Unification of native_capability.h

This patch establishes the sole use of generic headers across all
kernels. The common 'native_capability.h' is based on the version of
base-sel4. All traditional L4 kernels and Linux use the same
implementation of the capability-lifetime management. On base-hw, NOVA,
Fiasco.OC, and seL4, custom implementations (based on their original
mechanisms) are used, with the potential to unify them further in the
future.

This change achieves binary compatibility of dynamically linked programs
across all kernels.

Furthermore, the patch introduces a Native_capability::print method,
which allows the easy output of the kernel-specific capability
representation using the base/log.h API.

Issue #1993

repos/base-foc/src/lib/base/cap_map.cc

@@ -14,19 +14,15 @@
  */
 
 /* Genode includes */
-#include <base/cap_map.h>
-#include <base/native_capability.h>
-
 #include <util/assert.h>
+#include <base/log.h>
 
 /* base-internal includes */
 #include <base/internal/spin_lock.h>
+#include <base/internal/cap_map.h>
 
 /* kernel includes */
-namespace Fiasco {
-#include <l4/sys/consts.h>
-#include <l4/sys/task.h>
-}
+#include <foc/capability_space.h>
 
 
 /***********************
@@ -50,7 +46,7 @@ Genode::Cap_index* Genode::Cap_index::find_by_id(Genode::uint16_t id)
 }
 
 
-Genode::addr_t Genode::Cap_index::kcap() {
+Genode::addr_t Genode::Cap_index::kcap() const {
 	return cap_idx_alloc()->idx_to_kcap(this); }
 
 
@@ -181,3 +177,28 @@ Genode::Capability_map* Genode::cap_map()
 	static Genode::Capability_map map;
 	return &map;
 }
+
+
+/**********************
+ ** Capability_space **
+ **********************/
+
+Fiasco::l4_cap_idx_t Genode::Capability_space::alloc_kcap()
+{
+	return cap_idx_alloc()->alloc_range(1)->kcap();
+}
+
+
+void Genode::Capability_space::free_kcap(Fiasco::l4_cap_idx_t kcap)
+{
+	Genode::Cap_index* idx = Genode::cap_idx_alloc()->kcap_to_idx(kcap);
+	Genode::cap_idx_alloc()->free(idx, 1);
+}
+
+
+Fiasco::l4_cap_idx_t Genode::Capability_space::kcap(Native_capability cap)
+{
+	if (cap.data() == nullptr)
+		Genode::raw("Native_capability data is NULL!");
+	return cap.data()->kcap();
+}

repos/base-foc/src/lib/base/cap_map_remove.cc

@@ -13,7 +13,7 @@
  * under the terms of the GNU General Public License version 2.
  */
 
-#include <base/cap_map.h>
+#include <base/internal/cap_map.h>
 
 void Genode::Capability_map::remove(Genode::Cap_index* i)
 {

repos/base-foc/src/lib/base/capability.cc

@@ -0,0 +1,72 @@
+/*
+ * \brief  Capability lifetime management
+ * \author Norman Feske
+ * \date   2015-05-06
+ */
+
+/*
+ * Copyright (C) 2015 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+/* Fiasco includes */
+namespace Fiasco {
+#include <l4/sys/types.h>
+}
+
+/* base-internal includes */
+#include <base/internal/cap_map.h>
+#include <base/internal/capability_data.h>
+
+using namespace Genode;
+
+
+Native_capability::Native_capability() { }
+
+
+void Native_capability::_inc()
+{
+	if (_data)
+		_data->inc();
+}
+
+
+void Native_capability::_dec()
+{
+	if (_data && !_data->dec())
+		cap_map()->remove(_data);
+}
+
+
+long Native_capability::local_name() const
+{
+	return _data ? _data->id() : 0;
+}
+
+
+bool Native_capability::valid() const
+{
+	return (_data != 0) && _data->valid();
+}
+
+
+Native_capability::Raw Native_capability::raw() const
+{
+	return { (unsigned long)local_name(), 0, 0, 0 };
+}
+
+
+void Native_capability::print(Genode::Output &out) const
+{
+	using Genode::print;
+
+	print(out, "cap<");
+	if (_data) {
+		print(out, "kcap=", Hex(_data->kcap()), ",key=", (unsigned)_data->id());
+	} else {
+		print(out, "invalid");
+	}
+	print(out, ">");
+}

repos/base-foc/src/lib/base/ipc.cc

@@ -32,6 +32,7 @@
 #include <base/internal/lock_helper.h> /* for 'thread_get_my_native_id()' */
 #include <base/internal/ipc_server.h>
 #include <base/internal/native_utcb.h>
+#include <base/internal/cap_map.h>
 
 /* Fiasco.OC includes */
 namespace Fiasco {
@@ -168,8 +169,8 @@ static unsigned long extract_msg_from_utcb(l4_msgtag_t     tag,
 	 */
 	for (unsigned i = 0; i < num_caps; i++) {
 		if (caps[i].valid) {
-			rcv_msg.insert(Native_capability(cap_map()->insert_map(caps[i].badge,
-			                                                       caps[i].sel)));
+			rcv_msg.insert(Native_capability(*cap_map()->insert_map(caps[i].badge,
+			                                                        caps[i].sel)));
 		} else {
 			rcv_msg.insert(Native_capability());
 		}
@@ -200,7 +201,7 @@ static l4_msgtag_t copy_msgbuf_to_utcb(Msgbuf_base &snd_msg,
 		if (!cap.valid())
 			continue;
 
-		if (!l4_msgtag_label(l4_task_cap_valid(L4_BASE_TASK_CAP, cap.dst())))
+		if (!l4_msgtag_label(l4_task_cap_valid(L4_BASE_TASK_CAP, cap.data()->kcap())))
 			cap = Native_capability();
 	}
 
@@ -217,7 +218,7 @@ static l4_msgtag_t copy_msgbuf_to_utcb(Msgbuf_base &snd_msg,
 		if (cap.valid()) {
 			caps[i].valid = true;
 			caps[i].badge = cap.local_name();
-			caps[i].sel   = cap.dst();
+			caps[i].sel   = cap.data()->kcap();
 		}
 	}
 
@@ -285,8 +286,11 @@ Rpc_exception_code Genode::ipc_call(Native_capability dst,
 		rcv_cap_sel += L4_CAP_SIZE;
 	}
 
+	if (!dst.valid())
+		throw Genode::Ipc_error();
+
 	l4_msgtag_t const reply_tag =
-		l4_ipc_call(dst.dst(), l4_utcb(), call_tag, L4_IPC_NEVER);
+		l4_ipc_call(dst.data()->kcap(), l4_utcb(), call_tag, L4_IPC_NEVER);
 
 	if (l4_ipc_error(reply_tag, l4_utcb()) == L4_IPC_RECANCELED)
 		throw Genode::Blocking_canceled();
@@ -370,10 +374,40 @@ Genode::Rpc_request Genode::ipc_reply_wait(Reply_capability const &last_caller,
 
 Ipc_server::Ipc_server()
 :
-	Native_capability((Cap_index*)Fiasco::l4_utcb_tcr()->user[Fiasco::UTCB_TCR_BADGE])
+	Native_capability(*(Cap_index*)Fiasco::l4_utcb_tcr()->user[Fiasco::UTCB_TCR_BADGE])
 {
 	Thread::myself()->native_thread().rcv_window.init();
 }
 
 
 Ipc_server::~Ipc_server() { }
+
+
+/********************
+ ** Receive_window **
+ ********************/
+
+Receive_window::~Receive_window()
+{
+	if (_rcv_idx_base)
+		cap_idx_alloc()->free(_rcv_idx_base, MAX_CAPS_PER_MSG);
+}
+
+
+void Receive_window::init()
+{
+	_rcv_idx_base = cap_idx_alloc()->alloc_range(MAX_CAPS_PER_MSG);
+}
+
+
+addr_t Receive_window::rcv_cap_sel_base()
+{
+	return _rcv_idx_base->kcap();
+}
+
+
+addr_t Receive_window::rcv_cap_sel(unsigned i)
+{
+	return rcv_cap_sel_base() + i*Fiasco::L4_CAP_SIZE;
+}
+

repos/base-foc/src/lib/base/signal_source_client.cc

@@ -0,0 +1,77 @@
+/*
+ * \brief  Fiasco.OC-specific signal-source client interface
+ * \author Norman Feske
+ * \author Stefan Kalkowski
+ * \date   2010-02-03
+ */
+
+/*
+ * Copyright (C) 2011-2013 Genode Labs GmbH
+ *
+ * This file is part of the Genode OS framework, which is distributed
+ * under the terms of the GNU General Public License version 2.
+ */
+
+/* Genode includes */
+#include <signal_source/client.h>
+#include <base/thread.h>
+#include <base/log.h>
+
+/* base-internal includes */
+#include <base/internal/capability_data.h>
+#include <base/internal/native_thread.h>
+
+/* Fiasco includes */
+namespace Fiasco {
+#include <l4/sys/irq.h>
+}
+
+using namespace Genode;
+
+
+Signal_source_client::Signal_source_client(Capability<Signal_source> cap)
+:
+	Rpc_client<Foc_signal_source>(static_cap_cast<Foc_signal_source>(cap))
+{
+	using namespace Fiasco;
+
+	/* request mapping of semaphore capability selector */
+	_sem = call<Rpc_request_semaphore>();
+
+	l4_msgtag_t tag = l4_irq_attach(_sem.data()->kcap(), 0,
+	 Thread::myself()->native_thread().kcap);
+	if (l4_error(tag))
+		Genode::raw("l4_irq_attach failed with ", l4_error(tag));
+}
+
+
+Signal_source_client::~Signal_source_client()
+{
+	Fiasco::l4_irq_detach(_sem.data()->kcap());
+}
+
+
+__attribute__((optimize("-fno-omit-frame-pointer")))
+__attribute__((noinline))
+Signal_source_client::Signal Signal_source_client::wait_for_signal()
+{
+	using namespace Fiasco;
+
+	Signal signal;
+	do {
+
+		/* block on semaphore until signal context was submitted */
+		l4_irq_receive(_sem.data()->kcap(), L4_IPC_NEVER);
+
+		/*
+		 * The following request will return immediately and either
+		 * return a valid or a null signal. The latter may happen in
+		 * the case a submitted signal context was destroyed (by the
+		 * submitter) before we have a chance to raise our request.
+		 */
+		signal = call<Rpc_wait_for_signal>();
+
+	} while (!signal.imprint());
+
+	return signal;
+}

repos/base-foc/src/lib/base/spin_lock.cc

@@ -13,10 +13,8 @@
  * under the terms of the GNU General Public License version 2.
  */
 
-/* Genode includes */
-#include <base/cap_map.h>
-
 /* base-internal includes */
+#include <base/internal/cap_map.h>
 #include <base/internal/spin_lock.h>
 
 

repos/base-foc/src/lib/base/thread_bootstrap.cc

@@ -20,6 +20,7 @@
 
 /* base-internal includes */
 #include <base/internal/native_utcb.h>
+#include <base/internal/cap_map.h>
 
 
 /*****************************

repos/base-foc/src/lib/base/thread_start.cc

@@ -23,6 +23,7 @@
 
 /* base-internal includes */
 #include <base/internal/stack.h>
+#include <base/internal/cap_map.h>
 
 /* Fiasco includes */
 namespace Fiasco {