Commit Graph

19 Commits

Author SHA1 Message Date
Johannes Schlatow
da9e764c47 Init: bugfix
Fix a use-after-free bug concerning the use case where the config
of the init process changes dynamically. The childs' services were not
removed from the corresponding Service_registry properly.

Fixes #1094
2014-03-14 13:17:37 +01:00
Stefan Kalkowski
6ca8a41232 core: lower default verbosity when quota exceeds
* only print quota exceeded message and statistic when explicitly enabled
* turn init's error message "cannot respond to request" into a warning
2014-02-25 14:58:06 +01:00
Alexander Boettcher
b893968232 base: show size as %zu instead %zd
For big numbers otherwise negative sizes for memory chunks are displayed.

Issue #1011
2013-12-20 15:16:19 +01:00
Stefan Kalkowski
fde93c3284 init: don't call Rom_session::dataspace() twice
In general, requesting a dataspace from a server twice is no good
idea. The server might react in a unrecoverable fashion. E.g. the rom_fs
service always throws away the corresponding dataspace from the first call
of dataspace(), and constructs a new one.
2013-10-29 18:08:30 +01:00
Alexander Boettcher
f14213b5f4 base/os: catch Ipc_error messages in Service class
Fixes #910
2013-10-22 08:00:15 +02:00
Norman Feske
5caed68fe4 init: Transfer slack memory to children on demand 2013-10-14 09:45:14 +02:00
Norman Feske
a652cb5110 Apply affinity subspacing to session requests 2013-08-15 09:22:50 +02:00
Norman Feske
5ec07614e8 init: Read affinity assignments from config
The assignment of affinities consists of two parts, the definition
of the affinity space dimensions as used for the init process, and
the association sub systems with affinity locations (relative to the
affinity space). The affinity space is configured as a sub node of the
config node. For example, the following declaration describes an
affinity space of 4x2:

<config>
  ...
  <affinity_space width="4" height="2" />
  ...
</config>

Subsystems can be constrained to parts of the affinity space using
the '<affinity>' sub node of a '<start>' entry:

<config>
  ...
  <start name="loader">
    <affinity xpos="0" ypos="1" width="2" height="1" />
    ...
  </start>
  ...
</config>
2013-08-13 17:08:25 +02:00
Norman Feske
6d837c9e26 Attach affinity information to session requests
This patch extends the 'Parent::session()' and 'Root::session()'
functions with an additional 'affinity' parameter, which is inteded to
express the preferred affinity of the new session. For CPU sessions
provided by core, the values will be used to select the set of CPUs
assigned to the CPU session. For other services, the session affinity
information can be utilized to optimize the locality of the server
thread with the client. For example, to enable the IRQ session to route
an IRQ to the CPU core on which the corresponding device driver (the IRQ
client) is running.
2013-08-13 17:08:25 +02:00
Norman Feske
fcca4f3466 Init: handle reconfiguration
With this change, init becomes able to respond to config changes by
restarting the scenario with the new config. To make this feature useful
in practice, init must not fail under any circumstances. Even on
conditions that were considered as fatal previously and led to the abort
of init (such as ambiguous names of the children or misconfiguration in
general), init must stay alive and responsive to config changes.
2013-01-15 10:18:12 +01:00
Norman Feske
16e6f4b784 Remove debug message 2013-01-11 21:21:35 +01:00
Norman Feske
73ab30c22c Update copyright headers to 2013 2013-01-10 21:44:47 +01:00
Norman Feske
277af91376 Omit child-name prefix in <if-args> check
When matching the 'label' session argument using '<if-args>' in a
routing table, we can omit the child name prefix because it is always
the same for all sessions originating from the child anyway. Therefore,
this patch adds a special case for matching session labels. It makes the
expression of label-specific routing more intuitive.
2013-01-10 21:09:07 +01:00
Norman Feske
959df5d46b Generalize handling of PD-session arguments
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.

The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.

Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.

Related to #510.
2012-11-21 20:04:07 +01:00
Norman Feske
b45242c50f Add chroot support to core
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation.  For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.

This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
2012-11-05 17:31:05 +01:00
Christian Prochaska
c2f23de2e7 Introduce server-role member to 'Child' class
This patch is needed to use children as services in a dynamic
way (closing and reopening sessions).
2012-05-29 13:54:59 +02:00
Norman Feske
9a00ad7ae3 Support for dynamic ROM sessions, fix #170
This patch introduces support for ROM sessions that update their
provided data during the lifetime of the session. The 'Rom_session'
interface had been extended with the new 'release()' and 'sigh()'
functions, which are needed to support the new protocol. All ROM
services have been updated to the new interface.

Furthermore, the patch changes the child policy of init
with regard to the handling of configuration files. The 'Init::Child'
used to always provide the ROM dataspace with the child's config file
via a locally implemented ROM service. However, for dynamic ROM
sessions, we need to establish a session to the real supplier of the ROM
data. This is achieved by using a new 'Child_policy_redirect_rom_file'
policy to handle the 'configfile' rather than handling the 'configfile'
case entirely within 'Child_config'.

To see the new facility in action, the new 'os/run/dynamic_config.run'
script provides a simple scenario. The config file of the test program
is provided by a service, which generates and updates the config data
at regular intervals.

In addition, new support has been added to let slaves use dynamic
reconfiguration. By using the new 'Child_policy_dynamic_rom_file', the
configuration of a slave can be changed dynamically at runtime via the
new 'configure()' function.

The config is provided as plain null-terminated string (instead of a
dataspace capability) because we need to buffer the config data anyway.
So there is no benefit of using a dataspace. For buffering configuration
data, a 'Ram_session' must be supplied. If no 'Ram_session' is specified
at construction time of a 'Slave_policy', no config is supplied to the
slave (which is still a common case).

An example for dynamically reconfiguring a slave is provided by
'os/run/dynamic_config_slave.run'.
2012-04-05 11:25:26 +02:00
Norman Feske
08ce32215d Bump year in copyright headers to 2012 2012-01-03 15:35:05 +01:00
Genode Labs
da4e1feaa5 Imported Genode release 11.11 2011-12-22 16:19:25 +01:00