Commit Graph

62 Commits

Author SHA1 Message Date
Norman Feske
ebc73f66df Remove base-mb platform
This base platform is no longer maintained.

For supporting the Microblaze CPU in the future, we might consider
integrating support for this architecture into base-hw. Currently
though, there does not seem to be any demand for it.
2013-02-20 13:17:39 +01:00
Norman Feske
bcdc706f42 Unify 'ipc.h' and 'ipc_generic.h' across platforms
The distinction between 'ipc.h' and 'ipc_generic.h' is no more. The only
use case for platform-specific extensions of the IPC support was the
marshalling of capabilities. However, this case is accommodated by a
function interface ('_marshal_capability', '_unmarshal_capability'). By
moving the implementation of these functions from the headers into the
respective ipc libraries, we can abandon the platform-specific 'ipc.h'
headers.
2013-02-14 13:23:37 +01:00
Norman Feske
b1f63e3356 Turn 'platform_env.h' into a private header
This patch removes 'platform_env.h' from the public API headers because
this header was not part of the API anyway.
2013-02-14 13:23:36 +01:00
Alexander Boettcher
9453d319cb base: add remove_client to rm_session
Fixes #13
2013-02-11 12:01:25 +01:00
Christian Prochaska
a6acab6d0d Synchronize signal context destruction
With this patch, the 'Signal_receiver::dissolve()' function does not return
as long as the signal context to be dissolved is still referenced by one
or more 'Signal' objects. This is supposed to delay the destruction of the
signal context while it is still in use.

Fixes #594.
2013-01-15 15:03:21 +01:00
Norman Feske
1aa9f9910c Add 'Service_registry::remove_all' function
This function is needed when reconfiguring init.
2013-01-15 10:18:11 +01:00
Norman Feske
73ab30c22c Update copyright headers to 2013 2013-01-10 21:44:47 +01:00
Norman Feske
13d4108fea Unify 'Signal_dispatcher' interfaces
Several users of the signal API used custom convenience classes to
invoke signal-handling functions on the reception of incoming signals.
The 'Signal_dispatcher' pattern turned out to be particularly useful. To
avoid the duplication of this code across the code base, this patch
adds the interface to 'base/signal.h'.

Furthermore, the patch changes the 'Signal::num()' return type from int
to unsigned because negative numbers are meaningless here.

Fixes #511
2013-01-10 21:09:14 +01:00
Alexander Boettcher
c2d3543e62 base: replace obj_by_* by lookup_and_lock
Add functionality to lookup an object and lock it. Additional the case is
handled that a object may be already in-destruction and the lookup will deny
returning the object.

The object_pool generalize the lookup and lock functionality of the rpc_server
and serve as base for following up patches to fix dangling pointer issues.
2013-01-10 11:13:13 +01:00
Norman Feske
d90b0464b8 Change order of thread-context members
Because 'stack' and 'stack_base' are related to each other, it makes
sense to locate both members close to each other.
2013-01-07 17:58:33 +01:00
Norman Feske
dfaecfb5ab Make quota-upgrading message more clear
Fixes #592
2012-12-22 13:04:04 +01:00
Norman Feske
f081733f4b Linux: remove 'some_mem' array in core
The Linux version of core used a part of the BSS to simulate access to
physical memory. All dataspaces would refer to a portion of 'some_mem'.
So every time when core would access the dataspace content, it would
access its local BSS. For all processes outside of core, dataspaces were
represented as files. This patch removes the distinction between core
and non-core processes. Now, core uses the same 'Rm_session_mmap'
implementation as regular processes. This way, the 'some_mem' could be
abandoned. We still use BSS variable for allocating core-local meta
data through.
2012-12-04 20:51:29 +01:00
Christian Prochaska
42cef716e1 CPU session meta data RAM quota upgrade support
Fixes #541.
2012-11-30 16:27:29 +01:00
Alexander Boettcher
fa2cbdc7cb Fix: don't deference stale pager pointer in core
Reset pager pointer in platform_thread if pager object is removed.

Fixes #532
2012-11-29 13:44:07 +01:00
Martin Stein
b3815c95a7 base: don't mention 'CONTEXT_VIRTUAL_SIZE' in docs
Fix #530
2012-11-29 09:55:09 +01:00
Norman Feske
0dbb5e1696 Propagate 'Range_allocator::alloc_aligned' errors
This patch reflects eventual allocation errors in a more specific way to
the caller of 'alloc_aligned', in particular out-of-metadata and
out-of-memory are considered as different conditions.

Related to issue #526.
2012-11-28 22:51:09 +01:00
Norman Feske
5c8373bec3 Cleanup destruction of RPC entrypoints
This patch introduces clean synchronization between the entrypoint
thread and the caller of the 'Rpc_entrypoint' destructor. The most
important change is the handling of the 'Ipc_server' destruction. This
object is in the local scope of the server's entry function. However,
since the server loop used to be an infinite loop, there was hardly any
chance to destruct the object in a clean way. Hence, the
'Rpc_entrypoint' destructor used to explicitly call '~Ipc_server'.
Unfortunately, this approach led to problems because there are indeed
rare cases where the server thread leaves the scope of the entry
function, namely uncaught exceptions. In such a case, the destructor
would have been called twice.

With the new protocol, we make sure to leave the scope of the entry
function and thereby destroy the 'Ipc_server' object as expected. This
is achieved by propagating the exit condition through a local RPC call
to the entrypoint. This way, the blocking state of the entrypoint
becomes unblocked. Furthermore, '~Rpc_entrypoint' makes use of the new
'join' function to wait for the completion of the server thread.
2012-11-26 20:58:09 +01:00
Norman Feske
959df5d46b Generalize handling of PD-session arguments
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.

The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.

Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.

Related to #510.
2012-11-21 20:04:07 +01:00
Norman Feske
bcabbe2c92 Add 'Thread_base::join()'
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.

Related to #194, #501
2012-11-19 12:43:34 +01:00
Christian Helmuth
d23ee02e9a Destruct IPC-server object on entrypoint destruction
The IPC-server object exists solely on the stack of the entrypoint
thread and, therefore, would never be destructed as the thread is just
killed. Now, the object is explicitly destructed in the entrypoint
destructor. An alternative solution could instruct the entrypoint thread
the terminate, which would automatically cleanup its stack.

The object pool is assumed to be empty on destruction of the entrypoint.
If not, we warn and at least dissolve all RPC objects.
2012-11-16 13:55:00 +01:00
Torsten Hilbrich
7d30ffc907 base: Fix a number of warnings about unused parameters
The warnings are shown if components using the genode base are
compiled with -Wextra -Wall enabled.

Fixes #489.
2012-11-14 16:38:38 +01:00
Norman Feske
0c76bc9cfd Add support for specialized session interfaces
This patch introduces principal support for extending session interfaces
with specialized functionality in a clean way. For example, an 'Uart'
interface may implement the 'Terminal' interface but also offers
additional functions for setting the baud rate. A service that
implements the 'Uart' service will then automatically announce both the
'Uart' and 'Terminal' services.
2012-11-07 13:43:04 +01:00
Norman Feske
b45242c50f Add chroot support to core
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation.  For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.

This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
2012-11-05 17:31:05 +01:00
Stefan Kalkowski
f2d81a8d62 Remove superfluous, generic Thread_state definition
The 'Cpu_state' in 'base/include/base/cpu_state.h' is not needed anymore.
Moreover, it's inconsistent with the architecture-specific definitions
of 'Cpu_state' that all reside in <cpu/cpu_state.h>.
2012-10-29 10:08:29 +01:00
Alexander Boettcher
105ff5dfed Provide main thread cap via parent interface
Preparation to solve issue #10
2012-10-24 11:34:38 +02:00
Alexander Boettcher
664e0dc7cd Provide cpu_session_cap via environment object
Preparation to solve issue #10
2012-10-24 11:34:33 +02:00
Norman Feske
4a1b545770 Move 'Child' API implementation to library 2012-10-09 13:45:33 +02:00
Norman Feske
64245dde3a Avoid superfluous compiler warnings
GCC warns about uninitialized local variables in cases where no
initialization is needed, in particular in the overloads of the
'Capability::call()' function. Prior this patch, we dealt with those
warnings by using an (unreliable) GCC pragma or by disabling the
particular warning altogether (which is a bad idea). This patch removes
the superfluous warnings by telling the compiler that the variable in
question is volatile.
2012-10-08 15:08:21 +02:00
Christian Helmuth
4017e592f0 Compile PDBG() in release mode too
Formerly, GENODE_RELEASE just undef'd PDBG() which concealed bugs in
places PDBG was used, e.g., do to API changes. Unfortunately,
desparately disabling GENODE_RELEASE during bug hunt sometimes
introduced new errors. Now, PDBG is just a branch not taken but seen by
the compiler, which is able to produce warnings/errors when the API is
changed.

Fixes #378.
2012-10-04 14:37:18 +02:00
Alexander Boettcher
11a262c1af Allocate first heap requests from bss
The exception initialization and handling in gcc_eh allocates early (_main)
memory before executing main. In Vancouver the virtual
region from [0,VM size) must be reserved. Vancouver fails if the memory
allocated by the exception handling and the static objects was allocated
inside the [0, VM size) area.

To circumvent the situation allocate the first memory pieces for the heap
from the bss.
2012-09-24 09:17:58 +02:00
Alexander Boettcher
ea38aad30e Move context area definition to native_type 2012-09-24 09:17:54 +02:00
Stefan Kalkowski
689c08e411 Make first block of allocator_avl 64bit fit
The first metadata-block, which is inherent part of the allocator object
itself has a fixed size which isn't suitable enough for some 64bit platforms
(e.g. core's RAM-allocator on a 64bit platform with lots of different regions).
This commit let the block size be address-width aware.
2012-09-18 16:47:59 +02:00
Norman Feske
47e95d4e18 Support upgrading of child-environment resources
Fixes #5
2012-08-16 10:03:06 +02:00
Alexander Boettcher
8526dc4f19 Set ERR_INVALID_OBEJCT if call failed to server
Tell the client that the last operation failed, instead of continuing doing
useless things.
2012-08-10 10:57:54 +02:00
Alexander Boettcher
9e582c59a9 Don't loop forever if upgrade of a donation failed.
The code intended to stop after the first failed attempt,
however the bool variable to control this was reseted
inside the loop and so it endless loops.

Fixes #51
2012-07-19 21:05:51 +02:00
Alexander Boettcher
8ee4442108 Feature: add synchronized allocator 2012-07-04 14:56:47 +02:00
Alexander Boettcher
4d5d91efef Fix: _session_list in child.h must be locked
The _session_list can be modified concurrently,
so the iteration over the list must be locked.
2012-07-04 14:56:46 +02:00
Alexander Boettcher
f612475c99 Bug fix: null ptr dereference in base/semaphore
If nobody is blocked in a semaphore, nothing can be dequeued. If
the semaphore is used for signalling, there can be somebody in the queue,
but not necessarily.
2012-07-04 14:56:44 +02:00
Norman Feske
288fd4e56e Add support for allocating DMA memory
This patch extends the RAM session interface with the ability to
allocate DMA buffers. The client specifies the type of RAM dataspace to
allocate via the new 'cached' argument of the 'Ram_session::alloc()'
function. By default, 'cached' is true, which correponds to the common
case and the original behavior. When setting 'cached' to 'false', core
takes the precautions needed to register the memory as uncached in the
page table of each process that has the dataspace attached.

Currently, the support for allocating DMA buffers is implemented for
Fiasco.OC only. On x86 platforms, it is generally not needed. But on
platforms with more relaxed cache coherence (such as ARM), user-level
device drivers should always use uncacheable memory for DMA transactions.
2012-06-20 09:17:48 +02:00
Norman Feske
e4f28625e3 Construct process member as late as possible
When creating a 'Child' object with an already active entrypoint,
session requests may arrive as soon as the '_process' is created. We
have to make sure that at least all parts of the 'Child' object needed
for serving 'session' requests are constructed. This is particularly
important for the '_policy' member.
2012-06-06 17:24:07 +02:00
Christian Prochaska
c2f23de2e7 Introduce server-role member to 'Child' class
This patch is needed to use children as services in a dynamic
way (closing and reopening sessions).
2012-05-29 13:54:59 +02:00
Stefan Kalkowski
0971b47b11 Use placement new for Heap::Dataspace (fix #203)
This commit introduces placement new/delete, and a constructor for
Heap::Dataspace objects. It fixes the usage of uninitialized Dataspace
objects when expanding the heap that lead to problems in conjunction
with Native_capability smart-pointer in base-foc. Please refer to
issue #203.
2012-05-10 19:04:35 +02:00
Stefan Kalkowski
685add4774 Use OO-means to copy capabilities (fix #182)
Whenever Native_capability or its derivation Capaility is memcpy'd no copy-
constructor/assignment-operator is used and thereby implementation of
reference-counting gets impossible for these objects. Use object-oriented
means like e.g. copy-constructor instead.
2012-05-09 20:50:56 +02:00
Christian Prochaska
7a369bc74d Add an 'executable' flag to 'Rm_session::attach()'
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.

Partially fixes #176.
2012-04-20 11:21:19 +02:00
Norman Feske
f150b00c0d Spelling fix 2012-04-04 17:03:34 +02:00
Christian Prochaska
d6caa73c13 Fix a compile error reported by GCC 4.7.0 2012-03-30 19:55:56 +02:00
Norman Feske
d6e30c19de Replace 'Native_capability::copy_to' by accessor
The 'copy_to' function turned out to be not flexible enough to
accommodate the Noux fork mechanism. This patch removes the function,
adds an accessor for the capability destination and a compound type
'Native_capability::Raw' to be used wherever plain capability
information must be communicated.
2012-03-28 09:58:51 +02:00
Norman Feske
48739422ac Validate liveliness of signal contexts
We cannot trust signal imprints received with signals to represent valid
pointers to signal contexts. After a signal context has been dissolved
from its receiver, a signal corresponding to the context might still be
in flight. Hence, we need a facility to check received signal imprints
against the list of valid contexts at reception time. The new
'Signal_context_registry' is a very simple attempt to create such a
facility.
2012-03-21 21:37:15 +01:00
Stefan Kalkowski
ae8cf5f44d Rename tid() to dst() in Native_capability.
As suggested by Norman in the discussion of issue #145, this commit
renames the tid() accessor in Native_capability to dst().
2012-03-10 15:52:19 +01:00
Stefan Kalkowski
42b7c01685 Unify policy name for Native_capability_tpl.
This commit unifies the policy name for the template argument for
Native_capability_tpl to Cap_dst_policy, like suggested by Norman in the
discussion resulting from issue #145. Moreover, it takes the memcpy
operation for copying a Native_capability out of the template, which is
included by a significant bunch of files, and separates it in a library,
analog to the suggestion in issue #145.
2012-03-10 15:52:13 +01:00