The new 'Local_rm' type offers a narrow interface for the interaction
with the component-local address space, managing the lifetime of
attachments by using the 'Allocation' API.
Fixes#5516
This catches bugs early on. E.g., when leaving an 'Allocation'
unused, it gets immediately deallocated, which is most probably not
intended. For regular 'Attempt' objects, this change encourages
the proper propagation of errors, or at least the logging of unexpected
conditions.
Fixes#5513
This patch converts the memory-allocator interfaces ('Allocator',
'Range_allocator') and their implementations ('Heap', 'Sliced heap',
'Slab', 'Allocator_avl', 'Synced_allocator') to the new 'Allocation'
utility. The new interface resides at base/memory.h whereas the
traditional allocators implement the new interface.
Down the road, the traditional allocators can successively be decoupled
from the traditional 'Allocator' and 'Range_allocator' interfaces.
Issue #5502
Issue #5245
The new types in base/ram.h model different allocation scenarios and
error cases by mere C++ types without using exceptions. They are meant
to replace the former 'Ram_allocator' interface. As of now, the
'Unmapped_allocator' closely captures the former 'Ram_allocator'
semantics. The 'Constrained_allocator' is currently an alias for
'Unmapped_allocator' but is designated for eventually allocating
mapped RAM.
In contrast to the 'Ram_allocator' interface, which talked about
dataspace capabilites but left the lifetime management of the
allocated RAM to the caller, the new API represents an allocation
as a guard type 'Allocation', which deallocates on destruction by
default.
Allocation errors are captured by a 'Result' type that follows
the 'Attempt' pattern.
As a transitionary feature, the patch largely maintains API
compatibility with the original 'Ram_allocator' by providing
the original (exception-based) 'Ram_allocator::alloc' and
'Ram_allocator::free' methods as a wrapper around the new
'Ram::Constrained_allocator'. So components can be gradually
updated to the new 'Ram::' interface.
Issue #5502
After constructed, a 'Thread' object may remain in a dysfunctional state
should the stack allocation have failed. This condition is no longer
reflected as a C++ exception but as result value of 'Thread::info()'.
Keep 'Thread::name' as public constant because the stack is not always
available for storing the name.
The 'stack_top' accessor has been removed because this information is
already provided by 'Thread::info()'.
Issue #5245
With this patch, the 'Pd_session' interface no longer implements the
'Ram_allocator' interface, which allows us to change the
'Genode::Ram_allocator' semantics (as a subsequent step) without
affecting core's PD service.
The patch also replaces the client-local implementation of
'Pd_session_client::dataspace_size' by the proper RPC call 'ram_size' to
core, which mitigates the potential risk of de-referencing a dataspace
cap of an untrusted origin. E.g., in scenarios where the monitor
component requests the size of a dataspace allocated by the debugging
target.
Since 'ram_size' is an RPC call, it cannot be const. Hence, the
'Ram_alloctor::dataspace_size' has become non-const.
The new 'Pd_ram_allocator' implements the 'Ram_allocator' interface by
using a PD session.
Issue #5502
With planned removal of Thread:: exceptions, we need to consider that a
'Thread' object may exist without a valid 'Stack' and therefore without
a valid 'Native_thread', which is hosted as part of the 'Stack'.
This patch reworks the code that accesses the 'Native_thread' to use the
new 'Thread::with_native_thread' interface. Within the local scope,
the native thread is referred to as 'nt'.
The _init_platform_thread and _deinit_platform_thread() have been
replaced by _init_native_thread and _deinit_native_thread, which take
a 'Stack &' as argument.
As a safety caution, 'Native_thread' objects can no longer be copied.
Issue #5245
This patch replaces the use of 'core_env()' in 'platform_services.cc' by
the function arguments 'core_ram', 'core_rm', and 'io_port_ranges'.
It also removes the 'Pd_session' argument from 'Io_port_root' and
'Irq_root' to avoid the reliance on the 'Pd_session' interface within
core,
Issue #5408
Replace the use of the global 'core_env()' accessor by the explicit
delegation of interfaces.
- For allocating UTCBs in base-hw, 'Platform_thread' requires
a way to allocate dataspaces ('Ram_allocator') accounted to the
corresponding CPU session, a way to locally map the allocated
dataspaces (core's 'Region_map'), and a way to determine the
physical address (via 'Rpc_entrypoint') used for the initial
UTCB mapping of main threads. Hence those interfaces must be
passed to 'Platform_thread'.
- NOVA's pager code needs to look up 'Cpu_thread_component'
objects using a map item as key. The lookup requires the
'Rpc_entrypoint' that hold the 'Cpu_thread_component' objects.
To make this 'Rpc_entrypoint' available, this patch adds
the 'init_page_fault_handing' function.
- The 'Region_map_mmap' for Linux requires a way to look up
'Linux_dataspace' objects for given dataspace capabilities.
This lookup requires the 'Rpc_entrypoint' holding the dataspaces,
which is now passed to 'platform.cc' via the new Linux-specific
'Core_region_map::init' function.
Issue #5408
`Vm_session_component::create_vcpu()` is present across all supported
kernels, yet until now it was not part of the `Vm_session` interface.
Add the method to the `Vm_session` interface. This unifies calls in the
base library and is the basis to remove the need for a common base class
for separate `Vm_session` implementations for SVM and VMX on x86_64.
Issue #5221
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.
It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.
The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.
Related to #5256
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'
Issue #5245Fixes#5070
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.
Issue #5245
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.
Issue #5245Fixes#5250
Remove the "excellent" idea to re-open /dev/stdout etc. for redirection as
cmake uses open(O_TRUNC) and, thus, truncates log output of outer
redirections.
By adding the `irq_type` argument, one can explicitly specify whether to
use LEGACY, MSI or MSI-X interrupts. We formerly used the
`device_phys_config` to implicitly select MSI, however, with the
addition of IOMMU support to the platform driver there is at least one
instance where we need an MSI for a non-PCI device.
Yet, by adding another session argument to the Irq session, we exceed
the character limit for session args. Since not all arguments are
relevant for LEGACY interrupts resp. MSI, we can split the Irq_connection
constructor to handle the two cases separately and omit unneeded
arguments.
genodelabs/genode#5002
