Commit Graph

4650 Commits

Author SHA1 Message Date
Michael Lotz
da3ce43440 Erase the entry only after its last use. CID 11042. 2011-12-06 20:00:48 +01:00
Michael Lotz
ded69b4c3a Only the to be protected range needs to be non-wired.
When setting memory protection, only ensure/wait for the range that
needs to be protected to not be wired instead of requiering the whole
area to be non-wired. The memory protection is done page wise and
having some parts of the area wired shouldn't preclude other parts to
be protected.
2011-12-06 15:39:56 +01:00
Michael Lotz
62bb375688 Restructure wait_for_thread_etc() to make it easier to follow.
* Avoid needless adding of the death entry if the sem is gone already.
* Delete objects as soon as they aren't needed anymore and return
  early where possible.
* Contain the thread == NULL case in its block and return from there as
  well instead of non-obviously figuring out what happened later.
* Pull out the return code asignment.
* Minor cleanup.
2011-12-06 02:30:17 +01:00
Michael Lotz
da329fc012 Add missing asignment of return code in wait_for_thread_etc().
While it was detected that the thread is in the destruction phase
and that it was necessary to wait and then have a valid status code
in the death entry, that status code wasn't actually returned. This
lead to uninitialized values for the return code even though
wait_for_thread[_etc]() would return B_OK.
2011-12-06 01:53:27 +01:00
Michael Lotz
2872aba0a7 Fix missing reference to the old group with lock still held.
Removing the team from the group may have released the last reference
to the group and freed it. Since we still have a locker on that group
it would later crash on unlock, therefore we need a reference to the
old group before removing the team from it.
2011-12-04 20:14:24 +01:00
Michael Lotz
336967aafd Add more debugger commands to closer inspect the guarded heap. 2011-12-04 18:47:55 +01:00
Michael Lotz
4a7b48203e Try smaller sizes if creating an area failed.
Depending on the use case the grow size may be too large to fit into
address space holes. Instead of failing try with smaller sizes until
it either worked or doesn't make sense anymore (< 1MB).
2011-12-04 18:43:20 +01:00
Michael Lotz
01eb710a91 Use a free list to make the guarded heap perform less horribly.
Pages that are freed are added to the tail of the list while allocation
candidates are taken from the head. Therefore pages that have been free
the longest are preferred, making immediate re-use less likely.

Also avoid looking for pages if the free count already tells that the
allocation can't be fulfilled.
2011-12-04 18:40:11 +01:00
Michael Lotz
5cbe06f482 Allow replacing the object cache with the guarded heap.
This allows to use the debug features of the guarded heap also on
allocations made through the object cache API. This is obivously
horrible for performance and uses up huge amounts of memory, so the
initial and grow sizes are adjusted accordingly.

Note that this is a rather simple hack, using the object_cache pointer
to transport the allocation size. The alignment is neglected completely.
2011-12-04 13:52:06 +01:00
Michael Lotz
390a6e2e02 Add support for optional inline stack traces in guarded heap. 2011-12-04 12:56:59 +01:00
Michael Lotz
01762bd57f Fix possibly harmful use of stale pointer in edge case.
The call to _MakeSpace() may move the extent data from the indirect
array (kept in a heap allocation) to the direct one kept inside the
class. In that case the lastExtent pointer would become stale and
further use of it would've lead to suboptimal extents in the best case
to reading/writing at the wrong point in files and possibly corruption
of another allocation in the worst (both unlikely though).

To mitigate that we now re-initialize the pointer to the correct location
if we hit the cache limit.

Also made the use of the start variable more understandable. Instaed of
decrementing it (possibly wrapping) when an extent wasn't going to be
used and later adding the vector index again, just increment whenever
we actually move to the next extent.

For bad things to happen a few conditions needed to come together though:
1. There needed to be multiple vectors that could be combined with the
existing last extent.
2. There first needed to be more extents than the cache limit and that
number then had to decrease below the cache limit again.
3. The memory needed to stay intact after being freed up until after the
evaluation (or similar enough data had to be written to it).

At least the last one was guaranteed to not be true anymore since we
re-introduced overwritting freed memory with 0xdeadbeef in the slab,
therefore nastily hiding this. I'm not sure that the first condition is
ever met either (probably the vectors are combined beforehand so that
there never are multiple adjacent ones) at least for the normal use case
(the page writer writing back pages). I was at least unable to reproduce
an actual file corruption in my testing.

Just the out of bounds access to the stale pointer happened rather easily
though and is now at least fixed.
2011-12-03 23:30:16 +01:00
Michael Lotz
e62d9911ea Allocate as much as is later read, didn't do harm though.
Further in the process the flat argument size is rounded up, but the
actual allocation was done with the unaligned size causing an access
beyond the allocation when later copying the flat arguments. It didn't
do any actual harm as the block sizes of our allocator(s) use elements
that have at least such an alignment.
2011-12-03 23:13:52 +01:00
Michael Lotz
1fe24d0cd0 Add heap with guard pages to detect out of bound reads/writes.
This is a very simple heap implementation that allocates memory so that
the end of each allocation always coincides with a page end and is
followed by a guard page which is marked non-present. Out of bounds
access (both read and write) therefore cause a crash (unhandled page
fault).

Note that this allocator is neither speed nor space efficient, indeed it
wastes huge amounts of pages and address space so it is quite easy to
hit limits. It is intended as a pure debug feature.
2011-12-03 20:09:13 +01:00
Michael Lotz
7418dbd908 Introduce debug page wise kernel area protection functions.
This adds a pair of functions vm_prepare_kernel_area_debug_protection()
and vm_set_kernel_area_debug_protection() to set a kernel area up for
page wise protection and to actually protect individual pages
respectively.

It was already possible to read and write protect full areas via area
protection flags and not mapping any actual pages. For areas that
actually have mapped pages this doesn't work however as no fault, at
which the permissions could be checked, is generated on access.

These new functions use the debug helpers of the translation map to mark
individual pages as non-present without unmapping them. This allows them
to be "protected", i.e. causing a fault on read and write access. As they
aren't actually unmapped they can later be marked present again.

Note that these are debug helpers and have quite a few restrictions as
described in the comment above the function and is only useful for some
very specific and constrained use cases.
2011-12-03 19:49:18 +01:00
Michael Lotz
643cf35ee8 Add debug helper functions to mark pages present.
They can be used to mark pages as present/non-present without actually
unmapping them. Marking pages as non-present causes every access to
fault. We can use that for debugging as it allows us to "read protect"
individual kernel pages.
2011-12-03 19:45:31 +01:00
Michael Lotz
a139657921 Tracking info wasn't always retrieved with the cache locked.
Getting the object slab does a hash lookup which needs to be protected
by the cache lock. Otherwise the hash table may be resized or otherwise
modified while we do the lookup, leading to errors.
2011-11-29 00:15:34 +01:00
Philippe Saint-Pierre
d9a215b71f Comparison with an unsigned value (size_t) and < 0
CID 4190 and CID 4191
2011-11-27 00:21:41 -05:00
Philippe Saint-Pierre
552d99013a Replace usage of sprintf with snprintf
Fixing CID 10964
2011-11-26 20:17:46 -05:00
Michael Lotz
79f0056002 Fix virtual 8086 mode to properly account for TLS.
* The vm86 code or the code running in virtual 8086 mode may clobber the
  %fs register that we use for the CPU dependent thread local storage
  (TLS). Previously the vm86 code would simply restore %fs on exit, but
  this doesn't always work. If the thread got unscheduled while running
  in virtual 8086 mode and was then rescheduled on a different CPU, the
  vm86 exit code would restore the %fs register with the TLS value of
  the old CPU, causing anything using TLS in userland to crash later on.
  Instead we skip the %fs register restore on exit (as do the other
  interrupt return functions) and explicitly update the potentially
  clobbered %fs by calling x86_set_tls_context(). This will repopulate
  the %fs register with the TLS value for the right CPU. Fixes #8068.

* Made the static set_tls_context() into x86_set_tls_context() and made
  it available to others to faciliate the above.

* Sync the vm86 specific interrupt code with the changes from hrev23370,
  using the iframe pop macro to properly return. Previously what was
  pushed in int_bottom wasn't poped on return.

* Account for the time update macro resetting the in_kernel flag and
  reset it to 1, as we aren't actually returning to userland. This
  didn't cause any harm though as only the time tracking is using that
  flag so far.

* Some minor cleanup.
2011-11-25 16:10:19 +01:00
Ingo Weinhold
dbe2a683f0 find_directory(): Fix package links path 2011-11-25 06:19:48 +01:00
Ingo Weinhold
bde1972229 Move <directories.h> to headers/private/system 2011-11-25 06:19:32 +01:00
Ingo Weinhold
04999b6cf9 Completed vfs_bind_mount_directory() support
We don't need to explicitly track the covered/covering nodes per mount
after all. In fs_unmount() we iterate through all vnodes multiple times
anyway and can deal with the covers/covered_by vnodes there. Also, the
root vnode doesn't need to be handled specially anymore.
2011-11-25 06:17:49 +01:00
Ingo Weinhold
1b08a68a4f vfs_bind_mount_directory(): Fail if unmounting 2011-11-25 06:17:48 +01:00
Ingo Weinhold
8855625e9e fix_dirent(): Fix ref count leaks
* Only get an additional parent reference, when going to call
  vnode_path_to_vnode().
* Put the reference of the vnode vnode_path_to_vnode() returns.
2011-11-25 06:17:47 +01:00
Ingo Weinhold
e4320fd78c remove_vnode(): Also consider covering vnode busy 2011-11-25 06:17:47 +01:00
Ingo Weinhold
54e721afeb Add support for bind-mounting directories
* Add support function vfs_get_mount_point(), so a file system can get
  its own mount point (i.e. the node it covers). Re-added
  fs_mount::covers_vnode for that purpose -- the root node isn't know to
  the VFS before the mount() hook returns.
* Add function vfs_bind_mount_directory() which bind-mounts a directory
  to another. The Vnode::covers/covered_by mechanism is used, so this
  isn't true bind-mounting, but sufficient for what we need ATM and
  cheaper as well. The vnodes connected thus aren't tracked yet, which
  is needed for undoing the connection when unmounting.
* get_vnode_name(): Don't use dir_read() to read the directory. Since we
  have already resolved vnode to the covered vnode, we don't want the
  dirents to be "fixed" to refer to the covering nodes. Such a vnode
  simply wouldn't be found.
2011-11-25 06:17:44 +01:00
Ingo Weinhold
f4a1387cea Add vfs_ prefix to resolve_vnode_to_covering_vnode() 2011-11-25 06:17:44 +01:00
Ingo Weinhold
47ea54c55b Generalize use of Vnode::covered_by/covers
* Introduce Vnode flags for covered and covering. Can be used as a quick
  check when one doesn't already hold sVnodeLock.
* Rename resolve_mount_point_to_volume_root() to
  resolve_vnode_to_covering_vnode().
* Adjust all code that deals with transitions between mount points and
  volume root vnodes to generally support covered/covering vnodes.
2011-11-25 06:17:43 +01:00
Ingo Weinhold
02be66ca10 Replaced fs_mount::covers_vnode by Vnode::covers
Introduce a Vnode::covers field. It is currently only used for the root
node of an fs_mount, replacing fs_mount::covers_vnode.
2011-11-25 06:17:42 +01:00
Ingo Weinhold
7bb72b8daf Comment typo fixes 2011-11-25 06:17:41 +01:00
Ingo Weinhold
37c83f4e8f Made the check for B_BUFFER_OVERFLOW more flexible. 2011-11-25 06:17:30 +01:00
Oliver Tappe
323b65468e Filtered flat import of Oliver's svn package management branch
Bring the changes that aren't package management related and the ones
that are but don't take effect as long as they are ignored by the build
system into the master.

Summary of changes:
* Introduce private header <directories.h> with constants for a good
  deal of paths that should usually be retrieved via find_directory().
* Replace hard-coded paths by using find_directory() or the
  <directories.h> constants (e.g. in drivers and the kernel).
* Add find_directory() constants needed for package management.
* Add __HAIKU_ABI_NAME and B_HAIKU_ABI_NAME macros.
* src/apps/deskbar: BeMenu.* -> DeskbarMenu.*,
  DeskBarUtils.* -> DeskbarUtils.*
* Change deskbar menu settings directory from ~/config/be to
  ~/config/settings/deskbar.
* Other smaller cleanups, changes, and fixes.
2011-11-25 06:17:07 +01:00
Oliver Tappe
8fd51c0819 Use ErrnoMaintainer in setlocale() to protect errno.
* this avoids spurious errno changes leaking into application code,
  which could become confused - i.e. 'rm' on a gcc4 build would always
  prompt for confirmation

I spend a couple of hours hunting down the behavioural difference
between gcc2- and gcc4-builds and it turns out that the reason for that
is that gcc4's libstdc++-code initializes its own locale data via the
POSIX calls, which trigger (correct) errno value changes, which were the
ones leaking into application code.
2011-11-24 23:48:19 +01:00
Oliver Tappe
59e43b2ac9 Add tracing to some locale backend functions. 2011-11-24 23:48:18 +01:00
Oliver Tappe
ae90193596 Introduce __set_errno() throughout libroot.
* add errno_private.h, which defines the __set_errno() macro with
  and without tracing
* instead of setting errno manually, all libroot's code now invokes
  __set_errno(), which makes it much easier to trace changes to errno
* redirect glibc's use of __set_errno() to our own version
2011-11-24 23:48:18 +01:00
Oliver Tappe
c894d1868e Bring rewritten multibyte-support into repository.
* update copyrights of locale backend files

Multibyte-support has been rewritten to use ICU as backend.
While this does not necessarily work properly in every aspect
(e.g. the shell still has [different] problems with multibyte-
characters now), it does fix #6263 and #7700.
2011-11-23 19:55:34 +01:00
Oliver Tappe
53c09cffcb Actually store & use our assigned TLS-key (OOPS!) 2011-11-23 19:32:17 +01:00
Oliver Tappe
5c112a16ff Reset mbstate to initial in wcrtomb() with 0 wchar. 2011-11-23 19:31:13 +01:00
Oliver Tappe
9161a59746 Fix build of libroot-addon-icu with gcc4. 2011-11-22 23:27:17 +01:00
Oliver Tappe
bb79d18614 Drop no longer needed multibyte stuff from glibc. 2011-11-22 18:56:41 +01:00
Oliver Tappe
b4435552a7 Drop our old, limited multibyte implementation. 2011-11-22 18:38:43 +01:00
Oliver Tappe
cc5eca7554 Activate our new multibyte implementation.
* add implementations for the following multibyte-related
  functions:
    btwoc()
    mblen()
    mbrlen()
    mbrtowc()
    mbsinit()
    mbtowc()
    wcrtomb()
    wcswidth()
    wctob()
    wctomb()
* the implementation of the above function live in a symbol
  named __<name>, the above symbol names are defined as a weak
  alias to the internal ones - TODO: we need to make sure to
  only invoked the internal functions (i.e. prepended with __)
  in order to avoid problems with symbol preemption.
* deactivate the limited mb implementation we provided before,
  as well as respective stuff from glibc
2011-11-22 18:31:27 +01:00
Oliver Tappe
28ae43d033 Add multibyte-support to ctype-locale backend.
* add actual converter methods MultibyteToWchar() and WcharToMultibyte()
  to locale backend and implement them in the ctype subpart
* add management code for maintaining converters referenced by mbstate_t
2011-11-22 18:17:58 +01:00
Oliver Tappe
e0eb1d38c4 Let MB_CUR_LEN lookup the actual value.
* instead of yielding 1, MB_CUR_LEN now looks up the correct
  value in the ctype data provided by the locale backend
2011-11-22 17:32:39 +01:00
Oliver Tappe
bf5ff48092 Use TLS and converter manager in locale backend. 2011-11-22 17:17:18 +01:00
Oliver Tappe
bcadc4ca66 Start work on multibyte-support in locale backend.
* add ICUThreadLocaleStorageValue, which will be used to maintain
  per-thread ICU converters
* add ICUConverterManager
2011-11-22 16:55:39 +01:00
Oliver Tappe
3a57f54e4d Glibc-features: protect against existing __STDC_ISO_10646__.
* we define it in our compilers now, but glibc expects to define
  this itself - we let our own version overrule
2011-11-22 16:34:18 +01:00
François Revol
a8eaac6934 U-Boot: board-specific setup is already in build/jam/board/ 2011-11-22 02:27:11 +01:00
François Revol
75e4ff02d0 Style cleanup 2011-11-21 03:19:31 +01:00
François Revol
1cdb5905fc U-Boot: Print the panic message also to the serial port
It seems puts() currently hangs when used in panic(), will need some more work.
2011-11-21 03:00:07 +01:00