The copy constructor of Signal did not copy the Signal::Data contents of
the copy source. This bug could survive undetected because the compiler
can optimize code in a way, that copy constructor and destructor are not
necessary when returning by value from simple functions. I assume that
it creates the object in CPU registers instead of RAM and reuses it
instead of copying it to save time. This way the bug triggered first
after wait_for_signal was changed in a way that avoided optimization.
ref #912
The new 'String' buffer type is meant to replace the manually created
character buffers that are scattered throughout Genode. It plainly holds
a null-terminated string to be stored as a member variable (e.g., a
session label) or passed as RPC argument. It is not intended to become a
string API.
To prevent multiple execution of main-bootstrap, I moved the code to a
statically initialized object. The reason for this change is that
_main() is exeuted twice when starting dynamic binaries. Now, the object
is part of the base-common library which is linked with ld.lib.so.
Originally, the convenience utility for accessing a process
configuration came in the form of a header file. But this causes
aliasing problems if multiple compilation units access the config while
the configuration gets dynamically updated. Moving the implementation of
the accessor to the singleton object into a library solves those
problems.
This patch adds support for iterating through a const list. This allows
users of lists to be more rigid with regard to constness. Furthermore,
the patch adds the function 'List::insert_at' for inserting an element
at a specified position. By adding this function, we can remove code
duplication in nitpicker.
- if no affinity was set for a new thread before calling
Cpu_session::start(), the CPU session's affinity gets set for this
thread
- documentation fix: <affinity_space> -> <affinity-space>
Fixes#873.
In case there is not enough quota left to create the trace buffer
or trace policy dataspace throw Out_of_metadata explicitly instead
of rethrowing the Ram_session::Quota_exceeded exception. Now one
can catch Trace::Out_of_metadata exception in a client application.
In addition fix Allocator_guard::withdraw() checks because this
method does not throw any exceptions and a failed withdrawal goes
unoticed.
Fixes#871.
By now Signal_session_component has allocated initial SLAB
blocks in constructor, wich crashed with the root
components assumptions about the RAM quota needs of
session creation. Thus, if the background allocator was already
exhausted from component allocation the session was created
with broken initial SLAB blocks.
fix#574
This patch extends the 'Parent::session()' and 'Root::session()'
functions with an additional 'affinity' parameter, which is inteded to
express the preferred affinity of the new session. For CPU sessions
provided by core, the values will be used to select the set of CPUs
assigned to the CPU session. For other services, the session affinity
information can be utilized to optimize the locality of the server
thread with the client. For example, to enable the IRQ session to route
an IRQ to the CPU core on which the corresponding device driver (the IRQ
client) is running.
This patch introduces new types for expressing CPU affinities. Instead
of dealing with physical CPU numbers, affinities are expressed as
rectangles in a grid of virtual CPU nodes. This clears the way to
conveniently assign sets of adjacent CPUs to subsystems, each of them
managing their respective viewport of the coordinate space.
By using 2D Cartesian coordinates, the locality of CPU nodes can be
modeled for different topologies such as SMP (simple Nx1 grid), grids of
NUMA nodes, or ring topologies.
* read out supported number of CPUs
* start per CPU a thread
* monitor by main thread liveness of remote CPU threads
* add a round variable
* terminate run script after a specific round or after 90s
* on qemu wait 5 rounds, on native runs 40
Add run script to autopilot list
Issue #814
This avoids a deadlock if during issuing a printf the low level IPC fails.
. Printf uses an address space local lock and if we are trying again
to make a printf we deadlock forever ...
The rm_session implementation expects that offset + size must be
part of one dataspace. Unfortunately the parameters are not checked
properly during an rm::attach.
During an detach memory behind the actual region can be unmapped by such
bogus region entries.
Issues #591
Since RM sessions can be used as dataspaces and dataspace sizes are
supposed to have page granularity, RM session sizes should have page
granularity, too.
Fixes#799.
The Rpc_exit call is delivered via RPC which results in a deadlock
if the Rpc_entrypoint has not been started yet. To prevent this
situation we active the Rpc_entrypoint explicitly before we call
Rpc_exit.
Fixes#811.
When using certain assembler instructions, e.g. 'smc' that are
only available on some CPUs of the same architecture like ARMv7a,
it's necessary to specify the target CPU for the assembler. Otherwise
it will complain about.
- use the generic 'crt0.s' for Linux
- move the read-only '__dso_handle' definition into the '.text' section
- move the '__initial_sp' definition into the '.bss' section
- remove the '_main_utcb' definition
Part of #766.
Until now the print procedure call in the Log_session_component
did contain a hardcoded 'init' string. Adding a method to filter
the session args to prefix the label and labelling the initial
Cpu_connection for the init-process enabled us to remove the
hardcoded string.
Fixes#789.
The given number of bytes is consumed but not actually allocated. This
feature may be used for accounting and use memory within core which is
in fact provided by a session client.
Fixes#792.
The verbosity must be enabled at two levels: at compile time
via an enum that switches the availability of verbosity code
and via two members of 'Mmio' named '_read_verbose' and
'_write_verbose'. The latter are initialized to 0 (change this to
enable verbosity globally) and can be used to locally enable
(or disable) verbosity in deriving classes.
Ref #753
Added spec file for ARM-VFPv3 floating-point unit. This shadows
'base/include/arm/' with 'base/include/arm/vfp' and enables a 'memcpy_cpu'
version that mainly uses the FPU. Enabled VFP support for 'foc_arndale'.
Ref #773
* Implements platform driver for Arndale providing Regulator for CPU clock
* Implements a cpu frequency scaling test using the affinity test
* Fixes#770
This patch introduces a new platform 'linux_arm' for building and running
Genode/Linux on an ARM device.
Known limitations:
- libc 'setjmp()'/'longjmp()' doesn't currently save/restore floating
point registers
Fixes#746.
Changes GPIO session interface to a one-GPIO-pin-per-session style. Moreover,
this commit introduces a generic driver interface for GPIO drivers. Thereby
generalizes root- and session component for GPIO.
With this patch, the thread context area RM session gets created at
program startup to have the thread context area's virtual address range
reserved right from the beginning.
Fixes#734.
This patch implies that all Genode processes try to create an RM
session. So a route to the RM service must be present even for processes
that have only a single thread. Hence, the patch contains an update of
affected components.
* Simplify IPU register definitions using templates
* Distinguish between i.MX53 QSB and SMD board in driver
* Support IPU specific overlay mechanism by framebuffer session extension
This patch adds the consideration of suddenly disappearing managed
dataspaces in the 'Rm_session_component::reverse_lookup' function.
Previously, this case resulted in a seamingly valid translation.
Fixes#701
Because the template instantiation rules of C++ do not deal well with
null pointers specified as '0', the constructor of 'Local_addr' was
instantiated for [T = int], which does not make sense. To avoid the
warning "cast to pointer from integer of different size", we need to
explicitly state that '0' is a pointer. In C++11, there is the 'nullptr'
keyword, but until we switch to this version, we have to state (void *)0.
When L4Linux tries to allocate a dataspace of the size of its physical
memory, this allocation can fail, because the 'l4re_ma_alloc()' function
in the 'l4lx' library always tries to allocate a contiguous dataspace of
the given size and there might be no contiguous free area left.
With this patch, memory gets allocated in chunks: if the size to be
allocated exceeds the configured chunk size, a managed dataspace gets
created and filled with multiple memory chunks of at most the chunk size.
The chunk size is 16M by default and can be configured in an l4linux
config node:
<config args="...">
<ram chunk_size="16M"/>
</config>
Fixes#695.
Remove the 'epit' variable from the generic imx31 and imx53 specification,
and only add it to base-hw specific i.MX specs. Thereby the EPIT timer
library gets build for base-hw only.
Moreover, fix some const-ness issues in the platform_timer implementation
for the EPIT timer.
Fixes#688.
The new core-internal 'Address_space' interface enables cores RM service
to flush mappings of a PD in which a given 'Rm_client' thread resides.
Prior this patch, each platform invented their own way to flush mappings
in the respective 'rm_session_support.cc' implementation. However, those
implementations used to deal poorly with some corner cases. In
particular, if a PD session was destroyed prior a RM session, the RM
session would try to use no longer existing PD session. The new
'Address_space' uses the just added weak-pointer mechanism to deal with
this issue.
Furthermore, the generic 'Rm_session_component::detach' function has
been improved to avoid duplicated unmap operations for platforms that
implement the 'Address_space' interface. Therefore, it is related to
issue #595. Right now, this is OKL4 only, but other platforms will follow.
With this patch, the 'futex' syscall gets used for blocking and unblocking
of threads in the Linux-specific lock implementation.
The 'Native_thread_id' type, which was previously used in the
lock-internal 'Applicant' class to identify a thread to be woken up,
was not suitable anymore for implementing this change. With this patch,
the 'Thread_base*' type gets used instead, which also has the positive
effect of making the public 'cancelable_lock.h' header file
platform-independent.
Fixes#646.
This base platform is no longer maintained.
For supporting the Microblaze CPU in the future, we might consider
integrating support for this architecture into base-hw. Currently
though, there does not seem to be any demand for it.
This patch simplifies the way of how Genode's base libraries are
organized. Originally, the base API was implemented in the form of many
small libraries such as 'thread', 'env', 'server', etc. Most of them
used to consist of only a small number of files. Because those libraries
are incorporated in any build, the checking of their inter-dependencies
made the build process more verbose than desired. Also, the number of
libraries and their roles (core only, non-core only, shared by both core
and non-core) were not easy to capture.
Hereby, the base libraries have been reduced to the following few
libraries:
- startup.mk contains the startup code for normal Genode processes.
On some platform, core is able to use the library as well.
- base-common.mk contains the parts of the base library that are
identical by core and non-core processes.
- base.mk contains the complete base API implementation for non-core
processes
Consequently, the 'LIBS' declaration in 'target.mk' files becomes
simpler as well. In the most simple case, only the 'base' library must
be mentioned.
Fixes#18
The distinction between 'ipc.h' and 'ipc_generic.h' is no more. The only
use case for platform-specific extensions of the IPC support was the
marshalling of capabilities. However, this case is accommodated by a
function interface ('_marshal_capability', '_unmarshal_capability'). By
moving the implementation of these functions from the headers into the
respective ipc libraries, we can abandon the platform-specific 'ipc.h'
headers.
Some shared libraries of the host system contain search paths for finding
other needed shared libraries. These paths get evaluated only by a native
linker. To find all needed shared libraries, with this patch, the host
linker is used to link hybrid applications.
Fixes#645.
reverts 68156918ee
"base: apply thread.cc fix of foc to base"
Depending on the context area a fixed location is calculated where the
memory for the stack is attached to. If the context area is released before the
detach call, the very same context area can be reused and memory for the new
stack is attached for a new thread. The detach of the old thread would then
revoke the mapping for the new thread which will cause a un-handled page fault.
Issue #549
Prior this patch the startup lock was not released if the call of
'_associate()' failed. In this condition, the caller of the constructor
was infinitely blocked.
During a ram_session->free call in 'core' the lock in core_env.h is taken.
Then in the ram_session::_free_ds implementation the dissolve function for the
dataspace is called. base-nova tries to make sure that the ds is not
accessible anymore by any kind of parallel incoming IPC by performing a
cleanup IPC. Unfortunately the dataspace_session implementation uses the very
same allocator in 'core' and may require to obtain the same lock as taken in
ram_session->free. This leads to a spurious deadlock on base-nova.
The actual free_ds implementation is mostly thread safe, since all used objects
inside there are already locked. The only missing piece is the _payload
variable. By changing the _payload variable in a atomic fashion there is no
need to lock the whole ram_session->free call which avoids deadlocks on
base-nova.
Fixes#549
If page faults are handled concurrently (as for base-nova) the traverse lookup
call in rm_session_component must be thread safe, which it isn't.
If the faulting area is backed by nested dataspaces which are managed by
various rm_sessions then a race happens under following circumstances
(triggered occasionally by the bomb test).
The traverse lookup may return a pointer to a rm_session of a nested dataspace.
If the rm_session is in parallel subject to destruction it happened that faults
got enqueued to the faulters list of the deleted rm_session and internally to
a list of the current rm_session of the Rm_client.
During destruction of the faulting Rm_client the associated rm_session will
be dissolved from the Rm_client, which leads to dereferencing the
dangling pointer of the already destructed rm_session.
On base-nova the memory of the rm_session object get unmapped eventually, so
that the de-referencing of the dangling pointer caused page faults in core.
The memory on other kernels inside core never get unmapped so that the
bug doesn't trigger visible faults.
The patch replace the keeping of a rm_session pointer by keeping a
capability instead. The rm_session object must be looked up now explicitly in
the Object_pool implementation, which implements proper reference counting on
the rm_session object.
Issue #549
First make the clients inaccessible and dissolve them from the entrypoint. If
this isn't the first step the clients may be obtained again between
the unlock and lock steps in the destructor.
Additionally the clients may be removed in between the unlock and call
sequence, which renders such client pointers dangling and causes spurious page
faults. Keep instead a lock as long as possible and when it is required to
release a lock, then the pointer to the objects must be revalidated.
Replace the dissolve function with a remove_client implementation as suggested
by #13, which avoids that the cpu_session may call dissolve with a dangling
pointer of a already removed rm_client object. Instead the pager must be
released explicitly.
Related to issue #549
Related to issue #394
Related to issue #13
By now, the memcmp implementation of Genode's basic string utilities just
returned whether two memory blocks are equal or differ. It gave no hint which
block is greater, or lesser than the other one. This isn't the behaviour
anticipated by implementations that rely on the C standard memcmp, e.g. GCC's
libsupc++, or the nic_bridge's AVL tree implementation.
With this patch, the 'Signal_receiver::dissolve()' function does not return
as long as the signal context to be dissolved is still referenced by one
or more 'Signal' objects. This is supposed to delay the destruction of the
signal context while it is still in use.
Fixes#594.