Commit Graph

342 Commits

Author SHA1 Message Date
Stefan Kalkowski
9a9f49b65c Fiasco.OC: sanity-check cap insertion. (fix #166)
When constructing a thread object its capability is inserted into the
capability map. Normally this is done by the ipc-unmarshalling code, but
in this case the thread-capability isn't transfered via normal IPC, but in
a special form via the thread_state object. In contrast to the unmarshalling
code, the thread-startup code doesn't check, whether the capability-map
already contains a deprecated entry with the same capability id before
inserting the thread's capability. This commit add the necessary check.

Moreover, a check is added to the insertion methods of the capability-map
to verify that capability-allocation didn't failed.
2012-03-26 15:06:26 +02:00
Stefan Kalkowski
89db981280 Fix race when removing Cap_index (fix #163)
Removing a Cap_index from Capability_map in core can happen twice, via
Cap_session_component or destructor of a Cap_mapping. That it's checked
whether the index is part of the map before removing it. This patch puts
the check into the remove method, so both operations are within the same
lock context, to remove a race condition.

This is a follow up fix for commit d287b9d893
2012-03-23 18:26:33 +01:00
Stefan Kalkowski
c1e6657f49 Rewrite cap_integrity test for Fiasco.OC (fix #161)
By commit d287b9d893 the Native_capability
class changed fundamentally in the Fiasco.OC platform code of Genode. Thereby
the cap_integrity test got incompatible with it. This commit introduces a
separate test implementation for Fiasco.OC that does semantically the same
like the old test. Please refer to issue #161.
2012-03-23 14:34:58 +01:00
Stefan Kalkowski
bb90a2d41d Let cap_integrity test be more expressive
By using the `compare_output_to` method from the run tool instead of using
regexp in the cap_integrity run-script, the test outputs the undesired lines
instead of just signaling that the test failed.
2012-03-23 14:34:09 +01:00
Stefan Kalkowski
747c482188 Fiasco.OC: remove cap_alloc library (fix #160)
The cap_alloc library became redundant and doesn't compile any longer.
This commit simply removes it. Please, refer to issue #160.
2012-03-23 14:33:46 +01:00
Stefan Kalkowski
e88276bf0e Fix compare_output_to in run tool (fix #162)
In the compare_output_to function in the run tool a check was introduced,
whether the given arguments are empty, and if so if the output string is it
too. Without this patch compare_output_to succeeded when the given pattern
was empty but output wasn't. Please refer to issue #162.
2012-03-23 14:33:31 +01:00
Stefan Kalkowski
d287b9d893 Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).

Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.

The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:

* The Thread object's startup and destruction routine is re-arranged, to
  enable another thread (that calls the Thread destructor) gaining the
  capability id of the thread's gate to remove it from the Cap_map, the
  thread's UTCB had to be made available to the caller, because there
  is the current location of that id. After having the UTCB available
  in the Thread object for that reason, the whole thread bootstrapping
  could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
  class was introduced in core, that facilitates the establishment and
  destruction of capability mappings between core and it's client's, especially
  mappings related to Platform_thread and Platform_task, that are relevant to
  task and thread creation and destruction. Thereby, the destruction of
  threads had to be reworked, which effectively removed a bug (issue #149)
  where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
  introduced available in all processes. Moreover, some kind of a capability
  map already existed in core, to handle cap-session request properly. The
  introduction of the Cap_map unified both structures, so that the
  cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
  changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
  according to the already mentioned changes in the Thread object's bootstrap
  code.
2012-03-22 14:10:44 +01:00
Christian Prochaska
12e1ae9d72 Implement '_nanosleep()'
This patch provides an implementation of the '_nanosleep()' libc function,
which blocks on a timed semaphore for the given time, but at least 10ms.
This should result in better performance than creating a timer connection
on every call (for thread-safety), but could still be improved.

Fixes #158.
2012-03-21 22:05:55 +01:00
Christian Prochaska
983ee6321a Add 'include/SDL' to include search path
Fixes #159.
2012-03-21 22:05:31 +01:00
Stefan Kalkowski
1520d9c1d9 Fiasco.OC: Map ROM-modules in advance (fix #157).
There seems to be a bug in Fiasco.OC, that is hard to reproduce. The scenario
discussed in issue #157 triggers it relatively often. When sigma0 handles
pagefaults of core on demand at runtime, at some point its reply ipc-message
gets stucked in the kernel. This commit touches all ROM-modules when the
platform is initialized in advance (like it was done for RAM etc. already
before).
2012-03-21 22:05:08 +01:00
Stefan Kalkowski
890a3ee868 Specialize blit library for ARM (fix #147).
Use multiple load store instructions for 32 byte chunks in ARM-specific
blit-function, analog to x86 variant. Make the blit-function of x86 a
generic one, and provide needed utility functions for ARM and generic code.
Please refer issue #147 for discussion.
2012-03-21 22:04:25 +01:00
Norman Feske
724a6e8120 Support escape sequences used by 'ls --color=auto' 2012-03-21 21:38:04 +01:00
Norman Feske
afeb54ebed Add pipe and dup2 syscalls to Noux
Fixes #133.
2012-03-21 21:37:17 +01:00
Norman Feske
48739422ac Validate liveliness of signal contexts
We cannot trust signal imprints received with signals to represent valid
pointers to signal contexts. After a signal context has been dissolved
from its receiver, a signal corresponding to the context might still be
in flight. Hence, we need a facility to check received signal imprints
against the list of valid contexts at reception time. The new
'Signal_context_registry' is a very simple attempt to create such a
facility.
2012-03-21 21:37:15 +01:00
Norman Feske
1896c09a2d Fixed initial reference counter value 2012-03-21 21:37:15 +01:00
Norman Feske
d0285edcb7 Fixed inconsistent include guard 2012-03-21 21:37:15 +01:00
Norman Feske
a215d05db8 Support for tab characters in terminal 2012-03-21 21:37:15 +01:00
Norman Feske
5b6de825e6 Noux: propagate environment to execve
Fixes #131.
2012-03-21 21:36:49 +01:00
Norman Feske
a79f5db2c4 News about GSoC 2012 rejection 2012-03-17 13:33:38 +01:00
Stefan Kalkowski
e34adf883c Introduce design pattern for uncopyable objects.
Introduce a new Noncopyable class, one can derive from to mark a class of
objects to be uncopyable. This way the compiler can check for any violations
for you.
2012-03-16 18:24:52 +01:00
Sebastian Sumpf
38e953d913 Fiasco.OC: Set interrupt mode in IRQ session
Set IRQ 0-15 to edget/high and 16-23 level low (x86 only). Fixes #153
2012-03-16 18:24:00 +01:00
Norman Feske
207abe647b Handle current working directory in Noux 2012-03-16 18:23:00 +01:00
Sebastian Sumpf
d460820cf6 ACPI: Remove quota checking
Remove RAM quota checking on IRQ session creation. Spelling fixes.
(Fix #151)
2012-03-16 18:22:52 +01:00
Sebastian Sumpf
ed8eb91107 ACPI: Parse MADT
Implemented IRQ service and MATD parsing. Please have a look at the 'README'
file. Fixes issue #151
2012-03-16 14:57:12 +01:00
Norman Feske
db8058c16f Add x86_32 requirement to AHCI and ACPI drivers 2012-03-16 14:53:56 +01:00
Norman Feske
cca4b7b43c Change include order to remedy conflicting defines
Both the libc and the NOVA syscall bindings provide the definition of
PAGE_SIZE. In contrast to the libc, which uses a #define, the NOVA
syscalls uses a proper enum value. Thus, we can work around the conflict
by including the NOVA syscalls header prior the libc header. Fixes #152.
2012-03-16 14:45:54 +01:00
Sebastian Sumpf
bbce38cb36 Do not marshal invalid capabilities on NOVA/x86
We send a local name of ~0L instead, if this is encountered during the
unmarshalling we generate an invalid 'Native_capability' (Fixes #148).
2012-03-13 16:32:23 +01:00
Sebastian Sumpf
c5e2fa06cb ACPI: Cleanup
Remove unnecessary debugging output. Filter output correctly in run script.
2012-03-10 16:01:17 +01:00
Stefan Kalkowski
ae8cf5f44d Rename tid() to dst() in Native_capability.
As suggested by Norman in the discussion of issue #145, this commit
renames the tid() accessor in Native_capability to dst().
2012-03-10 15:52:19 +01:00
Stefan Kalkowski
84ca4b25db L4Linux: fix changed name scope of enums.
This bug was introduced by commit c9c21ad39c, where Fiasco_capability
was removed, and enums defined in that class scope went to the namespace
Fiasco. In L4Linux some references to Fiasco_capability remained.
2012-03-10 15:52:18 +01:00
Stefan Kalkowski
42b7c01685 Unify policy name for Native_capability_tpl.
This commit unifies the policy name for the template argument for
Native_capability_tpl to Cap_dst_policy, like suggested by Norman in the
discussion resulting from issue #145. Moreover, it takes the memcpy
operation for copying a Native_capability out of the template, which is
included by a significant bunch of files, and separates it in a library,
analog to the suggestion in issue #145.
2012-03-10 15:52:13 +01:00
Norman Feske
35384faa7a Follow-up tweaks for issue #145
Because we use to pass a policy class to 'Native_capability_tpl'
we can pass the dst type as part of the policy instead of as
a separate template argument. This patch also adds documentation
of the POLICY interface as expected by 'Native_capability_tpl'.
2012-03-08 19:28:32 +01:00
Stefan Kalkowski
c9c21ad39c Merge Native_capability implementations (fix #145).
This patch unifies the Native_capability classes for the different kernel
platforms by introducing an appropriate template, and eliminating naming
differences. Please refer issue #145.
2012-03-08 18:42:39 +01:00
Stefan Kalkowski
9992efed03 Don't memcpy the parent capability. Fix #144.
To give the platform developer more freedom in how the Native_capability
class is internally implemented (e.g. turning it into a smart-pointer),
this patch removes the memcpy operation, when transfering the parent-capability
to a new process from the generic code, and let the implementation of the
platform-specific Native_capability decide how the transfer has to be done.
Please refer to issue #144.
2012-03-08 18:41:38 +01:00
Stefan Kalkowski
fa377f0df5 Make local capability interface explicit. Fix #139.
Introduce a factory-, and dereference method for local capabilities. These are
capabilities that reference objects of services, which are known to be used
protection-domain internally only. To support the new Capability class methods
a protected constructor and accessor to the local object's pointer is needed
in the platform's capability base-classes. For further discussion details please
refer issue #139.
2012-03-08 18:40:48 +01:00
Norman Feske
56586ae7b0 Add 'base/src/test/ada', fix #146 2012-03-08 12:32:08 +01:00
Norman Feske
5491ca590d GSoC 2012 document and news item 2012-03-08 11:32:25 +01:00
Althaf K Backer
e607ba9271 Fixed a typo from 32bit to 64bit (fixed #137) 2012-03-08 10:42:26 +01:00
Christian Prochaska
2d290c0898 Preliminary 'log2()' and 'log2f()' implementation
The 'log2()' and 'log2f()' functions have been added in FreeBSD's libc
version 9.0.0, but they are missing in version 8.2.0, which is used in
Genode. This patch provides preliminary implementations of these
functions until the Genode libc gets updated to version 9.0.0 or above.

Fixes #143.
2012-03-08 10:42:21 +01:00
Christian Prochaska
0bf6a24d61 Add 'select_from_repositories' in 'dep_lib.mk'
Fixes #142.
2012-03-06 17:09:54 +01:00
Stefan Kalkowski
0973215cf0 Adapt memory quota to recent Fiasco.OC changes
When introducing an avl-tree to re-find known capabilities in Fiasco.OC
(issue #112), the memory demand of apllications was slightly increased.
So we've to give the pl11x driver more memory by default. Fixes #140.
2012-03-06 17:02:48 +01:00
Sebastian Sumpf
10d7022395 ACPI: Handle indirect packages
Scan for packages outside of _PRT-methods (fix #141)
2012-03-06 16:59:02 +01:00
Norman Feske
e4cb3ed929 Follow-up for spin-lock unification, ref #123 2012-03-01 10:57:05 +01:00
Stefan Kalkowski
319813a59b Merge spin-lock implementations
Separate spin-lock implementation from lock-implementation and put it into a
non-public header, so it can be re-used by the DDE kit's and Fiasco.OC's
capability-allocator spin lock. Fixes issue #123.
2012-02-29 15:41:17 +01:00
Norman Feske
72183f1536 Fix link in release notes
Thanks to ukn for reporting!
2012-02-28 18:19:41 +01:00
Norman Feske
0b385ea833 Fixed link in news item 2012-02-28 12:16:14 +01:00
Christian Helmuth
92171e9b86 Fiasco.OC: Reduce capability-allocator size
The old variant provided 8K capability slots to all processes on core,
which increased binaries by 180 KB for the static allocator. I reduced it
to 4K capabilities stay under 100 KB overhead for the allocator.

Anyway, pci_drv and pl11x_drv need more RAM quota now: 2M for pl11x_drv
and 1M for pci_drv.
2012-02-28 10:54:42 +01:00
Norman Feske
d0d35cd9dd News item for release 12.02 2012-02-28 10:39:18 +01:00
Norman Feske
2bee333c12 Release notes for version 12.02 2012-02-28 10:39:15 +01:00
Norman Feske
3e41ff7f23 Minor coding style fix
The 'detail' tag is not conform to the coding style. Tools may stumble
over it.
2012-02-28 08:50:15 +01:00