Commit Graph

521 Commits

Author SHA1 Message Date
Christian Helmuth
2ed904faab depot: update recipe hashes 2017-08-30 12:41:43 +02:00
Sebastian Sumpf
f361cb28a5 base-hw: timer support for RISC-V
issue #2423
2017-08-30 10:00:00 +02:00
Sebastian Sumpf
9094517809 base-hw: BBL fix warnings
* fix compile warnings
* added license headers to Genodes' part of BBL

issue #2423
2017-08-30 10:00:00 +02:00
Sebastian Sumpf
e17accb3ba base-hw: RISC-V save/restore 'x29' correctly
* register x29/t4 was not saved and therefore not restored correctly
* change 'warning' to 'error' before '_die' is called

issue #2423
2017-08-30 09:59:59 +02:00
Martin Stein
7f29eff75a hw lapic: find best frequency dynamically
Some x86 machines do have a LAPIC speed < 1000 ticks per millisecond
when configured to use the maximum divider (as it was always the case).
But we need microseconds precision for the timeout framework. Thus,
reduce the divider dynamically until the frequency fullfills our
requirements.

Ref #2400
2017-08-28 16:49:50 +02:00
Martin Stein
d9073a1848 timer/util: generic TIMER_MIN_TICKS_PER_MS
Ref #2400
2017-08-28 16:49:50 +02:00
Martin Stein
399e1586be timer: generic timer_ticks_to_us implementation
There are hardware timers whose frequency can't be expressed as
ticks-per-microsecond integer-value because only a ticks-per-millisecond
integer-value is precise enough. We don't want to use expensive
floating-point values here but nonetheless want to translate from ticks
to time with microseconds precision. Thus, we split the input in two and
translate both parts separately. This way, we can raise precision by
shifting the values to their optimal bit position. Afterwards, the results
are shifted back and merged together again.

As this algorithm is not so trivial anymore and used by at least three
timer drivers (base-hw/x86_64, base-hw/cortex_a9, timer/pit), move it to a
generic header to avoid redundancy.

Ref #2400
2017-08-28 16:49:49 +02:00
Martin Stein
16745946e0 hw pit: fix precision reduction to milliseconds
Due to the simplicity of the algorithm that translated from timer ticks
to time, we lost microseconds precision although the timer allows for it.

Ref #2400
2017-08-28 16:49:49 +02:00
Christian Helmuth
21116803b3 Cleanup warning message from %p 2017-08-28 16:49:48 +02:00
Stefan Kalkowski
08a311b033 hw: make address variables 64-bit safe (fix #2503) 2017-08-28 16:49:46 +02:00
Stefan Kalkowski
ea46c462a4 base: make stack area base specifiable for core
When running core as the kernel inside every component, a separate
stack area for core is needed that is different from the user-land
component's one.

Ref #2091
2017-08-28 16:49:46 +02:00
Stefan Kalkowski
500893e7ec hw: prevent absolute addresses in x86_64 assembler
Ref #2091
2017-08-28 16:49:46 +02:00
Stefan Kalkowski
b8cd58e6a5 hw: enable mappings beyond 4G on x86_64
Fix #2498
2017-08-28 16:49:46 +02:00
Stefan Kalkowski
264e64d3ec hw: prevent segment register re-loading
Fix #2497
2017-08-28 16:49:45 +02:00
Christian Helmuth
7f2087e105 muen: adapt initial IP of genode subject
The entry point changed in "hw: add UEFI boot support" due to the
additional Multiboot2 header.

Issue #2242
2017-08-28 16:49:45 +02:00
Alexander Boettcher
430bde3636 core: remove unmap from rm_client
The flush/unmap of memory is tied to an address space and not to a thread.
Move the handling from the Rm_client to the Adress_space class.

Issue #2209
2017-08-28 16:49:44 +02:00
Alexander Boettcher
6792456e4e hw: provide ACPI infos via platform_info ROM
in uefi/mbi2 boot case

Issue #2242
2017-08-28 16:49:44 +02:00
Alexander Boettcher
972031cbbc hw: add UEFI boot support
via grub2 using multiboot 2

Issue #2242
2017-08-28 16:49:44 +02:00
Martin Stein
23f35370a2 core: generic ROM module initialization
For most base platforms (except linux and sel4), the initialization of
boot modules is the same. Thus, merge this default implementation in the
new unit base/src/core/platform_rom_modules.cc.

Ref #2490
2017-08-28 16:49:36 +02:00
Christian Prochaska
60ae6721db hw_x86_64: read number of I/O redirection table entries from IOAPIC
Fixes #2475
2017-08-23 14:08:37 +02:00
Martin Stein
31af206a8c hw rpi: fix bug that caused bad timer precision
The kernel timer on RPI is able to measure time microseconds-precise.
Howeer, due to a bug, we dropped precision during the ticks-to-time
translation and return only milliseconds-precise time.

Ref #2400
2017-08-23 14:08:37 +02:00
Christian Helmuth
8b073f46df depot: update recipe hashes 2017-08-18 10:25:28 +02:00
Alexander Boettcher
58e4f6cf9d core: add map method to pd_session interface
The method can be used to trigger the eager insertion of page frames into
page tables. Intention: to be used for memory used for DMA.

Issue #2209
2017-08-18 10:24:46 +02:00
Alexander Boettcher
de06eefbac hw: evaluate write fault on RO page
rm_fault.run triggers write on read-only ROM provided by core, which
fails without this patch:

arm - "raised unhandled data abort"
x86 - (silent/invisible) busy loop because write fault gets never resolved
2017-08-17 11:04:22 +02:00
Norman Feske
0d1be4abe2 depot: update recipe hashes 2017-06-29 12:00:04 +02:00
Christian Helmuth
69215bc2fc hw: configure SDHC IRQ secure on imx53_qsb_tz 2017-06-29 11:59:59 +02:00
Adrian-Ken Rueegsegger
c14149b4eb Update Muen port
- Use latest Muen version
- Sync VirtualBox Muen subject state
- Rework Muen download so contrib/muen-* remains untouched after port
  has been prepared
2017-06-29 11:59:58 +02:00
Martin Stein
889db34cc3 hw cortex_a9: fix bug in kernel timer
A bug in the timer-ticks-to-microseconds translation of the kernel timer
caused the user time to periodically get stuck for about 32 milliseconds
and then jump forward to the normal level again.

Ref #2400
2017-06-29 11:59:54 +02:00
Christian Helmuth
6f2afb9b44 hw: prevent warning about conversion narrowing 2017-06-19 12:35:57 +02:00
Stefan Kalkowski
a004462096 hw: fix capability accounting of kernel/core
The recently implemented capability resource trading scheme unfortunately
broke the automated capability memory upgrade mechanism needed by base-hw
kernel/core. This commit splits the capability memory upgrade mechanism
from the PD session ram_quota upgrade, and moves that functionality
into a separate Pd_session::Native_pd interface.

Ref #2398
2017-06-19 12:35:55 +02:00
Martin Stein
685f509a43 timer connection: no interpolation on arm w/o hw
On ARM, we do not have a component-local hardware time-source. The ARM
performance counter has no reliable frequency as the ARM idle command
halts the counter. Thus, we do not do local time interpolation on ARM.
Except we're on the HW kernel. In this case we can read out the kernel
time instead.

Ref #2435
2017-05-31 17:50:28 +02:00
Christian Helmuth
892ede515f depot: update recipe hashes 2017-05-31 16:18:01 +02:00
Sebastian Sumpf
c3cf7f3c3a riscv: ISA-1.9.1 and GCC-6.3.0 adaptions
Adds 1.9.1 support to base-hw

Note:
* the kernel timer is not working
* dynamic linking is currently not supported
2017-05-31 13:16:24 +02:00
Sebastian Sumpf
6c95eb9aff base-hw: RISC-V BBL
The Berkley Boot Loader handles kernel loading and machine mode
2017-05-31 13:16:24 +02:00
Christian Helmuth
8bd0efced6 Remove obsolete RAM/CAP services from run scripts
Adapted launchpad and also the rm_fault and resource_request tests.

Issue #2407
2017-05-31 13:16:22 +02:00
Adrian-Ken Rueegsegger
923fbc9e86 Update Muen port
- Adjust Muen RUN_OPTs
- Update documentation
- Checkout required submodule
2017-05-31 13:16:22 +02:00
Sebastian Sumpf
496671e523 gcc: RISC-V 6.3.0
issue #2423
2017-05-31 13:16:20 +02:00
Stefan Kalkowski
0fb672b493 run: use default Qemu memory size for x86
Fix #2428
2017-05-31 13:16:19 +02:00
Norman Feske
0167d5af50 Integrate core's RAM service into the PD service
Fixes #2407
2017-05-31 13:16:14 +02:00
Norman Feske
a96919632e core: unify Pd_session_component across kernels
Issue #2407
2017-05-31 13:16:13 +02:00
Norman Feske
4773707495 core: split RAM dataspace factory from RAM service
By separating the session-interface concerns from the mechanics of the
dataspace creation, the code becomes simpler to follow, and the RAM
session can be more easily merged with the PD session in a subsequent
step.

Issue #2407
2017-05-31 13:16:12 +02:00
Norman Feske
65225a94b1 core: simplify initialization
This patch removes the 'Core_parent' and 'Core_pd_session', and reduces
the 'Core_env'.
2017-05-31 13:16:12 +02:00
Norman Feske
a1df4fee44 base: restructure signal-submit initialization
This patch allows core's 'Signal_transmitter' implementation to sidestep
the 'Env::Pd' interface and thereby adhere to a stricter layering within
core. The 'Signal_transmitter' now uses - on kernels that depend on it -
a dedicated (and fairly freestanding) RPC proxy mechanism for signal
deliver, instead of channeling signals through the 'Pd_session::submit'
RPC function.
2017-05-31 13:16:12 +02:00
Martin Stein
c70fed29f7 os/timer: interpolate time via timestamps
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end.  Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.

This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.

This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled.  Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.

With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.

This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.

Open issues:

* The timeout test fails on Raspberry PI because of precision errors in the
  first stage. However, this does not render the framework unusable in general
  on the RPI but merely is an issue when speaking of microseconds precision.

* If we run on ARM with another Kernel than HW the timestamp speed may
  continuously vary from almost 0 up to CPU speed. The Timer, however,
  only uses interpolation if the timestamp speed remained stable (12.5%
  tolerance) for at least 3 observation periods. Currently, one period is
  100ms, so its 300ms. As long as this is not the case,
  Timer_session::elapsed_ms is called instead.

  Anyway, it might happen that the CPU load was stable for some time so
  interpolation becomes active and now the timestamp speed drops. In the
  worst case, we would now have 100ms of slowed down time. The bad thing
  about it would be, that this also affects the timeout of the period.
  Thus, it might "freeze" the local time for more than 100ms.

  On the other hand, if the timestamp speed suddenly raises after some
  stable time, interpolated time can get too fast. This would shorten the
  period but nonetheless may result in drifting away into the far future.
  Now we would have the problem that we can't deliver the real time
  anymore until it has caught up because the output of Timer::curr_time
  shall be monotone. So, effectively local time might "freeze" again for
  more than 100ms.

  It would be a solution to not use the Trace::timestamp on ARM w/o HW but
  a function whose return value causes the Timer to never use
  interpolation because of its stability policy.

Fixes #2400
2017-05-31 13:16:11 +02:00
Martin Stein
4d3d4ecca0 hw core: merge Kernel::Clock and Kernel::Timer
With this, we get rid of platform specific timer interfaces. The new
Timer class does the same as the old Clock class and has a generic
interface. The old Timer class was merely used by the old Clock class.
Also, we get rid of having only one timer instance which we tell with
each method call for which CPU it shall be done. Instead now each Cpu
object has its own Timer member that knows the CPU it works for.

Also, rename all "tics" to "ticks".

Fixes #2347
2017-05-31 13:16:10 +02:00
Stefan Kalkowski
b58b69515c Remove UART specific SPEC identifiers (Ref #2403) 2017-05-31 13:16:10 +02:00
Martin Stein
60a7fe5586 hw & arm: write whole SPSR in mode transition
Previously we did write the SPSR via an MSR instruction without
additional flags. Unfortunately, this tells the CPU to write the
register only partially. This often isn't a problem as the users PSR
reset value normally is conform to our expectations but in some cases
(e.g. PSR endianess bit on WandBoard core #4) the reset value is bad.
Thus, we have to add the CXSF flags (access Control + eXtension + Status
+ Flags) so the CPU overwrites the entire register.

Fixes #2254
2017-05-31 13:16:08 +02:00
Norman Feske
4d442bca30 Streamline exception types
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.

Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.

This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
2017-05-31 13:16:07 +02:00
Norman Feske
1f4f119b1e Capability quota accounting and trading
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.

Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.

At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.

If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:

  <default-route>
    <service name="PD" unscoped_label="timer">
      <parent diag="yes"/>
    </service>
    ...
  </default-route>

For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.

Fixes #2398
2017-05-31 13:16:06 +02:00
Norman Feske
6609aafb05 Replace Quota_exceeded by Insufficient_ram_quota
This patch replaces the 'Parent::Quota_exceeded',
'Service::Quota_exceeded', and 'Root::Quota_exceeded' exceptions
by the single 'Insufficient_ram_quota' exception type.

Furthermore, the 'Parent' interface distinguished now between
'Out_of_ram' (the child's RAM is exhausted) from
'Insufficient_ram_quota' (the child's RAM donation does not suffice to
establish the session).

This eliminates ambiguities and removes the need to convert exception
types along the path of the session creation.

Issue #2398
2017-05-31 13:16:05 +02:00