The new types in base/ram.h model different allocation scenarios and
error cases by mere C++ types without using exceptions. They are meant
to replace the former 'Ram_allocator' interface. As of now, the
'Unmapped_allocator' closely captures the former 'Ram_allocator'
semantics. The 'Constrained_allocator' is currently an alias for
'Unmapped_allocator' but is designated for eventually allocating
mapped RAM.
In contrast to the 'Ram_allocator' interface, which talked about
dataspace capabilites but left the lifetime management of the
allocated RAM to the caller, the new API represents an allocation
as a guard type 'Allocation', which deallocates on destruction by
default.
Allocation errors are captured by a 'Result' type that follows
the 'Attempt' pattern.
As a transitionary feature, the patch largely maintains API
compatibility with the original 'Ram_allocator' by providing
the original (exception-based) 'Ram_allocator::alloc' and
'Ram_allocator::free' methods as a wrapper around the new
'Ram::Constrained_allocator'. So components can be gradually
updated to the new 'Ram::' interface.
Issue #5502
After constructed, a 'Thread' object may remain in a dysfunctional state
should the stack allocation have failed. This condition is no longer
reflected as a C++ exception but as result value of 'Thread::info()'.
Keep 'Thread::name' as public constant because the stack is not always
available for storing the name.
The 'stack_top' accessor has been removed because this information is
already provided by 'Thread::info()'.
Issue #5245
With this patch, the 'Pd_session' interface no longer implements the
'Ram_allocator' interface, which allows us to change the
'Genode::Ram_allocator' semantics (as a subsequent step) without
affecting core's PD service.
The patch also replaces the client-local implementation of
'Pd_session_client::dataspace_size' by the proper RPC call 'ram_size' to
core, which mitigates the potential risk of de-referencing a dataspace
cap of an untrusted origin. E.g., in scenarios where the monitor
component requests the size of a dataspace allocated by the debugging
target.
Since 'ram_size' is an RPC call, it cannot be const. Hence, the
'Ram_alloctor::dataspace_size' has become non-const.
The new 'Pd_ram_allocator' implements the 'Ram_allocator' interface by
using a PD session.
Issue #5502
With planned removal of Thread:: exceptions, we need to consider that a
'Thread' object may exist without a valid 'Stack' and therefore without
a valid 'Native_thread', which is hosted as part of the 'Stack'.
This patch reworks the code that accesses the 'Native_thread' to use the
new 'Thread::with_native_thread' interface. Within the local scope,
the native thread is referred to as 'nt'.
The _init_platform_thread and _deinit_platform_thread() have been
replaced by _init_native_thread and _deinit_native_thread, which take
a 'Stack &' as argument.
As a safety caution, 'Native_thread' objects can no longer be copied.
Issue #5245
This patch adjusts the last remaining callers of 'core_env' and removes
the 'Core_env' interface.
- Core's RAM/cap accounts are now represented by 'Core_account'
implementing the 'Pd_account' interface.
- The former parts of 'Core_env' are now initialized in sequence
in 'bootstrap_component'.
- 'Core_child' has been moved to a header to reduce the code in
'main.cc' to a bare minimum. This as a preparation for the
plan of making 'main.cc' specific for each kernel.
Fixes#5408
This patch replaces the use of 'core_env()' in 'platform_services.cc' by
the function arguments 'core_ram', 'core_rm', and 'io_port_ranges'.
It also removes the 'Pd_session' argument from 'Io_port_root' and
'Irq_root' to avoid the reliance on the 'Pd_session' interface within
core,
Issue #5408
Replace the use of the global 'core_env()' accessor by the explicit
delegation of interfaces.
- For allocating UTCBs in base-hw, 'Platform_thread' requires
a way to allocate dataspaces ('Ram_allocator') accounted to the
corresponding CPU session, a way to locally map the allocated
dataspaces (core's 'Region_map'), and a way to determine the
physical address (via 'Rpc_entrypoint') used for the initial
UTCB mapping of main threads. Hence those interfaces must be
passed to 'Platform_thread'.
- NOVA's pager code needs to look up 'Cpu_thread_component'
objects using a map item as key. The lookup requires the
'Rpc_entrypoint' that hold the 'Cpu_thread_component' objects.
To make this 'Rpc_entrypoint' available, this patch adds
the 'init_page_fault_handing' function.
- The 'Region_map_mmap' for Linux requires a way to look up
'Linux_dataspace' objects for given dataspace capabilities.
This lookup requires the 'Rpc_entrypoint' holding the dataspaces,
which is now passed to 'platform.cc' via the new Linux-specific
'Core_region_map::init' function.
Issue #5408
This patch replaces the former Child::Process and
Child::Process::Loaded_executable classes by static functions that
return failure conditions as return values.
Issue #5245
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.
It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.
The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.
Related to #5256
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'
Issue #5245Fixes#5070
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.
Issue #5245
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.
Issue #5245Fixes#5250
This patch replaces exceptions of the PD session RPC interface with
result types.
The change of the quota-transfer RPC functions required the adaptation
of base/quota_transfer.h and base/child.h.
The 'alloc_signal_source' method has been renamed to 'signal_source'
to avoid an exceedingly long name of the corresponding result type.
The Pd_session::map function takes a 'Virt_range' instead of basic-type
arguments.
The 'Signal_source_capability' alias for 'Capability<Signal_source>' has
been removed.
Issue #5245
With `MAP_FIXED` absent from the mmap(3p) flags, "the implementation uses
addr in an implementation-defined manner to arrive at pa", which may
lead to a mapping at an address diffent to the requested `addr`.
Add `MAP_FIXED` to the mmmap flags to force mapping to the specified
address.
Fixes#5147
This patch replaces the exception-based error propagation by the use of
'Attempt' return values, which eliminates side effects of the exception
handling - cxx_heap allocations - from code paths that are used by the
the cxx_heap itself (when growing the cxx_heap).
It thereby fixes the failure of the sub_rm test at the "attach RAM ds to
any position at sub rm - this should fail" step.
Fixes#4953
This patch replaces the global '_wait_for_exit_sem' object by a local
static variable, which does not rely on the global ctors. It thereby
fixes the fault_detection test after the removal of the global ctors
execution from core ("base: remove component.cc from core").
Issue #4784
This patch removes the use of the Entrypoint::schedule_suspend mechanism
and the call of glibc's exit from the lx_hybrid tests, for two reasons.
First, the interplay of atexit handlers executed by the glibc and
Genode's lx_hybrid library is complicated while bringing no benefits in
practice as lx_hybrid applications are usually servers that don't exit
anyway.
Second, the Entrypoint::schedule_suspend mechanism in not used by any
other component. By removing its use from the lx_hybrid tests, we can
remove this mechanism from the base library.
Issue #4940
By supplying only the parts of the Env that are actually relevant for
initializing the cxx heap, we avoid the need for the 'Env' interface.
The patch also moves the call of 'init_ldso_phdr' to the outside
of the cxx library because it does not belong there.
Issue #4784
This patch replaces the internal use 'env_deprecated()' from the
implementation of the thread API in the base library. It also
replaces the global accessor 'main_thread_cap' by the explicit
propagation of the main-thread's capability to the single point of
use via a new 'init_thread_bootstap' function.
Issue #4784
The new 'init_platform' function performs the platform-specific
component-local low-level initialization. It allows for the
differentiation between core and regular components as well as
kernel-dependent peculiarities.
This patch introduces a consistent notion of a 'Platform'. Within core,
the 'Platform' contains the kernel-specific initialization. Outside
core, the platform sets up the interplay with the parent component. In
all cases, the platform is constructed while running on the initial
stack.
Issue #4784
The namespace draws a clear line between the base library and the core
component.
It is declared at the new core-local header <types.h>, which is expected
to be included by all code of the core component. It is thereby a
natural place for kernel-agnostic general types like commonly used C++
utilities.
Fixes#4777
Tracing must be inhibited in attach/detach as RPC trace points may
trigger attachment of trace dataspaces, which would result in nested
mutex acquisition.
This prevents errors in test-trace_logger like follows.
[init -> depot_autopilot] 0.140 [init -> dynamic_rom] Error: deadlock ahead, mutex=0x500e6f00, return ip=0x50053ed7
Fixes#4607
The official way to obtain DMA addresses for RAM dataspaces is
the RPC function 'Pd_session::dma_addr' now. User-level device drivers
should not call this function directly but use the 'Platform_session'
interface of the platform driver instead.
Fixes#2243
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.
The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.
The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.
With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.
Issue #2243
