This aspect was always enabled when creating a build directory for hw,
but is not enabled anymore due to recent build directory unifications.
On the other hand it is needed for jitter entropy anyway.
Ref #2190
This commit mostly removes the globally visible NR_OF_CPUS define
from the global makefile specifiers defined in the base-hw repository.
Whereever necessary it adds platform specific makefiles to the base
repository when they were missing.
Ref #2190
This patch make the ABI mechanism available to shared libraries other
than Genode's dynamic linker. It thereby allows us to introduce
intermediate ABIs at the granularity of shared libraries. This is useful
for slow-moving ABIs such as the libc's interface but it will also
become handy for the package management.
To implement the feature, the build system had to be streamlined a bit.
In particular, archive dependencies and shared-lib dependencies are now
handled separately, and the global list of 'SHARED_LIBS' is no more.
Now, the variable with the same name holds the per-target list of shared
libraries used by the target.
This patch removes the component_entry_point library, which used to
proved a hook for the libc to intercept the call of the
'Component::construct' function. The mechansim has several shortcomings
(see the discussion in the associated issue) and was complex. So we
eventually discarded the approach in favor of the explicit handling of
the startup.
A regular Genode component provides a 'Component::construct' function,
which is determined by the dynamic linker via a symbol lookup.
For the time being, the dynamic linker falls back to looking up a 'main'
function if no 'Component::construct' function could be found.
The libc provides an implementation of 'Component::construct', which
sets up the libc's task handling and finally call the function
'Libc::Component::construct' from the context of the appllication task.
This function is expected to be provided by the libc-using application.
Consequently, Genode components that use the libc have to implement the
'Libc::Component::construct' function.
The new 'posix' library provides an implementation of
'Libc::Component::construct' that calls a main function. Hence, POSIX
programs that merely use the POSIX API merely have to add 'posix' to the
'LIBS' declaration in their 'target.mk' file. Their execution starts at
'main'.
Issue #2199
This patch removes possible ambiguities with respect to the naming of
kernel-dependent binaries and libraries. It also removes the use of
kernel-specific global side effects from the build system. The reach of
kernel-specific peculiarities has thereby become limited to the actual
users of the respective 'syscall-<kernel>' libraries.
Kernel-specific build artifacts are no longer generated at magic places
within the build directory (like okl4's includes, or the L4 build
directories of L4/Fiasco and Fiasco.OC, or the build directories of
various kernels). Instead, such artifacts have been largely moved to the
libcache. E.g., the former '<build-dir>/l4/' build directory for the L4
build system resides at '<build-dir>/var/libcache/syscall-foc/build/'.
This way, the location is unique to the kernel. Note that various tools
are still generated somewhat arbitrarily under '<build-dir>/tool/' as
there is no proper formalism for building host tools yet.
As the result of this work, it has become possible to use a joint Genode
build directory that is usable with all kernels of a given hardware
platform. E.g., on x86_32, one can now seamlessly switch between linux,
nova, sel4, okl4, fiasco, foc, and pistachio without rebuilding any
components except for core, the kernel, the dynamic linker, and the timer
driver. At the current stage, such a build directory must still be
created manually. A change of the 'create_builddir' tool will follow to
make this feature easily available.
This patch also simplifies various 'run/boot_dir' plugins by removing
the option for an externally hosted kernel. This option remained unused
for many years now.
Issue #2190
This patch decouples the kernel-specific implementation of the dynamic
linker from its kernel-agnostic binary interface. The name of the
kernel-specific dynamic linker binary now corresponds to the kernel,
e.g., 'ld-linux.lib.so' or 'ld-nova.lib.so'. Applications are no longer
linked directly against a concrete instance of the dynamic linker but
against a shallow stub called 'ld.lib.so'. This stub contains nothing
but the symbols provided by the dynamic linker. It thereby represents
the Genode ABI.
At system-integration time, the kernel-specific run/boot_dir back ends
integrate the matching the kernel-specific variant of the dynamic linker
as 'ld.lib.so' into the boot image.
The ABI symbol file for the dynamic linker is located at
'base/lib/symbols/ld'. It contains the joint ABI of all supported
architectures. The new utility 'tool/abi_symbols' eases the creation of
such an ABI symbol file for a given shared library. Its result should be
manually inspected and edited as needed.
The patch removes the 'syscall' library from 'base_libs.mk' to avoid
polluting the kernel-agnostic ABI with kernel-specific interfaces.
Issue #2190
Issue #2195
Instead of solving the problem to deliver ROM modules to core while booting
differently for the several kernels (multi-boot, elfweaver, core re-linking),
this commit unifies the approaches. It always builds core as a library, and
after all binaries are built from a run-script, the run-tool will link an
ELF image out of the core-library and all boot modules. Thereby, core can
access its ROM modules directly.
This approach now works for all kernels except Linux.
With this solution, there is no [build_dir]/bin/core binary available anymore.
For debugging purposes you will find a core binary without boot modules, but
with debug symbols under [run_dir].core.
Fix#2095
base generic code:
* Remove unused verbosity code from mmio framework
* Remove escape sequence end heuristic from LOG
* replace Core_console with Core_log (no format specifiers)
* move test/printf to test/log
* remove `printf()` tests from the log test
* check for exact match of the log test output
base-fiasco:
* remove unused Fiasco::print_l4_threadid function
base-nova:
* remove unused hexdump utility from core
base-hw:
* remove unused Kernel::Thread::_print_* debug utilities
* always print resource summary of core during startup
* remove Kernel::Ipc_node::pd_label (not used anymore)
base*:
* Turn `printf`,`PWRN`, etc. calls into their log equivalents
Ref #1987Fix#2119
* Remove 'test' routine from kernel/core
* Move 'cpu_scheduler' and 'double_list' test to user-land
* Remove 'hw_info' target at all (can be recycled in a topic branch)
The sinfo function declared in sinfo_instance.h creates a static sinfo
object instance and returns a pointer to the caller.
- kernel timer and platform support to use sinfo() function to
instantiate sinfo object
- address and size of the base-hw RAM region via the sinfo API
- log_status() function in sinfo API
Instead of introducing a $(BASE_HW_DIR) variable that has to be defined in each
core makefile for the different base-hw targets, this commit replaces the
$(REP_DIR) variable usage in core.inc files with $(BASE_DIR)/../base-hw.
Ref #1955
* Adds public timeout syscalls to kernel API
* Kernel::timeout installs a timeout and binds a signal context to it that
shall trigger once the timeout expired
* With Kernel::timeout_max_us, one can get the maximum installable timeout
* Kernel::timeout_age_us returns the time that has passed since the
calling threads last timeout installation
* Removes all device specific back-ends for the base-hw timer driver and
implements a generic back-end taht uses the kernel timeout API
* Adds assertions about the kernel timer frequency that originate from the
requirements of the the kernel timeout API and adjusts all timers
accordingly by using the their internal dividers
* Introduces the Kernel::Clock class. As member of each Kernel::Cpu object
it combines the management of the timer of the CPU with a timeout scheduler.
Not only the timeout API uses the timeout scheduler but also the CPUs job
scheduler for installing scheduling timeouts.
* Introduces the Kernel::time_t type for timer tic values and values inherited
from timer tics (like microseconds).
Fixes#1972
This patch moves the thread operations from the 'Cpu_session'
to the 'Cpu_thread' interface.
A noteworthy semantic change is the meaning of the former
'exception_handler' function, which used to define both, the default
exception handler or a thread-specific signal handler. Now, the
'Cpu_session::exception_sigh' function defines the CPU-session-wide
default handler whereas the 'Cpu_thread::exception_sigh' function
defines the thread-specific one.
To retain the ability to create 'Child' objects without invoking a
capability, the child's initial thread must be created outside the
'Child::Process'. It is now represented by the 'Child::Initial_thread',
which is passed as argument to the 'Child' constructor.
Fixes#1939
All core.inc files now use $BASE_HW_DIR instead of $REP_DIR. The former
is defined by the core.mk file. This allows including core.inc files
from other repositories (e.g. genode-world) for additional platform
support.
Fixes#1955
This patch moves the base library from src/base to src/lib/base,
flattens the library-internal directory structure, and moves the common
parts of the library-description files to base/lib/mk/base.inc and
base/lib/mk/base-common.inc.
Furthermore, the patch fixes a few cosmetic issues (whitespace and
comments only) that I encountered while browsing the result.
Fixes#1952
This patch makes the former 'Process' class private to the 'Child'
class and changes the constructor of the 'Child' in a way that
principally enables the implementation of single-threaded runtime
environments that virtualize the CPU, PD, and RAM services. The
new interfaces has become free from side effects. I.e., instead
of implicitly using Genode::env()->rm_session(), it takes the reference
to the local region map as argument. Also, the handling of the dynamic
linker via global variables is gone. Now, the linker binary must be
provided as constructor argument.
Fixes#1949
This patch integrates three region maps into each PD session to
reduce the session overhead and to simplify the PD creation procedure.
Please refer to the issue cited below for an elaborative discussion.
Note the API change:
With this patch, the semantics of core's RM service have changed. Now,
the service is merely a tool for creating and destroying managed
dataspaces, which are rarely needed. Regular components no longer need a
RM session. For this reason, the corresponding argument for the
'Process' and 'Child' constructors has been removed.
The former interface of the 'Rm_session' is not named 'Region_map'. As a
minor refinement, the 'Fault_type' enum values are now part of the
'Region_map::State' struct.
Issue #1938
This is a generalisation approach of the hw_zynq target. As the boards
typically use UART1 instead of UART0 (used by qemu), we have to
distinguish between those. Moreover, in general hw_zynq does not imply
zynq_qemu anymore, so that the support of particular boards can be
placed in third-party or community repositories (e.g. Genode world).
Fixes#1926
This commit introduces the new `Component` interface in the form of the
headers base/component.h and base/entrypoint.h. The os/server.h API
has become merely a compatibilty wrapper and will eventually be removed.
The same holds true for os/signal_rpc_dispatcher.h. The mechanism has
moved to base/signal.h and is now called 'Signal_handler'.
Since the patch shuffles headers around, please do a 'make clean' in the
build directory.
Issue #1832
This patch moves details about the stack allocation and organization
the base-internal headers. Thereby, I replaced the notion of "thread
contexts" by "stacks" as this term is much more intuitive. The fact that
we place thread-specific information at the bottom of the stack is not
worth introducing new terminology.
Issue #1832
By moving the stub implementation to rm_session_client.cc, we can use
the generic base/include/rm_session/client.h for base-linux and
base-nova and merely use platform-specific implementations.
Issue #1832
This patch establishes a common organization of header files
internal to the base framework. The internal headers are located at
'<repository>/src/include/base/internal/'. This structure has been
choosen to make the nature of those headers immediately clear when
included:
#include <base/internal/lock_helper.h>
Issue #1832
This patch integrates the functionality of the former CAP session into
the PD session and unifies the approch of supplementing the generic PD
session with kernel-specific functionality. The latter is achieved by
the new 'Native_pd' interface. The kernel-specific interface can be
obtained via the Pd_session::native_pd accessor function. The
kernel-specific interfaces are named Nova_native_pd, Foc_native_pd, and
Linux_native_pd.
The latter change allowed for to deduplication of the
pd_session_component code among the various base platforms.
To retain API compatibility, we keep the 'Cap_session' and
'Cap_connection' around. But those classes have become mere wrappers
around the PD session interface.
Issue #1841
This patch removes the SIGNAL service from core and moves its
functionality to the PD session. Furthermore, it unifies the PD service
implementation and terminology across the various base platforms.
Issue #1841
This commit adds rocket core on the Zynq FPGA support to base HW. It also takes
advantage of the new timer infrastructure introduced with the privileged 1.8 and
adds improved TLB flush support.
fixes#1880
Do not build core-muen_on library without the muen soecifier set.
Do not reference files of the muen contrib directory in the first
pass of make's rule analysis, when parding the muen specific kernel
makefile.
Fix#1859
The new implementation of the FPU and FPU context is taken out to
separate architecture-dependent header files. The generic Cpu_lazy_state
is deleted. There is no hint about the existence of something like an
FPU in the generic non-architexture-dependent code anymore. Instead the
architecture-dependent CPU context of a thread is extended by an FPU
context where supported.
Moreover, the current FPU implementations are enhanced so that threads
that get deleted now release the FPU when still obtaining it.
Fix#1855
This commit enables multi-processing for all Cortex A9 SoCs we currently
support. Moreover, it thereby enables the L2 cache for i.MX6 that was not
enabled until now. However, the QEMU variants hw_pbxa9 and hw_zynq still
only use 1 core, because the busy cpu synchronization used when initializing
multiple Cortex A9 cores leads to horrible boot times on QEMU.
During this work the CPU initialization in general was reworked. From now
on lots of hardware specifics were put into the 'spec' specific files, some
generic hook functions and abstractions thereby were eliminated. This
results to more lean implementations for instance on non-SMP platforms,
or in the x86 case where cache maintainance is a non-issue.
Due to the fact that memory/cache coherency and SMP are closely coupled
on ARM Cortex A9 this commit combines so different aspects.
Fix#1312Fix#1807
This commit separates certain SMP aspects into 'spec/smp' subdirectories.
Thereby it simplifies non-SMP implementations again, where no locking
and several platform specific maintainance operations are not needed.
Moreover, it moves several platform specifics to appropriated places,
removes dead code from x86, and starts to turn global static pointers
into references that are handed over.
On the USB Armory, we want to secure different devices than on other i.MX53
implementations. Thus, add a board specific configuration that is interpreted
by the kernel Trustzone initialization.
Ref #1497
Instead of holding SPEC-variable dependent files and directories inline
within the repository structure, move them into 'spec' subdirectories
at the corresponding levels, e.g.:
repos/base/include/spec
repos/base/mk/spec
repos/base/lib/mk/spec
repos/base/src/core/spec
...
Moreover, this commit removes the 'platform' directories. That term was
used in an overloaded sense. All SPEC-relative 'platform' directories are
now named 'spec'. Other files, like for instance those related to the
kernel/architecture specific startup library, where moved from 'platform'
directories to explicit, more meaningful places like e.g.: 'src/lib/startup'.
Fix#1673
Other platforms implement Kernel::Cpu_context stuff in
kernel/cpu_context.cc. On x86_64, it was implemented in
kernel/thread.cc. The commit fixes this inconsistency to the other
platforms.
Ref #1652
The distinction between Kernel::Thread and Kernel::Thread_base is
unnecessary as currently all Hw platforms would have the same content in
the latter class. Thus I've merged Kernel::Thread_base into
Kernel::Thread. Thereby, Kernel::Thread_event can be moved to
kernel/thread.h.
Ref #1652
The Muen-specific PIC implementation provides the irq_occurred()
function which is used to register an IRQ with the PIC upon thread
exception.
The occurred IRQs are stored in a boolean array internally and handed
out to a CPU via take_request().
The Muen Sinfo API is used to retrieve information about the execution
environment of a subject running on the Muen Separation Kernel.
While the C++ API is defined in sinfo.h, musinfo.h specifies the
internal format of the information stored in the Sinfo pages provided by
the Muen SK. It is a copy of the file contained in the libmusinfo
library of the Muen project. That is the reason why the coding style in
this file differs from the official style.
The hw_x86_64_muen platform is a x86/64 base-hw kernel which runs as
isolated subject (guest) on the Muen Separation Kernel (SK) [1].
The platform is implemented as an extension to hw_x86_64 replacing the
PIC and timer drivers with paravirtualized variants. The skeleton
contains a dummy PIC and timer implementation for now.
[1] - http://muen.sk
Move the _core_only_mmio_regions function to the
x86_64/platform_support.cc file. This is required to make it overridable
for other platforms deriving from x86.
Moves the Bios Data Area header from base-hw to base. Modifies the
base-nova core console that it uses the header as replacement for
the previous BDA bit logic.
Ref #1625
The thread library (thread.cc) in base-foc shared 95% of the code with
the generic implementation except myself(). Therefore, its
implementation is now separated from the other generic sources into
myself.cc, which allows base-foc to use a foc-specific primitive to
enable our base libraries in L4Linux.
Issue #1491
Instead of having an ID allocator per object class use one global allocator for
all. Thereby artificial limitations for the different object types are
superfluent. Moreover, replace the base-hw specific id allocator implementation
with the generic Bit_allocator, which is also memory saving.
Ref #1443
The global capability ID counter is not used by NOVA and Fiasco.OC
and in the future not needed by base-hw too. Thereby, remove the static
counter variable from the generic code base and add it where appropriated.
Ref #1443
The port uses the Cortex-A9 private timer for the kernel and an EPIT as
user timer. It was successfully tested on the Wandboard Quad and the CuBox-i
with the signal test. It lacks L2-cache and Trustzone support by now.
Thanks to Praveen Srinivas (IIT Madras, India) and Nikolay Golikov (Ksys Labs
LLC, Russia). This work is partially based on their contributions.
Fix#1467
The implementation initializes the Local APIC (LAPIC) of CPU 0 in xapic
mode (mmio register access) and uses the I/O APIC to remap, mask and
unmask hardware IRQs. The remapping offset of IRQs is 48.
Also initialize the legacy PIC and mask all interrupts in order to
disable it.
For more information about LAPIC and I/O APIC see Intel SDM Vol. 3A,
chapter 10 and the Intel 82093AA I/O Advanced Programmable Interrupt
Controller (IOAPIC) specification
Set bit 9 in the RFLAGS register of user CPU context to enable
interrupts on kernel- to usermode switch.
The class Genode::Tss represents a 64-bit Task State Segment (TSS) as
specified by Intel SDM Vol. 3A, section 7.7.
The setup function sets the stack pointers for privilege levels 0-2 to
the kernel stack address. The load function loads the TSS segment
selector into the task register.
* Add isr.s assembler file:
The file declares an array of Interrupt Service Routines (ISR) to handle
the exception vectors from 0 to 19, see Intel SDM Vol. 3A, section
6.3.1.
* Add Idt class:
* The class Genode::Idt represents an Interrupt Descriptor Table as
specified by Intel SDM Vol. 3A, section 6.10.
* The setup function initializes the IDT with 20 entries using the ISR
array defined in the isr.s assembly file.
* Setup and load IDT in Genode::Cpu ctor:
The Idt::setup function is only executed once on the BSP.
* Declare ISRs for interrupts 20-255
* Set IDT size to 256
This patch contains the initial code needed to build and bootstrap the
base-hw kernel on x86 64-bit platforms. It gets stuck earlier
because the binary contains 64-bit instructions, but it is started in
32-bit mode. The initial setup of page tables and switch to long mode is
still missing from the crt0 code.
* Introduce hw-specific crt0 for core that calls e.g.: init_main_thread
* re-map core's main thread UTCB to fit the right context area location
* switch core's main thread's stack to fit the right context area location
Fix#1440
* enables world-switch using ARM virtualization extensions
* split TrustZone and virtualization extensions hardly from platforms,
where it is not used
* extend 'Vm_session' interface to enable configuration of guest-physical memory
* introduce VM destruction syscall
* add virtual machine monitor for hw_arndale that emulates a simplified version
of ARM's Versatile Express Cortex A15 board for a Linux guest OS
Fixes#1405
To enable support of hardware virtualization for ARM on the Arndale board,
the cpu needs to be prepared to enter the non-secure mode, as long as it does
not already run in it. Therefore, especially the interrupt controller and
some TrustZone specific system registers need to be prepared. Moreover,
the exception vector for the hypervisor needs to be set up properly, before
booting normally in the supervisor mode of the non-secure world.
Ref #1405
* name irq controller memory mapped I/O regions consistently
in board descriptions
* move irq controller and timer memory mapped I/O region descriptions
from cpu class to board class
* eliminate artificial distinction between flavors of ARM's GIC
* factor cpu local initialization out of ARM's GIC interface description,
which is needed if the GIC is initialized differently e.g. for TrustZone
Ref #1405
Setting the ACTLR.SMP bit also without SMP support fastens RAM access
significantly. A proper solution would implement SMP support which must enable
the bit anyway.
Fixes#1353
When building Genode for VEA9X4 as micro-hypervisor protected by the ARM
TrustZone hardware we ran into limitations regarding our basic daily
testing routines. The most significant is that, when speaking about RAM
partitioning, the only available options are to configure the whole SRAM
to be secure and the whole DDR-RAM to be non-secure or vice versa. The
SRAM however provides only 32 MB which isn't enough for both a
representative non-secure guest OS or a secure Genode that is still
capable of passing our basic tests. This initiated our decision to
remove the VEA9X4 TrustZone-support.
Fixes#1351
Kernel::Processor was a confusing remnant from the old scheme where we had a
Processor_driver (now Genode::Cpu) and a Processor (now Kernel::Cpu).
This commit also updates the in-code documentation and the variable and
function naming accordingly.
fix#1274
The run test 'hw_info' prints the content of the basic ARMv7 identification and
feature registers in a pretty readable format. It is a kernel-internal test
because many of these registers are restricted to privilege level 1 or higher.
fix#1278
Previously, Idle_thread inherited from Thread which caused an extra
processor_pool.h and processor_pool.cc and also made class models for
processor and scheduling more complex. However, this inheritance makes
not much sense anyway as an idle context doesn't trigger most of the code
in Thread.
ref #1225
Previously, we did the protection-domain switches without a transitional
translation table that contains only global mappings. This was fine as long
as the CPU did no speculative memory accesses. However, to enabling branch
prediction triggers such accesses. Thus, if we don't want to invalidate
predictors on every context switch, we need to switch more carefully.
ref #474
The build config for core is now provided through libraries to enable
implicit config composition through specifiers and thereby avoid
consideration of inappropriate targets.
fix#1199
On ARM, when machine instructions get written into the data cache
(for example by a JIT compiler), one needs to make sure that the
instructions get written out to memory and read from memory into
the instruction cache before they get executed. This functionality
is usually provided by a kernel syscall and this patch adds a generic
interface for Genode applications to use it.
Fixes#1153.
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.
Issue #1082