value printing to hex format, as 0xdeadbeef is more
obvious than its decimal counterpart.
While the NetBSD entry point is handy as we can use a single uImage
with all 3 blobs, it bypasses U-Boot's own patching of the FDT since
it's not visible to it, so we won't get the RAM size and other things
through it.
CreateThreadEvent::DoDPC() missed a reference release to balance the
acquired reference before queuing the DPC, resulting in the
CreateThreadEvent objects being leaked.
This also removes the destructor that tried to cancel the DPC. Since
the class is reference counted and only destroyed when the DPC has
run and released the last reference, this didn't make much sense.
The signal to the team/thread is only actually sent in a deferred
procedure. To ensure that the team/thread stays valid between the DPC
being queued and it actually running, we need to acquire a reference.
Fixes#11390, where the DPC was run after the team was already
destroyed.
This introduces InterruptController and HardwareTimer classes to
handle the SoC specific implementations of timers and ints for
the ARM platform.
These could be improved and moved to a more 'generic' level once
we're confident they are 'good enough'.
NOTE: The OMAP timer implementation is fully untested and probably
completely non-functional....
If we find an FDT (either from uImage or otherwise) we make sure
we map it after mmu_init() and use kernel_args to pass it to the
kernel (so it is available at all times there).
* On UEFI, pages are allocated top-down; previously,
VM would fail to allocate early pages due to
running into pages allocated at the top and
assume it had run out of pages to map.
Signed-off-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
With packagefs potentially opening quite a few packages the default of
256 slots is a bit tight. It's 4096 now, which should be safe for a
while, but we might want to consider resizing the table dynamically and
probably even switching to another algorithm for allocating the slots.
Should fix#11328.
* VMArea::AddWaiterIfWired(): Replace the ignoreRange argument by a
flags argument and introduce (currently only) flag
IGNORE_WRITE_WIRED_RANGES. If specified, ranges wired for writing
are ignored. Ignoring just a single specified range doesn't cut it
in vm_soft_fault(), and there aren't any other users of that feature.
* vm_soft_fault(): When having to unmap a page of a lower cache, this
page cannot be wired for writing. So we can safely ignore all
writed-wired ranges, instead of just our own. We even have to do that
in case there's another thread that concurrently tries to write-wire
the same page, since otherwise we'd deadlock waiting for each other.
As Axel pointed out, B_BAD_DATA is not the correct code here. B_BUSY
could be used but I wantd a code different from the existing one for
"partition already being initialized".
When we encounter a wired page that we'd have to unmap to map our newly
allocated one, we need to get rid of the latter before unlocking
everything and waiting for the wired page. Otherwise we'd leave things
in an inconsistent state (a page from an upper cache shadowing a mapped
page from a lower cache).
... in case we'd need to unmap a page that is wired.
Fixes the immediate issue of #10977. There's a problem remaining (as
discussed in comment 1): If two threads want to wire the same page at
the same time (which led to the assertion being triggered), they will
now deadlock, waiting for each other to remove the pre-registered
VMAreaWiredRange.
The thread that is being [un]scheduled already has its time_lock locked
in {stop|continue}_cpu_timers(). When updating the TeamTimeUserTimer,
the team is asked for its cpu time. Team::CPUTime() then iterates the
threads of the team and locks the time_lock of the thread again.
This workaround passes a possibly locked thread through the relevant
functions so Team::CPUTime() can decide whether or not a thread it
iterates needs to be locked or not.
This works around #11032 and its duplicates #11314 and #11344.
when uninitializing a partition or a disk (removing the partition
table), check that all partitions from that table are unmounted, as they
are about to become invalid.
Fixes#8827.
The "2nd" assert that we always ran into was due to bootloader mappings
still being active after VM init. Turns out we missed a call in the
architecture specific code for cleaning this up.
Many thanks to Ingo for spending the time to figure this out!
When a file descriptor is closed between being selected and adding the
select info to its IO context, the select info needs to be cleaned up.
This is done by deselect_select_infos() which unconditionally also put
the select_sync associated with the infos. In this special case we do
not yet hold a reference to the select_sync however, so avoid putting
the corresponding sync object.
Fixes#11098, #10763 and #10230.
QEMU was crashing since when setting the DSS divider we were _clearing_
the TV divider, and QEMU did not check for a divide by zero.
This "fixes" the QEMU crash and gets us a working framebuffer on Beagle ;)
* Added VFS helper function check_access_permissions() that combines
several partially correct versions to the one true version (tm).
* All but BFS (since recently) missed the S_IXOTH for root on directories,
and all but packagefs missed proper group handling.
When the address is not page aligned, not only adjust the address
to start mapping, but also take the "overflow" on the last page
into account.
This makes the bootloader boot again ;)
* When you change the current working directory, you actually
should have the permission to enter that directory.
* This gives us a 0.04% better score on the perl test suite :-)
The BOOT_GDT_SEGMENT_COUNT was based on USER_DATA_SEGMENT on both
x86 and x86_64. However, on x86_64 the order of the segments is
different, leading to a too small gBootGDT array. Move the define to
the arch specific headers so they can be setup correctly in either case.
Also add a STATIC_ASSERT() to check that the descriptors fit into the
array.
Pointed out by CID 1210898.
Due to the missing include, the builtin new and delete operators were
used in those two files instead of the ones from the include used
everywhere else in the runtime_loader.
The POSIX locale has gLocaleRoster = NULL and relies on the non-wide
version of the implementation. However it doesn't check that the
characters are actually in range which leads to out of bound access and
crashes in __isctype.
Fixes#11322.
Source or destination buffers passed to pagecache functions may belong
to kernel memory (e.g. when the caller is packagefs). Because of that
we should tell vm_memcpy_{from, to}_physical() truth, not assume that all
buffers are in user memory. That's important because user memory page fault
handlers cannot be nested and these functions may be used while handling
a page fault.
With high probability fixes#11246.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
This patch adds user_access() which can be used to gracefully handle
page faults that may happen when accessing user memory. It is used
by arch_cpu_user{memcpy, memset, strlcpy}() to allow using optimized
functions from the standard library.
Currently only x64 uses this, but nothing really is arch specific here.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
As Alex pointed out we can leak possibly sensitive data in xmm registers
when returning from the kernel. To prevent that xmm0-15 are zeroed
before sysret or iret. The cost is negligible.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
The kernel is allowed to use fpu anywhere so we must make sure that
user state is not clobbered by saving fpu state at interrupt entry.
There is no need to do that in case of system calls since all fpu
data registers are caller saved.
We do not need, though, to save the whole fpu state at task swich
(again, thanks to calling convention). Only status and control
registers are preserved. This patch actually adds xmm0-15 register
to clobber list of task swich code, but the only reason of that is
to make sure that nothing bad happens inside the function that
executes that task swich. Inspection of the generated code shows
that no xmm registers are actually saved.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
Enable SSE as a part of the "preparation of the environment to run any
C or C++ code" in the entry points of stage2 bootloader.
SSE2 is going to be used by memset() and memcpy().
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
Just following the path of least resistance and adding andq $~15, %rsp
where appropriate. That should also make things harder to break
when changing the amount of stuff placed on stack before calling the
actual syscall routine.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
There is absolutely no reason for these functions to be in commpage,
they don't do anything that involves the kernel in any way.
Additionaly, this patch rewrites memset and memcpy to C++, current
implementation is quite simple (though it may perform surprisingly
well when dealing with large buffers on cpus with ermsb). Better
versions are coming soon.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>
The possibility to specify custom memcpy and memset implementations
in cpu modules is currently unused and there is generally no point
in such feature.
There are only 2 x86 vendors that really matter and there isn't
very big difference in performance of the generic optmized versions
of these funcions across different models. Even if we wanted different
versions of memset and memcpy depending on the processor model or
features much better solution would be to use STT_GNU_IFUNC and save
one indirect call.
Long story short, we don't really benefit in any way from
get_optimized_functions and the feature it implements and it only adds
unnecessary complexity to the code.
Signed-off-by: Paweł Dziepak <pdziepak@quarnos.org>