This data structure allows the association of objects with IDs. IDs are
kept in an AVL tree. So in contrast to a bit allocator, the ID space can be
sparsely populated and does not need to be dimensioned. The lifetime of
an ID is bound to an 'Element' object, which relieves the programmer
from manually allocating/deallocating IDs for objects.
Issue #2120
We preserve lower RAM for device drivers with physical memory
constraints. If no physical RAM constraint exists, the allocations above
3G (32-bit) or 4G (64-bit) are preferred.
This fixes a regression on Ubuntu 16.04 (resp. Linux systems with recent
kernel versions) and address-space randomization originating from an
uninitialized relocation base of 0.
This patch is a preparation of the forthcoming async parent interface.
Note that this patch increases the size of connection objects.
Furthermore it adds a diagnostic message whenever a connection fails.
Issue #2166
Unfortunately, the volatile object does not inherit the noncopyable
attribute of the enclosed object. By making all volatile objects
noncopyable, we prevent the accidental copying of a noncopyable object
wrapped in a volatile object.
Replace 'dump()' debug utilities within Allocator_avl with Output::print
equivalents, and use the new Avl_tree::for_each utility to simplify
the implementation.
Ref #2159
This overload covers the common case for initializing a string from a
literal without employing the 'Output' mechanism. This way, such
strings can by constructed without calling virtual functions, which in
turn makes the 'String' usable for the 'init_rtld' phase of the dynamic
linker.
This patch fixes a race condition triggered by the thread test running
on Linux inside VirtualBox. The 'test_stack_alloc' sporadically produced
one of two errors: A segfault in the 'Thread::deinit_platform_thread' on
the attempt to access the 'native_thread' of the to-be-destructed thread
(this data structure is located on the thread's stack). Or, an error
message about a region conflict within the stack area.
The problem was that two instances of 'Region_map_mmap' issued a
sequence of munmap and mmap each. Even though each instance locked the
attach/detach operations, the lock was held per instance. In a situation
where two instances performed attach/detach operations in parallel, the
syscall sequences could interfere with each other.
In the test scenario, the two region-map instances are the test's
address space and the stack area. When creating a thread, the thread's
trace-control dataspace is attached at an arbitrary place (picked by
the Linux kernel) within the address space whereas the stack is attached
at the stack area. The problem is the following sequence:
Thread A wants to destruct a thread:
1. Remove stack from stack area
(issue unmap syscall)
2. Preserve virtual address range that was occupied from the stack
so that Linux won't use it
(issue mmap syscall)
Thread B wants to construct a thread:
1. Request trace-control dataspace from CPU session
2. Attach trace-control dataspace to address space at a location
picked by the Linux kernel
(issue mmap syscall)
The problem occurs when thread B's second step is executed in between
the steps 1 and 2 of thread A and the Linux kernel picks the
just-unmapped address as the location for the new trace-control mapping.
Now, the trace control dataspace is mapped at the virtual address that
was designated for the stack of the to-be-created thread, and the
attempt to map the real stack fails.
The patch fixes the problem by replacing the former region-map-local
locks by a component-global lock.
Furthermore, it cleans up core's implementation of the support function
for the region-map-mmap implementation, eliminating the temporary
unlocking of the region-map lock during RPC.
Instead of solving the problem to deliver ROM modules to core while booting
differently for the several kernels (multi-boot, elfweaver, core re-linking),
this commit unifies the approaches. It always builds core as a library, and
after all binaries are built from a run-script, the run-tool will link an
ELF image out of the core-library and all boot modules. Thereby, core can
access its ROM modules directly.
This approach now works for all kernels except Linux.
With this solution, there is no [build_dir]/bin/core binary available anymore.
For debugging purposes you will find a core binary without boot modules, but
with debug symbols under [run_dir].core.
Fix#2095
base generic code:
* Remove unused verbosity code from mmio framework
* Remove escape sequence end heuristic from LOG
* replace Core_console with Core_log (no format specifiers)
* move test/printf to test/log
* remove `printf()` tests from the log test
* check for exact match of the log test output
base-fiasco:
* remove unused Fiasco::print_l4_threadid function
base-nova:
* remove unused hexdump utility from core
base-hw:
* remove unused Kernel::Thread::_print_* debug utilities
* always print resource summary of core during startup
* remove Kernel::Ipc_node::pd_label (not used anymore)
base*:
* Turn `printf`,`PWRN`, etc. calls into their log equivalents
Ref #1987Fix#2119
This patch adds the missing exception handling for depleted RM session
quotas. If core runs out of session quota while creating a new region
map, it now reflects this condition as a Region_map::Out_of_metadata
exception to the RM client. Thanks to Denis Huber for reporting the
issue!
This patch revives our ds_ownership test from 2012, which just revealed
a regression in core where the dataspace-free operation of the RAM
service would unconditionally destroy dataspace objects from foreign
sessions. The patch fixes the bug and adds an updated version of the
test to the autopilot.
Fixes#2065
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
This reverts commit 2127c8acf2d9fdc72a0b73468dfedaee26e0081d because the
alignment is already sanitized by commit 11c31c44327935586a1735a64aa9e919b93bbd40.
(discussed here 2127c8acf2)
