broken due to changes of
libc: API transition
Issue #1987
For now provide a initial memory buffer for allocation of static
constructors and of malloc calls out of the libc during early
libc initialization until actual vbox code is executed having the Env
pointer.
The support has two parts. First, a VFS plugin now gets passed an
I/O-response handler callback on construction, which informs users of the
VFS that an I/O event occurred. This enables, for example, the libC to
check if blocking read can be completed. Further, the VFS file I/O
interface provides now functions for suspendable reads, i.e.,
queue_read() and complete_read().
The test now forks twice - the parent forks a child and the child itself
forks a grand child. Both, parent and child, wait for termination of
their forked process with waitpid(). Additionally, the run script now
checks for exit of the parent (not any noux process).
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.
Issue #1987
lesskey and lessecho missed the declaration of ${LIBS} on the compiler
command line, which ended up in unusable programs.
> file noux-pkg/less/lesskey.broken
noux-pkg/less/lesskey.broken: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter *empty*, not stripped
> file noux-pkg/less/lesskey
noux-pkg/less/lesskey: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter ld.lib.so, not stripped
The issue was identified because -O0 builds broke with
ld: lesskey: The first section in the PT_DYNAMIC segment is not the .dynamic section
Unfortunately, this simple fix renders both tools also dependent to libm
and ncurses which they don't use.
This patch removes the dependency of the deprecated Genode API,
fixes the coding style, and removes the "random" file system
(superseded by the VFS plugin mechanism).
Ref #1987
Libc::Env is the Genode::Env interface extended to cover access
to the XML content of the 'config' ROM and a VFS instance. This
deduplicates the burden of components to attain and manage
these resources.
Fix#2217
Ref #1987
This patch make the ABI mechanism available to shared libraries other
than Genode's dynamic linker. It thereby allows us to introduce
intermediate ABIs at the granularity of shared libraries. This is useful
for slow-moving ABIs such as the libc's interface but it will also
become handy for the package management.
To implement the feature, the build system had to be streamlined a bit.
In particular, archive dependencies and shared-lib dependencies are now
handled separately, and the global list of 'SHARED_LIBS' is no more.
Now, the variable with the same name holds the per-target list of shared
libraries used by the target.
This patch removes the component_entry_point library, which used to
proved a hook for the libc to intercept the call of the
'Component::construct' function. The mechansim has several shortcomings
(see the discussion in the associated issue) and was complex. So we
eventually discarded the approach in favor of the explicit handling of
the startup.
A regular Genode component provides a 'Component::construct' function,
which is determined by the dynamic linker via a symbol lookup.
For the time being, the dynamic linker falls back to looking up a 'main'
function if no 'Component::construct' function could be found.
The libc provides an implementation of 'Component::construct', which
sets up the libc's task handling and finally call the function
'Libc::Component::construct' from the context of the appllication task.
This function is expected to be provided by the libc-using application.
Consequently, Genode components that use the libc have to implement the
'Libc::Component::construct' function.
The new 'posix' library provides an implementation of
'Libc::Component::construct' that calls a main function. Hence, POSIX
programs that merely use the POSIX API merely have to add 'posix' to the
'LIBS' declaration in their 'target.mk' file. Their execution starts at
'main'.
Issue #2199
The header is foc-specific. It used to shadow the generic one provided
by the base repository, which contradicts with the kernel-agnostic
Genode API. Hence, it had to be moved to a foc-specific location.
This patch decouples the kernel-specific implementation of the dynamic
linker from its kernel-agnostic binary interface. The name of the
kernel-specific dynamic linker binary now corresponds to the kernel,
e.g., 'ld-linux.lib.so' or 'ld-nova.lib.so'. Applications are no longer
linked directly against a concrete instance of the dynamic linker but
against a shallow stub called 'ld.lib.so'. This stub contains nothing
but the symbols provided by the dynamic linker. It thereby represents
the Genode ABI.
At system-integration time, the kernel-specific run/boot_dir back ends
integrate the matching the kernel-specific variant of the dynamic linker
as 'ld.lib.so' into the boot image.
The ABI symbol file for the dynamic linker is located at
'base/lib/symbols/ld'. It contains the joint ABI of all supported
architectures. The new utility 'tool/abi_symbols' eases the creation of
such an ABI symbol file for a given shared library. Its result should be
manually inspected and edited as needed.
The patch removes the 'syscall' library from 'base_libs.mk' to avoid
polluting the kernel-agnostic ABI with kernel-specific interfaces.
Issue #2190
Issue #2195
By not placing the sysio buffer (16 KiB) on the stack, we can call
'noux_syscall' from the initial thread. This is needed to issue fork
from the suspend callback, which is executed by the initial thread.
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.
As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).
Fixes#2171
Trace_control dataspace gets destroyed implicitly when the cpu session is
closed. Remove the trace control dataspace from the internal noux dataspace
registry before cpu session destruction.
This patch adjusts the various users of the 'Child' API to the changes
on the account of the new non-blocking parent interface. It also removes
the use of the no-longer-available 'Connection::KEEP_OPEN' feature.
With the adjustment, we took the opportunity to redesign several
components to fit the non-blocking execution model much better, in
particular the demo applications.
Issue #2120
VirtualBox mainly derives the initial link-state for its device models
from checking the <Adapter ... cable="true"/> attribute. Our backend
only propagates the current state of the Nic session if it receives a
link-state signal. This may lead to problems if a guest detects a link
up state when it is actually down and wants to use the interface. The
backend now queries the Nic session and sets the link-state accordingly
when it is constructed.
In case there is no link do not attempt to submit a packet to the packet
stream but return with an error so that upper layers can handle it.
Enable signals for network on poweron and not already during
construction. The network model may be not yet ready to process incoming
signals and data.
Fixes#2117.
* Supply Env to Input::Session_component
* Attach input event dataspace at Input::Client
* Process input events by lambda rather than pointer
* Supply Env and a label to Input::Connection
* Wm serves valid input_session to decorator
* Per-source signal handling at input_merger
* Base API update for dummy_input_drv, test_input
* Input API update for launcher, menu_view, terminal,
mupdf, sdl, seoul, virtualbox
Ref #1987
This patch makes the build-system integration of noux packages usable
for non-Noux targets. It moves the GNU build system wrapper to
ports/mk/gnu_build.mk, which is now included by noux.mk. This way,
non-noux applications can use the same build-system wrapper. So the
porting of individual applications becomes easier.
This change removes the 'NOUX_' prefix use the various build variables
used by the noux-pkg's target.mk files to steer the behaviour of the GNU
build system. E.g., NOUX_CONFIGURE_ARGS is now called CONFIGURE_ARGS.
Note that there is a single exception to this pattern: The formerly
named NOUX_LIBS is now called LDLIBS because the plain LIBS variable is
used by the Genode build system.
Fixes#2094
The main feature for this version upgrade is the use of the instruction
emulator (IEM) to speed up execution and less often the slow recompiler.
issue #2059
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
Conveying the ROM filename as the final label element simplifies
routing policy and session construction.
Annotations by nfeske:
This commit also changes the ROM session to use base/log.h instead of
base/printf.h, which produced build error of VirtualBox because the
vbox headers have a '#define Log', which collides with the content of
base/log.h. Hence, this commit has to take precautions to resolve this
conflict.
The commit alse refines the previous session-label change by adding a
new 'Session_label::prefix' method and removing the use of 'char const *'
from this part of the API.
Fixes#1787
This patch establishes the sole use of generic headers across all
kernels. The common 'native_capability.h' is based on the version of
base-sel4. All traditional L4 kernels and Linux use the same
implementation of the capability-lifetime management. On base-hw, NOVA,
Fiasco.OC, and seL4, custom implementations (based on their original
mechanisms) are used, with the potential to unify them further in the
future.
This change achieves binary compatibility of dynamically linked programs
across all kernels.
Furthermore, the patch introduces a Native_capability::print method,
which allows the easy output of the kernel-specific capability
representation using the base/log.h API.
Issue #1993
This patch alleviates the need for a Native_capability::Dst at the API
level. The former use case of this type as argument to
Deprecated_env::reinit uses the opaque Native_capability::Raw type
instead. The 'Raw' type contains the portion of the capability that is
transferred as-is when delegating the capability (i.e., when installing
the parent capability into a new component, or when installing a new
parent capability into a new forked Noux process). This information can
be retrieved via the new Native_capability::raw method.
Furthermore, this patch moves the functions for retriving the parent
capability to base/internal/parent_cap.h, which is meant to be
implemented in platform-specific ways. It replaces the former set of
startup/internal/_main_parent_cap.h headers.
Issue #1993
Pass both paths, absolute path to the mount point and the relative path
from the mount point to the file, along with an open handle rather than
just an absolute path. Otherwise, fstat fails if the addressed file is
implemented by another VFS plugin.
Fixes#1789
Move Genode/vbox memory configuration check to separate
genode_check_memory_config() function and call it in platform-specific
setup machine hook of accloff/nova.
The rationale for this change is to omit the check on Muen since the
guest memory is separate and not allocated from base-hw memory.
Issue #2016
Add call to genode_setup_machine prior to machine registration in
frontend machine setup code. This enables platform-specific adjustments
to the machine instance.
The new function is used on hw_x86_64_muen to clamp the processor count
to 1 as multiple virtual CPUs are not supported on this platform.
Issue #2016
* Implement VMMR0_DO_VMMR0_INIT operation for Muen
- Indicate VT-x support
- Enable unrestricted guest mode
- Set CR[0|4] mask to enable masking of guest CR0.[NE,NW,CD] and
CR4.VMXE bits.
* Implement VMMR0_DO_GVMM_CREATE_VM on Muen
Return error if trying to create SMP VM as VMs with multiple CPUs are
currently not supported on hw_x86_64_muen.
* Add Muen-specific Mem_region type
On hw_x86_64_muen the guest memory layout is static, thus regions are
handed out from an array of memory regions.
Use sinfo API to calculate the base address of the VM RAM physical
0x0 region. This allows to dynamically modify the VM RAM size by
adjusting the Muen policy and Genode vbox files accordingly.
Zeroize all memory regions apart from VM Ram since Virtualbox expects
these regions to be cleared.
* Add Muen subject state struct
The subject state encompasses the guest VM machine state that is
transfered between Virtualbox and hardware accelerated execution on
Muen.
* Add Muen-specific Vm_handler class
* Use Vm_handler to run VM
* Instruct recompiler to flush its code cache
* Copy the Muen subject state to/from the Vbox PCPUMCTX.
* Use the VM interruptibility state to inform the recompiler whether
interrupts are currently inhibited.
* Explicitly handle control register access
If a VM-exit occurs due to a control register access, handle it and
directly continue hardware accelerated execution of guest VM.
Note: On NOVA control register accesses are handled by the kernel [1].
[1] - https://github.com/alex-ab/NOVA/blob/master/src/ec_vmx.cpp#L106
* Reset guest interruptibility state
Assert that interrupts are not inhibited in the Virtualbox machine
state and clear Blocking-by-[STI|MOV to SS] guest interruptibility
flags prior to running a guest VM in hwaccel mode.
* Set return code depending on exit reason
Do not unconditionally emulate the next instruction on VM exit. This
makes sharing the VM FPU state with Virtualbox unnecessary, as FPU
instructions are not emulated by the recompiler any longer.
Also, assert that the FPU has not been used by the recompiler
* Inject pending guest VM interrupts on Muen
Use mapped subject pending interrupts page of guest VM to perform
interrupt injection. IRQs are transferred from the Virtualbox trap
manager state to the pending interrupts region for injection. If an
IRQ remains pending upon returning to the recompiler, it is copied
back to the trap manager state and cleared in the subject interrupts
region.
* Inform recompiler about changed SYSENTER_[CS|EIP|ESP] values,
otherwise values set while running the guest VM hardware accelerated
may get lost.
* Implement genode_cpu_hz() on Muen
Determine the CPU frequency dynamically using the sinfo API.
Issue #2016
The virtual PCI model delivers IRQs to the PIC by default and to the
IOAPIC only if the guest operating system selected the IOAPIC with the
'_PIC' ACPI method and if it called the '_PRT' ACPI method afterwards.
When running a guest operating system which uses the IOAPIC, but does
not call these ACPI methods (for example Genode/NOVA), the new
configuration option
<config force_ioapic="yes">
enforces the delivery of PCI IRQs to the IOAPIC.
Fixes#2029
Replace 'attribute(...).has_value("yes")`
with 'attribute_value(..., false)'.
This allows for boolean configuration to be set with values such as
"true", "false", "yes", "no", or "1", "0".
Fixes#2002
Instead of passing on the Noux 'config' ROM dataspace to child processes,
provide a separate configuration for each Noux child, which is either
'<config/>' or '<config ld_verbose="yes"/>', depending on the
configuration of this attribute for the Noux process. This is also a
workaround to prevent multiple insertion of the same 'config' ROM
dataspace capability into the dataspace registry.
Issue #1978
This patch moves the thread operations from the 'Cpu_session'
to the 'Cpu_thread' interface.
A noteworthy semantic change is the meaning of the former
'exception_handler' function, which used to define both, the default
exception handler or a thread-specific signal handler. Now, the
'Cpu_session::exception_sigh' function defines the CPU-session-wide
default handler whereas the 'Cpu_thread::exception_sigh' function
defines the thread-specific one.
To retain the ability to create 'Child' objects without invoking a
capability, the child's initial thread must be created outside the
'Child::Process'. It is now represented by the 'Child::Initial_thread',
which is passed as argument to the 'Child' constructor.
Fixes#1939
The recent move of the initial three region maps into the PD session
breaks the noux.run test on Linux because the address spaces are locally
managed on this platform but the generic code of Noux still tries to
execute the regular procedure of creating the virtualized PD session for
a new Noux process. This patch handles a corner case that occurs on
Linux but no other platform. It enables the successful creation of the
virtualized PD session so that the test runs to completion. Still noux
on Linux remains to be limited to non-forking programs.
Issue #1938
This patch cleans up the thread API and comes with the following
noteworthy changes:
- Introduced Cpu_session::Weight type that replaces a formerly used
plain integer value to prevent the accidental mix-up of
arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
The original constructors are now marked as deprecated. For the
common use case where the default 'Weight' and 'Affinity' are
used, a shortcut is provided. In the long term, those two
constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
object as centrally defined via 'Cpu_session::Name'. It is meant to
replace the old-fashioned 'name' method that takes a buffer and size
as arguments.
- Adaptation of the thread test to the new API
Issue #1954
This patch makes the former 'Process' class private to the 'Child'
class and changes the constructor of the 'Child' in a way that
principally enables the implementation of single-threaded runtime
environments that virtualize the CPU, PD, and RAM services. The
new interfaces has become free from side effects. I.e., instead
of implicitly using Genode::env()->rm_session(), it takes the reference
to the local region map as argument. Also, the handling of the dynamic
linker via global variables is gone. Now, the linker binary must be
provided as constructor argument.
Fixes#1949
This patch replaces the former 'Pd_session::bind_thread' function by a
PD-capability argument of the 'Cpu_session::create_thread' function, and
removes the ancient thread-start protocol via 'Rm_session::add_client' and
'Cpu_session::set_pager'. Threads are now bound to PDs at their creation
time and implicitly paged according to the address space of the PD.
Note the API change:
This patch changes the signature of the 'Child' and 'Process' constructors.
There is a new 'address_space' argument, which represents the region map
representing the child's address space. It is supplied separately to the
PD session capability (which principally can be invoked to obtain the
PD's address space) to allow the population of the address space
without relying on an 'Pd_session::address_space' RPC call.
Furthermore, a new (optional) env_pd argument allows the explicit
overriding of the PD capability handed out to the child as part of its
environment. It can be used to intercept the interaction of the child
with its PD session at core. This is used by Noux.
Issue #1938
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.
Note the API change:
With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.
The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.
Issue #1938
Currently the report name is used implicitly as first xml node name for the
report. This is inconvenient if one component wants to generate various xml
reports under various names (e.g. to steer consumers/clients slightly
differently) but with the same xml node tree structure.
Fixes#1940
This patch unifies the CPU session interface across all platforms. The
former differences are moved to respective "native-CPU" interfaces.
NOVA is not covered by the patch and still relies on a custom version of
the core-internal 'cpu_session_component.h'. However, this will soon be
removed once the ongoing rework of pause/single-step on NOVA is
completed.
Fixes#1922
Opening a VFS handle previously involved allocating from the global heap
at each VFS file system. By amending open with an allocator argument,
dynamic allocation can be partitioned.
A new close method is used to deallocate open handles.
Issue #1751
Issue #1891
This commit introduces the new `Component` interface in the form of the
headers base/component.h and base/entrypoint.h. The os/server.h API
has become merely a compatibilty wrapper and will eventually be removed.
The same holds true for os/signal_rpc_dispatcher.h. The mechanism has
moved to base/signal.h and is now called 'Signal_handler'.
Since the patch shuffles headers around, please do a 'make clean' in the
build directory.
Issue #1832
This patch moves details about the stack allocation and organization
the base-internal headers. Thereby, I replaced the notion of "thread
contexts" by "stacks" as this term is much more intuitive. The fact that
we place thread-specific information at the bottom of the stack is not
worth introducing new terminology.
Issue #1832
- Use 'label' attribute to identify device instead of
bus/dev and vendor_id/product_id
- Implement release_interface RPC
- Report 'label' as well as 'bus' and 'dev'
- Add policy handling to raw driver (includes reconfiguration
at runtime)
- Use own memory backing store for large DMA allocations
Issue #1863.
Thanks to the log_terminal server, we no longer rely on a separate UART
for the noux output. We also skip the indirection of using a tar archive
but rather start the test-noux_form program as a mounted ROM module.
With commit e74b53d5dd the fork semantic in noux
changed slightly, and broke platforms like hw & sel4, where the UTCB is mapped
directly into the thread's context area. The change moved the re-initialization
to a point where the new noux process' thread stack-pointer was already switched
back to the context area. But to re-initialize the context area RPC calls must
be done, and the UTCB must be used therefore. On the other side the UTCB is
found implicitly by the stack-pointer, whereby a stack-pointer located in the
context-area refers to a UTCB that is expected to reside in the context-area
as well. But the UTCB gets overlayed inside the context area by the
context-area's re-initialization - we've come round in a circle.
This commit rolls back the move of the re-initialization routine. To preserve
the intention of the original commit, the context-area location is stored in
a static variable, so that the Native_config API is not needed anymore.
Fix#1851
Executing the system call will change the input fds as a side-effect
because the select_in.fds and select_out.fds structure are part of a
union. Since the original select_in.fds content is needed afterwards
make a copy instead of using a reference.
Fixes#1809.
If the injection of an event causes an EPT violation, the event must be
injected again. This commit implements the reinjection for the case that
the EPT violation can be resolved without involving the recompiler.
Fixes#1798
