This patch simplifies the packaging of the base-hw kernel for a given
board, in particular when the board support is hosted as an external
repository such as genode-world. Regardless of where the board-support
is hosted, the content.mk file becomes as simple as:
include $(GENODE_DIR)/repos/base-hw/recipes/src/base-hw_content.inc
The board name is automatically inferred from the path of the src
recipe. The architecture is determined from board/<name>/arch files,
following the pattern of the image_link_address. The attempt to build a
base-hw-<board> binary archive for the wrong architecture is now
gracefully handled by skipping all targets (using the REQUIRES
mechanism).
Besides the improved convenience, the patch results in depot archives
that are much closer tailored to the actual board by omitting files for
architectures that are not used by the board. E.g., the src/base-hw-pc
archive does not contain any ARM-related content.
The patch also restores the package builds for core/bootstrap object
files as a follow-up fix of "base: remove SPEC variables of boards",
which happened to left 'BOARD' undefined in the src archives.
Fixes#4019
- remove Spike/BBL support in favour of Qemu (>=4.2.1)
- add 'riscv_qemu' board, remove 'spike' board'
- update to privileged ISA v1.10 (from v1.9.1)
- use direct system calls for privileged core threads (they call into
the kernel and don't use mode changing system calls, i.e. 'ecall',
semantics)
- use 'OpenSBI' semtantics for SBI calls (to machine mode) instead of
BBL
issue #4012
Improve consistency with the other base repositories, in particular
- Indentation of class initializers
- Vertical whitespace around control-flow statements
- Preferably place control-flow statements (return, break, continue) at
beginning of a line
- Placing the opening brace of a namespace at the end of line
- Placing the opening brace of a class at a new line
- Removing superfluous braces around single statements
- Two empty lines between methods/functions in implementation files
This patch moves the bootstrap-link-address information from the
tool/run/boot_dir/hw file to board-specific property files that can be
accessed by using the board as key. This eliminates the need to
customize boot_dir/hw when hosting board-support in an external
repository.
Fixes#3998
The _crt0_start_stack label points to a memory location containing the
size of the bootstrap stack. On AArch64 this should be an 8 byte value,
but the code only only defines half of those using asm .long statement.
The other half is expected to be 0, which is true when using GNU as.
This is not the case when using clang's integrated as however. Since
_crt0_stack_size is defined inside .text section clang uses 0xd503201f
value (aarch64 nop instruction) to fill the extra 4 bytes.
Fix this minor incompatibility by explicitly defining both halfs of
this 8 byte quantity.
Fixes#3987
Avoid use of REP_DIR in *.mk files to simplify the use of these files as
templates for a board hosted in a separate repository.
Use REP_INC_DIR for searching headers, thereby considering headers
hosted in an external repository.
Issue #3168
* Remove SPEC declarations from mk/spec
* Remove all board-specific REQUIRE declaratiions left
* Replace [have_spec <board>] run-script declarations with have_board where necessary
* Remove addition of BOARD variable to SPECS in toplevel Makefile
* Move board-specific directories in base-hw out of specs
In case of arm_v7a Kernel::call64 the syscall will use both r0 and r1 as
output registers. Unfortunately the inline asm does not reflect this and
only r0 is explicitly specified as output. GCC manages to produce output
which we'd like to see. Clang on the other hand takes adventage of the fact
r1 should not be touched by swi and produces fewer instructions which do
what the code describes, but not what we actually want.
Basically the code which we want and is generated by GCC is:
svc 0
mov r2, r0
mov r0, r1
mov r1, r2
bx lr
Clang on the other hand generates correct assembly given the code, but
incorrect given what the function is supposed to do:
svc 0
mov r1, r0
mov r0, #0
bx lr
Both GCC and clang generate the same, expected assembly output when r1
is marked as output register from the inline asm swi call.
Fixes#3951
Right now the code marks specific instance of this function as noreturn.
It then tries to initialize it using a value that has the same type,
except for the noreturn part. GCC does not care, but clang complains this
technically assigns the value of entry from incompatible pointer type.
Fix this by defining Entry function as no return.
Issue #3938
The lambda function passed to Board::Vm_page_table_array does not
actually use "this" for anything. GCC does not warn about this, but
clang does. Remove the extra capture to make clang happy.
Issue #3938
GCC doesn't care, but clang complains if [[fallthrough]] is not followed
by a semicolon. Existing code is also not consitent in this regard. Lets
just fix it to make clang happy.
Issue #3938
* Introduce hypervisor-stack per CPU
* Introduce host world context per CPU
* Mark EL2 translation table memory as inner shareable
* The VMID is not bound to a single VCPU, but to the Vm_session as a whole
* Set affinity of the VCPU accordingly
* Add VMPIDR to VM state
Ref #3926
Instead of calling core to run/pause a VCPU, go directly to the kernel.
Apart from the performance win, it would otherwise involve a more complex
protocol, when a VCPU on another core has to be removed from the scheduler.
Core's entrypoint handling those request runs on the boot-cpu only.
Ref #3926
To enable the interaction of a VMM with the kernel directly,
a hidden RPC gets introduced. It allows a kernel-specific
base-library implementation of the Vm_session::Client to request
a kernel-specific capability to address a VCPU, e.g., to
run/stop it.
Ref #3926
* get rid of alarm abstraction
* get rid of Timeout::Time type
* get rid of pointer arguments
* get rid of _discard_timeout indirection
* get rid of 65th bit in stored time values
* get rid of Timeout_scheduler interface
* get rid of uninitialized deadlines
* get rid of default arguments
* get rid of Timeout::_periodic
* get rid of Timeout::Raw
* use list abstraction
* only one interface for timeout handlers
* rework locking scheme to be smp safe
* move all method definitions to CC file
* name mutexes more accurate
* fix when & how to set time-source timeout
* fix deadlocks
Fixes#3884
Adjust the base-* platforms to acknowledge new thread location solely if
migration is supported and succeeded. Otherwise the wrong thread
locations are observed via the trace session and utilization time calculation
get wrong.
Issue #3842
By now, the enumeration of peripheral interrupts on Raspberry Pi 1 was
different in between base-hw kernel and Fiasco.OC. Therefore, hacks were
needed in every driver to request the correct interrupt number dependent
on the kernel. Before reproducing the same in the platform driver for rpi,
we can more easily use the same enumeration with base-hw.
Ref #3864
To access the ARM Trusted Firmware from the platform driver
fill the new `managing_system` call of the PD session with life resp.
do a SMC call on behalf of the client.
Fix#3816
- base/cancelable_lock.h becomes base/lock.h
- all members become private within base/lock.h
- solely Mutex and Blockade are friends to use base/lock.h
Fixes#3819
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.
Related to issue #3581
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.
Fix#3715
This patch adds support for booting base-hw kernel on qemu-arm virt
machines. The arm_virt machine has 2GB of RAM, 2 Cortex A15 cores and
uses GICv2 interrupt controller. The arm_64_virt machine also has 2GB of
RAM, but has 4 Cortex A53 cores and uses GICv3. Both machines use PSCI
to boot additional CPU cores.
Fixes#3673
So far this only exposes two functions allowing the code to turn on
additional CPUs. There is much more functionality defined by PSCI spec
but so far its not needed by Genode.
Fixes#3672
This is a follow-up fix for commit 202333c881.
It checks for the diagnostic registers being already setup correctly.
Otherwise on platforms with secure firmware, like Pandaboard it will stuck.
Ref #3639
This patch reflects the Out_of_caps exception from core to the client,
in addition to the already covered Out_of_ram exception. It thereby
eliminates a potential abort in core, which I observed with the
tool_chain_auto.run script:
Kernel: RPC upgrade_cap_slab
Error: Uncaught exception of type 'Genode::Quota_guard<Genode::Cap_quota>::Limit_exceeded'
Warning: abort called - thread: entrypoint
In addition to propagating the exception, the patch add the client-side
exception-handling code to the base library.
Fixes#3703
This commit fixes the following issues regarding cache maintainance
under ARM:
* read out I-, and D-cache line size at runtime and use the correct one
* remove 'update_data_region' call from unprivileged syscalls
* rename 'update_instr_region' syscall to 'cache_coherent_region' to
reflect what it doing, namely make I-, and D-cache coherent
* restrict 'cache_coherent_region' syscall to one page at a time
* lookup the region given in a 'cache_coherent_region' syscall in the
page-table of the PD to prevent machine exceptions in the kernel
* only clean D-cache lines, do not invalidate them when pages where
added on Cortex-A8 and ARMv6 (MMU sees phys. memory here)
* remove unused code relicts of cache maintainance
In addition it introduces per architecture memory clearance functions
used by core, when preparing new dataspaces. Thereby, it optimizes:
* on ARMv7 using per-word assignments
* on ARMv8 using cacheline zeroing
* on x86_64 using 'rept stosq' assembler instruction
Fix#3685
The mutex class is more restrictive in usage compared to
Genode::Lock.
- At initialiation time it is ever unlocked.
- No thread is permitted to lock twice. Warn about it
in case it happens.
- Only the lock onwer is permitted to unlock the mutex.
Warn about it and don't unlock the mutex in case it happens.
Issue #3612
In preparation of ipc receive, by now a bunch of capabilities got
allocated to be ready iin case of capability receiption. After that
unuse slots were freed again. This overhead of senseless (de-)allocations
is replaced in this commit by just restock capability slots that got
used by the last receive.
Fix#3640
Error return codes are used with non-const functions in the signaling modules.
This would have been impractical for the in-place translation of the module to
Ada in the context of the Spunky project. Besides, it is easy to get rid of
them and it makes the execution flow more clear.
Ref #3308
Besides reducing the use of pointers in base-hw, this prepares for the in-place
translation of the signaling module to Ada in the context of the Spunky
project.
Ref #3308
This prevents the use of Kernel::Object as base class for the specific kernel
objects and instead makes it a member of the kernel objects. Besides
simplifying inheritance hierarchies in base-hw, this prepares for the in-place
translation of the signaling module (and others) to Ada in the context of the
Spunky project.
Ref #3308
Besides simplifying the execution flow in the signaling module, this prepares
for the in-place translation of the signaling module to Ada in the context of
the Spunky project.
Ref #3308
This prevents the use of C++ features in the public method interface of the
synchronous-IPC module that would be impractical for the in-place
translation of the module into Ada in the context of the Spunky project.
* Get rid of thread accessor.
* Get rid of non-const functions with return values.
* Get rid of pointer return-values.
Ref #3308
Besides simplifying inheritance hierarchies in base-hw, this prepares for the
in-place translation of the synchronous-IPC module to Ada in the context of the
Spunky project.
Ref #3308
This is a simplication of the asyncronous-IPC module of the base-hw kernel.
Besides structuring the code in a cleaner way, it prepares for the in-place
translation of the module into Ada in the context of the Spunky project.
* Get rid of virtual methods in Ipc_node.
* Move all stuff related to protection domains, capabilities, and UTCBs to
the Thread class. this code might later be moved to a dedicated module, but
for now it's just fine to have it done by the thread module.
Ref #3308
Moved code waking up processors for Cortex A53 before changing privilege
level because sending events to higher privilege levels is not allowed.
Fixed enable_mmu for Cortex A53 to properly return cpu id.
Fixed starting code for secondary cores to properly initialize stacks.
Added code to wake up secondary cores on rpi3.
Ref #3573
We cannot count on the correct initialization of the diagnostic register
of the secondary cores. But the boot core gets initialized by the bootchain,
so we can copy over those values.
Fix#3639
Whether an SoC has the multiprocessing extensions can be read out
from the identification registers, and does not need to be specified
in each board header.
Ref #3445
In the past, the core-only privileged syscall `update_pd` was used only
to invalidate the TLB after removal of page-table entries.
By now, the whole TLB at least for one protection domain got invalidated,
but in preparation for optimization and upcomingARM v8 support,
it is necessary to deliver the virtual memory region that needs to get
invalidated. Moreover, the name of the call shall represent explicitely
that it is used to invalidate the TLB.
Ref #3405