Commit Graph

124 Commits

Author SHA1 Message Date
Alexander Boettcher
b8ab3673cd NOVA: support to restrict memory rwx bits in core 2012-11-23 12:20:27 +01:00
Alexander Boettcher
4d12464cee Read BIOS data area (BDA) to get serial I/O ports
If the I/O ports are non default (3f8), we had to specify manually the correct
I/O ports. With this commit the BDA is read and the I/O port of the first
serial interface (COM) is taken. If no serial interface is available no device
configuration will be undertaken.
2012-11-23 12:20:27 +01:00
Martin Stein
05f5999e71 cpu_session: Access thread state by value 2012-11-23 12:20:22 +01:00
Norman Feske
bcabbe2c92 Add 'Thread_base::join()'
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.

Related to #194, #501
2012-11-19 12:43:34 +01:00
Christian Helmuth
d23ee02e9a Destruct IPC-server object on entrypoint destruction
The IPC-server object exists solely on the stack of the entrypoint
thread and, therefore, would never be destructed as the thread is just
killed. Now, the object is explicitly destructed in the entrypoint
destructor. An alternative solution could instruct the entrypoint thread
the terminate, which would automatically cleanup its stack.

The object pool is assumed to be empty on destruction of the entrypoint.
If not, we warn and at least dissolve all RPC objects.
2012-11-16 13:55:00 +01:00
Alexander Boettcher
c1d59e81c2 NOVA: use latest kernel from github
Related to issue #431. Requires toolchain rebuild to bump version to 2.22 !!!

Fixes #429
2012-11-05 17:28:51 +01:00
Stefan Kalkowski
dc3d784e6d Introduce platform-specific services for core
By now all services in core where created, and registered in the generic
main routine. Although there exists already a x86-specific service (I/O ports)
there was no possibility to announce core-services for certain platforms only.
This commit introduces a hook function in the 'Platform' class, that enables
registration of platform-specific services. Moreover, the io-port service
is offered on x86 platforms only now.
2012-10-29 10:08:29 +01:00
Christian Prochaska
1c064d9e70 core: implement missing context area functions
This patch implements the following functions:

base:
- Context_area_rm_session::detach()
- Context_area_ram_session::free()

base-nova:
- unmap_local()

base-fiasco, base-pistachio:
- unmap_local() stub

This patch partially resolves issue #394.
2012-10-24 11:34:39 +02:00
Christian Prochaska
330980378c base-nova: 'Rm_client::unmap()' fix
Areas of an attached dataspace which have never been accessed cannot get
unmapped. With this patch this case is not treated as error anymore.

Fixes #398.
2012-10-24 11:34:39 +02:00
Alexander Boettcher
83039267fa Cleanup: remove 'first' and 'next' of cpu_session
Fixes #10
2012-10-24 11:34:38 +02:00
Norman Feske
8b0ad007ca Fix warning 2012-10-12 13:10:48 +02:00
Sebastian Sumpf
4a3d852b65 Core: Shared IRQ support for Nova/FOC/OKL4
Implement shared IRQs using 'Irq_proxy' class.

Nova: Added global worker 'Irq_thread' support in core and adapted Irq_session.

FOC: Adapted IRQ session code, x86 has shared IRQ support, ARM uses the old
model. Read and set 'mode' argument (from MADT) in 'Irq_session'.

OKL4: Use generic 'Irq_proxy'

Fixes issue #390
2012-10-11 17:10:16 +02:00
Norman Feske
4a1b545770 Move 'Child' API implementation to library 2012-10-09 13:45:33 +02:00
Alexander Boettcher
ec66788f11 NOVA: cleanup - remove _first_sel special handling
Replace dislocation of extern variables with simplistic convention
2012-10-08 15:08:12 +02:00
Alexander Boettcher
f1202139f9 NOVA: fix compiler warning 2012-10-08 15:08:06 +02:00
Alexander Boettcher
6862ab481a NOVA: drop special utcb handling of main thread
Unify handling of UTCBs. The utcb of the main thread is with commit
ea38aad30e at a fixed location - per convention.
So we can remove all the ugly code to transfer the utcb address during process
creation.

To do so also the UTCB of the main thread of Core must be inside Genode's
thread context area to handle it the same way. Unfortunately the UTCB of the
main thread of Core can't be chosen, it is defined by the kernel.

Possible solutions:
- make virtual address of first thread UTCB configurable in hypervisor
- map the utcb of the first thread inside Core to the desired location

This commit implements the second option.

Kernel patch: make utcb map-able
With the patch the Utcb of the main thread of Core is map-able.

Fixes #374

Noux actually uses the sp variable during thread creation and expects to be
set accordingly. This wasn't the case for the main thread, it was ever set
to the address of the main thread UTCB.
2012-10-04 14:35:38 +02:00
Alexander Boettcher
7bd0ed7c44 NOVA: fix overflow in address check 2012-09-24 09:17:59 +02:00
Alexander Boettcher
ed2e610178 NOVA: maximize contiguous virtual space for 32/64
Use virtual regions for memory used during core initialization behind context
area. Enables us to start Vancouver VMs up to 1280 MiB, which requires
large virtual regions of contiguous aligned memory.

Exclude used virtual regions of echo and of pager thread in core.
2012-09-24 09:17:57 +02:00
Alexander Boettcher
ea38aad30e Move context area definition to native_type 2012-09-24 09:17:54 +02:00
Norman Feske
83bdfea9b0 Extend Cpu_session with thread-affinity API
This patch introduces the functions 'affinity' and 'num_cpus' to the CPU
session interface. The interface extension will allow the assignment of
individual threads to CPUs. At this point, it is just a stub with no
actual platform support.
2012-09-05 10:25:04 +02:00
Alexander Boettcher
aae3ce348e NOVA: add single-step support used by gdb
Fixes #336
2012-08-30 10:42:38 +02:00
Alexander Boettcher
3b0e4372fe NOVA: setup all exception handlers of a thread 2012-08-30 10:42:38 +02:00
Alexander Boettcher
fcd62729d4 NOVA: tunnel thread start parameters via state()
The cpu_session interface fails to be virtualized by gdb_monitor because
platform-nova uses an extended nova_cpu_session interface.

The problem was that threads have been created directly at core without
knowledge of gdb_monitor. This lead to the situation that gdb_monitor didn't
know of all threads to be debugged.

Tunnel the additional parameters required on base-nova through the state()
call of the cpu_session interface before the thread actual is started.
2012-08-30 10:42:26 +02:00
Alexander Boettcher
197a48a26c NOVA: implement pause using recall kernel feature 2012-08-30 10:40:00 +02:00
Alexander Boettcher
841a1fd579 NOVA: extend cpu_session with synchronous pause
The kernel provides a "recall" feature issued on threads to force a thread into
an exception. In the exception the current state of the thread can be obtained
and its execution can be halted/paused.

However, the recall exception is only delivered when the next time the thread
would leave the kernel. That means the delivery is asynchronous and Genode has
to wait until the exception triggered.

Waiting for the exception can either be done in the cpu_session service or
outside the service in the protection domain of the caller.

It turned out that waiting inside the cpu_service is prone to deadlock the
system. The cpu_session interface is one of many session interfaces handled by
the same thread inside Core.

Deadlock situation:
* The caller (thread_c) to pause some thread_p manages to establish the call
  to the cpu_session thread_s of Core but get be interrupted before issuing
  the actual pause (recall) command.
* Now the - to be recalled thread_p - is scheduled and tries to invoke another
  service of Core, like making log output.
* Since the Core thread_s is handling the session request of thread_c, the
  kernel uses the timeslice of thread_p to help to finish the request handled
  by thread_s.
* Thread_s issues the actual pause/recall on thread_p and blocks inside Core
  to wait for the recall exception to be issued.
* thread_p will leave not the kernel before finishing it actual IPC with
  thread_s which is blocked waiting for thread_p.

That is the reason why the waiting/blocking for the recall exception taking
place must be done on NOVA in the context of the caller (thread_1).

Introduce a pause_sync call to the cpu_session which returns a semaphore
capability to the caller. The caller blocks on the semaphore and is woken up
when the pager of thread_p receives the recall exception with the state of
thread_p.
2012-08-30 10:40:00 +02:00
Alexander Boettcher
8526dc4f19 Set ERR_INVALID_OBEJCT if call failed to server
Tell the client that the last operation failed, instead of continuing doing
useless things.
2012-08-10 10:57:54 +02:00
Alexander Boettcher
a7235d2411 NOVA: Use Genode interfaces to bootstrap Vancouver
Since no kernel objects can be created anymore outside Genode::core,
the Vancouver port must be adjusted to use solely the Genode interfaces.

The Vcpu_dispatcher creates all portals via the cpu_session interface and
uses the feature to setup a specific receive window during a IPC (the
cap_session::alloc IPC) to place to be received/to be mapped capability
(virtualization exception portal) at the designed indexes.

The actual vCPU thread extends from a normal Genode::Thread and extends it
by specific vCPU requirements, which are a larger exception base window and
the need by Vancouver to place the SM and EC cap at indexes next to each other.

Fixes #316
2012-08-09 11:09:42 +02:00
Alexander Boettcher
135a5a6bfb Adjust cap_integrity test to NOVA changes 2012-08-09 11:09:42 +02:00
Alexander Boettcher
2726740d6b NOVA: enable specifying a receive index for IPC
Extend Native_capability type to hold a specific selector index where the to
be received cap during a IPC should be mapped to. This feature is required to
place created caps by the cap_session at specific indexes. This feature is
used by Vancouver to setup the virtualization exception portals (created by
the cap_session) at the intended indexes.
2012-08-09 11:09:42 +02:00
Alexander Boettcher
f68482f87a NOVA: add support to cpu_session to create vCPUs
Extend base-nova specific cpu_session to create also vCPUs.
2012-08-09 11:09:42 +02:00
Alexander Boettcher
4342d0d234 NOVA: let thread die if SM cap is invalid
Patch prevents following bugs:

* In sleep_forever the thread return from semaphore down if cap is revoked
  during destruction of a thread. This causes an endless loop consuming time
  not available for other threads.
* In lock_helper and cap_sel_alloc the thread return from the lock() method
  even if the semaphore down call failed because of an revoked semaphore.

  This lead to the situation that a thread subject to de-construction returns
  from the lock method, but not holding the lock, entering the critical section
  and modifying state inside the critical section. Another thread in parallel
  already in the critical section or entering the critical section also
  modifies the state. This lead to curious bugs ...
* thread_nova, thread_start, irq_session
  Detect early bugs if the SM is gone unexpectedly where it should never
  happen.
2012-08-09 11:09:42 +02:00
Alexander Boettcher
650a1d47f0 NOVA: Throughly cleanup caps in case of errors 2012-08-09 11:09:42 +02:00
Alexander Boettcher
e3a7d2220d NOVA: Use everywhere same value for a invalid cap 2012-08-09 11:09:42 +02:00
Alexander Boettcher
e44648e1ab NOVA: remove pd selector from non Core code
Pd selector isn't used beside core anymore - remove all occurrences inside base
code.
2012-08-09 11:09:41 +02:00
Alexander Boettcher
b6ea5714d7 NOVA: create sm solely in core
Any kernel objects are now created solely by core - namely pt, ec, sm and sc.
2012-08-09 11:09:41 +02:00
Alexander Boettcher
2f84fd0434 NOVA: allocate stack size depending on word size 2012-08-09 11:09:41 +02:00
Alexander Boettcher
f1fa55e804 NOVA: Suppress warnings in rpc_entrypoint 2012-08-09 11:09:41 +02:00
Alexander Boettcher
5620eca7b9 NOVA: force to map cap in pd_session::assing_pd 2012-08-09 11:09:41 +02:00
Alexander Boettcher
9c57fd7229 NOVA: delegate EC cap solely with recall right
Vancouver recalls the vCPU in the vCPU dispatcher code. Enable the right bit
in the mapped native cap so that Vancouver actually is able to perform this
operation.
2012-08-09 11:09:41 +02:00
Alexander Boettcher
4155585267 NOVA: Adjust native_capability type
It now can hold a right bit used during IPC to demote rights of the to be
transfered capability.

The local_name field in the native_capability type is not needed anymore
in NOVA. Simplify the class, remove it from constructors and adapt all
invocations in base-nova.

Unfortunately local_name in struct Raw is still used in generic base code
(process.cc, reload_parent_cap.cc), however has no effect in base-nova.
2012-08-09 11:09:41 +02:00
Alexander Boettcher
7550f243ad NOVA: use cap_session to allocate portals 2012-08-09 11:09:41 +02:00
Alexander Boettcher
0a89d8dbb4 NOVA: extend cpu_session for base-nova 2012-08-09 11:09:40 +02:00
Alexander Boettcher
cb859a4785 NOVA: extend cap session for base-nova 2012-08-09 11:09:40 +02:00
Alexander Boettcher
998ebfc01b NOVA: Fix cleanup of received capabilities, #268
MsgBuf has to keep the number of received capabilities in order
to free/know correctly unused and unwanted capabilities. Explicitly
call rcv_msg->post_ipc to store this information in a MsgBuf.

Don't reset rcv_msg in ipc.cc, since this is used during
un-marshalling of caps in ipc.h afterwards. The MsgBuf is reseted when its
de-constructor is called.
2012-08-09 10:24:01 +02:00
Alexander Boettcher
40b40b33c6 NOVA: apply #4 patch to use only local ids, #268 2012-08-09 10:24:00 +02:00
Alexander Boettcher
b748d1f17f NOVA: use only local ids in pager code, issue #268 2012-08-09 10:24:00 +02:00
Alexander Boettcher
529a25e190 NOVA: enable map-translate transfer item use, #268 2012-08-09 10:24:00 +02:00
Alexander Boettcher
2b161b7aff NOVA: use translate feature of kernel, issue #268
Kernel patch:
Introduce a transfer item type to express that a cap should be translated
and if this fails to map it instead.

It would be possible without this combined transfer item type however
with additional overhead. In this case Genode/NOVA would
have to map and translate all caps used as parameter in IPC. It would look
like this:
* If the map and translation succeed, the cap at the new cap index
  would have to be revoked. Then the translated cap index can be used.
* If the map succeeds and the translation fails then the mapped cap index
  can be used.
* It would become complicated when multiple caps are mapped and translated
  and only some of the translation succeed. In such cases Genode would have
  to figure out the right relation of translated/mapped and not
  translated/mapped caps. It would require to make some assumption about the
  order how translated/mapped caps are reported at the UTCB by the kernel.
All the points above lead to the decision to create a separate transfer item
type for that.

Genode:
Most the times the translation succeeds, mapping of caps happens either
seldom. This takes now a bit the pressure of not enough aligned receive
cap windows as described in issue #247.

The patch mainly adds adjustments to handle the
translated and mapped caps correctly especially during freeing of the
receive window (don't free translated cap indexes).

Fixes #268
2012-08-09 10:24:00 +02:00
Alexander Boettcher
44ef8912d6 Add a bit array and bit allocator, issue #247
Add a allocator using bit maps to maintain used/unused caps.
It supports the allocation of 2^n aligned caps solely and
freeing of caps.

Fixes #247
2012-08-09 10:23:55 +02:00
Martin Stein
9369057f90 Extend RAM/CPU session for base-hw context-areas. 2012-08-02 16:41:21 +02:00
Alexander Boettcher
77729fab2a NOVA: warning fixes - check result of append_item 2012-07-23 14:05:58 +02:00
Alexander Boettcher
938c7fa130 NOVA: call kill_thread of cpu_session
If a thread has been deleted the thread object at the cpu_session was never
freed which caused the cpu_session quota to be exhausted as reported in
issue #150.

Fixes #150
2012-07-19 21:05:51 +02:00
Alexander Boettcher
a08d54ad26 NOVA: Memory descriptor parsing
Be bit more robust.
* Don't use addresses and sizes larger than
  32 bit address boundaries.
* Don't take modules of size 0, at address 0 and if aux is 0.
  (Already seen on machines in the University ...)

Fixes #269
2012-07-19 21:05:51 +02:00
Christian Helmuth
abd09e419f Only write UART if transmitter-hold register empty
The line-status register has two relevant status bits - transmitter-hold
register empty and data-hold register empty - from which only the THR is
relevant as it signals new character can be written to the device.

Fixes #281
2012-07-16 10:35:24 +02:00
Alexander Boettcher
f8c97e7189 NOVA: Deadlock fix in pager/rm_session interaction
Following deadlock happens when a Rm_client/Pager_object handles a page-fault
and concurrently the same object is dissolved (triggered by parent killing
the client).

The situation is as follows:

Page fault handling  :
base-nova/src/base/pager/pager.cc    : pf_handler() - lock pf_lock
base/.../core/rm_session_component.cc: pager()      - lock rm_session
  (in reverse_lookup())

Dissolve of Rm_client:
base/src/core/rm_session_component.cc: dissolve()   - lock rm_session
base-nova/src/base/pager/pager.cc    : dissolve()   - lock pf_lock

The pf_lock is not required here during normal page fault handling,
since this pager object @NOVA is executed only by one and the same
thread and all critical operations inside the rm_session_object itself
are locked anyway. The only critical point is the destruction of the
Pager_object which is already handled in the both dissolve functions
of the rm-session_component (locking) and the pager_object (finalize
in-flight page faults).
2012-07-04 14:56:46 +02:00
Alexander Boettcher
1d6a00f01a Cleanup: cap allocation
Allocate exc_pt_sel inside Thread_base object
instead of pager object, since it is a thread
specific characteristic.

Same for freeing of the thread capabilities:
- ec, sc, rs, exc_pt_sel is thread specific
and has nothing to do in server nor pager object.
2012-07-04 14:56:46 +02:00
Alexander Boettcher
86921c2e12 Use down-to-zero semaphore feature to block thread
Use semaphore down feature of NOVA to set the counter to zero.
If the semaphore was up()ed more than one time by impatient callers
(e.g. guys calling cancel_blocking) we make sure that the thread
really stops.
2012-07-04 14:56:46 +02:00
Alexander Boettcher
d033b450f5 Sanity resetting of Utcb words/items field.
Don't send words or mappings by accident. Reset the word/item
counter.
2012-07-04 14:56:45 +02:00
Alexander Boettcher
7f93dae3ff Pager/Thread_start cleanups
Don't allocate ec cap twice, in pager.cc and thread_start.cc.
Unmap of utcb has to be done in destructor of thread class, not
in pager class. Free capability selectors of ec and rs.
2012-07-04 14:56:45 +02:00
Alexander Boettcher
2a3b0d72b3 Don't deallocate invalid cap
SC slot is unused here.
2012-07-04 14:56:45 +02:00
Alexander Boettcher
33334b4f4b Fix: Avoid deadlock during cleanup of entrypoint
Invoke cancel_blocking before calling the
cleanup portal of the rpc_entrypoint. If a rpc_entrypoint
is blocked in a semaphore the cleanup call gets
stuck forever.
2012-07-04 14:56:45 +02:00
Alexander Boettcher
c873faa390 Fix: reset word counter in case of failed IPC.
If IPC fails for some reasons, reset received counter of items+words.
This operation is not performed by the kernel.
2012-07-04 14:56:44 +02:00
Alexander Boettcher
0bf642ff9a Establish mappings during reply, #248
Caller thread sends echo thread mapping information. Echo thread
establish during reply the mappings.

Fixes #248
2012-06-20 19:44:08 +02:00
Alexander Boettcher
4534d656a8 NOVA: Improve stability of process destruction
The UTCB of the thread cleaning up thread objects has been unmapped.
However the UTCB of the destroyed thread must be unmapped.

Objects must explicitly be made unreachable before cleaning up. The
server and pager objects must be unreachable before they can be freed.
Both object types are threads. Revoking the thread(EC) cap on NOVA
doesn't mean that the thread stops executing. All portals pointing to a
thread are still reachable by clients even if the last EC cap is gone in
user land. So it must be taken care that no portals are pointing anymore
to a thread when the associated objects are getting destroyed. This
commit handles this.

Additionally, even if the last portal is gone - there can be still an
ongoing request handled by such server/pager object/threads. For each
such object an additional portal is created. This object is called
'cleanup portal' and is only local to the object. After all portals are
revoked the cleanup portal is called. When the call returns we know that
nobody is anymore handled by the object since all remotely available
portals are gone.

Fixes #20
2012-06-20 19:44:07 +02:00
Alexander Boettcher
ae6257dce1 Use NOVA microkernel from github, add 64bit
Use git to get recent kernels from github. Adjust NOVA patch to compile
with recent github version. Patch and use makefile of NOVA microkernel
to avoid duplicated (and outdated) makefile in Genode

Furthermore, this patch adds support for using NOVA on x86_64. The
generic part of the syscall bindings has been moved to
'base-nova/include/nova/syscall-generic.h'. The 32/64-bit specific
parts are located at 'base-nova/include/32bit/nova/syscalls.h' and
'base-nova/include/64bit/nova/syscalls.h' respectively.

On x86_64, the run environment boots qemu using the Pulsar boot loader
because GRUB legacy does not support booting 64bit ELF executables.

In addition to the NOVA-specific changes in base-nova, this patch
rectifies compile-time warnings or build errors in the 'ports' and
'libports' repositories that are related to NOVA x86_64 (i.e., Vancouver
builds for 32bit only and needed an adaptation to NOVAs changed
bindings)

Fixes #233, fixes #234
2012-06-20 19:44:07 +02:00
Alexander Boettcher
200deec403 Bunch of compiler warning fixes, issue #234 2012-06-20 19:44:07 +02:00
Christian Prochaska
7a369bc74d Add an 'executable' flag to 'Rm_session::attach()'
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.

Partially fixes #176.
2012-04-20 11:21:19 +02:00
Norman Feske
d6e30c19de Replace 'Native_capability::copy_to' by accessor
The 'copy_to' function turned out to be not flexible enough to
accommodate the Noux fork mechanism. This patch removes the function,
adds an accessor for the capability destination and a compound type
'Native_capability::Raw' to be used wherever plain capability
information must be communicated.
2012-03-28 09:58:51 +02:00
Stefan Kalkowski
ae8cf5f44d Rename tid() to dst() in Native_capability.
As suggested by Norman in the discussion of issue #145, this commit
renames the tid() accessor in Native_capability to dst().
2012-03-10 15:52:19 +01:00
Stefan Kalkowski
c9c21ad39c Merge Native_capability implementations (fix #145).
This patch unifies the Native_capability classes for the different kernel
platforms by introducing an appropriate template, and eliminating naming
differences. Please refer issue #145.
2012-03-08 18:42:39 +01:00
Christian Prochaska
4b1f182e61 Unlock guarded lock before sending IPC error reply
Sending a reply message does not return, so the guarded lock needs to get
unlocked manually.

This patch fixes #117.
2012-02-15 09:26:21 +01:00
Norman Feske
3ea9467343 Removed stale printf_stdio lib from base-nova 2012-01-25 13:04:04 +01:00
Norman Feske
08ce32215d Bump year in copyright headers to 2012 2012-01-03 15:35:05 +01:00
Genode Labs
da4e1feaa5 Imported Genode release 11.11 2011-12-22 16:19:25 +01:00