vx32

sysproc.c (23448B)

---

 #define	WANT_M
 #include	"u.h"
 #include	"tos.h"
 #include	"lib.h"
 #include	"mem.h"
 #include	"dat.h"
 #include	"fns.h"
 #include	"error.h"
 
 #include	"a.out.h"
 
 int	shargs(char*, int, char**);
 
 extern void checkpages(void);
 extern void checkpagerefs(void);
 
 long
 sysr1(uint32 *x)
 {
 	vx32sysr1();
 	return 0;
 }
 
 long
 sysrfork(uint32 *arg)
 {
 	Proc *p;
 	int n, i;
 	Fgrp *ofg;
 	Pgrp *opg;
 	Rgrp *org;
 	Egrp *oeg;
 	ulong pid, flag;
 	Mach *wm;
 
 	flag = arg[0];
 	/* Check flags before we commit */
 	if((flag & (RFFDG|RFCFDG)) == (RFFDG|RFCFDG))
 		error(Ebadarg);
 	if((flag & (RFNAMEG|RFCNAMEG)) == (RFNAMEG|RFCNAMEG))
 		error(Ebadarg);
 	if((flag & (RFENVG|RFCENVG)) == (RFENVG|RFCENVG))
 		error(Ebadarg);
 
 	if((flag&RFPROC) == 0) {
 		if(flag & (RFMEM|RFNOWAIT))
 			error(Ebadarg);
 		if(flag & (RFFDG|RFCFDG)) {
 			ofg = up->fgrp;
 			if(flag & RFFDG)
 				up->fgrp = dupfgrp(ofg);
 			else
 				up->fgrp = dupfgrp(nil);
 			closefgrp(ofg);
 		}
 		if(flag & (RFNAMEG|RFCNAMEG)) {
 			opg = up->pgrp;
 			up->pgrp = newpgrp();
 			if(flag & RFNAMEG)
 				pgrpcpy(up->pgrp, opg);
 			/* inherit noattach */
 			up->pgrp->noattach = opg->noattach;
 			closepgrp(opg);
 		}
 		if(flag & RFNOMNT)
 			up->pgrp->noattach = 1;
 		if(flag & RFREND) {
 			org = up->rgrp;
 			up->rgrp = newrgrp();
 			closergrp(org);
 		}
 		if(flag & (RFENVG|RFCENVG)) {
 			oeg = up->egrp;
 			up->egrp = smalloc(sizeof(Egrp));
 			up->egrp->ref.ref = 1;
 			if(flag & RFENVG)
 				envcpy(up->egrp, oeg);
 			closeegrp(oeg);
 		}
 		if(flag & RFNOTEG)
 			up->noteid = incref(&noteidalloc);
 		return 0;
 	}
 
 	p = newproc();
 
 	p->fpsave = up->fpsave;
 	p->scallnr = up->scallnr;
 	p->s = up->s;
 	p->nerrlab = 0;
 	p->slash = up->slash;
 	p->dot = up->dot;
 	incref(&p->dot->ref);
 
 	memmove(p->note, up->note, sizeof(p->note));
 	p->privatemem = up->privatemem;
 	p->noswap = up->noswap;
 	p->nnote = up->nnote;
 	p->notified = 0;
 	p->lastnote = up->lastnote;
 	p->notify = up->notify;
 	p->ureg = up->ureg;
 	p->dbgreg = 0;
 
 	/* Make a new set of memory segments */
 	n = flag & RFMEM;
 	qlock(&p->seglock);
 	if(waserror()){
 		qunlock(&p->seglock);
 		nexterror();
 	}
 	for(i = 0; i < NSEG; i++)
 		if(up->seg[i])
 			p->seg[i] = dupseg(up->seg, i, n);
 	qunlock(&p->seglock);
 	poperror();
 
 	/* File descriptors */
 	if(flag & (RFFDG|RFCFDG)) {
 		if(flag & RFFDG)
 			p->fgrp = dupfgrp(up->fgrp);
 		else
 			p->fgrp = dupfgrp(nil);
 	}
 	else {
 		p->fgrp = up->fgrp;
 		incref(&p->fgrp->ref);
 	}
 
 	/* Process groups */
 	if(flag & (RFNAMEG|RFCNAMEG)) {
 		p->pgrp = newpgrp();
 		if(flag & RFNAMEG)
 			pgrpcpy(p->pgrp, up->pgrp);
 		/* inherit noattach */
 		p->pgrp->noattach = up->pgrp->noattach;
 	}
 	else {
 		p->pgrp = up->pgrp;
 		incref(&p->pgrp->ref);
 	}
 	if(flag & RFNOMNT)
 		up->pgrp->noattach = 1;
 
 	if(flag & RFREND)
 		p->rgrp = newrgrp();
 	else {
 		incref(&up->rgrp->ref);
 		p->rgrp = up->rgrp;
 	}
 
 	/* Environment group */
 	if(flag & (RFENVG|RFCENVG)) {
 		p->egrp = smalloc(sizeof(Egrp));
 		p->egrp->ref.ref = 1;
 		if(flag & RFENVG)
 			envcpy(p->egrp, up->egrp);
 	}
 	else {
 		p->egrp = up->egrp;
 		incref(&p->egrp->ref);
 	}
 	p->hang = up->hang;
 	p->procmode = up->procmode;
 
 	/* Craft a return frame which will cause the child to pop out of
 	 * the scheduler in user mode with the return register zero
 	 */
 	forkchild(p, up->dbgreg);
 
 	p->parent = up;
 	p->parentpid = up->pid;
 	if(flag&RFNOWAIT)
 		p->parentpid = 0;
 	else {
 		lock(&up->exl);
 		up->nchild++;
 		unlock(&up->exl);
 	}
 	if((flag&RFNOTEG) == 0)
 		p->noteid = up->noteid;
 
 	p->fpstate = up->fpstate;
 	pid = p->pid;
 	memset(p->time, 0, sizeof(p->time));
 	p->time[TReal] = msec();
 
 	kstrdup(&p->text, up->text);
 	kstrdup(&p->user, up->user);
 	/*
 	 *  since the bss/data segments are now shareable,
 	 *  any mmu info about this process is now stale
 	 *  (i.e. has bad properties) and has to be discarded.
 	 */
 	flushmmu();
 	p->basepri = up->basepri;
 	p->priority = up->basepri;
 	p->fixedpri = up->fixedpri;
 	p->mp = up->mp;
 	wm = up->wired;
 	if(wm)
 		procwired(p, wm->machno);
 	ready(p);
 	sched();
 	return pid;
 }
 
 static uint32
 l2be(uint32 l)
 {
 	uchar *cp;
 
 	cp = (uchar*)&l;
 	return (cp[0]<<24) | (cp[1]<<16) | (cp[2]<<8) | cp[3];
 }
 
 static char Echanged[] = "exec arguments changed underfoot";
 
 long
 sysexec(uint32 *arg)
 {
 	char *volatile elem, *volatile file, *ufile;
 	Chan *volatile tc;
 
 	/*
 	 * Open the file, remembering the final element and the full name.
 	 */
 	file = nil;
 	elem = nil;
 	tc = nil;
 	if(waserror()){
 		if(file)
 			free(file);
 		if(elem)
 			free(elem);
 		if(tc)
 			cclose(tc);
 		nexterror();
 	}
 
 	ufile = uvalidaddr(arg[0], 1, 0);
 	file = validnamedup(ufile, 1);
 	tc = namec(file, Aopen, OEXEC, 0);
 	kstrdup((char**)&elem, up->genbuf);
 
 	/*
 	 * Read the header.  If it's a #!, fill in progarg[] with info and repeat.
 	 */
 	int i, n, nprogarg;
 	char *progarg[sizeof(Exec)/2+1];
 	char *prog, *p;
 	char line[sizeof(Exec)+1];
 	Exec exec;
 
 	nprogarg = 0;
 	n = devtab[tc->type]->read(tc, &exec, sizeof(Exec), 0);
 	if(n < 2)
 		error(Ebadexec);
 	p = (char*)&exec;
 	if(p[0] == '#' && p[1] == '!'){
 		memmove(line, p, n);
 		nprogarg = shargs(line, n, progarg);
 		if(nprogarg == 0)
 			error(Ebadexec);
 		
 		/* The original file becomes an extra arg after #! line */
 		progarg[nprogarg++] = file;
 		
 		/*
 		 * Take the #! $0 as a file to open, and replace
 		 * $0 with the original path's name.
 		 */
 		prog = progarg[0];
 		progarg[0] = elem;
 		cclose(tc);
 		tc = nil;	/* in case namec errors out */
 		tc = namec(prog, Aopen, OEXEC, 0);
 		n = devtab[tc->type]->read(tc, &exec, sizeof(Exec), 0);
 		if(n < 2)
 			error(Ebadexec);
 	}
 
 	/* 
 	 * #! has had its chance, now we need a real binary
 	 */
 	uint32 magic, entry, text, etext, data, edata, bss, ebss;
 
 	magic = l2be(exec.magic);
 	if(n != sizeof(Exec) || l2be(exec.magic) != AOUT_MAGIC)
 		error(Ebadexec);
 
 	entry = l2be(exec.entry);
 	text = l2be(exec.text);
 	data = l2be(exec.data);
 	bss = l2be(exec.bss);
 	etext = ROUND(UTZERO+sizeof(Exec)+text, BY2PG);
 	edata = ROUND(etext + data, BY2PG);
 	ebss = ROUND(etext + data + bss, BY2PG);
 	
 //iprint("entry %#lux text %#lux data %#lux bss %#lux\n", entry, text, data, bss);
 //iprint("etext %#lux edata %#lux ebss %#lux\n", etext, edata, ebss);
 
 	if(entry < UTZERO+sizeof(Exec) || entry >= UTZERO+sizeof(Exec)+text)
 		error(Ebadexec);
 	
 	/* many overflow possibilities */
 	if(text >= USTKTOP || data >= USTKTOP || bss >= USTKTOP
 	|| etext >= USTKTOP || edata >= USTKTOP || ebss >= USTKTOP
 	|| etext >= USTKTOP || edata < etext || ebss < edata)
 		error(Ebadexec);
 
 	/*
 	 * Copy argv into new stack segment temporarily mapped elsewhere.
 	 * Be careful: multithreaded program could be changing argv during this.
 	 * Pass 1: count number of arguments, string bytes.
 	 */
 	int nargv, strbytes;
 	uint32 argp, ssize, spage;
 
 	strbytes = 0;
 	for(i=0; i<nprogarg; i++)
 		strbytes += strlen(progarg[i]) + 1;
 
 	argp = arg[1];
 	for(nargv=0;; nargv++, argp += BY2WD){
 		uint32 a;
 		char *str;
 
 		a = *(uint32*)uvalidaddr(argp, BY2WD, 0);
 		if(a == 0)
 			break;
 		str = uvalidaddr(a, 1, 0);
 		n = ((char*)vmemchr(str, 0, 0x7FFFFFFF) - str) + 1;
 		if(nprogarg > 0 && nargv == 0)
 			continue;	/* going to skip argv[0] on #! */
 		strbytes += n;
 	}
 	if(nargv == 0)
 		error("exec missing argv");
 
 	/* 
 	 * Skip over argv[0] if using #!.  Waited until now so that
 	 * string would still be checked for validity during loop.
 	 */
 	if(nprogarg > 0){
 		nargv--;
 		arg[1] += BY2WD;
 	}
 
 	ssize = BY2WD*((nprogarg+nargv)+1) + ROUND(strbytes, BY2WD) + sizeof(Tos);
 
 	/*
 	 * 8-byte align SP for those (e.g. sparc) that need it.
 	 * execregs() will subtract another 4 bytes for argc.
 	 */
 	if((ssize+4) & 7)
 		ssize += 4;
 	spage = (ssize+(BY2PG-1)) >> PGSHIFT;
 
 	/*
 	 * Pass 2: build the stack segment, being careful not to assume
 	 * that the counts from pass 1 are still valid.
 	 */
 	if(spage > TSTKSIZ)
 		error(Enovmem);
 
 	qlock(&up->seglock);
 	if(waserror()){
 		if(up->seg[ESEG]){
 			putseg(up->seg[ESEG]);
 			up->seg[ESEG] = nil;
 		}
 		qunlock(&up->seglock);
 		nexterror();
 	}
 	up->seg[ESEG] = newseg(SG_STACK, TSTKTOP-USTKSIZE, USTKSIZE/BY2PG);
 	flushmmu();	// Needed for Plan 9 VX  XXX really?
 
 	/*
 	 * Top-of-stack structure.
 	 */
 	uchar *uzero;
 	uzero = up->pmmu.uzero;
 	Tos *tos;
 	uint32 utos;
 	utos = USTKTOP - sizeof(Tos);
 	tos = (Tos*)(uzero + utos + TSTKTOP - USTKTOP);
 	tos->cyclefreq = m->cyclefreq;
 	cycles((uvlong*)&tos->pcycles);
 	tos->pcycles = -tos->pcycles;
 	tos->kcycles = tos->pcycles;
 	tos->clock = 0;
 
 	/*
 	 * Argument pointers and strings, together.
 	 */
 	char *bp, *ep;
 	uint32 *targp;
 	uint32 ustrp, uargp;
 
 	ustrp = utos - ROUND(strbytes, BY2WD);
 	uargp = ustrp - BY2WD*((nprogarg+nargv)+1);
 	bp = (char*)(uzero + ustrp + TSTKTOP - USTKTOP);
 	ep = bp + strbytes;
 	p = bp;
 	targp = (uint32*)(uzero + uargp + TSTKTOP - USTKTOP);
 	
 	/* #! args are trusted */
 	for(i=0; i<nprogarg; i++){
 		n = strlen(progarg[i]) + 1;
 		if(n  > ep - p)
 			error(Echanged);
 		memmove(p, progarg[i], n);
 		p += n;
 		*targp++ = ustrp;
 		ustrp += n;
 	}
 	
 	/* the rest are not */
 	argp = arg[1];
 	for(i=0; i<nargv; i++){
 		uint32 a;
 		char *str;
 		
 		a = *(uint32*)uvalidaddr(argp, BY2WD, 0);
 		argp += BY2WD;
 		
 		str = uvalidaddr(a, 1, 0);
 		n = ((char*)vmemchr(str, 0, 0x7FFFFFFF) - str) + 1;
 		if(n  > ep - p)
 			error(Echanged);
 		memmove(p, str, n);
 		p += n;
 		*targp++ = ustrp;
 		ustrp += n;
 	}
 
 	if(*(uint32*)uvalidaddr(argp, BY2WD, 0) != 0)
 		error(Echanged);	
 	*targp = 0;
 
 	/*
 	 * But wait, there's more: prepare an arg copy for up->args
 	 * using the copy we just made in the temporary segment.
 	 */
 	char *args;
 	int nargs;
 
 	n = p - bp;	/* includes NUL on last arg, so must be > 0 */
 	if(n <= 0)	/* nprogarg+nargv > 0; checked above */
 		error(Egreg);
 	if(n > 128)
 		n = 128;
 	args = smalloc(n);
 	if(waserror()){
 		free(args);
 		nexterror();
 	}
 	memmove(args, bp, n);
 	/* find beginning of UTF character boundary to place final NUL */
 	while(n > 0 && (args[n-1]&0xC0) == 0x80)
 		n--;
 	args[n-1] = '\0';
 	nargs = n;
 
 	/*
 	 * Now we're ready to commit.
 	 */
 	free(up->text);
 	up->text = elem;
 	free(up->args);
 	up->args = args;
 	up->nargs = n;
 	elem = nil;
 	poperror();	/* args */
 
 	/*
 	 * Free old memory.  Special segments maintained across exec.
 	 */
 	Segment *s;
 	for(i = SSEG; i <= BSEG; i++) {
 		putseg(up->seg[i]);
 		up->seg[i] = nil;	/* in case of error */
 	}
 	for(i = BSEG+1; i< NSEG; i++) {
 		s = up->seg[i];
 		if(s && (s->type&SG_CEXEC)) {
 			putseg(s);
 			up->seg[i] = nil;
 		}
 	}
 	
 	/*
 	 * Close on exec
 	 */
 	Fgrp *f;
 	f = up->fgrp;
 	for(i=0; i<=f->maxfd; i++)
 		fdclose(i, CCEXEC);
 
 	/* Text.  Shared. Attaches to cache image if possible */
 	/* attachimage returns a locked cache image */
 	Image *img;
 	Segment *ts;
 	img = attachimage(SG_TEXT|SG_RONLY, tc, UTZERO, (etext-UTZERO)>>PGSHIFT);
 	ts = img->s;
 	up->seg[TSEG] = ts;
 	ts->flushme = 1;
 	ts->fstart = 0;
 	ts->flen = sizeof(Exec)+text;
 	unlock(&img->ref.lk);
 
 	/* Data. Shared. */
 	s = newseg(SG_DATA, etext, (edata-etext)>>PGSHIFT);
 	up->seg[DSEG] = s;
 
 	/* Attached by hand */
 	incref(&img->ref);
 	s->image = img;
 	s->fstart = ts->fstart+ts->flen;
 	s->flen = data;
 
 	/* BSS. Zero fill on demand */
 	up->seg[BSEG] = newseg(SG_BSS, edata, (ebss-edata)>>PGSHIFT);
 
 	/*
 	 * Move the stack
 	 */
 	s = up->seg[ESEG];
 	up->seg[ESEG] = 0;
 	up->seg[SSEG] = s;
 	qunlock(&up->seglock);
 	poperror();	/* seglock */
 
 	s->base = USTKTOP-USTKSIZE;
 	s->top = USTKTOP;
 	relocateseg(s, USTKTOP-TSTKTOP);
 
 	/*
 	 *  '/' processes are higher priority (hack to make /ip more responsive).
 	 */
 	if(devtab[tc->type]->dc == L'/')
 		up->basepri = PriRoot;
 	up->priority = up->basepri;
 	poperror();	/* tc, elem, file */
 	cclose(tc);
 	free(file);
 	// elem is now up->text
 
 	/*
 	 *  At this point, the mmu contains info about the old address
 	 *  space and needs to be flushed
 	 */
 	flushmmu();
 	qlock(&up->debug);
 	up->nnote = 0;
 	up->notify = 0;
 	up->notified = 0;
 	up->privatemem = 0;
 	procsetup(up);
 	qunlock(&up->debug);
 	if(up->hang)
 		up->procctl = Proc_stopme;
 
 	return execregs(entry, USTKTOP - uargp, nprogarg+nargv);
 }
 
 int
 shargs(char *s, int n, char **ap)
 {
 	int i;
 
 	s += 2;
 	n -= 2;		/* skip #! */
 	for(i=0; s[i]!='\n'; i++)
 		if(i == n-1)
 			return 0;
 	s[i] = 0;
 	*ap = 0;
 	i = 0;
 	for(;;) {
 		while(*s==' ' || *s=='\t')
 			s++;
 		if(*s == 0)
 			break;
 		i++;
 		*ap++ = s;
 		*ap = 0;
 		while(*s && *s!=' ' && *s!='\t')
 			s++;
 		if(*s == 0)
 			break;
 		else
 			*s++ = 0;
 	}
 	return i;
 }
 
 int
 return0(void *v)
 {
 	return 0;
 }
 
 long
 syssleep(uint32 *arg)
 {
 
 	int n;
 
 	n = arg[0];
 	if(n <= 0) {
 		yield();
 		return 0;
 	}
 	if(n < TK2MS(1))
 		n = TK2MS(1);
 	tsleep(&up->sleep, return0, 0, n);
 	return 0;
 }
 
 long
 sysalarm(uint32 *arg)
 {
 	return procalarm(arg[0]);
 }
 
 long
 sysexits(uint32 *arg)
 {
 	char *status;
 	char *inval = "invalid exit string";
 	char buf[ERRMAX];
 
 	if(arg[0]){
 		if(waserror())
 			status = inval;
 		else{
 			status = uvalidaddr(arg[0], 1, 0);
 			if(vmemchr(status, 0, ERRMAX) == 0){
 				memmove(buf, status, ERRMAX);
 				buf[ERRMAX-1] = 0;
 				status = buf;
 			}
 			poperror();
 		}
 
 	}else
 		status = nil;
 	pexit(status, 1);
 	return 0;		/* not reached */
 }
 
 long
 sys_wait(uint32 *arg)
 {
 	int pid;
 	Waitmsg w;
 	OWaitmsg *ow;
 
 	if(arg[0] == 0)
 		return pwait(nil);
 
 	ow = uvalidaddr(arg[0], sizeof(OWaitmsg), 1);
 	evenaddr(arg[0]);
 	pid = pwait(&w);
 	if(pid >= 0){
 		readnum(0, ow->pid, NUMSIZE, w.pid, NUMSIZE);
 		readnum(0, ow->time+TUser*NUMSIZE, NUMSIZE, w.time[TUser], NUMSIZE);
 		readnum(0, ow->time+TSys*NUMSIZE, NUMSIZE, w.time[TSys], NUMSIZE);
 		readnum(0, ow->time+TReal*NUMSIZE, NUMSIZE, w.time[TReal], NUMSIZE);
 		strncpy(ow->msg, w.msg, sizeof(ow->msg));
 		ow->msg[sizeof(ow->msg)-1] = '\0';
 	}
 	return pid;
 }
 
 long
 sysawait(uint32 *arg)
 {
 	int i;
 	int pid;
 	Waitmsg w;
 	uint32 n;
 	char *buf;
 
 	n = arg[1];
 	buf = uvalidaddr(arg[0], n, 1);
 	pid = pwait(&w);
 	if(pid < 0)
 		return -1;
 	i = snprint(buf, n, "%d %lud %lud %lud %q",
 		w.pid,
 		w.time[TUser], w.time[TSys], w.time[TReal],
 		w.msg);
 
 	return i;
 }
 
 void
 werrstr(char *fmt, ...)
 {
 	va_list va;
 
 	if(up == nil)
 		return;
 
 	va_start(va, fmt);
 	vseprint(up->syserrstr, up->syserrstr+ERRMAX, fmt, va);
 	va_end(va);
 }
 
 static long
 generrstr(uint32 addr, uint nbuf)
 {
 	char tmp[ERRMAX];
 	char *buf;
 
 	if(nbuf == 0)
 		error(Ebadarg);
 	buf = uvalidaddr(addr, nbuf, 1);
 	if(nbuf > sizeof tmp)
 		nbuf = sizeof tmp;
 	memmove(tmp, buf, nbuf);
 
 	/* make sure it's NUL-terminated */
 	tmp[nbuf-1] = '\0';
 	memmove(buf, up->syserrstr, nbuf);
 	buf[nbuf-1] = '\0';
 	memmove(up->syserrstr, tmp, nbuf);
 	return 0;
 }
 
 long
 syserrstr(uint32 *arg)
 {
 	return generrstr(arg[0], arg[1]);
 }
 
 /* compatibility for old binaries */
 long
 sys_errstr(uint32 *arg)
 {
 	return generrstr(arg[0], 64);
 }
 
 long
 sysnotify(uint32 *arg)
 {
 	if(arg[0] != 0)
 		uvalidaddr(arg[0], 1, 0);
 	up->notify = arg[0];	/* checked again when used */
 	return 0;
 }
 
 long
 sysnoted(uint32 *arg)
 {
 	if(arg[0]!=NRSTR && !up->notified)
 		error(Egreg);
 	return 0;
 }
 
 long
 syssegbrk(uint32 *arg)
 {
 	int i;
 	uint32 addr;
 	Segment *s;
 
 	addr = arg[0];
 	for(i = 0; i < NSEG; i++) {
 		s = up->seg[i];
 		if(s == 0 || addr < s->base || addr >= s->top)
 			continue;
 		switch(s->type&SG_TYPE) {
 		case SG_TEXT:
 		case SG_DATA:
 		case SG_STACK:
 			error(Ebadarg);
 		default:
 			return ibrk(arg[1], i);
 		}
 	}
 
 	error(Ebadarg);
 	return 0;		/* not reached */
 }
 
 long
 syssegattach(uint32 *arg)
 {
 	return segattach(up, arg[0], uvalidaddr(arg[1], 1, 0), arg[2], arg[3]);
 }
 
 long
 syssegdetach(uint32 *arg)
 {
 	int i;
 	uint32 addr;
 	Segment *s;
 
 	qlock(&up->seglock);
 	if(waserror()){
 		qunlock(&up->seglock);
 		nexterror();
 	}
 
 	s = 0;
 	addr = arg[0];
 	for(i = 0; i < NSEG; i++)
 		if((s = up->seg[i])) {
 			qlock(&s->lk);
 			if((addr >= s->base && addr < s->top) ||
 			   (s->top == s->base && addr == s->base))
 				goto found;
 			qunlock(&s->lk);
 		}
 
 	error(Ebadarg);
 
 found:
 	/*
 	 * Check we are not detaching the initial stack segment.
 	 */
 	if(s == up->seg[SSEG]){
 		qunlock(&s->lk);
 		error(Ebadarg);
 	}
 	up->seg[i] = 0;
 	qunlock(&s->lk);
 	putseg(s);
 	qunlock(&up->seglock);
 	poperror();
 
 	/* Ensure we flush any entries from the lost segment */
 	flushmmu();
 	return 0;
 }
 
 long
 syssegfree(uint32 *arg)
 {
 	Segment *s;
 	uint32 from, to;
 
 	from = arg[0];
 	s = seg(up, from, 1);
 	if(s == nil)
 		error(Ebadarg);
 	to = (from + arg[1]) & ~(BY2PG-1);
 	from = PGROUND(from);
 
 	if(to > s->top) {
 		qunlock(&s->lk);
 		error(Ebadarg);
 	}
 
 	mfreeseg(s, from, (to - from) / BY2PG);
 	qunlock(&s->lk);
 	flushmmu();
 
 	return 0;
 }
 
 /* For binary compatibility */
 long
 sysbrk_(uint32 *arg)
 {
 	return ibrk(arg[0], BSEG);
 }
 
 long
 sysrendezvous(uint32 *arg)
 {
 	uintptr tag, val;
 	Proc *p, **l;
 
 	tag = arg[0];
 	l = &REND(up->rgrp, tag);
 	up->rendval = ~(uintptr)0;
 
 	lock(&up->rgrp->ref.lk);
 	for(p = *l; p; p = p->rendhash) {
 		if(p->rendtag == tag) {
 			*l = p->rendhash;
 			val = p->rendval;
 			p->rendval = arg[1];
 
 			while(p->mach != 0)
 				;
 			ready(p);
 			unlock(&up->rgrp->ref.lk);
 			return val;
 		}
 		l = &p->rendhash;
 	}
 
 	/* Going to sleep here */
 	up->rendtag = tag;
 	up->rendval = arg[1];
 	up->rendhash = *l;
 	*l = up;
 	up->state = Rendezvous;
 	unlock(&up->rgrp->ref.lk);
 
 	sched();
 
 	return up->rendval;
 }
 
 /*
  * The implementation of semaphores is complicated by needing
  * to avoid rescheduling in syssemrelease, so that it is safe
  * to call from real-time processes.  This means syssemrelease
  * cannot acquire any qlocks, only spin locks.
  * 
  * Semacquire and semrelease must both manipulate the semaphore
  * wait list.  Lock-free linked lists only exist in theory, not
  * in practice, so the wait list is protected by a spin lock.
  * 
  * The semaphore value *addr is stored in user memory, so it
  * cannot be read or written while holding spin locks.
  * 
  * Thus, we can access the list only when holding the lock, and
  * we can access the semaphore only when not holding the lock.
  * This makes things interesting.  Note that sleep's condition function
  * is called while holding two locks - r and up->rlock - so it cannot
  * access the semaphore value either.
  * 
  * An acquirer announces its intention to try for the semaphore
  * by putting a Sema structure onto the wait list and then
  * setting Sema.waiting.  After one last check of semaphore,
  * the acquirer sleeps until Sema.waiting==0.  A releaser of n
  * must wake up n acquirers who have Sema.waiting set.  It does
  * this by clearing Sema.waiting and then calling wakeup.
  * 
  * There are three interesting races here.  
  
  * The first is that in this particular sleep/wakeup usage, a single
  * wakeup can rouse a process from two consecutive sleeps!  
  * The ordering is:
  * 
  * 	(a) set Sema.waiting = 1
  * 	(a) call sleep
  * 	(b) set Sema.waiting = 0
  * 	(a) check Sema.waiting inside sleep, return w/o sleeping
  * 	(a) try for semaphore, fail
  * 	(a) set Sema.waiting = 1
  * 	(a) call sleep
  * 	(b) call wakeup(a)
  * 	(a) wake up again
  * 
  * This is okay - semacquire will just go around the loop
  * again.  It does mean that at the top of the for(;;) loop in
  * semacquire, phore.waiting might already be set to 1.
  * 
  * The second is that a releaser might wake an acquirer who is
  * interrupted before he can acquire the lock.  Since
  * release(n) issues only n wakeup calls -- only n can be used
  * anyway -- if the interrupted process is not going to use his
  * wakeup call he must pass it on to another acquirer.
  * 
  * The third race is similar to the second but more subtle.  An
  * acquirer sets waiting=1 and then does a final canacquire()
  * before going to sleep.  The opposite order would result in
  * missing wakeups that happen between canacquire and
  * waiting=1.  (In fact, the whole point of Sema.waiting is to
  * avoid missing wakeups between canacquire() and sleep().) But
  * there can be spurious wakeups between a successful
  * canacquire() and the following semdequeue().  This wakeup is
  * not useful to the acquirer, since he has already acquired
  * the semaphore.  Like in the previous case, though, the
  * acquirer must pass the wakeup call along.
  * 
  * This is all rather subtle.  The code below has been verified
  * with the spin model /sys/src/9/port/semaphore.p.  The
  * original code anticipated the second race but not the first
  * or third, which were caught only with spin.  The first race
  * is mentioned in /sys/doc/sleep.ps, but I'd forgotten about it.
  * It was lucky that my abstract model of sleep/wakeup still managed
  * to preserve that behavior.
  *
  * I remain slightly concerned about memory coherence
  * outside of locks.  The spin model does not take 
  * queued processor writes into account so we have to
  * think hard.  The only variables accessed outside locks
  * are the semaphore value itself and the boolean flag
  * Sema.waiting.  The value is only accessed with cmpswap,
  * whose job description includes doing the right thing as
  * far as memory coherence across processors.  That leaves
  * Sema.waiting.  To handle it, we call coherence() before each
  * read and after each write.		- rsc
  */
 
 /* Add semaphore p with addr a to list in seg. */
 static void
 semqueue(Segment *s, long *a, Sema *p)
 {
 	memset(p, 0, sizeof *p);
 	p->addr = a;
 	lock(&s->sema.rendez.lk);	/* uses s->sema.Rendez.Lock, but no one else is */
 	p->next = &s->sema;
 	p->prev = s->sema.prev;
 	p->next->prev = p;
 	p->prev->next = p;
 	unlock(&s->sema.rendez.lk);
 }
 
 /* Remove semaphore p from list in seg. */
 static void
 semdequeue(Segment *s, Sema *p)
 {
 	lock(&s->sema.rendez.lk);
 	p->next->prev = p->prev;
 	p->prev->next = p->next;
 	unlock(&s->sema.rendez.lk);
 }
 
 /* Wake up n waiters with addr a on list in seg. */
 static void
 semwakeup(Segment *s, long *a, long n)
 {
 	Sema *p;
 	
 	lock(&s->sema.rendez.lk);
 	for(p=s->sema.next; p!=&s->sema && n>0; p=p->next){
 		if(p->addr == a && p->waiting){
 			p->waiting = 0;
 			coherence();
 			wakeup(&p->rendez);
 			n--;
 		}
 	}
 	unlock(&s->sema.rendez.lk);
 }
 
 /* Add delta to semaphore and wake up waiters as appropriate. */
 static long
 semrelease(Segment *s, long *addr, long delta)
 {
 	long value;
 
 	do
 		value = *addr;
 	while(!cmpswap(addr, value, value+delta));
 	semwakeup(s, addr, delta);
 	return value+delta;
 }
 
 /* Try to acquire semaphore using compare-and-swap */
 static int
 canacquire(long *addr)
 {
 	long value;
 	
 	while((value=*addr) > 0)
 		if(cmpswap(addr, value, value-1))
 			return 1;
 	return 0;
 }		
 
 /* Should we wake up? */
 static int
 semawoke(void *p)
 {
 	coherence();
 	return !((Sema*)p)->waiting;
 }
 
 /* Acquire semaphore (subtract 1). */
 static int
 semacquire(Segment *s, long *addr, int block)
 {
 	int acquired;
 	Sema phore;
 
 	if(canacquire(addr))
 		return 1;
 	if(!block)
 		return 0;
 
 	acquired = 0;
 	semqueue(s, addr, &phore);
 	for(;;){
 		phore.waiting = 1;
 		coherence();
 		if(canacquire(addr)){
 			acquired = 1;
 			break;
 		}
 		if(waserror())
 			break;
 		sleep(&phore.rendez, semawoke, &phore);
 		poperror();
 	}
 	semdequeue(s, &phore);
 	coherence();	/* not strictly necessary due to lock in semdequeue */
 	if(!phore.waiting)
 		semwakeup(s, addr, 1);
 	if(!acquired)
 		nexterror();
 	return 1;
 }
 
 long
 syssemacquire(uint32 *arg)
 {
 	int block;
 	long *addr;
 	Segment *s;
 
 	addr = uvalidaddr(arg[0], sizeof(long), 1);
 	evenaddr(arg[0]);
 	block = arg[1];
 	
 	if((s = seg(up, arg[0], 0)) == nil)
 		error(Ebadarg);
 	if(*addr < 0)
 		error(Ebadarg);
 	return semacquire(s, addr, block);
 }
 
 long
 syssemrelease(uint32 *arg)
 {
 	long *addr, delta;
 	Segment *s;
 
 	addr = uvalidaddr(arg[0], sizeof(long), 1);
 	evenaddr(arg[0]);
 	delta = arg[1];
 
 	if((s = seg(up, arg[0], 0)) == nil)
 		error(Ebadarg);
 	if(delta < 0 || *addr < 0)
 		error(Ebadarg);
 	return semrelease(s, addr, arg[1]);
 }