Retire env.h

This was a MINIX3-specific header file placed outside of the minix/
header subdirectory, with its definitions duplicated in the more
standard minix/sysutil.h header.

Also make env_pref

Retire env.h

This was a MINIX3-specific header file placed outside of the minix/
header subdirectory, with its definitions duplicated in the more
standard minix/sysutil.h header.

Also make env_prefix(3) take constant pointers.

Change-Id: I243c38eb38e24eb98f0c0dddf7f340e7fec255f4

show more ...

PM: generic process event publish/subscribe system

Now that there are services other than PM and VFS that implement
userland system calls directly, these services may need to know about
events relat

PM: generic process event publish/subscribe system

Now that there are services other than PM and VFS that implement
userland system calls directly, these services may need to know about
events related to user processes. In particular, signal delivery may
have to interrupt blocking system calls, and certain cleanup tasks may
have to be performed after a user process exits.

This patch aims to implement a generic, lasting solution for this
problem, by allowing services to subscribe to "signal delivered"
and/or "process exit" events from PM. PM publishes such events by
sending messages to its subscribed services, which must then reply an
acknowledgment message.

For now, only the two aforementioned events are implemented, and only
the IPC service makes use of the process event facility.

The new process event publish/subscribe system replaces the previous
VM notify-sig/watch-exit/query-exit system, which was unsound: 1) it
allowed subscription to events from individual processes, and suffered
from fundamental race conditions as a result; 2) it relied on "not too
many" processes making use of the IPC server functionality in order to
avoid loss of notifications. In addition, it had the "ipc" process
name hardcoded, did not distinguish between signal delivery and exits,
and added a roundtrip to VM for all events from all processes.

Change-Id: I75ebad4bc54e646c6433f473294cb4003b2c3430

show more ...

VM: align frame buffer

Lack of alignment causes minix_stack_fill to produce an incorrect
frame layout, subsequently resulting in a crash of the started
process. For now, we assume that the other ca

VM: align frame buffer

Lack of alignment causes minix_stack_fill to produce an incorrect
frame layout, subsequently resulting in a crash of the started
process. For now, we assume that the other callers of
minix_stack_fill do get an aligned buffer through sbrk(3), but this
may have to be changed later as well.

Change-Id: I1575bd62b050749d1a1aae7417310c91713462c3

show more ...

VM/VFS: align ELF header buffer

The libexec ELF parser expects to be given a word-aligned buffer,
but the ASR pass may cause VM and VFS to pass it an arbitrarily
aligned buffer, causing libexec to r

VM/VFS: align ELF header buffer

The libexec ELF parser expects to be given a word-aligned buffer,
but the ASR pass may cause VM and VFS to pass it an arbitrarily
aligned buffer, causing libexec to refuse loading the executable.
This patch aligns the buffers explicitly.

Change-Id: Ic2d5fd3a8f204c3e4f000cffdb7ac71c8339257a

show more ...

Annotations and tweaks for live update

This change is necessary for instrumentation-aided state transfer.

Change-Id: I24be938009f02e302a15083f9a7a11824975e42b

RS: remove support for unsafe updates

This feature should no longer be necessary.

Change-Id: I9bff628be020cf1741bffaeb3bb97e3660a54aea

RS/VM: proper preparation for multi-VM live update

Due to changed VM internals, more elaborate preparation is required
before a live update with multiple components including VM can take
place. Thi

RS/VM: proper preparation for multi-VM live update

Due to changed VM internals, more elaborate preparation is required
before a live update with multiple components including VM can take
place. This patch adds the essential preparation infrastructure to
VM and adapts RS to make use of it. As a side effect, it is no
longer necessary to supply RS as the last component (if at all)
during the set-up of a multicomponent live update operation.

Change-Id: If069fd3f93f96f9d5433998e4615f861465ef448

show more ...

VM: undo actions after live-update rollback

During live update, the new instance of VM may make changes that,
after a rollback, have to be undone by the old instance of VM, in
particular because bot

VM: undo actions after live-update rollback

During live update, the new instance of VM may make changes that,
after a rollback, have to be undone by the old instance of VM, in
particular because both instances share (read-write) all dynamically
allocated pages.

Change-Id: I2bcfa8e627ca6084b1991e0af7cccecc683894a2

show more ...

SEF: query VM about holes during state transfer

The 'memory' service has holes in its data section, which causes
problems during state transfer. Since VM cannot handle page faults
during a multicom

SEF: query VM about holes during state transfer

The 'memory' service has holes in its data section, which causes
problems during state transfer. Since VM cannot handle page faults
during a multicomponent-with-VM live update, the state transfer must
ensure that no page faults occur during copying. Therefore, we now
query VM about the regions to copy, thus skipping holes. While the
solution is not ideal, it is sufficiently generic that it can be used
for the data section state transfer of all processes, and possibly
for state transfer of other regions in the future as well.

Change-Id: I2a71383a18643ebd36956c396fbd22c8fd137202

show more ...

services: Selectively enable stateful restart.

Change-Id: Ibf6afa3041013ca714e28b673abb1329cd72d2d5

Resolve boot-time VM/RS deadlock

VM used to call sendrec to send a boot-time RS_INIT reply to RS, but
RS could run into a pagefault at the same time, thus spawning a
message to VM, resulting in a de

Resolve boot-time VM/RS deadlock

VM used to call sendrec to send a boot-time RS_INIT reply to RS, but
RS could run into a pagefault at the same time, thus spawning a
message to VM, resulting in a deadlock. We resolve this situation by
making VM acknowledge RS_INIT asynchronously at boot time, while
retaining the synchronous sendrec for subsequent RS_INIT responses.

Change-Id: I3cb72d7f8d6b9bfdc59a85958ada739c37fa3bde

show more ...

Switch to stateful restart.

The following services have been updated to support stateful restarts:
- Drivers: tty
- Filesystems: isofs, mfs, pfs, libvtreefs-based file servers
- System servers: t

Switch to stateful restart.

The following services have been updated to support stateful restarts:
- Drivers: tty
- Filesystems: isofs, mfs, pfs, libvtreefs-based file servers
- System servers: tty, ds, pm, vfs, vm

Change-Id: Ie84baa3ba1774047b3ae519808fe4116928edabb

show more ...

vm: Let SEF know about special mmapped regions.

Change-Id: I742529a6747ddd181937aa1a45264b87677c01c8

vm: Improve live update support.

Change-Id: I02da3ea32cd05c4ed84a6e199236e5df6e25cb60

libminixfs/VM: fix memory-mapped file corruption

This patch employs one solution to resolve two independent but related
issues. Both issues are the result of one fundamental aspect of the
way VM's

libminixfs/VM: fix memory-mapped file corruption

This patch employs one solution to resolve two independent but related
issues. Both issues are the result of one fundamental aspect of the
way VM's memory mapping works: VM uses its cache to map in blocks for
memory-mapped file regions, and for blocks already in the VM cache, VM
does not go to the file system before mapping them in. To preserve
consistency between the FS and VM caches, VM relies on being informed
about all updates to file contents through the block cache. The two
issues are both the result of VM not being properly informed about
such updates:

1. Once a file system provides libminixfs with an inode association
(inode number + inode offset) for a disk block, this association
is not broken until a new inode association is provided for it.
If a block is freed and reallocated as a metadata (non-inode)
block, its old association is maintained, and may be supplied to
VM's secondary cache. Due to reuse of inodes, it is possible
that the same inode association becomes valid for an actual file
block again. In that case, when that new file is memory-mapped,
under certain circumstances, VM may end up using the metadata
block to satisfy a page fault on the file, due to the stale inode
association. The result is a corrupted memory mapping, with the
application seeing data other than the current file contents
mapped in at the file block.

2. When a hole is created in a file, the underlying block is freed
from the device, but VM is not informed of this update, and thus,
if VM's cache contains the block with its previous inode
association, this block will remain there. As a result, if an
application subsequently memory-maps the file, VM will map in the
old block at the position of the hole, rather than an all-zeroes
block. Thus, again, the result is a corrupted memory mapping.

This patch resolves both issues by making the file system inform the
minixfs library about blocks being freed, so that libminixfs can
break the inode association for that block, both in its own cache and
in the VM cache. Since libminixfs does not know whether VM has the
block in its cache or not, it makes a call to VM for each block being
freed. Thus, this change introduces more calls to VM, but it solves
the correctness issues at hand; optimizations may be introduced
later. On the upside, all freed blocks are now marked as clean,
which should result in fewer blocks being written back to the device,
and the blocks are removed from the caches entirely, which should
result in slightly better cache usage.

This patch is necessary but not sufficient to resolve the situation
with respect to memory mapping of file holes in general. Therefore,
this patch extends test 74 with a (rather particular but effective)
test for the first issue, but not yet with a test for the second one.

This fixes #90.

Change-Id: Iad8b134d2f88a884f15d3fc303e463280749c467

show more ...

New sources layout

Change-Id: Ic716f336b7071063997cf5b4dae6d50e0b4631e9