Commit Graph

9135 Commits

Author SHA1 Message Date
Christian Prochaska
cf9610a958 Implement RAM accounting 2012-05-02 16:54:18 +02:00
Norman Feske
bcf6714eff Re-implementation of the loader service, ref #187
The original loader service was primarily motivated by the
browser-plugin scenario presented on our live CD. The new version
implements a more general session interface, which widens the
application scope of the service and, at the same time, reduces its
implementation complexity.

The complexity reduction is achieved by removing the original limitation
of supplying the new sub system as a single binary blob only. The server
used to implement heuristics and functionality for dealing with
different kinds of blobs such as ELF images or TAR archives. This has
been replaced by a session-local ROM service, which can be equipped with
an arbitrary number of ROM modules supplied by the loader client prior
starting the new sub system. Even though the TAR support has been
removed, a separate instance of the 'tar_rom' service can be used within
the subsystem to provide the formerly built-in functionality.
2012-05-02 16:54:18 +02:00
Norman Feske
e9814e0692 News item about GSoC participation 2012-04-25 11:33:59 +02:00
Norman Feske
5bedeef814 Simplify use of namespace Genode within Noux 2012-04-23 20:43:43 +02:00
Christian Prochaska
4c4d4e5c63 Fix printing of signed numbers
If any operand of the '?' operator is of an unsigned type, the result
is unsigned by default. Thanks to Julian Stecklina for finding
this out.

Fixes #189.
2012-04-23 15:35:01 +02:00
Christian Prochaska
2f2fd33d96 Explicitly use qemu-system-i386 rather than qemu 2012-04-23 15:32:59 +02:00
Christian Prochaska
93faa9a36f Config option for GDB monitor RAM preservation
This patch allows to configure the amount of RAM that GDB monitor should
preserve for itself. The configuration syntax looks as follows:

<start name="gdb_monitor">
    <resource name="RAM" quantum="1G"/>
    <config>
        <target name="noux">
        <preserve name="RAM" quantum="2M"/>
        ...
    </config>
</start>

Fixes #190.
2012-04-23 15:32:22 +02:00
Martin Stein
3236395e6a Check ownership when freeing RAM dataspaces 2012-04-20 18:39:48 +02:00
Martin Stein
d6f956e37e Test for enforcing dataspace ownership 2012-04-20 18:38:44 +02:00
Norman Feske
88aab61e09 Mechanism for using chroot on Linux
The new 'chroot' tool at 'os/src/app/chroot' allows for executing
subsystems within chroot jails on Linux. For using the tool, please
refer to the test case 'os/run/chroot.run'. Fixes #37
2012-04-20 11:21:24 +02:00
Christian Prochaska
48d547e2fd Enable SDL thread support
This patch enables the use of threads and locking mechanisms in SDL
applications. The 'pthread' libary is used as backend. Not all features
are currently supported.

Fixes #185.
2012-04-20 11:21:24 +02:00
Christian Prochaska
7a369bc74d Add an 'executable' flag to 'Rm_session::attach()'
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.

Partially fixes #176.
2012-04-20 11:21:19 +02:00
Christian Prochaska
de92956220 Read 'main()' function arguments from config file
This patch reads program arguments from the config file and makes them
available to the application via the 'argc' and 'argv' arguments of the
'main()' function. The configuration syntax looks like this:

<config>
	<arg value="...">
	<arg value="...">
        ...
</config>

The 'value' attribute of the first <arg> node becomes 'argv[0]' and so on.

Fixes #184.
2012-04-20 08:31:40 +02:00
Martin Stein
afe996df74 Handle the case that init has no children
Fixes #183
2012-04-19 19:04:33 +02:00
Norman Feske
cb9b2724de Simplify use of custom data-flow signal handlers 2012-04-17 11:08:52 +02:00
Norman Feske
8b96f44003 Add const qualifiers, minor style fixes 2012-04-17 11:08:40 +02:00
Christian Prochaska
b81bea845d GDB monitor target configuration test 2012-04-16 19:04:42 +02:00
Christian Prochaska
674e898af3 Pass config to child of GDB monitor
With this patch GDB monitor provides a 'config' file to the target. Its
content can be defined in the <config> sub node of the <target> XML node.

Fixes #179.
2012-04-16 19:01:56 +02:00
Christian Prochaska
ff3e08f9ea POSIX threads and semaphores
This patch implements a subset of the POSIX thread and semaphore functions
in the 'pthread' library.

Fixes #174.
2012-04-16 12:16:40 +02:00
Christian Prochaska
dd0ef3403f Limit core's ROM fs to current directory on Linux
This patch limits core's ROM file system to the current working directory
on Linux by rejecting file names which contain forward slashes.

Fixes #175.
2012-04-16 12:16:12 +02:00
Stefan Kalkowski
d1cc263427 Fix Fiasco.OC's build-system (fix #177)
Apply the patch posted by Christian Helmuth to the l4-hackers mailing list
when doing `make prepare` in base-foc.
2012-04-16 12:15:31 +02:00
Norman Feske
de2723c794 Heuristics for determining python2 for OKL4 2012-04-16 11:49:44 +02:00
Norman Feske
5bf5aa5e32 News item about dynamic re-configuration 2012-04-11 11:58:20 +02:00
Norman Feske
9a00ad7ae3 Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.

Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.

To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.

In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.

The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).

An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-05 11:25:26 +02:00
Norman Feske
ba248fe554 Add swap and realloc to 'Attached_ram_dataspace'
The new 'swap' and 'realloc' functions are needed in scenarios where
'Attached_ram_dataspace' is used to implement double buffering. The
particular use case is the implementation of dynamic ROM sessions.
2012-04-05 10:40:46 +02:00
Norman Feske
abb5a8a329 Skip building Arora if Qt4 repo is not present 2012-04-05 10:40:46 +02:00
Christian Prochaska
df95b8b2b4 Add 'Qoost' to libports
Fixes #173.
2012-04-05 10:40:46 +02:00
Norman Feske
63827dda00 Heuristics for determining python2 binary 2012-04-05 10:40:46 +02:00
Norman Feske
f150b00c0d Spelling fix 2012-04-04 17:03:34 +02:00
Norman Feske
92cd9e57b9 Fix compile warning 2012-04-04 11:07:15 +02:00
Norman Feske
5f9fdde337 Streamlined 'noux_bash.run' for faster build 2012-03-31 16:28:22 +02:00
Christian Prochaska
d6caa73c13 Fix a compile error reported by GCC 4.7.0 2012-03-30 19:55:56 +02:00
Ivan Loskutov
fa4935627a Fix error for 7th argument call_member 2012-03-30 19:55:55 +02:00
Stefan Kalkowski
fc8a24129b Fix broken links of genode.org 2012-03-30 19:55:55 +02:00
Ivan Loskutov
59221f9c17 Fix misprint 2012-03-30 19:47:35 +02:00
Stefan Kalkowski
ccebaa3802 Fiasco.OC: fix race while pager_object destruction
When the pager gets a pagefault, exception, pause, or wakeup request it's
always possible, that the corresponding thread gets destroyed between
receiving the message and looking up the thread's pager_object. This commit
unifies the check for a valid pager_object for each kind of requests to the
pager, thereby adds currently missing checks.
2012-03-28 20:15:15 +02:00
Norman Feske
75aba75ff8 Support proper shadowing of target.mk files
The build system overlays multiple source trees (repositories) such that
they can shadow libraries and include search paths. This patch extends
the shadowing concept to build targets. Furthermore, it streamlines the
build stage for generating library depenencies, reducing the processing
time of this stage by 10-20 percent. Fixes #165.
2012-03-28 20:14:54 +02:00
Norman Feske
37bf298b37 Move 'test/cap_integrity/foc' to 'base-foc' 2012-03-28 16:28:15 +02:00
Norman Feske
d6e30c19de Replace 'Native_capability::copy_to' by accessor
The 'copy_to' function turned out to be not flexible enough to
accommodate the Noux fork mechanism. This patch removes the function,
adds an accessor for the capability destination and a compound type
'Native_capability::Raw' to be used wherever plain capability
information must be communicated.
2012-03-28 09:58:51 +02:00
Norman Feske
22084dbfa5 Ignore suspicious wake-up messages on OKL4 2012-03-26 17:00:06 +02:00
Norman Feske
8bd02a5333 Let Noux deliver EOF when pressing control-d 2012-03-26 17:00:06 +02:00
Norman Feske
08d4e68db1 Add VIM to 'noux_bash.run' 2012-03-26 17:00:06 +02:00
Stefan Kalkowski
76c106dac0 Fiasco.OC: prevent first exception in ldso apps
In applications that use ldso the main_thread_bootstrap() function is called
twice which results in the main thread's gate-capability to be inserted twice
in the Capability_map which results in an exception. Unfortunately at least
on ARM this exception cannot be handled that early, so this commit prevents
the exception by checking, whether the capability is inserted already or not.
Fixes #164.
2012-03-26 16:59:23 +02:00
Stefan Kalkowski
9a9f49b65c Fiasco.OC: sanity-check cap insertion. (fix #166)
When constructing a thread object its capability is inserted into the
capability map. Normally this is done by the ipc-unmarshalling code, but
in this case the thread-capability isn't transfered via normal IPC, but in
a special form via the thread_state object. In contrast to the unmarshalling
code, the thread-startup code doesn't check, whether the capability-map
already contains a deprecated entry with the same capability id before
inserting the thread's capability. This commit add the necessary check.

Moreover, a check is added to the insertion methods of the capability-map
to verify that capability-allocation didn't failed.
2012-03-26 15:06:26 +02:00
Stefan Kalkowski
89db981280 Fix race when removing Cap_index (fix #163)
Removing a Cap_index from Capability_map in core can happen twice, via
Cap_session_component or destructor of a Cap_mapping. That it's checked
whether the index is part of the map before removing it. This patch puts
the check into the remove method, so both operations are within the same
lock context, to remove a race condition.

This is a follow up fix for commit d287b9d893
2012-03-23 18:26:33 +01:00
Stefan Kalkowski
c1e6657f49 Rewrite cap_integrity test for Fiasco.OC (fix #161)
By commit d287b9d893 the Native_capability
class changed fundamentally in the Fiasco.OC platform code of Genode. Thereby
the cap_integrity test got incompatible with it. This commit introduces a
separate test implementation for Fiasco.OC that does semantically the same
like the old test. Please refer to issue #161.
2012-03-23 14:34:58 +01:00
Stefan Kalkowski
bb90a2d41d Let cap_integrity test be more expressive
By using the `compare_output_to` method from the run tool instead of using
regexp in the cap_integrity run-script, the test outputs the undesired lines
instead of just signaling that the test failed.
2012-03-23 14:34:09 +01:00
Stefan Kalkowski
747c482188 Fiasco.OC: remove cap_alloc library (fix #160)
The cap_alloc library became redundant and doesn't compile any longer.
This commit simply removes it. Please, refer to issue #160.
2012-03-23 14:33:46 +01:00
Stefan Kalkowski
e88276bf0e Fix compare_output_to in run tool (fix #162)
In the compare_output_to function in the run tool a check was introduced,
whether the given arguments are empty, and if so if the output string is it
too. Without this patch compare_output_to succeeded when the given pattern
was empty but output wasn't. Please refer to issue #162.
2012-03-23 14:33:31 +01:00
Stefan Kalkowski
d287b9d893 Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).

Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.

The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:

* The Thread object's startup and destruction routine is re-arranged, to
  enable another thread (that calls the Thread destructor) gaining the
  capability id of the thread's gate to remove it from the Cap_map, the
  thread's UTCB had to be made available to the caller, because there
  is the current location of that id. After having the UTCB available
  in the Thread object for that reason, the whole thread bootstrapping
  could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
  class was introduced in core, that facilitates the establishment and
  destruction of capability mappings between core and it's client's, especially
  mappings related to Platform_thread and Platform_task, that are relevant to
  task and thread creation and destruction. Thereby, the destruction of
  threads had to be reworked, which effectively removed a bug (issue #149)
  where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
  introduced available in all processes. Moreover, some kind of a capability
  map already existed in core, to handle cap-session request properly. The
  introduction of the Cap_map unified both structures, so that the
  cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
  changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
  according to the already mentioned changes in the Thread object's bootstrap
  code.
2012-03-22 14:10:44 +01:00