If a thread caused a page fault and later on get be paused, then it left
the recall handler immediately due to the pause call instead of staying
in this handler.
Add some (complicated) state machine to detect and handle the case. Still not
waterproof, especially server threads may never get recalled if they never get
a IPC from the outside.
Fixes#478
This patch introduces new types for expressing CPU affinities. Instead
of dealing with physical CPU numbers, affinities are expressed as
rectangles in a grid of virtual CPU nodes. This clears the way to
conveniently assign sets of adjacent CPUs to subsystems, each of them
managing their respective viewport of the coordinate space.
By using 2D Cartesian coordinates, the locality of CPU nodes can be
modeled for different topologies such as SMP (simple Nx1 grid), grids of
NUMA nodes, or ring topologies.
With this patch, the 'futex' syscall gets used for blocking and unblocking
of threads in the Linux-specific lock implementation.
The 'Native_thread_id' type, which was previously used in the
lock-internal 'Applicant' class to identify a thread to be woken up,
was not suitable anymore for implementing this change. With this patch,
the 'Thread_base*' type gets used instead, which also has the positive
effect of making the public 'cancelable_lock.h' header file
platform-independent.
Fixes#646.
Revoke the right to set the portal id (aka label) when it is not needed
anymore. Otherwise everybody in the system having a mapping of the portal can
reset the label to something we don't expect.
Issue #667
The distinction between 'ipc.h' and 'ipc_generic.h' is no more. The only
use case for platform-specific extensions of the IPC support was the
marshalling of capabilities. However, this case is accommodated by a
function interface ('_marshal_capability', '_unmarshal_capability'). By
moving the implementation of these functions from the headers into the
respective ipc libraries, we can abandon the platform-specific 'ipc.h'
headers.
The cleanup call must be performed already during the _dissolve function
shortly after the object at the cap_session is freed up. Otherwise there
is the chance that an in-flight IPC will find the to be dissolved function
again.
Bomb test triggered the case, that a already dissolved rpc_object was found
by a in-flight IPC. If the rpc_object was already freed up by alloc->destroy
the thread using this stale rpc_object pointer cause page-faults in core.
Fixes partly #549
As first step the rpc object must be freed up so that the kernel object
(portal) vanishes. Then the object must be removed from the internal object
pool list so that the object can't be obtained anymore. And then the cleanup
call can be performed (_leave_server_object) since now all names to the
rpc_object are gone.
Doing it in different order (as before the commit) there is a very very little
chance (but the bomb test triggers it occasionally) that the rpc_object can be
obtained again by an incoming IPC - even it is already scheduled for removal.
Fixes partly #549
If we ran out of capabilities indexes, the bit allocator throws an exception.
If this happens the code seems to hang and nothing happens.
Instead one could catch the exception and print some diagnostic message.
This would be nice, but don't work. Printing some diagnostic message itself
tries to do potentially IPC and will allocate new capability indexes at
least for the receive window.
So, catch the exception and let the thread die, so at least the instruction
pointer is left as trace to identify the reason of the trouble.
Fixes#625
If an exception is thrown the lock is released automatically, so that
other callers may get a capability index if in between some are freed. Fixes
some deadlocks if Genode is short on capability indexes.
Related to #625
Add functionality to lookup an object and lock it. Additional the case is
handled that a object may be already in-destruction and the lookup will deny
returning the object.
The object_pool generalize the lookup and lock functionality of the rpc_server
and serve as base for following up patches to fix dangling pointer issues.
If the I/O ports are non default (3f8), we had to specify manually the correct
I/O ports. With this commit the BDA is read and the I/O port of the first
serial interface (COM) is taken. If no serial interface is available no device
configuration will be undertaken.
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.
Related to #194, #501
The IPC-server object exists solely on the stack of the entrypoint
thread and, therefore, would never be destructed as the thread is just
killed. Now, the object is explicitly destructed in the entrypoint
destructor. An alternative solution could instruct the entrypoint thread
the terminate, which would automatically cleanup its stack.
The object pool is assumed to be empty on destruction of the entrypoint.
If not, we warn and at least dissolve all RPC objects.
Implement shared IRQs using 'Irq_proxy' class.
Nova: Added global worker 'Irq_thread' support in core and adapted Irq_session.
FOC: Adapted IRQ session code, x86 has shared IRQ support, ARM uses the old
model. Read and set 'mode' argument (from MADT) in 'Irq_session'.
OKL4: Use generic 'Irq_proxy'
Fixes issue #390
Unify handling of UTCBs. The utcb of the main thread is with commit
ea38aad30e at a fixed location - per convention.
So we can remove all the ugly code to transfer the utcb address during process
creation.
To do so also the UTCB of the main thread of Core must be inside Genode's
thread context area to handle it the same way. Unfortunately the UTCB of the
main thread of Core can't be chosen, it is defined by the kernel.
Possible solutions:
- make virtual address of first thread UTCB configurable in hypervisor
- map the utcb of the first thread inside Core to the desired location
This commit implements the second option.
Kernel patch: make utcb map-able
With the patch the Utcb of the main thread of Core is map-able.
Fixes#374
Noux actually uses the sp variable during thread creation and expects to be
set accordingly. This wasn't the case for the main thread, it was ever set
to the address of the main thread UTCB.
The cpu_session interface fails to be virtualized by gdb_monitor because
platform-nova uses an extended nova_cpu_session interface.
The problem was that threads have been created directly at core without
knowledge of gdb_monitor. This lead to the situation that gdb_monitor didn't
know of all threads to be debugged.
Tunnel the additional parameters required on base-nova through the state()
call of the cpu_session interface before the thread actual is started.
Since no kernel objects can be created anymore outside Genode::core,
the Vancouver port must be adjusted to use solely the Genode interfaces.
The Vcpu_dispatcher creates all portals via the cpu_session interface and
uses the feature to setup a specific receive window during a IPC (the
cap_session::alloc IPC) to place to be received/to be mapped capability
(virtualization exception portal) at the designed indexes.
The actual vCPU thread extends from a normal Genode::Thread and extends it
by specific vCPU requirements, which are a larger exception base window and
the need by Vancouver to place the SM and EC cap at indexes next to each other.
Fixes#316
Extend Native_capability type to hold a specific selector index where the to
be received cap during a IPC should be mapped to. This feature is required to
place created caps by the cap_session at specific indexes. This feature is
used by Vancouver to setup the virtualization exception portals (created by
the cap_session) at the intended indexes.
