When finishing a block request in the L4Linux block stub driver,
we#ve to hold the queue lock before using __blk_end_request_all, or
simply use blk_end_request_all instead. Moreover, this commit simplifies
the lock/unlock behaviour when the block queue has to be stopped, or resumed.
Thanks to I. Ismagilov for these suggestions.
File_io_channel now includes ioctl() because pseudo devices which are
implemented as a file-system, e.g. /dev/tty, are controlled via ioctl()
requests. The method is exported to the Vfs through the Vfs_io_channel
class.
The random file-system provides an arc4 based urandom implementation
which is needed for OpenSSL.
NOTE: the Arc4random class currently _does not collect enough_ random
bytes!
We will reuse the terminal connection in the stdio filesystem
to implement /dev/tty. Therefor we need to access the terminal
from different locations which is simplified if it is provided
by a singleton.
This patch improves the life-time management of socket descriptors and
addresses several corner cases exposed by the 'bomb' test.
The lookup and association of file descriptors with global IDs have been
turned into an atomic operation. Otherwise, multiple threads interacting
with the singleton 'ep_sd_registry' may override each other's
associations.
Closing the socket pair used for the reply channel has been implemented
via the RAII pattern to capture all corner cases, in particular
exceptions.
If blocking operations are interrupted by signals, we throw a
'Blocking_canceled' exception.
We preserve core's socket descriptor at 'PARENT_SOCKET_HANDLE' to avoid
a corner case where the parent capability is going to dup2'ed to the
same handle.
Support for 'Thread_base::join' within core to enable leaving Genode via
Control-C.
This patch introduces clean synchronization between the entrypoint
thread and the caller of the 'Rpc_entrypoint' destructor. The most
important change is the handling of the 'Ipc_server' destruction. This
object is in the local scope of the server's entry function. However,
since the server loop used to be an infinite loop, there was hardly any
chance to destruct the object in a clean way. Hence, the
'Rpc_entrypoint' destructor used to explicitly call '~Ipc_server'.
Unfortunately, this approach led to problems because there are indeed
rare cases where the server thread leaves the scope of the entry
function, namely uncaught exceptions. In such a case, the destructor
would have been called twice.
With the new protocol, we make sure to leave the scope of the entry
function and thereby destroy the 'Ipc_server' object as expected. This
is achieved by propagating the exit condition through a local RPC call
to the entrypoint. This way, the blocking state of the entrypoint
becomes unblocked. Furthermore, '~Rpc_entrypoint' makes use of the new
'join' function to wait for the completion of the server thread.
The block count in DMA requests is limited to 8 bit. Therefore,
if a client requests more than 255 blocks in a single packet request,
split the request in a loop.
'Bender' can detect serial ports accessible via PCI and writes the I/O ports
to the Bios Data area (BDA).
Usage together with the PXE bootloader ease life running Genode/NOVA on native
hardware, where a standard serial device isn't available anymore anywhere.
We don't can use map_local_one_to_one for boot modules because it happens
that boot modules can be at addresses above physical 3G boundary for x86_32.
Defer the mapping of modules until the point where the core allocators
are set up properly and then remap the physical pages to virtual addresses
below 3G.
If the I/O ports are non default (3f8), we had to specify manually the correct
I/O ports. With this commit the BDA is read and the I/O port of the first
serial interface (COM) is taken. If no serial interface is available no device
configuration will be undertaken.
There is no obvious reason for having two different SPEC variables, definitions,
and pathes for the Pandaboard platform. It even lead to problems regarding the
omap4 framebuffer driver (look at issue #505 and #506).
By now there is no use case for read/write a single register
of a thread state. Thus the new syscalls 'read_thread_state' and
'write_thread_state' replace the old ones 'read_register' and
'write_register'.
Add 'resume_faulter' syscall that is similar to 'resume_thread', but
is called only when resuming a thread after resolving its pagefault.
This way the kernel can flush caches after resolving a pagefault. This is
because by now the MMU doesn't use caches when doing a pagetable walk.
'Page_flags' maps application-specific memory attributes
to the TLB-specific memory attributes. Thereby it avoids
functions with lots of parameters, by declaring appropriate
bitfields on a single POD value.
With this patch the make install target for Noux applications gets defined
in the 'NOUX_INSTALL_TARGET' make variable with 'install-strip' as default.
Fixes#503.
With this patch, custom UIDs and GIDs can be assigned to individual
Genode processes or whole Genode subsystems.
The new 'base-linux/run/lx_uid.run' script contains an example of how to
use the feature.
Fixes#510
On Linux, we want to attach additional attributes to processes, i.e.,
the chroot location, the designated UID, and GID. Instead of polluting
the generic code with such Linux-specific platform details, I introduced
the new 'Native_pd_args' type, which can be customized for each
platform. The platform-dependent policy of init is factored out in the
new 'pd_args' library.
The new 'base-linux/run/lx_pd_args.run' script can be used to validate
the propagation of those attributes into core.
Note that this patch does not add the interpretation of the new UID and
PID attributes by core. This will be subject of a follow-up patch.
Related to #510.
This ensures that the cwd of the process is within the chroot
environment, improving security for root processes.
The cwd after the chroot is the same as before, this is needed to
start binaries given as relative path name.
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.
Related to #194, #501