The 'pause' call on base-nova assumes that a thread can solely block in its
associated semaphore. Main reason is that so core can unblock a thread in order
that the recall exception gets delivered and the register state can be
obtained.
Unfortunately the signal session implementation creates a semaphore, which is
unknown by the pager code. Instead create the semaphore via the pager of the
thread, so that the pager can unblock the signal thread when a pause is issued.
Issue #478
Patch prevents following bugs:
* In sleep_forever the thread return from semaphore down if cap is revoked
during destruction of a thread. This causes an endless loop consuming time
not available for other threads.
* In lock_helper and cap_sel_alloc the thread return from the lock() method
even if the semaphore down call failed because of an revoked semaphore.
This lead to the situation that a thread subject to de-construction returns
from the lock method, but not holding the lock, entering the critical section
and modifying state inside the critical section. Another thread in parallel
already in the critical section or entering the critical section also
modifies the state. This lead to curious bugs ...
* thread_nova, thread_start, irq_session
Detect early bugs if the SM is gone unexpectedly where it should never
happen.
It now can hold a right bit used during IPC to demote rights of the to be
transfered capability.
The local_name field in the native_capability type is not needed anymore
in NOVA. Simplify the class, remove it from constructors and adapt all
invocations in base-nova.
Unfortunately local_name in struct Raw is still used in generic base code
(process.cc, reload_parent_cap.cc), however has no effect in base-nova.
This patch unifies the Native_capability classes for the different kernel
platforms by introducing an appropriate template, and eliminating naming
differences. Please refer issue #145.
