Commit Graph

1044 Commits

Author SHA1 Message Date
Alexander Boettcher
7868156b19 base: fix deadlock in core_env on base-nova
During a ram_session->free call in 'core' the lock in core_env.h is taken.
Then in the ram_session::_free_ds implementation the dissolve function for the
dataspace is called. base-nova tries to make sure that the ds is not
accessible anymore by any kind of parallel incoming IPC by performing a
cleanup IPC. Unfortunately the dataspace_session implementation uses the very
same allocator in 'core' and may require to obtain the same lock as taken in
ram_session->free. This leads to a spurious deadlock on base-nova.

The actual free_ds implementation is mostly thread safe, since all used objects
inside there are already locked. The only missing piece is the _payload
variable. By changing the _payload variable in a atomic fashion there is no
need to lock the whole ram_session->free call which avoids deadlocks on
base-nova.

Fixes #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
edd30b56a2 nova: fix pager cleanup handling
The cleanup call must be performed already during the _dissolve function
shortly after the object at the cap_session is freed up. Otherwise there
is the chance that an in-flight IPC will find the to be dissolved function
again.

Bomb test triggered the case, that a already dissolved rpc_object was found
by a in-flight IPC. If the rpc_object was already freed up by alloc->destroy
the thread using this stale rpc_object pointer cause page-faults in core.

Fixes partly #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
28f7cf5dc2 nova: fix cleanup handling in server object
As first step the rpc object must be freed up so that the kernel object
(portal) vanishes. Then the object must be removed from the internal object
pool list so that the object can't be obtained anymore. And then the cleanup
call can be performed (_leave_server_object) since now all names to the
rpc_object are gone.

Doing it in different order (as before the commit) there is a very very little
chance (but the bomb test triggers it occasionally) that the rpc_object can be
obtained again by an incoming IPC - even it is already scheduled for removal.

Fixes partly #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
f50d816555 base: fix dangling session pointers in rm_session
If page faults are handled concurrently (as for base-nova) the traverse lookup
call in rm_session_component must be thread safe, which it isn't.
If the faulting area is backed by nested dataspaces which are managed by
various rm_sessions then a race happens under following circumstances
(triggered occasionally by the bomb test).

The traverse lookup may return a pointer to a rm_session of a nested dataspace.
If the rm_session is in parallel subject to destruction it happened that faults
got enqueued to the faulters list of the deleted rm_session and internally to
a list of the current rm_session of the Rm_client.

During destruction of the faulting Rm_client the associated rm_session will
be dissolved from the Rm_client, which leads to dereferencing the
dangling pointer of the already destructed rm_session.

On base-nova the memory of the rm_session object get unmapped eventually, so
that the de-referencing of the dangling pointer caused page faults in core.

The memory on other kernels inside core never get unmapped so that the
bug doesn't trigger visible faults.

The patch replace the keeping of a rm_session pointer by keeping a
capability instead. The rm_session object must be looked up now explicitly in
the Object_pool implementation, which implements proper reference counting on
the rm_session object.

Issue #549
2013-02-11 12:01:26 +01:00
Alexander Boettcher
08d87adb4b nova: use kernel branch adjusted to Genode
Since we have now more than a handful patches to the vanilla kernel, we
better switch to a separate git repository in order to review and to maintain
the patches more effectively.

Remove the patches, they are already in the kernel branch.

Fixes #394
2013-02-11 12:01:26 +01:00
Alexander Boettcher
f762e8e4fd nova: increase number of available cap indexes
Noux test requires some more indexes. We don't free all up because of a missing
reference counting implementation of indexes in base-nova.

Issue #394
2013-02-11 12:01:25 +01:00
Alexander Boettcher
f7c0a480da codezero: fix compiler warnings int/unsigned
Warnings like the following:

warning: narrowing conversion of ‘((Genode::Platform_pd*)this)->Genode::Platform_pd::_space_id’ from ‘int’ to ‘Codezero::l4id_t {aka unsigned int}’ inside { } is ill-formed in C++11 [-Wnarrowing]
2013-02-11 12:01:25 +01:00
Alexander Boettcher
9453d319cb base: add remove_client to rm_session
Fixes #13
2013-02-11 12:01:25 +01:00
Alexander Boettcher
f02958b25f base: fix faults in rm_session de-constructor path
First make the clients inaccessible and dissolve them from the entrypoint. If
this isn't the first step the clients may be obtained again between
the unlock and lock steps in the destructor.

Additionally the clients may be removed in between the unlock and call
sequence, which renders such client pointers dangling and causes spurious page
faults. Keep instead a lock as long as possible and when it is required to
release a lock, then the pointer to the objects must be revalidated.

Replace the dissolve function with a remove_client implementation as suggested
by #13, which avoids that the cpu_session may call dissolve with a dangling
pointer of a already removed rm_client object. Instead the pager must be
released explicitly.

Related to issue #549
Related to issue #394
Related to issue #13
2013-02-11 12:01:25 +01:00
Christian Prochaska
cecfbf2eb4 lx_hybrid_ctors: remove 'soname' link option
This patch removes the 'soname' link option for building the host
library for the 'lx_hybrid_ctors' test. Without this option, the
library's absolute path at build time gets hardcoded into the
application, which should be okay for this simple test case.

Fixes #638.
2013-01-28 11:34:14 +01:00
Norman Feske
b530fddf86 noux_bash.run: Don't require usb_drv on x86 2013-01-27 18:34:45 +01:00
Norman Feske
5d65308e63 File system: Let session quota depend on word size
By basing the session quota on sizeof(long), we satisfy server-side
quota demands on 64 bit.

Fixes #619
2013-01-27 18:31:35 +01:00
Stefan Kalkowski
d76babf260 L4Android: re-enable x86 version (fix #632)
Adapt x86 L4Android configuration to fit recently updated version.
2013-01-25 11:29:02 +01:00
Alexander Tarasikov
e2d03a3777 Update l4android to kernel 3.5, sync with l4linux 2013-01-25 11:29:02 +01:00
Ivan Loskutov
291064b5c1 nic_bridge: Add tests for static IP address configuration 2013-01-24 11:35:56 +01:00
Ivan Loskutov
bc18e2991b nic_bridge: Add static IP address configuration 2013-01-24 11:35:56 +01:00
Ivan Loskutov
2271f3e7b3 libc_lwip_nic_dhcp: Add static IP configuration 2013-01-24 11:35:56 +01:00
Norman Feske
c2a8c48574 Coding style fixes 2013-01-24 11:35:56 +01:00
Norman Feske
e5b30847db tar_rom: let unkown file throw Root::Invalid_args 2013-01-24 11:12:10 +01:00
Norman Feske
61dd83a329 Adapt qt4 to Input::Event changes
We need to make the event checks more explicit because 'code' is not
exclusively used for key event anymore.
2013-01-24 11:11:02 +01:00
Alexander Boettcher
486b27a1b8 nova: ease debugging if no cap indexes are left
If we ran out of capabilities indexes, the bit allocator throws an exception.
If this happens the code seems to hang and nothing happens.

Instead one could catch the exception and print some diagnostic message.
This would be nice, but don't work. Printing some diagnostic message itself
tries to do potentially IPC and will allocate new capability indexes at
least for the receive window.

So, catch the exception and let the thread die, so at least the instruction
pointer is left as trace to identify the reason of the trouble.

Fixes #625
2013-01-24 11:09:15 +01:00
Alexander Boettcher
e817163f1a nova: use lock guard instead of explicit calls
If an exception is thrown the lock is released automatically, so that
other callers may get a capability index if in between some are freed. Fixes
some deadlocks if Genode is short on capability indexes.

Related to #625
2013-01-24 11:05:41 +01:00
Alexander Boettcher
17ca0290a1 base: fix wrap around bug in avl allocator
Fix #631
2013-01-24 11:05:02 +01:00
Ivan Loskutov
8eba4440eb Fix OMAP4 uart driver compilation
Fixes #630
2013-01-24 11:04:12 +01:00
Stefan Kalkowski
4f69bd9fb8 Remove timer from hello run script (fix #629)
Currently, the hello run script of the hello_tutorial misses some services the
timer driver needs on various platforms. The hello_tutorial is meant for
educational purposes only. So it's desireable to keep it simple. Instead of
complexifying the configuration, this commit just removes the timer from the
example.
2013-01-24 11:03:27 +01:00
Stefan Kalkowski
04b8418b54 Let memcmp correspond to the C standard (fix #628)
By now, the memcmp implementation of Genode's basic string utilities just
returned whether two memory blocks are equal or differ. It gave no hint which
block is greater, or lesser than the other one. This isn't the behaviour
anticipated by implementations that rely on the C standard memcmp, e.g. GCC's
libsupc++, or the nic_bridge's AVL tree implementation.
2013-01-24 11:02:49 +01:00
Christian Prochaska
b4980e8b9f Linux: use 'SYS_wait4' instead of 'SYS_waitpid'
'SYS_waitpid' does not exist on x86_64 Linux, but 'SYS_wait4' does.

Fixes #615.
2013-01-24 11:00:07 +01:00
Christian Prochaska
49206d7cf6 Arora: disable 'not implemented' messages
This patch disables the '_sigprocmask called, not implemented' messages.

Fixes #623.
2013-01-21 11:40:38 +01:00
Christian Prochaska
1fdee7a2cc libc_lock_pipe: implement F_GETFL 'fcntl()' command
Fixes #622.
2013-01-21 11:40:38 +01:00
Norman Feske
3cb7476cb7 Increase quota of d3m 2013-01-21 11:40:38 +01:00
Alexander Boettcher
6cc0d69aa7 nova: recall thread if exception can't be resolved
Recall faulting thread and block pager thread. The pager get resumed as soon
as the fault gets resolved by the rm_session (or never ever).

Fixes #621
2013-01-21 11:40:38 +01:00
Alexander Boettcher
ac5b814387 base: enable rm_fault test case for nova
Related to #621
2013-01-16 16:06:36 +01:00
Christian Prochaska
36a37b9866 Arora demo: make Nitpicker plugin work
Fixes #620.
2013-01-16 16:06:02 +01:00
Christian Prochaska
e2889f3f11 Increase signal handler stack size
Fixes #616.
2013-01-15 19:26:18 +01:00
Christian Prochaska
5c6d5081b0 Qt4: add route to 'SIGNAL' service
Fixes #617.
2013-01-15 19:25:52 +01:00
Christian Prochaska
a6acab6d0d Synchronize signal context destruction
With this patch, the 'Signal_receiver::dissolve()' function does not return
as long as the signal context to be dissolved is still referenced by one
or more 'Signal' objects. This is supposed to delay the destruction of the
signal context while it is still in use.

Fixes #594.
2013-01-15 15:03:21 +01:00
Christian Prochaska
f109f4b02d Noux: initialize the 'termios' structure
Fixes #614.
2013-01-15 12:09:00 +01:00
Norman Feske
59e0dc3538 News item about road map 2013 2013-01-15 11:26:02 +01:00
Norman Feske
2d7342a074 Road map for 2013 2013-01-15 10:53:22 +01:00
Norman Feske
bf6636a987 doc: Clarify tool chain location 2013-01-15 10:18:12 +01:00
Norman Feske
2dba94eba9 Nitpicker: avoid potential dangling pointer 2013-01-15 10:18:12 +01:00
Norman Feske
7b11075264 Nitpicker: move 'asci_to<Color>' to public header
This function is worth reusing outside of nitpicker.
2013-01-15 10:18:12 +01:00
Norman Feske
4d8cd2b5c5 Nitpicker: add const qualifiers 2013-01-15 10:18:12 +01:00
Norman Feske
d04acd651e Qt4: get source code from mirror server
Related to issue #613
2013-01-15 10:18:12 +01:00
Norman Feske
fcca4f3466 Init: handle reconfiguration
With this change, init becomes able to respond to config changes by
restarting the scenario with the new config. To make this feature useful
in practice, init must not fail under any circumstances. Even on
conditions that were considered as fatal previously and led to the abort
of init (such as ambiguous names of the children or misconfiguration in
general), init must stay alive and responsive to config changes.
2013-01-15 10:18:12 +01:00
Norman Feske
fe734272bc Make 'config()' convenience utility more robust
This patch improves the config handling by falling back to a static
string (empty "<config />") if no valid config ROM module could be
found. This can happen initially, but also at runtime when the ROM
module dissapears, e.g., a ROM module accessed via fs_rom where the
corresponding file gets unlinked.
2013-01-15 10:18:11 +01:00
Norman Feske
1aa9f9910c Add 'Service_registry::remove_all' function
This function is needed when reconfiguring init.
2013-01-15 10:18:11 +01:00
Norman Feske
af66043b79 New Input::Event::FOCUS, rename keycode to code
This patch introduces keyboard-focus events to the 'Input::Event' class
and changes the name 'Input::Event::keycode' to 'code'. The 'code'
represents the key code for PRESS/RELEASE events, and the focus state
for FOCUS events (0 - unfocused, 1 - focused).

Furthermore, nitpicker has been adapted to deliver FOCUS events to its
clients.

Fixes #609
2013-01-15 10:18:11 +01:00
Norman Feske
267817c2c5 Add new 'fs_rom' service
The 'fs_rom' service provides files stored on a file system as ROM
modules via the ROM-session interface.

Fixes #606
2013-01-15 10:18:11 +01:00
Norman Feske
7217ea14d8 nit_fb: Respond to config changes at runtime
This patch enables 'nit_fb' to respond to dynamic changes of its
configuration, in particular the view position and refresh rate.
2013-01-15 10:18:11 +01:00