This change refactors the Unix socket / pipe backend to have a ring buffer
containing segments, where each segment has an optional leading ancillary
buffer containing control messages followed by a normal data buffer.
The SCM_RIGHTS control message has been implemented which transfers file
descriptors to the receiving process. File descriptors are reference counted
and cycles are prevented using the following restrictions:
1) Unix sockets cannot be sent on themselves (on either end).
2) Unix sockets themselves being sent cannot be sent on.
3) Unix sockets cannot send a Unix socket being sent on.
This is a compatible ABI change.
The file descriptor table now allows reserving room for multiple file
descriptors without assigning their numbers. This functionality means
any error conditions happen up front and the subsequent number
assignment will never fail.
This change uses the new functionality to fix troublesome error handling
when allocating multiple file descriptors. One pty allocation error path
was even wrong.
There were subtle race conditions where one (kernel) thread may have
allocated one file descriptor, and another thread spuciously replaces it
with something else, and then the second file descriptor allocation
failed in the first thread, and it closes the first file descriptor now
pointing to a different file description. This case seems harmless but
it's not a great class of bugs to exist in the first place. The new
behavior means the file descriptions appear in the file descriptor table
without fail and never needs to be cleaned up midway and is certainly
immune to shenangians from other threads.
Reviewed-by: Pedro Falcato <pedro.falcato@gmail.com>
The idle thread is now actually run when the system is idle because it
truly goes idle. The idle thread is made power efficient by using the hlt
instruction rather than a busy loop.
The new futex(2) system call is used to implement fast user-space mutexes,
condition variables, and semaphores. The same backend and design is used as
kutexes for truly sleeping kernel mutexes and condition variables.
The new exit_thread(2) flag EXIT_THREAD_FUTEX_WAKE wakes a futex.
Sleeping on clocks in the kernel now uses timers for true sleep.
The interrupt worker thread now truly sleeps when idle.
Kernel threads are now named.
This is a compatible ABI change.
The change 9d29e96c3b "Fix open(2) allowing
opening directories invalidly and check O_TRUNC errors." broke the chmod(2),
chown(2), and utimens(2) system calls on directories, because they can no
longer be opened for writing.
This changes fixes the regression by opening such paths for reading. There
is currently no filesystem permission checks for those system calls. However,
those system calls should check the permissions at the time of the operation
rather than relying on the file having been opened for writing previously.
Among other things, redirecting to a directory will now display an error
as it should.
Also fix a bug when opening /dev/pts: O_WRITE on a directory is a POSIX
violation.
The child processes of pid 1 were being reparented to pid 1, causing an
infinite loop. This change fixes the problem by adding a hook that runs in
the last thread about to exit in a process. When pid 1 exits, the hook will
prevent more processes and threads from being created, and then broadcast
kill all processes and threads. The hook is not run in LastPrayer(), as that
function runs in a worker thread and it can't block waiting for another
thread to run LastPrayer() in the same thread.
POSIX allows <fcntl.h> to include <sys/stat.h>, but doesn't require it.
There's little reason to do that, since they are separate headers, and
<fcntl.h> just needs the mode_t constants. Fix the code accidentally
relying on <fcntl.h> including <sys/stat.h>. The mode_t constants are now
provided in their own kernel header <sortix/mode.h>.
Additionally fix <sys/stat.h> pulling in all of <sys/types.h>, which is not
allowed by POSIX, which only requires a few types to be declared. Fix the
code accidentally relying on <sys/stat.h> including <sys/types.h>.
Finally fix <dirent.h> pulling in <stdint.h> through <sortix/dirent.h>.
The <sortix/__/dt.h> and <sortix/__/stat.h> headers are no longer required
and their contents have been merged into <sortix/__/dirent.h>.
Fix SEEK_END seeking twice as far as requested. Centralize lseek handling in
one place and avoid overflow bugs. Inode lseek handlers now only need to
handle SEEK_END with offset 0. Prevent the file offset from ever going below
zero or overflowing.
Character devices are now not seekable, but lseek will pretend they are, yet
always stay at the file offset 0. pread/pwrite on character devices will now
ignore the file offset and call read/write.
This change prevents character devices from being memory mapped, notably
/dev/zero can no longer be memory mapped. None of the current ports seem
to rely on this behavior and will work with just MAP_ANONYMOUS.
Refactor read and write system calls to have a shared return statement for
both seekable and non-seekable IO.
Fix file offset overflow bugs in read and write system calls.
Fix system calls returning EPERM instead of properly returning EBADF when
the file has not been opened in the right mode.
Truncate IO counts and total vector IO length so the IO operation does not
do any IO beyond OFF_MAX. Truncate also total vector IO length for recvmsg
and sendmsg. Fail with EINVAL if total vector IO length exceeds SSIZE_MAX.
Don't stop early if the total IO length is zero, so zero length IO now block
on any locks internal to the inode.
Handle reads at the maximum file offset with an end of file condition and
handle writes of at least one byte at the maximum file offset by failing
with EFBIG.
Refactor UtilMemoryBuffer to store the file size using off_t instead of
size_t to avoid casts and keep file sizes in the off_t type. Properly
handle errors in the code, such as failing with EROFS instead of EBADF if
the backing memory is not writeable, and failing with EFBIG if writing
beyond the end of the file.
Fix mkpartition not rejecting invalid partition start offsets and lengths.
Strictly enforce partition start and length checks in the partition code.
Enforce partitions exist within regular files or block devices.
Fix a few indention issues.
Jonas 'Sortie' Termansen
Juhani Krekelä
Kartik Agaram
Pedro Falcato