267 Commits

Author SHA1 Message Date
Norman Feske
fa3f5edcc2 base: remove deinit_heartbeat_monitoring function
Issue #4940
2023-07-14 12:06:31 +02:00
Norman Feske
f9bb7246ef base: remove destroy_signal_thread function
With the removal of the 'Entrypoint::schedule_suspend' mechanism, this
function is no longer called.

Issue #4940
2023-07-14 12:06:31 +02:00
Norman Feske
4193279560 base: remove entrypoint.cc from core
Since component.cc is no longer linked to core, we can also remove
entrypoint.cc, which was merely a dependency of component.cc.

Related to issue #4784
2023-07-14 12:06:31 +02:00
Norman Feske
7e1a2ac684 base: remove internal use of 'env_deprecated'
Fixes #4784
2023-07-14 12:06:31 +02:00
Norman Feske
de99945af0 base: pass 'Platform &' to 'bootstrap_component'
This eliminates the need of component.cc to pull the platform resources
out of thin air (calling 'env_deprecated()').

Issue #4784
2023-07-14 12:06:31 +02:00
Norman Feske
3f9698a292 base: remove component.cc from core
Issue #4784
2023-07-14 12:06:31 +02:00
Christian Prochaska
8264b63e0b core: replenish UTCB quota in exception case
Fixes #4933
2023-07-14 12:06:31 +02:00
Norman Feske
6e30d00eef base: remove env_deprecated from signalling code
Issue #4784
2023-07-14 12:06:31 +02:00
Norman Feske
3489672bc0 base: remove env_deprecated from thread-start code
This patch replaces the internal use 'env_deprecated()' from the
implementation of the thread API in the base library. It also
replaces the global accessor 'main_thread_cap' by the explicit
propagation of the main-thread's capability to the single point of
use via a new 'init_thread_bootstap' function.

Issue #4784
2023-07-14 12:01:19 +02:00
Norman Feske
a4c59c03e3 core: rework page-fault resolution
The change "core: allow offset-attached managed dataspaces" addressed a
corner case of the use of nested region maps. Apparently, this change
negatively affects other scenarios (tool_chain_auto).

In order to confidently cover all the differnt situations, this patch
reworks the page-fault resolution code for improved clarity and safety,
by introducing dedicated result types, reducing the use of basic types,
choosing expressive names, and fostering constness.

It also introduces a number of 'print' hooks that greatly ease manual
instrumentation and streamlines the error messages printed by core.
Those messages no longer appear when a user-level page-fault handler
is reistered for the faulted-at region map. So the monitor component
produces less noise on the attempt to dump non-existing memory.

Issue #4917
Fixes #4920
2023-06-16 11:24:26 +02:00
Norman Feske
f47c64e246 core: allow offset-attached managed dataspaces
This patch adds the missing application of the region offset to the
resolution of page faults inside managed dataspaces, which resulted in
an unexpected "invalid mapping" message after attaching a managed
dataspace with an offset.

This limitation could be observed during the implementation of the debug
monitor that locally maps a portion of the debugging target's address
space, e.g., a view port of 16 MiB. All traditional uses of managed
dataspaces (e.g., stack area, linker area) happened to attach the
managed dataspaces from their beginning.

Issue #4917
2023-06-16 11:24:26 +02:00
Alexander Boettcher
11764ed755 core: remove io_mem attachments before destruction
The attachment removal is triggered actually on _ds member destruction time,
but after the io_mem representation for the specific base-<platform> possibly
vanished already during _unmap_local in the ~Io_mem_dataspace. This creates
on base-sel4 several kernel warnings about invalid capabilities.

Issue #4913
2023-06-16 11:24:25 +02:00
Alexander Boettcher
b349dd9c0a sel4: convert io memory on demand
instead all during boot. On x86 and qemu this takes quite a while until
the system is booted.

Fixes #4913
2023-06-16 11:24:25 +02:00
Christian Prochaska
98bf2dadb8 core: fix build errors with gcc 12
Fixes #4828
2023-05-08 15:55:34 +02:00
Norman Feske
61926ebc07 base: introduce platform_init function
The new 'init_platform' function performs the platform-specific
component-local low-level initialization. It allows for the
differentiation between core and regular components as well as
kernel-dependent peculiarities.

This patch introduces a consistent notion of a 'Platform'. Within core,
the 'Platform' contains the kernel-specific initialization. Outside
core, the platform sets up the interplay with the parent component. In
all cases, the platform is constructed while running on the initial
stack.

Issue #4784
2023-03-15 17:05:01 +01:00
Norman Feske
441186468c base: remove env_deprecated from rpc_cap_alloc
Issue #4784
2023-03-13 15:22:00 +01:00
Norman Feske
c99fb2b69b core: replace use of Avl_string by Dictionary
Issue #4780
2023-03-13 14:32:53 +01:00
Norman Feske
915adcd0dd base: remove internal use of format strings
Issue #2064
2023-03-13 14:32:38 +01:00
Norman Feske
9debad4e91 Remove format strings from connection types
Issue #2064
2023-03-13 14:32:37 +01:00
Norman Feske
2e6dd010ae core: introduce 'Core' namespace
The namespace draws a clear line between the base library and the core
component.

It is declared at the new core-local header <types.h>, which is expected
to be included by all code of the core component. It is thereby a
natural place for kernel-agnostic general types like commonly used C++
utilities.

Fixes #4777
2023-03-13 14:32:37 +01:00
Norman Feske
c10904967b core: improve coding-style consistency 2023-02-27 08:22:47 +01:00
Christian Prochaska
0c465fbb4d trace session: fix double quota accounting
Fixes #4707.
2023-01-24 12:07:29 +01:00
Sebastian Sumpf
0a8d6ddba9 core: Ignore constraints on allocations if allocator is exhausted
Try to allocate within constraint area first. In case the area is exhausted,
try allocation at other memory locations.

The motivation for this is to limit DMA allocations to 4GB (since some
devices require addresses below 4GB). On some platforms there is little
physical RAM in this area (<1GB) and the constrainted area exhausts. In
case an IOMMU is present, RAM at higher locations can still be mapped
below 4GB, which is done in the platform drivers.

issue #4665
2022-11-17 08:00:37 +01:00
Norman Feske
a77ceb6871 base: remove Trace::Session::rule RPC function
This part of the trace-session interface was merely a placeholder.

Fixes #848
2022-10-12 12:09:35 +02:00
Norman Feske
be0a1742ac base: distinct TRACED from ATTACHED trace subjects
This patch makes the trace-subject state as reflected to the trace
monitor more accurate.

Until now, a subject could be in UNTRACED or TRACED state. In reality,
however, there exists an intermediate state after the trace monitor
called 'trace' for the subject but before the subject locally activated
the tracing (done when passing a trace point). This intermediate state
was reflected as UNTRACED. Consequently, threads that never pass a trace
point (e.g., just waiting for I/O) would remain to appear as UNTRACED
even after enabling its tracing by the trace monitor. This is confusing.

This patch replaces the former UNTRACED and TRACED states by three
distinct states:

  UNATTACHED  prior any call of 'trace'
  ATTACHED    after a trace monitor called 'trace'
              but before the tracing is active
  TRACE       tracing is active

Fixes #4447
2022-04-13 08:07:58 +02:00
Norman Feske
f3984ba5a9 base: declare build artifact for core
This is a generalization of the recent commit "base-hw: declare build
artifact for core".
2022-04-13 08:07:58 +02:00
Stefan Kalkowski
494f881f27 core: don't use frame 0 for managing_system pd
When a PD owns the right to ask for a RAM dataspace's `dma_addr` it is
concurrently constrained to use allocations of a specific physical RAM area.
This commit further limits this area by removing RAM page frame zero.
Otherwise the return value of `dma_addr` for such a dataspace would be
erroneously interpreted as a fault, because zero is currently the error
return value of `dma_addr`.

Fix genodelabs/genode#4428
2022-02-21 15:44:22 +01:00
Norman Feske
33b038e8a7 Consistent spelling of "writeable"
Fixes #4425
2022-02-15 10:23:58 +01:00
Norman Feske
0d48b74bec Remove Dataspace::phys_addr RPC function
The official way to obtain DMA addresses for RAM dataspaces is
the RPC function 'Pd_session::dma_addr' now. User-level device drivers
should not call this function directly but use the 'Platform_session'
interface of the platform driver instead.

Fixes #2243
2022-02-15 10:23:58 +01:00
Norman Feske
50c2b0066f Remove 'Env::reinit' and 'Env::reinit_main_thread'
Fixes #4404
2022-02-15 10:17:28 +01:00
Norman Feske
e4f62380d7 base: Pd_session::dma_addr, Pd_session::attach_dma
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.

The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.

The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.

With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.

Issue #2243
2022-02-15 10:16:52 +01:00
Norman Feske
3cc6df3116 base: tighten affinity handling
This patch improves the robustness of the CPU-affinity handling.

- The types in base/affinity.h received the accessors
  'Location::within(space)' and 'Affinity::valid', which alleviates
  the fiddling with coordinates when sanity checking the values,
  in init or core.

- The 'Affinity::Location::valid' method got removed because its
  meaning was too vague. For sanity checks of affinity configurations,
  the new 'within' method is approriate. In cases where only the x,y
  values are used for selecting a physical CPU (during thread creation),
  the validity check (width*height > 0) was not meaningful anyway.

- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
  as argument because a location always relates to the bounds of
  a specific space. This function now implements the selection of
  whole rows or columns, which has previously a feature of the
  sandbox library only.

- Whenever the sandbox library (init) encounters an invalid affinity
  configuration, it prints a warning message as a diagnostic aid.

- A new 'Affinity::unrestricted' function constructs an affinity that
  covers the whole affinity space. The named functions clarifies
  the meaning over the previous use of the default constructor.

- Core's CPU service denies session requests with an invalid
  affinity parameter. Previously, it would fall back to an
  unrestricted affinity.

Issue #4300
2021-12-17 15:06:38 +01:00
Norman Feske
d370f56a77 Remove obsolete Trace::Session::subject_info RPC
Issue #3610
Fixes #4349
2021-12-17 15:04:49 +01:00
Norman Feske
03047009b1 base: avoid implicit conversions
This patch is a prerequisite for compiling the code with
the warnings -Wconversion enabled.

Issue #23
2021-12-17 15:04:44 +01:00
Christian Helmuth
13dab699b1 base: invalidate entire range on VM-session detach
The requested guest-physical memory range may comprise multiple attached
dataspace regions, which must all be detached. This is not required for
the current vbox5 implementation, but for vbox6 as the current API
suggests these semantics.

This commit can be seen as intermediate fix as a real fix should change
the API to prevent long-running detach loops in core that may lock out
requests by other components.
2021-11-29 15:11:53 +01:00
Stefan Kalkowski
14de84fae6 base: be more restrictive with 'managing_system'
* Only give managing_system permission when all parent nodes of the
  corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core

Fix #4335
2021-11-29 15:11:53 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00
Norman Feske
231ac187fe base: introduce Ram_allocator::try_alloc
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.

Issue #4322
Issue #3612
2021-11-29 15:10:53 +01:00
Norman Feske
4cfd954e1e Remove dependency from 'which' utility
Debian declared the 'which' utility as deprecated.

Fixes #4319
2021-11-29 15:10:52 +01:00
Johannes Schlatow
5e284bfb35 trace: disable tracing when owner disappears
* Disable trace source and release ownership on subject destruction.
* Note, since the policy module is also destroyed on descruction of the
  session component, the traced component must not access the policy
  module when acknowledging the disabled state (else: page fault).

Fixes genodelabs/genode#4247
2021-08-18 15:06:12 +02:00
Norman Feske
dc89ebf978 core: kernel-agnostic 'Mapping' type
This patch unifies the core-internal 'Mapping' type across all base
platforms.

As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.

Issue #2243
2021-04-20 12:10:57 +02:00
Norman Feske
468e7a825c base/cache.h: rename Cache_attribute to Cache
The short name is better because the type will become prominently
visible at the API.

Issue #2243
2021-04-20 12:10:31 +02:00
Norman Feske
f925fef17b base: Refine Range_allocator::alloc_aligned
This patch changes the 'alloc_aligned' interface as follows:

- The former 'from' and 'to' arguments are replaced by a single
  'range' argument.

- The distinction of the use cases of regular allocations vs.
  address-constrained allocations is now overed by a dedicated
  overload instead of relying on a default argument.

- The 'align' argument has been changed from 'int' to 'unsigned'
  to be better compatible with 'addr_t' and 'size_t'.

Fixes #4067
2021-04-20 12:03:04 +02:00
Sebastian Sumpf
f68e655312 mk: link core to library archive instead of .o file
Do not link base and core libraries into on large relocatable .o file,
which is linked later to core - causing long link times. Create an
independent library archive out of the base and core libraries that can
be linked faster.

issue #4027
2021-02-23 12:17:04 +01:00
Christian Helmuth
219809ffed base: refactor VM/vCPU API
Issue #3554
2021-02-23 12:07:18 +01:00
Norman Feske
a0fb944721 Propagate session diag flag to core
This commit restores the diag feature for selecting diagnostic output of
services provided by core. This feature became unavailable with commit
"base: remove dependency from deprecated APIs", which hard-wired the
diag flag for core services to false.

To control this feature, three possible policies can be expressed in a
routing target of init's configuration:

* Forcing silence by specifying 'diag="no"'
* Enabling diagnostics by specifying 'diag="yes"'
* Forwarding the preference of the client by omitting the 'diag'
  attribute

Fixes #3962
2020-12-09 14:02:11 +01:00
Alexander Boettcher
774b1f4277 base: remove Thread_deprecated
Fixes #3954
2020-11-27 09:19:08 +01:00
Piotr Tworek
cc193a9155 base: drop Trace::Session_component::_parent_levels
Clang correctly asserts this private member variable is not used
anywhere in the code. I'm not sure what the intention of the code is,
might be this is a part of some unfinished feature. This patch just does
the minimum amount of work to allow the code to build with clang. If
required I can also drop the parent_levels constructor argument and
clean up the call sites.

Issue #3950
2020-11-27 09:19:08 +01:00
Alexander Boettcher
c6a2e287d0 trace: forward exceptions during construction
The control area is constructed during session creation and the caller can
handle the Out_of_* exception by increasing the quota by the next attempt.

Fixes #3917
2020-11-23 12:03:00 +01:00
Piotr Tworek
444bc18fcf base: Drop unused Cpu_root::_md_alloc member
This private variable has no uses in the context of the class. Spotted
when building the code with clang.

Issue #3938
2020-11-23 12:02:59 +01:00