* get rid of alarm abstraction
* get rid of Timeout::Time type
* get rid of pointer arguments
* get rid of _discard_timeout indirection
* get rid of 65th bit in stored time values
* get rid of Timeout_scheduler interface
* get rid of uninitialized deadlines
* get rid of default arguments
* get rid of Timeout::_periodic
* get rid of Timeout::Raw
* use list abstraction
* only one interface for timeout handlers
* rework locking scheme to be smp safe
* move all method definitions to CC file
* name mutexes more accurate
* fix when & how to set time-source timeout
* fix deadlocks
Fixes#3884
This patch untangles the interplay of the base library and the libc
during the exit handling.
- The CXA ABI for the atexit handling is now provided by the libc.
For plain Genode components without libc dependency, __cxa_atexit
is a no-op, which is consistent with Genode's notion of components.
- The 'abort' implementation of the base library no longer calls
'genode_exit' but merely 'sleep_forever'. This way, the cxx library
no longer depends on a 'genode_exit' implementation.
- The libc provides 'atexit' support by storing metadata on the
libc kernel's heap now, thereby eliminating the former bounded
maximum number of atexit handlers.
- Shared-library dtors are no longer called via the atexit mechanism
by explicitly by the dynamic linker. This slightly changes the
call order of destructors (adjustment of the ldso test). Functions
marked as destructors are called after the atexit handlers now.
- The libc executes atexit handlers in the application context,
which supports the I/O operations in those handles, in particular
the closing of file descriptors.
Fixes#3851
This remove the call to Io_progress_handler::handle_io_progress() from
wait_and_dispatch_one_io_signal() to prevent unexpected nesting
I/O-progress handling in case of custom dispatch loops (e.g., in libc).
The original intention of Io_progress_handler was to inform the
entrypoint just before blocking in the entrypoint loop.
Issue #2635
- base/cancelable_lock.h becomes base/lock.h
- all members become private within base/lock.h
- solely Mutex and Blockade are friends to use base/lock.h
Fixes#3819
_timestamp() returns CPU local values which may not be in sync with _ts
taken from another CPU. Be robust and don't produce wraparound/negative
timeout values.
Issue #3657
- Since Genode::strncpy is not 100% compatible with the POSIX
strncpy function, better use a distinct name.
- Remove bogus return value from the function, easing the potential
enforcement of mandatory return-value checks later.
Fixes#3752
The former ldso-startup static library (now called ldso_so_support) is
used to spice each shared object/library with local support code for the
dynamic linker (execution of static constructors and ARM-EABI).
Therefore, the library must be statically linked to each dynamic
library.
As a result recipes for dynamic libraries must always depend on the "so"
API, which makes ldso_so_support.mk and so_support.c available
independent of "base". Additionally, ldso_so_support is also provided in
the libc API to cut the dependency early for libc/posix libraries.
Issue #3720
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.
Related to issue #3581
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.
Fixes#3714
The former scheme left open a race window between
_process_incoming_signals() and wait_and_dispatch_one_io_signal()
resulting in both threads calling block_for_signal() and blocking
forever with one unprocessed signal.
Fixes#3704
This is needed to execute the tool-chain scenario on base-nova.
Otherwise, the fork mechanism stumbles upon a region conflict
between ldso allocations and the application heap.
Fixes#3706
The applicant_to_wake_up() member must be initialized to 0 to keep the
same semantic as before the change by
"base: add mutex as derivate of lock"
Issue #3662
The mutex class is more restrictive in usage compared to
Genode::Lock.
- At initialiation time it is ever unlocked.
- No thread is permitted to lock twice. Warn about it
in case it happens.
- Only the lock onwer is permitted to unlock the mutex.
Warn about it and don't unlock the mutex in case it happens.
Issue #3612
This patch changes the code of '_alloc_two_blocks_metadata' to not
leak the result of a partial allocation in the out parameters of
the method. This eases the reasoning about the absence of a
use-atfer-free problem (there was none).
This patch removes the global variable 'blocker', which was expected to
be constructed via the global ctors. This mechanism, however, is not
used for the base library, which resulted in the use of an unconstructed
object. Specifically, the spinlock of the 'Lock' of the 'Registry'
defaulted to the LOCKED state (value 0), which eventually would lead to
a deadlock in the contention case of the cxa guard.
I could observe this deadlock once on during the component startup on
base-linux during the construction of the 'startup_lock'.
This patch fixes the problem by explicitly initializing the registry
of blockers via an init function.
Issue #2299
Issue #3578
This patch removes ldso's builtin policy of removing any path elements
prepending the ROM module name. Instead, the ROM name is used as is.
This clears the way to access different ROM modules that share the same
name but are stored at different directories behind an fs_rom (e.g.,
/bin/bash vs. /usr/local/bin/bash).
Issue #3500
The allocation of regions within the linker area is normally left to the
best-fit 'Allocator_avl', which happens to populate the linker area
starting with the binary followed by all loaded libraried with no gaps
in between.
When replacing the binary during execve, however, we need to ensure that
the new binary does not conflict with any library that stays resident
during execve. This patch tweaks the linker's region allocation scheme
such that these libraries are placed at the end of the linker area.
Issue #3481
This patch extends the interface of the dynamic linker with the ability
to replace the running binary executable by another one. It is
designated for the implementation of execve. The interface consists of
two new functions.
'Dynamic_linker::keep' marks the specified shared object as unloadable.
This can be used to pin a set of libraries (i.e., the libc) within the
local address space while replacing the binary and other higher-level
libraries.
'Dynamic_linker::respawn' unloads the current binary, loads the one
specifed as first argument, and looks up the entry point symbol of the
new binary, which would be "main" for POSIX programs.
In addition to implementing the new interface, the patch adjusts the
linker at various places that previously assumed the binary to be
constant over runtime.
Issue #3481
This patch enables the fork.run script to run on base-linux. It should
be regarded as an interim solution, however, because the randomization
performed by the Linux kernel may still - by chance - produce a
situation where one of the libc's malloc heap regions intersects with
another dataspace dynamically attached to the child.
The better solution would be to make the 'Region_map_mmap'
implementation not depend on the kernel's allocation policy by using a
locally implemented allocator.
Issue #3478
By specifying the config attribute 'check_ctors="no"', the dynamic
linker won't abort the program on a missing call of
'Env::exec_static_constructors'. This is the case for forked programs
where the ctors were already executed by the forking program prior the
fork operation.
Issue #3478
This patch enhances the 'base/shared_object.h' interface of the dynamic
linker with the function 'for_each_loaded_object', which allows the
caller to obtain information about the currently loaded binary and
shared libraries.
The new interface is a base mechanism needed for implementing 'fork' in
the libc.
Issue #3478
The warning falsely detected cases where shared objects where loaded before
exec_static_constructors() was called as unneeded even in cases were the
binary itself contained static globals.
The commit also removes one redundant call to exec_static_constructors()
from the block tester.
* added global offset table relative loading for global symbols
* removed 'initial_sp' and 'initial_x0' because they are currently not
used on this platform. If required they are easy to resurrect.
issue #3260
Previously, only Invalid_dataspace, Region_conflict, and Out_of_ram were
handled for both allocate and attach with the same handlers. However,
both operations can also throw Out_of_caps and for all exceptions during
attach, the dataspace must be freed again whereas this is not the case
when the exception occured during allocate.
Issue #2953
With the new fact that plain time values are always 64 bit unsigned, the
timestamp type is never bigger than the plain time type. Therefore, a code path
in the curr_time interpolation that treated this condition is not neccessary
anymore.
Ref #3208
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.
Fixes#3208
Issue #3111
remove_range may deny to the job on memory pressure or insane ranges,
which ends up in an endless loop when the Avl allocator is in destruction.
Since the Avl gets destructed, solely the memory free up is of importance,
not the correct range adjustments during remove_range.
Track the dataspaces used by attach and add handling of flushing VM space
when dataspace gets destroyed (not triggered via the vm_session interface).
Issue #3111
This patch adds the items necessary for building Genode components with
stack protection enabled, but it is not initialized at runtime. They are
provided at the moment as a convenience and do not implement a security
feature.
Fix#3066
* Introduces pending_signal syscall to check for new signals for the
calling thread without blocking
* Implements pending_signal in the base-library specific for hw to use the
new syscall
Fix#3217
The "schedule_post_signal_hook" method of the Genode::Entrypoint class
is problematic because the signal hook can be scheduled and replaced
multiple times during the signal dispatch cycle. Add an alternative to
this method with "register_io_progress_handler" and the "Post_signal_
hook" class with "Io_progress_handler". The difference being an
"Io_progress_handler" may be registered once during the lifetime of an
entrypoint to prevent arbitrary libraries from replacing a pending hook.
The "register_io_progress_handler" remains as a deprecated API, and is
now invoked for every I/O signal received and only for I/O signals
rather than for any signal.
Ref #3132
This commit removes APIs that were previously marked as deprecated. This
change has the following implications:
- The use of the global 'env()' accessor is not possible anymore.
- Boolean accessor methods are no longer prefixed with 'is_'. E.g.,
instead of 'is_valid()', use 'valid()'.
- The last traces of 'Ram_session' are gone now. The 'Env::ram()'
accessor returns the 'Ram_allocator' interface, which is a subset of
the 'Pd_session' interface.
- All connection constructors need the 'Env' as argument.
- The 'Reporter' constructor needs an 'Env' argument now because the
reporter creates a report connection.
- The old overload 'Child_policy::resolve_session_request' that returned
a 'Service' does not exist anymore.
- The base/printf.h header has been removed, use base/log.h instead.
- The old notion of 'Signal_dispatcher' is gone. Use 'Signal_handler'.
- Transitional headers like os/server.h, cap_session/,
volatile_object.h, os/attached*_dataspace.h, signal_rpc_dispatcher.h
have been removed.
- The distinction between 'Thread_state' and 'Thread_state_base' does
not exist anymore.
- The header cpu_thread/capability.h along with the type definition of
'Cpu_thread_capability' has been removed. Use the type
'Thread_capability' define in cpu_session/cpu_session.h instead.
- Several XML utilities (i.e., at os/include/decorator) could be removed
because their functionality is nowadays covered by util/xml_node.h.
- The 'os/ram_session_guard.h' has been removed.
Use 'Constrained_ram_allocator' provided by base/ram_allocator.h instead.
Issue #1987
This patch adjusts the implementation of the base library and core such
that the code no longer relies on deprecated APIs except for very few
cases, mainly to keep those deprecated APIs in tact for now.
The most prominent changes are:
- Removing the use of base/printf.h
- Removing of the log backend for printf. The 'Console' with the
format-string parser is still there along with 'snprintf.h' because
the latter is still used at a few places, most prominently the
'Connection' classes.
- Removing the notion of a RAM session, which does not exist in
Genode anymore. Still the types were preserved (by typedefs to
PD session) to keep up compatibility. But this transition should
come to an end now.
- Slight rennovation of core's tracing service, e.g., the use of an
Attached_dataspace as the Argument_buffer.
- Reducing the reliance on global accessors like deprecated_env() or
core_env(). Still there is a longish way to go to eliminate all such
calls. A useful pattern (or at least a stop-gap solution) is to
pass the 'Env' to the individual compilation units via init functions.
- Avoiding the use of the old 'Child_policy::resolve_session_request'
interface that returned a 'Service' instead of a 'Route'.
Issue #1987
The notion of a RAM session does not exist anymore. Hence, we have to
adjust the name of 'init_env_ram_session'. Since this change modifies
the ABI, it comes as separate commit.
Issue #2407
- support to create multiple vCPUs
- support to implement Vm_session methods client side within base library
- adjust muen specific virtualbox4 version to compile/link
Issue #3111
This patch moves the removal of the signal context from the
'_platform_finish_dissolve' to the '_platform_begin_dissolve'
method. This is needed because the removal involves taking
the signal-registry lock. The latter must adhere the same
locking order as the code path used for signal delivery.
Fixes#3109
The former 'Genode::Timed_semaphore' mechanism is moved to the private
part of the two remaining users, namely dde_rump and the libc. Note
there are now two private copies of 'timed_semaphore.h'. This should be
regarded as an interim step until the use of this mechanism is removed
from both users.
This patch also cleans up the mechanism from legacy Genode API calls and
global side effects (alarm-thread singleton). The test/timed_semaphore
is now located at the libports repository as it now tests a mechanism of
the libc. The former timed_semaphore library is no more.
Fixes#3121
Since the timer and timeout handling is part of the base library (the
dynamic linker), it belongs to the base repository.
Besides moving the timer and its related infrastructure (alarm, timeout
libs, tests) to the base repository, this patch also moves the timer
from the 'drivers' subdirectory directly to 'src' and disamibuates the
timer's build locations for the various kernels. Otherwise the different
timer implementations could interfere with each other when using one
build directory with multiple kernels.
Note that this patch changes the include paths for the former os/timer,
os/alarm.h, os/duration.h, and os/timed_semaphore.h to base/.
Issue #3101
This can happen, for example, during 'dlopen' if unresolved symbols are
present.
* Unload already loaded shared libraries
* Delete dependencies
* Flush initializer list (ctors)
fixes#3073
This patch fixes a problem in the non-const 'for_each' method of the
'Registry' data structure. If an exception was thrown from within the
functor of the 'for_each' operation, the not yet processed items of the
registry were dropped from the registry, which is not expected.
