Commit Graph

616 Commits

Author SHA1 Message Date
Norman Feske
50c2b0066f Remove 'Env::reinit' and 'Env::reinit_main_thread'
Fixes #4404
2022-02-15 10:17:28 +01:00
Norman Feske
e4f62380d7 base: Pd_session::dma_addr, Pd_session::attach_dma
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.

The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.

The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.

With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.

Issue #2243
2022-02-15 10:16:52 +01:00
Johannes Schlatow
db3a647c6d allocator_avl: use Attempt for size_at
Fixes ambiguous interpretation of returned 0.

genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Norman Feske
88ca8d1a72 base: fix potential memory leak in allocator_avl
When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.

The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.

Thanks to Peter for reporting and fixing this issue!

Fixes #4367
2022-01-19 12:35:49 +01:00
Christian Prochaska
8e252f79f8 Remove mutex from 'Genode::Trace_output'
Fixes #4356
2022-01-19 12:35:49 +01:00
Piotr Tworek
d610f9f4f1 Fix some signed/unsigned implicit conversions.
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.

Issue #4354
2022-01-19 12:35:48 +01:00
Norman Feske
3cc6df3116 base: tighten affinity handling
This patch improves the robustness of the CPU-affinity handling.

- The types in base/affinity.h received the accessors
  'Location::within(space)' and 'Affinity::valid', which alleviates
  the fiddling with coordinates when sanity checking the values,
  in init or core.

- The 'Affinity::Location::valid' method got removed because its
  meaning was too vague. For sanity checks of affinity configurations,
  the new 'within' method is approriate. In cases where only the x,y
  values are used for selecting a physical CPU (during thread creation),
  the validity check (width*height > 0) was not meaningful anyway.

- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
  as argument because a location always relates to the bounds of
  a specific space. This function now implements the selection of
  whole rows or columns, which has previously a feature of the
  sandbox library only.

- Whenever the sandbox library (init) encounters an invalid affinity
  configuration, it prints a warning message as a diagnostic aid.

- A new 'Affinity::unrestricted' function constructs an affinity that
  covers the whole affinity space. The named functions clarifies
  the meaning over the previous use of the default constructor.

- Core's CPU service denies session requests with an invalid
  affinity parameter. Previously, it would fall back to an
  unrestricted affinity.

Issue #4300
2021-12-17 15:06:38 +01:00
Norman Feske
d370f56a77 Remove obsolete Trace::Session::subject_info RPC
Issue #3610
Fixes #4349
2021-12-17 15:04:49 +01:00
Stefan Kalkowski
2c569953d0 base: replace ELF flags bitfield with booleans
Instead of using a bitfield for storing rwx and skip boolean value,
take a boolean instead. This fixes a note giv]en by GCC 9.1 about
changes semantics of bitfields given as parameter by value on ARM.

Ref #4344
2021-12-17 15:04:48 +01:00
Norman Feske
03047009b1 base: avoid implicit conversions
This patch is a prerequisite for compiling the code with
the warnings -Wconversion enabled.

Issue #23
2021-12-17 15:04:44 +01:00
Christian Helmuth
13dab699b1 base: invalidate entire range on VM-session detach
The requested guest-physical memory range may comprise multiple attached
dataspace regions, which must all be detached. This is not required for
the current vbox5 implementation, but for vbox6 as the current API
suggests these semantics.

This commit can be seen as intermediate fix as a real fix should change
the API to prevent long-running detach loops in core that may lock out
requests by other components.
2021-11-29 15:11:53 +01:00
Stefan Kalkowski
14de84fae6 base: be more restrictive with 'managing_system'
* Only give managing_system permission when all parent nodes of the
  corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core

Fix #4335
2021-11-29 15:11:53 +01:00
Johannes Schlatow
7a2826a2fe base: fix use after free in Genode::Heap
Fixes genodelabs/genode#4334
2021-11-29 15:11:53 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00
Josef Söntgen
98385a7658 allocator_avl: return 0 for improper size_at call
In case the given address is not the start of a block bail instead of
making improper size assumptions.

Issue #4325.
2021-11-29 15:10:53 +01:00
Norman Feske
231ac187fe base: introduce Ram_allocator::try_alloc
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.

Issue #4322
Issue #3612
2021-11-29 15:10:53 +01:00
Norman Feske
4cfd954e1e Remove dependency from 'which' utility
Debian declared the 'which' utility as deprecated.

Fixes #4319
2021-11-29 15:10:52 +01:00
Piotr Tworek
c38c2a6455 cxx: missing operator delete with align_val_t arg
When rebasing my local branch on top of sculpt-21.10 tag I've noticed
two problems.

The code in new_delete.cc does not include new header file. This works
fine with GCC, but fails with clang because std::align_val_t type is
not defined anywhere according to clang. It looks like GCC pulls this
header indirectly somehow.

The second problem can be seen if one disallows undefined symbols in
executables and shared_libraries. This can be seen with both GCC and
clang by adding --no-undefined to LD_OPT. With such change in place core
fails to link due to:

ld.lld: error: undefined symbol: operator delete(void*, std::align_val_t)
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(non-virtual thunk to Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> did you mean: operator delete(void*, unsigned long, std::align_val_t)
>>> defined in: debug/core-hw-virt_qemu.a(supc++.o)

If the code would somehow manage call such undefined symbol it'd crash.
Since I generally prefer link time failures to runtime crashes I link
all genode binaries with --no-undefined.

To fix this problem just add a dummy implementation of missing delete
operator.

Fixes #4298
2021-11-29 15:10:50 +01:00
Norman Feske
6f1d3862cd base: introduce Env::try_session
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.

By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.

Issue #3767
2021-10-14 11:02:12 +02:00
Martin Stein
f1b72d0281 cxx: define delete operator with alignm. arg
Using 'alignas' in declarations might cause GCC to request for an
implementation of 'operator delete(void*, unsigned long, std::align_val_t)'
although it might actually never be called. This commit adds a dummy
implementation to 'cxx/new_delete.cc' that does nothing more than printing an
error to the log that a proper implementation is missing. This approach is
coherent with our treatment of other global delete operators.

Ref #4217
2021-10-13 14:01:02 +02:00
Johannes Schlatow
88b3880c77 base: fix shift overflow error in Bitfield::mask()
Fixes genodelabs/genode#4249
2021-08-30 15:00:35 +02:00
Johannes Schlatow
5e284bfb35 trace: disable tracing when owner disappears
* Disable trace source and release ownership on subject destruction.
* Note, since the policy module is also destroyed on descruction of the
  session component, the traced component must not access the policy
  module when acknowledging the disabled state (else: page fault).

Fixes genodelabs/genode#4247
2021-08-18 15:06:12 +02:00
Sebastian Sumpf
fd9bc43be1 ldso: Fix RISC-V support with 21.05 tool chain
- force inlining of more functions
- force -O2 for RISC-V (even if -O0 is set globally)
- intialize cxx guard after self relocation

issue #4094
2021-06-25 11:56:22 +02:00
Stefan Kalkowski
e7067050be base: extend cache maintainance functionality
Introduce two new cache maintainance functions:
* cache_clean_invalidate_data
* cache_invalidate_data
used to flush or invalidate data-cache lines.

Both functions are typically empty, accept for the ARM architecture.
The commit provides implementations for the base-hw kernel, and Fiasco.OC.

Fixes #4207
2021-06-25 11:43:41 +02:00
Sebastian Sumpf
9209dfc9d5 ldso: output loaded objects of 'Shared_object' interface
When loading shared libraries via the 'Shared_object' interface display
all additionaly loaded libraries in case 'ld_verbose' is configured. Up
until now, only the loaded library was displayed. In order to determine
if a dependend library had arlready been loaded prior to loading the
'Shared_object' the reference counter is used.

fixes #4147
2021-05-28 14:15:26 +02:00
Norman Feske
2f9d430c00 base-linux: 64-bit ARM support
This patch adds support for running Genode/Linux on the AARCH64
architecture.

- The kernel-agnostic startup code (crt0) had to be extended to
  capture the initial stack pointer, which the Linux kernel uses
  to pass the process environment. This is in line with the
  existing startup code for x86_32 and x86_64.

- The link order of the host libraries linked to lx_hybrid
  programs had to be adjusted such that libgcc appears at last
  because the other libraries depend on symbols provided by
  libgcc.

- When using AARCH64 Linux as host, one can execute run scripts
  via 'make run/<script> KERNEL=linux BOARD=linux' now.

Issue #4136
2021-05-10 11:17:20 +02:00
Christian Prochaska
66e8f8d764 base: increase bss alignment to 8 bytes
Fixes #4127
2021-05-05 11:35:30 +02:00
Christian Prochaska
84e4cbb54c cxx: add 'strchr()'
Fixes #4122
2021-05-05 11:35:30 +02:00
Sebastian Sumpf
80cf47d906 ldso: protect object list with mutex
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.

issue #4071
2021-04-20 12:10:58 +02:00
Norman Feske
dc89ebf978 core: kernel-agnostic 'Mapping' type
This patch unifies the core-internal 'Mapping' type across all base
platforms.

As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.

Issue #2243
2021-04-20 12:10:57 +02:00
Norman Feske
4e714d3f3a base: handle cap depletion during session upgrade
When the own cap quota of a client does not suffice for a cap upgrade of
an existing session to a server, the client must issue a cap-resource
request to the parent. This logic was already in place for RAM quota but
was missing for cap quota.

Issue #4072
2021-04-20 12:10:57 +02:00
Sebastian Sumpf
9c9302e51d ldso: allow symbol resolution during dl_itera_phdr
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.

fixes #4071
2021-04-20 12:10:57 +02:00
Norman Feske
468e7a825c base/cache.h: rename Cache_attribute to Cache
The short name is better because the type will become prominently
visible at the API.

Issue #2243
2021-04-20 12:10:31 +02:00
Norman Feske
f925fef17b base: Refine Range_allocator::alloc_aligned
This patch changes the 'alloc_aligned' interface as follows:

- The former 'from' and 'to' arguments are replaced by a single
  'range' argument.

- The distinction of the use cases of regular allocations vs.
  address-constrained allocations is now overed by a dedicated
  overload instead of relying on a default argument.

- The 'align' argument has been changed from 'int' to 'unsigned'
  to be better compatible with 'addr_t' and 'size_t'.

Fixes #4067
2021-04-20 12:03:04 +02:00
Norman Feske
49481dd3fb timer: restore semantics of periodic timeout 0
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.

This patch restores the original timer semantics by

- Documenting it in timer_session.h,

- Handling the case explicitly in the timer implementation, and

- Replacing the silent clamping of the unexpected value 0 passed
  to the timeout framework by a diagnostic error message.

Issue #3884
2021-04-20 12:03:03 +02:00
Norman Feske
dc8dd3396d base: move Xml_generator::Node::Node behind ABI
Fixes #4063
2021-04-20 12:03:03 +02:00
Alexander Boettcher
18182b11da base: exit loop on cpu session close
if session can't be closed immediately, e.g. if the service is provided by
a child (cpu_balancer) and not by the parent.

Issue #4029
2021-03-12 12:01:39 +01:00
Alexander Boettcher
9b5bedefc7 expanding_pd_session: remove cap warning message
which are caused often when a component runs a bit longer and has dynamic
resource usage, e.g. running Genode's tool chain.
2021-03-12 12:01:39 +01:00
Norman Feske
935bb36fe4 base: fix child destruction while close requested
This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.

The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.

However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.

The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.

Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!

Fixes #4039
2021-03-12 12:01:38 +01:00
Norman Feske
9de61e7014 base: detect truncated session args
This patch reflects the truncation of session arguments (e.g., by very
long session labels) by denying the session request.

Fixes #4037
2021-03-12 12:01:37 +01:00
Sebastian Sumpf
f68e655312 mk: link core to library archive instead of .o file
Do not link base and core libraries into on large relocatable .o file,
which is linked later to core - causing long link times. Create an
independent library archive out of the base and core libraries that can
be linked faster.

issue #4027
2021-02-23 12:17:04 +01:00
Christian Helmuth
219809ffed base: refactor VM/vCPU API
Issue #3554
2021-02-23 12:07:18 +01:00
Christian Prochaska
59459e60e7 libc: pthread TLS optimizations
Fixes #4024
2021-02-23 12:07:17 +01:00
Sebastian Sumpf
f5cd12dcf9 base/base-hw: unify startup library builds
- Use 'select_from_repositories' for crt0.s of startup library
- Move RISC-V crt0.s to base (where the other archs are located)

issue #4019
2021-02-23 12:07:15 +01:00
Alexander Boettcher
18e282ab8a allocator_avl: avoid false dangling warnings
By first removing unused ranges, implicitly meta data allocations are freed
up. This leads to more unused slab blocks and freed up meta data allocations
in the avl tree.

Issue #4014
2021-02-23 12:02:44 +01:00
Alexander Boettcher
1e84b46c3f slab: add option to free empty blocks
explictly by a method

Issue #4014
2021-02-23 12:02:44 +01:00
Alexander Boettcher
c58acd0b2b allocator_avl: avoid memory leakage
Fixes #4013
2021-02-23 12:02:43 +01:00
Alexander Boettcher
d186e4361e Measure TSC variance of CPUs in test-smp
Issue #3965
2021-02-23 12:02:42 +01:00
Emery Hemingway
2acfacb639 genode_dyn.ld: do not emit PHDR segment
Recent versions of binutils check that PHDR segments are covered
by a LOAD segment. In this case the unloaded PHDR segment can be
ommited.

Fix #4003
2021-02-23 12:02:42 +01:00
Alexander Boettcher
e3233a4824 ldso: turn deadlock message into Linker message
Issue #3991

[init -> ...] Error: LD: jump slot relocation failed for symbol: 'XYZ'
[init -> ...] Error: deadlock ahead, mutex=0x161860, return ip=0xeb870

turns into:

[init -> ...] Error: LD: jump slot relocation failed for symbol: 'XYZ'
[init -> ...] Error: Uncaught exception of type 'Linker::Not_found'
[init -> ...] Warning: abort called - thread: ep

Fixes #4002
2021-02-23 12:02:42 +01:00