This patch restricts 'Region_map::attach_executable' to create read-only
mappings, while offering the option to map the full rights using a new
'attach_rwx' method.
The 'attach_rwx' method is now used by the dynamic linker to explicitly
attach the linker area with full rwx rights. With the old page-fault
handling code, the execute flag was evaluated only for leaf dataspaces,
not for managed dataspaces while traversing region-map hierarchies.
With the new page-fault handling code, the execute bit is downgraded
to no-execute when passing a managed dataspace that is not attached
as executable.
Issue #4920
The change "core: allow offset-attached managed dataspaces" addressed a
corner case of the use of nested region maps. Apparently, this change
negatively affects other scenarios (tool_chain_auto).
In order to confidently cover all the differnt situations, this patch
reworks the page-fault resolution code for improved clarity and safety,
by introducing dedicated result types, reducing the use of basic types,
choosing expressive names, and fostering constness.
It also introduces a number of 'print' hooks that greatly ease manual
instrumentation and streamlines the error messages printed by core.
Those messages no longer appear when a user-level page-fault handler
is reistered for the faulted-at region map. So the monitor component
produces less noise on the attempt to dump non-existing memory.
Issue #4917Fixes#4920
This patch moves the destruction of the child's PD session after the
closing of all other sessions because the PD session's role as resource
container might still be needed for orderly reverting the session quotas
when closing the other remaining sessions.
Issue #4917
This patch replaces the former 'address_space' accessor by a new
'with_address_space' interface that grants access to the region map of
the child's address space, but limits the interface lifetime to the
scope of the caller.
Issue #4917
This patch adds the missing application of the region offset to the
resolution of page faults inside managed dataspaces, which resulted in
an unexpected "invalid mapping" message after attaching a managed
dataspace with an offset.
This limitation could be observed during the implementation of the debug
monitor that locally maps a portion of the debugging target's address
space, e.g., a view port of 16 MiB. All traditional uses of managed
dataspaces (e.g., stack area, linker area) happened to attach the
managed dataspaces from their beginning.
Issue #4917
The attachment removal is triggered actually on _ds member destruction time,
but after the io_mem representation for the specific base-<platform> possibly
vanished already during _unmap_local in the ~Io_mem_dataspace. This creates
on base-sel4 several kernel warnings about invalid capabilities.
Issue #4913
Apparently we need to save the floating point arguments when entering
the linker in case "-fno-tree-vectorize" is at work. Otherwise this
registers get corrupted during jump slot relocation.
Fixes#4879
Eliminate the creation of 'Genode::String's before the linker has been
self relocated, because 'Genode::String's will call 'Genode::strlen' on
construction from C-Strings, which has now become a GOT relative call,
while the GOT contains only zeros before relocation -> page fault at
IP 0.
fixes#4867
related to #4827
error: 'void operator delete(void*, Genode::Deallocator&)' called on pointer returned from a mismatched allocation function [-Werror=mismatched-new-delete]
Issue #4827Fixes#4850
The new 'init_platform' function performs the platform-specific
component-local low-level initialization. It allows for the
differentiation between core and regular components as well as
kernel-dependent peculiarities.
This patch introduces a consistent notion of a 'Platform'. Within core,
the 'Platform' contains the kernel-specific initialization. Outside
core, the platform sets up the interplay with the parent component. In
all cases, the platform is constructed while running on the initial
stack.
Issue #4784
This patch ultimatedly removes format strings from Genode's base API.
Users of the former base/snprintf.h and base/console.h headers may
use the free-standing 'format' library hosted in the ports repository.
Fixes#2064Fixes#3869
The namespace draws a clear line between the base library and the core
component.
It is declared at the new core-local header <types.h>, which is expected
to be included by all code of the core component. It is thereby a
natural place for kernel-agnostic general types like commonly used C++
utilities.
Fixes#4777
Segment assignment stays valid for all sections following .dynamic,
which implies that .got and co also end up in the PT_DYNAMIC segment.
This is not intended. Therefore, we move the .dynamic section before
bss and assign bss to the rw PT_LOAD segment only.
fixes#4750
Some signal-heavy scenarios (e.g., libc_integration) produced the
following warning that hinted a data race on signal data in the context
object.
Warning: returning signal with num == 0
The cause was the use of Signal_context::local_submit() in the libc
introduced in
424ed1b79a libc: remove Reconstructible / use local_submit in kernel
in combination with a missing context-mutex aquisition resulting in a
data race on Signal_context::_curr_signal.
Issue #3923
Try to allocate within constraint area first. In case the area is exhausted,
try allocation at other memory locations.
The motivation for this is to limit DMA allocations to 4GB (since some
devices require addresses below 4GB). On some platforms there is little
physical RAM in this area (<1GB) and the constrainted area exhausts. In
case an IOMMU is present, RAM at higher locations can still be mapped
below 4GB, which is done in the platform drivers.
issue #4665
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
This patch adds special handling for lib/<libname> arguments to the
build system, which supersedes the former LIB=<libname> mechanism.
Whereas the old mechanism was limited to a single library, the new
convention allows multiple library arguments, similar to regular
targets. The change brings the two immediate benefits.
First, the streamlining of library and target arguments allows for the
building of libraries via the 'build' command of the run tool.
Second, it alleviates the need for pseudo target.mk files for building
shared libraries that have no direct dependencies, in particular VFS
plugins.
Since this change eases the explicit creation of shared libraries
from run scripts, we may reconsider the automatic implicit building
of shared libraries driven by targets. E.g., while developing a Qt
application, a run script could import the Qt libraries from the
depot and combine those with the developed (fresh built) target without
triggering the build of the Qt libraries in the build directory.
When issueing 'make' without arguments, all targets are built. This
patch applies this behavior to libraries as well, thereby removing the
need for the base/src/lib/target.mk pseudo target as used by the CI
tools to build all libraries.
Note that target.mk files located under src/lib/ are no longer
reachable. Therefore, all run scripts that used to trigger the
build of a shared library via a pseudo target must be adapted.
E.g., 'build lib/vfs/tap' must be replaced by 'build lib/vfs_tap'.
With this patch, the LIB=<libname> option is no longer supported.
Fixes#4599
After reverting unused ranges during allocator destruction
'_meta_data.free_empty_blocks' may lead to more unused ranges because
meta data blocks maybe freed where the meta data for the blocks is
managed by other meta data blocks. This leads to dangling allocation
warnings which are caused by meta data. Therefore, we call
'_revert_unused_ranges' and 'free_empty_blocks' until no more ranges
can be freed.
issue #4466
This patch makes the trace-subject state as reflected to the trace
monitor more accurate.
Until now, a subject could be in UNTRACED or TRACED state. In reality,
however, there exists an intermediate state after the trace monitor
called 'trace' for the subject but before the subject locally activated
the tracing (done when passing a trace point). This intermediate state
was reflected as UNTRACED. Consequently, threads that never pass a trace
point (e.g., just waiting for I/O) would remain to appear as UNTRACED
even after enabling its tracing by the trace monitor. This is confusing.
This patch replaces the former UNTRACED and TRACED states by three
distinct states:
UNATTACHED prior any call of 'trace'
ATTACHED after a trace monitor called 'trace'
but before the tracing is active
TRACE tracing is active
Fixes#4447
Split the trace buffer into two partitions in order to prevent overwriting
of entries when the consumer is too slow. See file comment in buffer.h.
genodelabs/genode#4434
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.
The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.
The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.
Fixes#4431
When a PD owns the right to ask for a RAM dataspace's `dma_addr` it is
concurrently constrained to use allocations of a specific physical RAM area.
This commit further limits this area by removing RAM page frame zero.
Otherwise the return value of `dma_addr` for such a dataspace would be
erroneously interpreted as a fault, because zero is currently the error
return value of `dma_addr`.
Fixgenodelabs/genode#4428
This does not affect default Genode builds as far as I can tell. There
is always at least one global static CTOR which seems to be coming from
one of the GCC runtime libs bundled in the toolchain. The problem became
visible for me only after I've replated GCC runtime with LLVM based
one. In such setup I often see binaries that do not have any static ctors.
Such binaries end up crashing Genode ld.lib.so.
Make sure the code does handle empty constructors array.
Fixes#4422
