Commit Graph

303 Commits

Author SHA1 Message Date
Christian Helmuth
8661936d7d base: aquire context mutex in local_submit()
Some signal-heavy scenarios (e.g., libc_integration) produced the
following warning that hinted a data race on signal data in the context
object.

  Warning: returning signal with num == 0

The cause was the use of Signal_context::local_submit() in the libc
introduced in

  424ed1b79a libc: remove Reconstructible / use local_submit in kernel

in combination with a missing context-mutex aquisition resulting in a
data race on Signal_context::_curr_signal.

Issue #3923
2023-01-24 12:07:27 +01:00
Christian Helmuth
df4c4d5be2 base: check for used blocks in Allocator_avl
The check is required for alloc_addr() as the desired range may already
be backed by a used block.
2022-11-17 08:00:34 +01:00
Johannes Schlatow
7d143087c9 xml_node: change with_sub_node signature
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.

genodelabs/genode#4600
2022-09-19 14:00:33 +02:00
Norman Feske
c560285d88 build: support library builds via lib/<libname>
This patch adds special handling for lib/<libname> arguments to the
build system, which supersedes the former LIB=<libname> mechanism.
Whereas the old mechanism was limited to a single library, the new
convention allows multiple library arguments, similar to regular
targets. The change brings the two immediate benefits.

First, the streamlining of library and target arguments allows for the
building of libraries via the 'build' command of the run tool.

Second, it alleviates the need for pseudo target.mk files for building
shared libraries that have no direct dependencies, in particular VFS
plugins.

Since this change eases the explicit creation of shared libraries
from run scripts, we may reconsider the automatic implicit building
of shared libraries driven by targets. E.g., while developing a Qt
application, a run script could import the Qt libraries from the
depot and combine those with the developed (fresh built) target without
triggering the build of the Qt libraries in the build directory.

When issueing 'make' without arguments, all targets are built. This
patch applies this behavior to libraries as well, thereby removing the
need for the base/src/lib/target.mk pseudo target as used by the CI
tools to build all libraries.

Note that target.mk files located under src/lib/ are no longer
reachable. Therefore, all run scripts that used to trigger the
build of a shared library via a pseudo target must be adapted.
E.g., 'build lib/vfs/tap' must be replaced by 'build lib/vfs_tap'.

With this patch, the LIB=<libname> option is no longer supported.

Fixes #4599
2022-09-19 13:59:28 +02:00
Sebastian Sumpf
fb7282f47a base: beautify error message if not mutex owner 2022-08-10 13:32:57 +02:00
Sebastian Sumpf
da1ef67064 base: Allocator_avl cleanup meta data
After reverting unused ranges during allocator destruction
'_meta_data.free_empty_blocks' may lead to more unused ranges because
meta data blocks maybe freed where the meta data for the blocks is
managed by other meta data blocks. This leads to dangling allocation
warnings which are caused by meta data. Therefore, we call
'_revert_unused_ranges' and 'free_empty_blocks' until no more ranges
can be freed.

issue #4466
2022-04-13 09:29:03 +02:00
Johannes Schlatow
c763890f04 trace_buffer: partition trace buffer
Split the trace buffer into two partitions in order to prevent overwriting
of entries when the consumer is too slow. See file comment in buffer.h.

genodelabs/genode#4434
2022-03-21 13:42:16 +01:00
Piotr Tworek
58e0b24006 base: Ignore empty constructors array.
This does not affect default Genode builds as far as I can tell. There
is always at least one global static CTOR which seems to be coming from
one of the GCC runtime libs bundled in the toolchain. The problem became
visible for me only after I've replated GCC runtime with LLVM based
one. In such setup I often see binaries that do not have any static ctors.
Such binaries end up crashing Genode ld.lib.so.

Make sure the code does handle empty constructors array.

Fixes #4422
2022-02-15 10:23:58 +01:00
Norman Feske
33b038e8a7 Consistent spelling of "writeable"
Fixes #4425
2022-02-15 10:23:58 +01:00
Norman Feske
50c2b0066f Remove 'Env::reinit' and 'Env::reinit_main_thread'
Fixes #4404
2022-02-15 10:17:28 +01:00
Johannes Schlatow
db3a647c6d allocator_avl: use Attempt for size_at
Fixes ambiguous interpretation of returned 0.

genodelabs/genode#4393
2022-02-15 10:16:51 +01:00
Norman Feske
88ca8d1a72 base: fix potential memory leak in allocator_avl
When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.

The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.

Thanks to Peter for reporting and fixing this issue!

Fixes #4367
2022-01-19 12:35:49 +01:00
Christian Prochaska
8e252f79f8 Remove mutex from 'Genode::Trace_output'
Fixes #4356
2022-01-19 12:35:49 +01:00
Piotr Tworek
d610f9f4f1 Fix some signed/unsigned implicit conversions.
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.

Issue #4354
2022-01-19 12:35:48 +01:00
Stefan Kalkowski
2c569953d0 base: replace ELF flags bitfield with booleans
Instead of using a bitfield for storing rwx and skip boolean value,
take a boolean instead. This fixes a note giv]en by GCC 9.1 about
changes semantics of bitfields given as parameter by value on ARM.

Ref #4344
2021-12-17 15:04:48 +01:00
Norman Feske
03047009b1 base: avoid implicit conversions
This patch is a prerequisite for compiling the code with
the warnings -Wconversion enabled.

Issue #23
2021-12-17 15:04:44 +01:00
Johannes Schlatow
7a2826a2fe base: fix use after free in Genode::Heap
Fixes genodelabs/genode#4334
2021-11-29 15:11:53 +01:00
Norman Feske
dc39a8db62 base: introduce Allocator::try_alloc
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.

To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.

Issue #4324
2021-11-29 15:11:52 +01:00
Josef Söntgen
98385a7658 allocator_avl: return 0 for improper size_at call
In case the given address is not the start of a block bail instead of
making improper size assumptions.

Issue #4325.
2021-11-29 15:10:53 +01:00
Norman Feske
231ac187fe base: introduce Ram_allocator::try_alloc
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.

Issue #4322
Issue #3612
2021-11-29 15:10:53 +01:00
Piotr Tworek
c38c2a6455 cxx: missing operator delete with align_val_t arg
When rebasing my local branch on top of sculpt-21.10 tag I've noticed
two problems.

The code in new_delete.cc does not include new header file. This works
fine with GCC, but fails with clang because std::align_val_t type is
not defined anywhere according to clang. It looks like GCC pulls this
header indirectly somehow.

The second problem can be seen if one disallows undefined symbols in
executables and shared_libraries. This can be seen with both GCC and
clang by adding --no-undefined to LD_OPT. With such change in place core
fails to link due to:

ld.lld: error: undefined symbol: operator delete(void*, std::align_val_t)
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>>               thread.o:(non-virtual thunk to Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> did you mean: operator delete(void*, unsigned long, std::align_val_t)
>>> defined in: debug/core-hw-virt_qemu.a(supc++.o)

If the code would somehow manage call such undefined symbol it'd crash.
Since I generally prefer link time failures to runtime crashes I link
all genode binaries with --no-undefined.

To fix this problem just add a dummy implementation of missing delete
operator.

Fixes #4298
2021-11-29 15:10:50 +01:00
Norman Feske
6f1d3862cd base: introduce Env::try_session
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.

By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.

Issue #3767
2021-10-14 11:02:12 +02:00
Martin Stein
f1b72d0281 cxx: define delete operator with alignm. arg
Using 'alignas' in declarations might cause GCC to request for an
implementation of 'operator delete(void*, unsigned long, std::align_val_t)'
although it might actually never be called. This commit adds a dummy
implementation to 'cxx/new_delete.cc' that does nothing more than printing an
error to the log that a proper implementation is missing. This approach is
coherent with our treatment of other global delete operators.

Ref #4217
2021-10-13 14:01:02 +02:00
Johannes Schlatow
5e284bfb35 trace: disable tracing when owner disappears
* Disable trace source and release ownership on subject destruction.
* Note, since the policy module is also destroyed on descruction of the
  session component, the traced component must not access the policy
  module when acknowledging the disabled state (else: page fault).

Fixes genodelabs/genode#4247
2021-08-18 15:06:12 +02:00
Sebastian Sumpf
fd9bc43be1 ldso: Fix RISC-V support with 21.05 tool chain
- force inlining of more functions
- force -O2 for RISC-V (even if -O0 is set globally)
- intialize cxx guard after self relocation

issue #4094
2021-06-25 11:56:22 +02:00
Stefan Kalkowski
e7067050be base: extend cache maintainance functionality
Introduce two new cache maintainance functions:
* cache_clean_invalidate_data
* cache_invalidate_data
used to flush or invalidate data-cache lines.

Both functions are typically empty, accept for the ARM architecture.
The commit provides implementations for the base-hw kernel, and Fiasco.OC.

Fixes #4207
2021-06-25 11:43:41 +02:00
Sebastian Sumpf
9209dfc9d5 ldso: output loaded objects of 'Shared_object' interface
When loading shared libraries via the 'Shared_object' interface display
all additionaly loaded libraries in case 'ld_verbose' is configured. Up
until now, only the loaded library was displayed. In order to determine
if a dependend library had arlready been loaded prior to loading the
'Shared_object' the reference counter is used.

fixes #4147
2021-05-28 14:15:26 +02:00
Norman Feske
2f9d430c00 base-linux: 64-bit ARM support
This patch adds support for running Genode/Linux on the AARCH64
architecture.

- The kernel-agnostic startup code (crt0) had to be extended to
  capture the initial stack pointer, which the Linux kernel uses
  to pass the process environment. This is in line with the
  existing startup code for x86_32 and x86_64.

- The link order of the host libraries linked to lx_hybrid
  programs had to be adjusted such that libgcc appears at last
  because the other libraries depend on symbols provided by
  libgcc.

- When using AARCH64 Linux as host, one can execute run scripts
  via 'make run/<script> KERNEL=linux BOARD=linux' now.

Issue #4136
2021-05-10 11:17:20 +02:00
Christian Prochaska
84e4cbb54c cxx: add 'strchr()'
Fixes #4122
2021-05-05 11:35:30 +02:00
Sebastian Sumpf
80cf47d906 ldso: protect object list with mutex
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.

issue #4071
2021-04-20 12:10:58 +02:00
Sebastian Sumpf
9c9302e51d ldso: allow symbol resolution during dl_itera_phdr
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.

fixes #4071
2021-04-20 12:10:57 +02:00
Norman Feske
f925fef17b base: Refine Range_allocator::alloc_aligned
This patch changes the 'alloc_aligned' interface as follows:

- The former 'from' and 'to' arguments are replaced by a single
  'range' argument.

- The distinction of the use cases of regular allocations vs.
  address-constrained allocations is now overed by a dedicated
  overload instead of relying on a default argument.

- The 'align' argument has been changed from 'int' to 'unsigned'
  to be better compatible with 'addr_t' and 'size_t'.

Fixes #4067
2021-04-20 12:03:04 +02:00
Norman Feske
49481dd3fb timer: restore semantics of periodic timeout 0
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.

This patch restores the original timer semantics by

- Documenting it in timer_session.h,

- Handling the case explicitly in the timer implementation, and

- Replacing the silent clamping of the unexpected value 0 passed
  to the timeout framework by a diagnostic error message.

Issue #3884
2021-04-20 12:03:03 +02:00
Norman Feske
dc8dd3396d base: move Xml_generator::Node::Node behind ABI
Fixes #4063
2021-04-20 12:03:03 +02:00
Alexander Boettcher
18182b11da base: exit loop on cpu session close
if session can't be closed immediately, e.g. if the service is provided by
a child (cpu_balancer) and not by the parent.

Issue #4029
2021-03-12 12:01:39 +01:00
Norman Feske
935bb36fe4 base: fix child destruction while close requested
This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.

The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.

However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.

The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.

Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!

Fixes #4039
2021-03-12 12:01:38 +01:00
Norman Feske
9de61e7014 base: detect truncated session args
This patch reflects the truncation of session arguments (e.g., by very
long session labels) by denying the session request.

Fixes #4037
2021-03-12 12:01:37 +01:00
Christian Helmuth
219809ffed base: refactor VM/vCPU API
Issue #3554
2021-02-23 12:07:18 +01:00
Christian Prochaska
59459e60e7 libc: pthread TLS optimizations
Fixes #4024
2021-02-23 12:07:17 +01:00
Sebastian Sumpf
f5cd12dcf9 base/base-hw: unify startup library builds
- Use 'select_from_repositories' for crt0.s of startup library
- Move RISC-V crt0.s to base (where the other archs are located)

issue #4019
2021-02-23 12:07:15 +01:00
Alexander Boettcher
18e282ab8a allocator_avl: avoid false dangling warnings
By first removing unused ranges, implicitly meta data allocations are freed
up. This leads to more unused slab blocks and freed up meta data allocations
in the avl tree.

Issue #4014
2021-02-23 12:02:44 +01:00
Alexander Boettcher
1e84b46c3f slab: add option to free empty blocks
explictly by a method

Issue #4014
2021-02-23 12:02:44 +01:00
Alexander Boettcher
c58acd0b2b allocator_avl: avoid memory leakage
Fixes #4013
2021-02-23 12:02:43 +01:00
Alexander Boettcher
e3233a4824 ldso: turn deadlock message into Linker message
Issue #3991

[init -> ...] Error: LD: jump slot relocation failed for symbol: 'XYZ'
[init -> ...] Error: deadlock ahead, mutex=0x161860, return ip=0xeb870

turns into:

[init -> ...] Error: LD: jump slot relocation failed for symbol: 'XYZ'
[init -> ...] Error: Uncaught exception of type 'Linker::Not_found'
[init -> ...] Warning: abort called - thread: ep

Fixes #4002
2021-02-23 12:02:42 +01:00
Norman Feske
a0fb944721 Propagate session diag flag to core
This commit restores the diag feature for selecting diagnostic output of
services provided by core. This feature became unavailable with commit
"base: remove dependency from deprecated APIs", which hard-wired the
diag flag for core services to false.

To control this feature, three possible policies can be expressed in a
routing target of init's configuration:

* Forcing silence by specifying 'diag="no"'
* Enabling diagnostics by specifying 'diag="yes"'
* Forwarding the preference of the client by omitting the 'diag'
  attribute

Fixes #3962
2020-12-09 14:02:11 +01:00
Alexander Boettcher
774b1f4277 base: remove Thread_deprecated
Fixes #3954
2020-11-27 09:19:08 +01:00
Christian Helmuth
dc016cbd5c ldso: log linker-area info on 'ld_verbose' 2020-11-27 09:19:08 +01:00
Piotr Tworek
8d6ca9556f base: fix clang warning for void cast of retval
This path fixes a void cast used to silence unused return value warning.
Its a common pattern to use void cast to do that. The code uses void *
cast instead. It works for GCC, but clang complains about this.

Issue #3938
2020-11-23 12:02:58 +01:00
Piotr Tworek
81a49bffee base: exception specification for operator delete
Clang is rather picky about this and prints the following warning when
compiling new_delete.cc:

  error: function previously declared with an explicit exception
  specification redeclared with an implicit exception specification
  [-Werror,-Wimplicit-exception-spec-mismatch]

Issue #3938
2020-11-23 12:02:58 +01:00
Martin Stein
89d28c8222 timeout: no volatile stackvars, better warnings 2020-11-23 12:02:57 +01:00