We cannot trust signal imprints received with signals to represent valid
pointers to signal contexts. After a signal context has been dissolved
from its receiver, a signal corresponding to the context might still be
in flight. Hence, we need a facility to check received signal imprints
against the list of valid contexts at reception time. The new
'Signal_context_registry' is a very simple attempt to create such a
facility.
Introduce a new Noncopyable class, one can derive from to mark a class of
objects to be uncopyable. This way the compiler can check for any violations
for you.
Both the libc and the NOVA syscall bindings provide the definition of
PAGE_SIZE. In contrast to the libc, which uses a #define, the NOVA
syscalls uses a proper enum value. Thus, we can work around the conflict
by including the NOVA syscalls header prior the libc header. Fixes#152.
This bug was introduced by commit c9c21ad39c, where Fiasco_capability
was removed, and enums defined in that class scope went to the namespace
Fiasco. In L4Linux some references to Fiasco_capability remained.
This commit unifies the policy name for the template argument for
Native_capability_tpl to Cap_dst_policy, like suggested by Norman in the
discussion resulting from issue #145. Moreover, it takes the memcpy
operation for copying a Native_capability out of the template, which is
included by a significant bunch of files, and separates it in a library,
analog to the suggestion in issue #145.
Because we use to pass a policy class to 'Native_capability_tpl'
we can pass the dst type as part of the policy instead of as
a separate template argument. This patch also adds documentation
of the POLICY interface as expected by 'Native_capability_tpl'.
This patch unifies the Native_capability classes for the different kernel
platforms by introducing an appropriate template, and eliminating naming
differences. Please refer issue #145.
To give the platform developer more freedom in how the Native_capability
class is internally implemented (e.g. turning it into a smart-pointer),
this patch removes the memcpy operation, when transfering the parent-capability
to a new process from the generic code, and let the implementation of the
platform-specific Native_capability decide how the transfer has to be done.
Please refer to issue #144.
Introduce a factory-, and dereference method for local capabilities. These are
capabilities that reference objects of services, which are known to be used
protection-domain internally only. To support the new Capability class methods
a protected constructor and accessor to the local object's pointer is needed
in the platform's capability base-classes. For further discussion details please
refer issue #139.
The 'log2()' and 'log2f()' functions have been added in FreeBSD's libc
version 9.0.0, but they are missing in version 8.2.0, which is used in
Genode. This patch provides preliminary implementations of these
functions until the Genode libc gets updated to version 9.0.0 or above.
Fixes#143.
When introducing an avl-tree to re-find known capabilities in Fiasco.OC
(issue #112), the memory demand of apllications was slightly increased.
So we've to give the pl11x driver more memory by default. Fixes#140.
Separate spin-lock implementation from lock-implementation and put it into a
non-public header, so it can be re-used by the DDE kit's and Fiasco.OC's
capability-allocator spin lock. Fixes issue #123.
The old variant provided 8K capability slots to all processes on core,
which increased binaries by 180 KB for the static allocator. I reduced it
to 4K capabilities stay under 100 KB overhead for the allocator.
Anyway, pci_drv and pl11x_drv need more RAM quota now: 2M for pl11x_drv
and 1M for pci_drv.
In the cap-session component in core when freeing a capability, the
corresponding kernel object should be unmapped from all processes and core.
Until now, the unmap operation for removing the kernel object didn't worked
because of using the wrong rights-map. This patch fixes it.
The re-use of capabilities introduced by the last patch triggered this
problem because its essential for the capability-registry to detect
invalidated capabilities.
This is an interim fix for issue #112. This patch extends the
'Capability_allocator' class with the ability to register the global
ID of a Genode capability so that the ID gets associated with a
process-local kernel capability. Whenever a Genode capability gets
unmarshalled from an IPC message, the capability-allocator is asked,
with the global ID as key, whether the kernel-cap already exists.
This significantly reduces the waste of kernel-capability slots.
To circumvent problems of having one and the same ID for different kernel
objects, the following problems had to be solved:
* Replace pseudo IDs with unique ones from core's badge allocator
* When freeing a session object, free the global ID _after_ unmapping
the kernel object, otherwise the global ID might get re-used in some
process and the registry will find a valid but wrong capability
for the ID
Because core aggregates all capabilities of all different processes, its
capability registry needs much more memory compared to a regular process.
By parametrizing capability allocators differently for core and non-core
processes, the global memory overhead for capability registries is kept
at a reasonable level.
On Ubuntu 11.10 the host library created for the 'lx_hybrid_ctors' test
doesn't get loaded, because the test object in the library is not being
used by the application. This commit fixes the problem by having the
application call a dummy function in the library.
Fixes#120.
The kernel distinguishes local from global IDs by looking at the lowest
6 bits of the thread ID (i.e., in 'L4_ThreadControl'). If those bits are
zero, the ID is interpreted as a local ID. Because those zero bits
overlap with the version bits of global IDs, this invariant could be
violated once the version of a global ID reaches 64. In this case,
'L4_ThreadControl' will return an error on the attempt to create a new
PD. To prevent this from happening, we always set the lowest bit to 1.
- Remove example application source code files which also exist in contrib
- Outsource commonly used parts from target.mk files
- Store the current Qt version only in one place
- Add run scripts for the example applications
Fixes#127.
The 'noux_bash.run' script has become able to present the user with an
interactive bash shell for executing various coreutils programs. It is
still pretty limited, i.e., the environment is not correctly passed to
child processes and pipes are not supported. But bash and coreutils are
operational.
