mirror of
https://github.com/genodelabs/genode.git
synced 2025-01-11 15:33:04 +00:00
98211db63d
This keeps the doc/ directory tidy and neat.
1030 lines
51 KiB
Plaintext
1030 lines
51 KiB
Plaintext
|
|
|
|
===============================================
|
|
Release notes for the Genode OS Framework 12.05
|
|
===============================================
|
|
|
|
Genode Labs
|
|
|
|
|
|
|
|
The best way to characterize version 12.05 of the Genode OS Framework is to
|
|
dub it as feature release. Among the numerous additions of new functionality
|
|
are a new USB stack, media replay capabilities, and the ability to run the GNU
|
|
tool chain including GCC, G++, Binutils, and GNU Make directly on Genode. That
|
|
said, the current release is not short of architectural improvements either.
|
|
The highlights are the introduction of Genode's file-system infrastructure and
|
|
a new concept for the dynamic adjustment of the system's behaviour at runtime.
|
|
|
|
The release follows the rough plan we laid out in our
|
|
[https://genode.org/about/road-map - road map]. One planned road-map item was
|
|
revisiting our base of device drivers as we realized that some important
|
|
drivers were not on par with our requirements, the USB stack being the most
|
|
important example. Our prior existing solution was originally ported from Linux
|
|
2.6.20. It is needless to say that this version is severely limited when it comes
|
|
to the use of modern hardware. Instead of continuing to walk the path of the
|
|
existing solution, we took the chance to fundamentally re-approach the problem
|
|
of porting a complex driver subsystem from the Linux kernel. We are happy to
|
|
have found a new methodology that promises to become a much more sustainable
|
|
solution for Genode. The rationale behind the new development is described in
|
|
detail in section [Re-approaching the Linux device-driver environment].
|
|
|
|
The second major road-map item refers to the Noux runtime environment, which
|
|
enables us to run a growing number of unmodified GNU programs natively on
|
|
Genode. The abilities of Noux have taken a giant leap forward. The two most
|
|
significant improvements are the support of stacked file systems and networking
|
|
support. With those in place, we have become able to run most parts of the
|
|
Genode tool chain including GCC, G++, Binutils, and GNU Make via Noux. Thanks
|
|
to the added networking support, we are able to use basic networking tools such
|
|
as netcat as well.
|
|
|
|
The third topic according to the road map is file-system support. Version 12.05
|
|
contains the groundwork for this domain. The foundation is the new file-system
|
|
session interface. A first implementation of this interface is available in the
|
|
form of an in-memory file system. To enable the use of Genode's file-system
|
|
facilities by applications, we added support to the C runtime as well as to
|
|
Noux.
|
|
|
|
In addition to the features planned according to our road map, there are many
|
|
new functionalities and improvements. To name a few: By enhancing the existing
|
|
configuration concept described in section [System reconfiguration at runtime],
|
|
we principally enable components to respond to configuration adjustments
|
|
on-the-fly, which clears the way for elegantly solving many problems typical
|
|
for general-purpose computing. The port of libav accompanied with profound
|
|
changes of our version of libSDL enables us to replay media data. The Fiasco.OC
|
|
base platform has received a lot of attention to fully leverage the kernel's
|
|
capability concept. Last but not least, the port of Lua interpreter allows for
|
|
using this popular scripting language on Genode.
|
|
|
|
The release of version 12.05 is accompanied with a slightly updated road map.
|
|
The persistent storage topic has been traded for our media player because the
|
|
former one naturally builds upon the just recently added file-system interface.
|
|
Furthermore, we decided to defer the live CD until July as we realized that we
|
|
first need to overhaul low-level components such as USB before the new live
|
|
system can be expected to work as intended. Also, some of the scenarios we want
|
|
to present depend on framework features just introduced with the current release,
|
|
in particular the file-system infrastructure and the media capabilities.
|
|
|
|
|
|
Re-approaching the Linux device-driver environment
|
|
##################################################
|
|
|
|
User-level device drivers are a never-ending quest for microkernel-based
|
|
systems. The two most extreme approaches are the development of a custom driver
|
|
base developed from scratch, or the use of a virtualized OS as donor of
|
|
device-drivers. An example of the former approach is the HelenOS project, which
|
|
aspires to conduct the development of all needed device drivers within the
|
|
project. The latter approach also known as device-driver OS is domesticated by
|
|
NUL (NOVA userland) for networking drivers and the L4Re (Fiasco.OC userland).
|
|
|
|
For Genode, neither of both extremes seems to be viable. For the sake of
|
|
argumentation, let's consider USB support as an example. We deem the
|
|
development of a new USB stack from scratch as a far too elaborative
|
|
undertaking, in particular when looking at the functionality we desire. The
|
|
feature set of HelenOS's custom-built USB stack is quite illustrative. It
|
|
supports HID and USB storage, yet no high-speed devices, nor even more
|
|
sophisticated features such as USB 3.0. On the other hand, using the
|
|
device-driver OS approach just for providing USB support is unfortunate when
|
|
considering that even the most basic devices such as keyboard and mouse depend
|
|
on a working USB stack. We would pull in a complete OS kernel (donor kernel)
|
|
just for the sake of handling user input. Furthermore device drivers do not
|
|
come for free even when using an unmodified donor kernel. Integrating the
|
|
donor kernel with the remaining Genode system requires glue code interacting
|
|
with the donor kernel. This code would translate driver API calls to Genode
|
|
RPC interfaces. Even more importantly for us, the use of a device-driver OS
|
|
requires a base platform with support for virtualization. But there is no
|
|
virtualization solution that works across all of Genode's base platforms. Quite
|
|
the contrary. We experience that each virtualization solution such as L4Linux,
|
|
OKLinux, or Vancouver, is largely tied to a particular kernel (Fiasco.OC, OKL4,
|
|
or NOVA respectively). Therefore the device-driver OS approach defeats Genode's
|
|
inter-kernel portability. Even if we had a portable virtualization solution at
|
|
hand, we still would have the problem that for providing the device-driver
|
|
service, we need to trust the donor kernel to a certain degree. If the driver
|
|
uses DMA, the whole donor kernel must be trusted not to misuse DMA. Even though
|
|
IOMMUs are apparently able to relief the problem, they are far from being a
|
|
magic bullet for solving it.
|
|
|
|
Fortunately, there is a middle-ground to walk on namely porting device drivers
|
|
from a "donor OS". We have come a long way to bring the porting work of device
|
|
drivers to (a certain level of) perfection. The current release bears the fruit
|
|
of our latest achievement in this respect. Let us summarize the long-winded
|
|
travel through device-driver porting land that we had so far:
|
|
|
|
The naive way is to identify the driver code in the source code of the donor
|
|
OS, copying it over and massaging it until it works well in the new
|
|
environment. There are two fundamental problems with this way of porting.
|
|
First, there is a high likelihood to insert new bugs in the process of
|
|
modifying the imported 3rd-party code. But more importantly, each update of the
|
|
driver to a new version requires the developer to revisit the modifications.
|
|
In many cases, the rationale behind certain changes gets lost over time. The
|
|
consequence is that updating drivers becomes a largely dissatisfying kind of
|
|
work for which there is always a good excuse to not take it on.
|
|
|
|
To limit the trouble of maintaining 3rd-party drivers, the number-one rule
|
|
is to not modify 3rd-party driver code. The much better alternative is
|
|
to embed the unmodified driver into a so-called device-driver environment.
|
|
(DDE). From the driver's perspective, a DDE looks identical to the
|
|
donor OS. But the DDE makes the driver talk to custom glue code instead of
|
|
interacting with the donor OS kernel. This raises the question of how to
|
|
create a maintainable DDE. The first attempts to create a DDE for Linux
|
|
device drivers came down to a mix of reimplementing some of the Linux
|
|
APIs, taking some other portions of the Linux kernel as is, and modifying
|
|
some Linux headers to a certain degree. Each of those categories has its
|
|
own set of problems. By reimplementing Linux APIs, one risks to introduce bugs
|
|
by not implementing the exact behaviour as the Linux kernel. Because most Linux
|
|
APIs have no clear specification other than the kernel code, it is sometimes
|
|
hard to capture all semantic details. The problem of introducing bugs can be
|
|
alleviated by reusing original code wherever possible. For example, instead of
|
|
providing custom memory allocators, it is tempting to just reuse the Linux slab
|
|
implementation. The downside of reusing existing code is, however, that such
|
|
code tends to depend on further kernel code. Pulling-in the transitive
|
|
dependencies leads to more dependencies etc. The temptation of just continuing
|
|
to add more and more unmodified kernel code into the DDE can easily go out of
|
|
hand. One way to cut out such undesired dependencies is to slightly modify
|
|
(parts of) the kernel code. Unfortunately, the category of slightly modified
|
|
code usually turns out to become an ongoing maintenance burden. The bottom line
|
|
is that finding the right mix of reimplementation, slight modification, and
|
|
reuse is a matter of sure instinct of the DDE developer.
|
|
|
|
Another way to put it is defining the problem as the search in an optimization
|
|
space for the economically most sensible solution. The optimization criterion we
|
|
set out to maximize is the ratio of feature code (the actual driver, no DDE nor
|
|
glue) to the number of lines of code that must be manually maintained. To give
|
|
the order of magnitude of the code we speak of, the traditional Linux DDE
|
|
including the support for NIC, USB, and sound is comprised of more than 350.000
|
|
lines of code. The portion of modified or custom written code (code that must be
|
|
manually maintained) is more than 40.000 lines of code. Given this complexity,
|
|
we found us hesitant to update the code to newer kernel versions. The
|
|
engineering labour of such an update is significant yet not much of a rewarding
|
|
work. Apart from the burden of managing a piece of software that complex, our
|
|
confidence in the classical Linux DDE approach slipped further with each
|
|
debugging session that involved Linux DDE. In our experience, Linux DDE still
|
|
significantly deviates from the semantics of the Linux kernel but in subtle
|
|
ways. Often problems go unnoticed until a driver uses a kernel API in a
|
|
slightly unusual way. For example, a driver calling 'udelay()' from the interrupt
|
|
handler. The sheer complexity of the code base can make tracking down such issues
|
|
a painful experience. This is further amplified by the existence of certain
|
|
invariants provided by the Linux kernel but absent in the Linux DDE. One
|
|
particular source of trouble is the control flow in the event of an interrupt.
|
|
Within the Linux kernel, the interrupt handler can make the assumption that no
|
|
code of the interrupted CPU can be executed until the interrupt handler returns.
|
|
In contrast, Linux DDE models interrupts as independent threads and assumes that
|
|
all code is multi-processor safe. Consequently the control flows of the driver
|
|
executed in the Linux kernel and the same driver executed in Linux DDE differs
|
|
in subtle ways, leading to the worst of all bugs namely race conditions.
|
|
|
|
While our focus shifted away from the classical Linux DDE, we discovered the
|
|
beauty of creating extremely tight device-driver environments. In contrast to
|
|
the Linux DDE, which tried to be useful for a large range of driver classes on
|
|
the cost of becoming complex, we created new slim DDEs for single drivers or a
|
|
strictly outlined class of drivers. One example is the DDE for iPXE networking
|
|
drivers. The iPXE boot loader covers most of today's commodity network cards.
|
|
The drivers of iPXE are actually Linux drivers adapted to be executed in an
|
|
environment as minimalistic as a boot loader. It turns out that a DDE of less
|
|
than 1.000 lines of code paves the way towards using a rich base of networking
|
|
drivers (more than 100.000 lines of driver code) on Genode. A similarly
|
|
positive experience was made for the Intel GEM driver ported from the Linux
|
|
kernel. The 18.000 lines of driver code require a DDE of less than 3.000 lines
|
|
of code to reuse the driver on Genode.
|
|
|
|
These success stories motivated us to proceed going into this direction
|
|
when revisiting our USB driver. Our goal was to replace the aging USB driver,
|
|
which was based on the original Linux DDE by a new driver conducted via an
|
|
USB-specific but onion-skin tight DDE. As a general rule, we forbid ourself to
|
|
modify 3rd-party code. To completely remove race conditions from the picture,
|
|
we furthermore decided to run the entire driver stack including the handling
|
|
of client requests with a single physical thread only. This thread manages
|
|
multiple pseudo-thread contexts using cooperative scheduling.
|
|
|
|
The result is more than convincing for us. With a DDE of less than 4.000 lines
|
|
of code, we have become able to use the unmodified Linux-3.2 USB stack, which
|
|
comprises more than 60.000 lines of code. Only 3 lines had to be modified. In
|
|
contrast to Linux DDE, the 4.000 lines of custom-written DDE code are relatively
|
|
easy to comprehend. For most of the functions provided by the DDE, the
|
|
implemented semantics are a rigid subset of the original functionality as found
|
|
in the Linux kernel. Apparently the knowledge of function usage patterns in a
|
|
particular driver allows for vast simplifications. Given our self-imposed rule
|
|
to not modify 3rd-party code, we expect that future updates to new Linux kernel
|
|
versions will pose much less of a burden.
|
|
|
|
With our current approach of creating rigidly tailored DDEs, we are convinced
|
|
to have found a healthy balance between the manual effort needed to create and
|
|
maintain a base of ported device drivers and the utility those driver provide
|
|
to our system.
|
|
|
|
|
|
System reconfiguration at runtime
|
|
#################################
|
|
|
|
By addressing more and more concerns of general-purpose computing, we are
|
|
forced to push the boundaries of the framework beyond the limited scope of
|
|
special-purpose OSes. The biggest challenge is the accommodation of highly
|
|
dynamic workload. With respect to managing physical resources, the framework
|
|
was designed from the ground up with those requirements in mind. So there is a
|
|
strong basement to build upon. However, another aspect of dynamic systems is
|
|
the adaptation of the behaviour of components at runtime. This aspect used to
|
|
be an underdeveloped spot of the Genode system. With the API improvements of
|
|
the current release, we supplement the existing Genode concepts with profound
|
|
support for dynamic policies.
|
|
|
|
To give a few examples of such dynamic policies: We expect the audio mixer to
|
|
immediately respond to adjusted volume settings. The calibration of pointer
|
|
devices might be adapted on-the-fly by the user. We want to change the color
|
|
scheme of the GUI without the need to restart the GUI server. Screen
|
|
resolutions or the size of text terminals shouldn't be fixed at the start time
|
|
but changeable. Also policies such as the assignment of devices to subsystems
|
|
are subject to decisions taken at run time rather than at system-integration
|
|
time. Of course, each of those problems could be addressed individually by
|
|
adding dedicated RPC interfaces to components that support run-time
|
|
adjustments. For example, a touchscreen device driver could sport an RPC
|
|
interface for allowing the modification of calibration parameters.
|
|
|
|
But the information supplied via such configuration interfaces tends to have
|
|
a high overlap with configuration information passed to components via
|
|
Genode's configuration mechanism, which ultimately leads to uncertainty
|
|
about whether to supply such information via the configuration mechanism
|
|
or via RPC. The RPC approach also raises the question of how to initialize
|
|
dynamic configuration arguments such that the component can operate before
|
|
being explicitly configured via RPC. In the best case, a component would
|
|
accept both, a static configuration supplied via the existing configuration
|
|
mechanism and a dynamic configuration interface exposed via RPC. Obviously,
|
|
this spoils the principle of functional orthogonality, making the component
|
|
hard to test and maintain. In the worst case, a component may drop the
|
|
possibility for static configuration altogether and just rely on configuration
|
|
parameters provided via RPC. This way, we introduce a mandatory dependency
|
|
of the component from a corresponding configuration component.
|
|
|
|
There must be a better solution. Fortunately, there is. The key is to turn the
|
|
once static configuration mechanism into a dynamic facility. The configuration
|
|
mechanism uses the ROM session interface as underlying mechanism. When a
|
|
process requests a ROM module called "config" by opening a ROM session at its
|
|
parent, the parent hands out the configuration data of the respective subsystem
|
|
via a pseudo ROM dataspace. The process can then attach this dataspace to its
|
|
local address space to access the configuration information. This information
|
|
is typically expressed as XML, which makes the mechanism powerful enough to
|
|
handle arbitrarily structured configuration data. Until now, most components
|
|
used to request the 'config' dataspace only once at their start time. Once
|
|
obtained, the policy remained in effect for the whole lifetime of the
|
|
component. We can turn this static mode of operation into a dynamic one by
|
|
letting the component query for a "config" ROM module not only once but
|
|
repeatedly during its lifetime. Each time, the program requests its
|
|
configuration, the parent may hand out a dataspace with updated information.
|
|
The code for parsing the "config" data in the configured component is already
|
|
there. The only change is that the code is executed not once but multiple
|
|
times. Of course, having each component poll for configuration changes at their
|
|
parent at regular intervals won't scale too well. Components should obtain a
|
|
new config dataspace only if there is an actual change. To enable the parent to
|
|
notify the component of such changes, we enhanced the ROM session interface
|
|
with a signalling mechanism. The client (in our case this is the child process)
|
|
can register a signal handler that will get notified each time the ROM module
|
|
changes. On the reception of such a signal, it can re-evaluate the
|
|
configuration information.
|
|
|
|
Of course, the configuration file handled by the init process remains to be
|
|
static because init is meant to handle the static portions of the system only.
|
|
But dynamic config files can be used in three different ways already: First,
|
|
requests for config files can be routed to arbitrary ROM services instead of
|
|
the immediate parent. The remote ROM service may support the dynamic update of
|
|
ROM modules and provide the signalling. An example for such a dynamic policy
|
|
component can be found at 'os/run/dynamic_config.run'. In structure, this
|
|
scenario corresponds to the approach of having a dedicated policy component
|
|
define the runtime policy of a server. But in contrast to the native approach,
|
|
the 'dynamic_config.run' scenario solves the initialization problem by letting
|
|
the configured component use the policy provider as a service. The second way
|
|
of employing dynamic configurations is to run a service as a child subsystem
|
|
using the 'Slave' API. An example for this scenario is provided by
|
|
'os/run/dynamic_config_slave.run'. The third variety is the use of the loader
|
|
service to instantiate subsystems. The ROM modules of such subsystems can not
|
|
only be defined by the client of the loader but can be updated at any time
|
|
using dynamic ROM sessions. An example for the latter variant can be found at
|
|
'os/run/dynamic_config_loader.run'.
|
|
|
|
|
|
Base framework
|
|
##############
|
|
|
|
Support for dynamic ROM sessions
|
|
================================
|
|
|
|
As outlined in section [System reconfiguration at runtime], the usefulness of
|
|
the ROM session interface has just taken a giant leap with the introduction of
|
|
the following tiny function:
|
|
|
|
! void sigh(Signal_context_capability sigh);
|
|
|
|
This function allows a ROM session client to register for events referring to
|
|
the session's ROM module. At first sight, it might be counter intuitive to
|
|
expect events originating from such sessions because the most prominent
|
|
provider of the ROM service is core, which exports static binary data loaded at
|
|
boot time to higher-level components. Naturally, such boot-time modules never
|
|
change. But ROM sessions are used elsewhere, in particular by parent processes
|
|
for supplying read-only information to child subsystems. For instance, shared
|
|
libraries, executable binaries, and configuration data are passed to child
|
|
subsystems as ROM modules. But in contrast to core's ROM modules, this
|
|
information may be dynamic in nature. For example, the configuration of the
|
|
audio mixer may change at any time during the lifetime of the mixer. Also
|
|
executable binaries may change in the event of system updates. Enabling the
|
|
system to respond to such changes is crucial the use of Genode as
|
|
general-purpose OS.
|
|
|
|
For existing users of the ROM session interface, there is nothing to consider.
|
|
API compatibility is maintained. However, by installing a signal handler using
|
|
the 'sigh()' function, the client will receive a notification each time the
|
|
data changes at the server. From the client's perspective, the original data
|
|
contained in the currently used dataspace remains unchanged until the client
|
|
calls 'dataspace()' the next time. This way, the update of the ROM module at
|
|
the client side is transactional. There is no inconsistent intermediate state.
|
|
|
|
|
|
Misc
|
|
====
|
|
|
|
:Support for non-executable memory mappings:
|
|
|
|
Via the newly added 'executable' flag of 'Rm_session::attach()', clients of the
|
|
RM service become able to express whether they want a mapping to be executable
|
|
or not. This allows dataspaces to be mapped as non-executable by default and as
|
|
executable only if needed.
|
|
|
|
:Support for process-local pseudo capabilities:
|
|
|
|
On some platforms, in particular Linux, we used process-local pseudo capabilities
|
|
as helpers to implement the Genode API. In contrast to a normal capability,
|
|
which refers to an object accessible via RPC, a pseudo capability is not
|
|
more than a glorified pointer. The uses of local pseudo capabilities are
|
|
normally constrained to special cases in platform-dependent code. They do not
|
|
exist at API level.
|
|
|
|
However, our observation of the need for such a utility for platforms other
|
|
than Linux prompted us to generalize the local capabilities. The result has
|
|
been incorporated into the platform-independent 'base' repository as part of
|
|
the 'Native_capability_tpl' interface. At API level, this change is transparent.
|
|
|
|
|
|
Low-level OS infrastructure
|
|
###########################
|
|
|
|
Loader
|
|
======
|
|
|
|
The original loader service was primarily motivated by the browser-plugin
|
|
scenario presented on our live CD. But since the initial version, we envisioned
|
|
this component to become the generic mechanism of choice for scenarios where
|
|
subsystems are to be created and removed dynamically at runtime. The current
|
|
release introduces a largely revised loader-session interface and a new
|
|
implementation of the loader component. The new version widens the application
|
|
scope of the service and, at the same time, reduces its implementation
|
|
complexity.
|
|
|
|
The complexity reduction is achieved by removing the original limitation of
|
|
supplying the new sub system as a single binary blob only. The server used to
|
|
implement heuristics and functionality for dealing with different kinds of
|
|
blobs such as ELF images or TAR archives. This has been replaced by a
|
|
session-local ROM service, which can be equipped with an arbitrary number of
|
|
ROM modules supplied by the loader's client prior starting a new subsystem.
|
|
Even though the TAR support has been removed, a separate instance of the
|
|
'tar_rom' service can be used within the subsystem to provide the formerly
|
|
built-in functionality.
|
|
|
|
The new loader component is best illustrated by two examples. The traditional
|
|
loader example at 'os/run/loader.run' shows how the loader intercepts the
|
|
nitpicker session of the loaded subsystem. The corresponding source code
|
|
can be found at 'os/src/test/loader/'. The second example at
|
|
'os/run/dynamic_config_loader.run' shows how the concept of dynamic ROM
|
|
sessions can be combined with the loader. As demonstrated by this example,
|
|
ROM images used by the loaded subsystem can be updated at runtime by the
|
|
client of the loader session.
|
|
|
|
|
|
New file-system infrastructure
|
|
==============================
|
|
|
|
The current release introduces Genode's file-system session interface, provides
|
|
a first implementation of this interface in the form of an in-memory file
|
|
system, and enables the libc to use the new file-system facility.
|
|
|
|
The new interface resides in 'os/include/file_system_session/'. It uses
|
|
synchronous RPC calls for functions referring to directory and meta-data
|
|
handling. For transferring payload from/to files, the packet-stream interface
|
|
is used. We envision that the asynchronous design of the packet-stream
|
|
interface fits well with the block-session interface and thereby allows for
|
|
hiding I/O latencies when performing subsequent requests in an asynchronous
|
|
way.
|
|
|
|
[image file_system_stack]
|
|
|
|
Compared to Unix-like file-system APIs, Genode's file-system session interface
|
|
is much simpler. In particular, it does not support per-file permissions. On
|
|
Genode, we facilitate binding policy (such as write-permission) as sessions
|
|
rather than individual file objects.
|
|
|
|
In-memory file system
|
|
~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
As reference implementation of the new interface, a new 'ram_fs' service can be
|
|
found at 'os/src/server/ram_fs'. It stores sparse files in memory. At startup
|
|
time, 'ram_fs' is able to populate the file-system with directories, ROM
|
|
modules, and inline data as specified in its configuration.
|
|
|
|
Access to the file system can be tailored for each session depending on the
|
|
session's label. By default, no permissions are granted to any session.
|
|
To selectively permit access to (a part of) the file system, at least one
|
|
policy must be defined.
|
|
|
|
The following configuration illustrates the way of how to express policy.
|
|
|
|
! <config>
|
|
! <!-- preload RAM file system -->
|
|
! <content>
|
|
! <dir name="tmp">
|
|
! <rom name="init" as="blubb" />
|
|
! </dir>
|
|
! <dir name="home">
|
|
! <dir name="user">
|
|
! <inline name=".vimrc">
|
|
! set hidden
|
|
! </inline>
|
|
! </dir>
|
|
! </dir>
|
|
! </content>
|
|
! <!-- constrain sessions according to their labels -->
|
|
! <policy label="noux -> root" root="/" />
|
|
! <policy label="noux -> home" root="/home/user" writeable="yes" />
|
|
! <policy label="noux -> tmp" root="/tmp" writeable="yes" />
|
|
! </config>
|
|
|
|
The '<content>' sub node of the '<config>' node provides a way to pre-populate
|
|
the file system with directories and files. Note that '<dir>' nodes can be
|
|
arbitrarily nested. Files can be loaded from the ROM service. By adding the
|
|
optional 'as' attribute to a '<rom>' node, the file name can be defined
|
|
independently from the ROM module name. In addition to creating files from
|
|
ROM modules, files can be created from data specified directly as part of the
|
|
configuration using '<inline>' nodes. The content of such nodes is used as
|
|
file content as is.
|
|
|
|
Session-specific access-control policy is expressed via one or more '<policy>'
|
|
nodes. At session-creation time, each policy node is matched against the label
|
|
of the new session. If the label of a policy node matches, the defined policy
|
|
is applied. If multiple policies match, the one with the longest 'label'
|
|
attribute (the most specific one) is selected.
|
|
|
|
A policy node may contain the following attributes. The mandatory 'root'
|
|
attribute defines the view port of the session onto the file system. The
|
|
optional 'writeable' attribute grants the permission to modify the file system.
|
|
|
|
To illustrate the use of the 'ram_fs' component, refer to the
|
|
'libports/run/libc_fs.run' script.
|
|
|
|
:Limitations:
|
|
|
|
The current state should be regarded as work in progress. In particular, the
|
|
error handling and the life-time management of file-system nodes will need
|
|
further attention. Functionality-wise, the support for truncating files and
|
|
symbolic-link handling are not yet implemented.
|
|
|
|
Furthermore, there is much room for optimization, in particular for the
|
|
handling of directory entries. Currently, we communicate only one directory
|
|
entry at a time, which is suboptimal when traversing large trees. However, we
|
|
decided to focus on functionality first and defer optimizations (such as
|
|
batching directory entries) to a later stage of development.
|
|
|
|
The current implementation does not handle file modification times at all,
|
|
which may be a severe limitation for tools that depend on this information such
|
|
as GNU Make.
|
|
|
|
|
|
File-system plugin for the C runtime
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
To enable libc-using programs to access the new file-system interface, there is
|
|
a new libc plugin at 'libports/src/lib/libc_fs'. Using this plugin, files
|
|
stored on a native Genode file system can be accessed using the traditional
|
|
POSIX file API.
|
|
|
|
To see how the three parts described above fit together, the test case at
|
|
'libports/run/libc_fs' can be taken as reference. It reuses the original
|
|
'libc_ffat' test to exercise several file operations on a RAM file-system using
|
|
the libc API.
|
|
|
|
|
|
C Runtime
|
|
=========
|
|
|
|
:POSIX threads and semaphores:
|
|
|
|
The new 'pthread' library implements a subset of the POSIX thread and semaphore
|
|
API. We plan to extend it as needed. Currently, it is used as support for the
|
|
libSDL-based 'avplay' program.
|
|
|
|
:Separate setjmp/longjmp into own library:
|
|
|
|
The setjmp/longjmp facility comes with the libc but it is fairly free-standing
|
|
code, which is useful not only for libc-using programs but also for raw
|
|
Genode components, in particular the new USB stack. Therefore, we separated
|
|
the setjmp/longjmp code into a separate 'libc-setjmp' library. Even though
|
|
the library is prefixed with 'libc' it does not depend on the remaining
|
|
parts of the C runtime.
|
|
|
|
:Misc:
|
|
|
|
* Implementation of '_nanosleep()'
|
|
* Let 'mmap()' return aligned anonymous memory
|
|
|
|
|
|
Program argument handling
|
|
=========================
|
|
|
|
The main-function arguments of Genode programs were never used by genuine
|
|
Genode components because the Genode's configuration concept is the most
|
|
adequate and consistent way of passing parameters to components.
|
|
|
|
But most components ported from other systems and not specifically developed
|
|
for Genode, expect configuration arguments passed via the argc-argv interface.
|
|
One way to reuse such components is to change their way of handling arguments
|
|
by the means of patching 3rd-party source code. In some cases (for example
|
|
for the Vancouver VMM), this is the preferred way because manual adaptation
|
|
work is required anyway.
|
|
|
|
On the other hand, there are 3rd-party applications that would be nice to
|
|
reuse as is without any manual patching work, for example the libSDL-based
|
|
'avplay' or the muPDF application. To ease the integration of such
|
|
programs into Genode setups, we added the new 'config_args' library. At the
|
|
startup of the program, this library inspects the config node for arguments and
|
|
fills the argv structure to be passed to the 'main()' function.
|
|
|
|
The configuration syntax looks as follows:
|
|
|
|
! <config>
|
|
! <arg value="...">
|
|
! <arg value="...">
|
|
! ...
|
|
! </config>
|
|
|
|
The 'value' attribute of the first '<arg>' node becomes 'argv[0]' and so on.
|
|
|
|
|
|
DDE Kit
|
|
=======
|
|
|
|
We added the API call 'dde_kit_timer_schedule_absolute' to the DDE Kit
|
|
interface. Traditionally, DDE Kit timers used to be disposed after a single
|
|
use. But we learned that there exist use cases for reusing a single timer
|
|
object for multiple subsequent timeouts. The 'schedule_absolute' function
|
|
accommodates those scenarios.
|
|
|
|
|
|
LOG-to-Terminal adapter
|
|
=======================
|
|
|
|
The new LOG-to-terminal component to be found at 'os/src/server/terminal_log'
|
|
provides the LOG service by writing each LOG-output request prefixed by the
|
|
session-label to a terminal-session. It thereby enables the routing of LOG
|
|
output to different kinds of terminal sessions such as UART drivers, the
|
|
graphical terminal, or the TCP terminal. The 'gems/run/terminal_log.run'
|
|
script demonstrates the usage of the new component.
|
|
|
|
|
|
Optimized blitting on ARM platforms
|
|
===================================
|
|
|
|
The blitting library employed by nitpicker and other GUI applications used to
|
|
come in the form of two implementations. The generic version implemented the
|
|
copying operation via Genode's 'memcpy' function, which conducts a simple
|
|
byte-wise copy at relatively poor performance. In practice, the generic fall
|
|
back was expected to not being used much as there is an assembly-optimized
|
|
implementation for x86 machines. Because there wasn't an ARM-specific
|
|
implementation available yet, ARM platforms suffered under the poor performance
|
|
of the generic fall-back implementation. To bring the blitting up to speed on
|
|
such platforms, we supplemented the blitting library with an ARM-specific
|
|
optimized version.
|
|
|
|
|
|
Libraries and applications
|
|
##########################
|
|
|
|
New and updated libraries
|
|
=========================
|
|
|
|
:Qoost:
|
|
|
|
Qoost is a small library developed by Genode Labs for making the development
|
|
of Qt4-based applications, in particular applications using QWidgets, more
|
|
enjoyable. The library is currently used by the new Qt4-based video player
|
|
example at 'qt4/src/app/qt_avplay'.
|
|
|
|
:Update of zlib to version 1.2.7:
|
|
|
|
Zlib as been updated because the previous version mysteriously disappeared
|
|
from the official zlib mirrors.
|
|
|
|
:Video codecs via libav:
|
|
|
|
The [https://libav.org - libav project] is one successor of the popular
|
|
[https://ffmpeg.org/ - FFmpeg] library, which is a comprehensive solution
|
|
for video and audio decoding, conversion, and streaming. The version
|
|
0.8.2 of libav has been incorporated into the libports repository.
|
|
|
|
|
|
Lua for script-based testing
|
|
============================
|
|
|
|
The current release of Genode includes initial support for the Lua programming
|
|
language, a clean scripting language with excellent portability capabilities -
|
|
just ANSI C. Lua comes with a tiny runtime implementation, which recommends it
|
|
as base for test scripting or rapid prototyping in Genode.
|
|
|
|
Currently, the Lua libraries are accompanied by a small test program
|
|
'test-moon', which utilizes the C++ variant of the Lua runtime. The test shows
|
|
an exemplary integration of Genode interfaces to print the RAM quota and sleep
|
|
for several seconds. The simplicity of the application shows the potential of
|
|
this approach.
|
|
|
|
In the future, essential Genode interfaces could be made available to Lua
|
|
scripts as libraries or classes and 'test-moon' could be extended to a
|
|
versatile test tool, which loads and runs test scripts configured with
|
|
Genode's config mechanism. Test results can be aggregated, printed, and
|
|
analyzed at runtime by scripts.
|
|
|
|
:[https://lua.org/]: Lua programming language
|
|
|
|
|
|
libSDL
|
|
======
|
|
|
|
Motivated by our work on media replay capabilities, we enhanced the port
|
|
of libSDL with support for timer, thread, and audio-related functions.
|
|
|
|
:SDL timer support:
|
|
|
|
Basic support for SDL timers and delay functions has been added.
|
|
|
|
:SDL thread support:
|
|
|
|
Thanks to the minimal support for pthreads added by the means of the new
|
|
'pthread' library, we are able to activate the SDL thread API. The most common
|
|
threading and synchronization primitives work but not all features are
|
|
supported. We will complement the coverage of support as needed.
|
|
|
|
:SDL audio support:
|
|
|
|
The new libSDL audio back end enables the use of Genode's audio-session
|
|
interface from SDL applications. This way, SDL programs can be combined
|
|
with audio drivers as well as with the mixer component.
|
|
|
|
The audio volume (in percent) can be configured in the config file of the
|
|
SDL application:
|
|
|
|
! <config>
|
|
! <sdl_audio_volume value="100"/>
|
|
! </config>
|
|
|
|
Note that the SDL audio back end does respond to configuration changes at
|
|
run time. By supplying the config dynamically rather than via a static
|
|
file, the audio volume may get updated while the SDL application is running.
|
|
|
|
|
|
GDB monitor
|
|
===========
|
|
|
|
We refined the GDB monitor to facilitate its use for debugging ever more
|
|
sophisticated scenarios.
|
|
|
|
One of those scenarios is executing the Noux environment within GDB. To execute
|
|
a meaningful Noux scenario, we need a way to pass configuration data through
|
|
the GDB monitor to the debugging target. This feature has been implemented by
|
|
adding a new '<config>' subnode to the '<target>' node at the GDB monitor
|
|
configuration.
|
|
|
|
Furthermore, we discovered a limitation of the built-in memory-preservation
|
|
policy of the GDB monitor. In general, GDB monitor passes all RAM quota to the
|
|
debugging target, leaving only a hard-coded quantum of resources for itself.
|
|
However, the amount of RAM actually required by the monitor depends on the
|
|
behaviour of the debugging target. Each time, the target requests a ROM module,
|
|
GDB monitor creates a shadow copy of the ROM module in order to be able to
|
|
modify its content. Of course, the shadow copies consume memory, for which GDB
|
|
monitor is accounted for. No hard-coded RAM-preservation policy will be able to
|
|
cover all usage scenarios. Therefore, we decided to let the user express this
|
|
policy explicitly via the GDB monitor configuration. The amount of RAM that GDB
|
|
monitor should preserve for itself must be provided via the new 'resource' node
|
|
of the GDB monitor configuration. For example,
|
|
|
|
! <start name="gdb_monitor">
|
|
! <resource name="RAM" quantum="1G"/>
|
|
! <config>
|
|
! <target name="noux">
|
|
! <preserve name="RAM" quantum="2M"/>
|
|
! ...
|
|
! </config>
|
|
! </start>
|
|
|
|
|
|
Media player based on libav
|
|
===========================
|
|
|
|
The current release features the initial version of a natively running media
|
|
player. It consists of the following pieces.
|
|
|
|
:libav: is a framework library for decoding, converting and streaming audio
|
|
and video data. The libav library has been incorporated into the 'libports'
|
|
repository.
|
|
|
|
:avplay: is an example application, which showcases the use of libav
|
|
using libSDL to integrate with a host OS. Thanks to our port of libSDL
|
|
to Genode, we are able to use the 'avplay' application without modification.
|
|
When used on Genode, 'avplay' uses a framebuffer session, an input session, a
|
|
timer session, and an audio-out session as back ends. Thereby we are able to
|
|
integrate 'avplay' seamlessly with existing components that provide these
|
|
interfaces, in particular the audio mixer, framebuffer and input drivers, but
|
|
also the nitpicker GUI server.
|
|
|
|
:qt_avplay: is a Qt4 front end to 'avplay'. It spawns an instance of 'avplay'
|
|
as a slave process.
|
|
|
|
[image media_player]
|
|
The unmodified 'avplay' embedded in Qt4-based GUI.
|
|
The media file was downloaded from
|
|
https://www.youtube.com/watch?v=CbtAP3kUCxs.
|
|
|
|
The latter part is particularly interesting because it makes creative use of
|
|
Genode's unique service virtualization facilities. The 'qt_avplay' program
|
|
(GUI) starts 'avplay' (aka the codec) as a separate child process. When
|
|
started, the codec requests a framebuffer session from the GUI. The GUI, in
|
|
turn, creates a separate session to the nitpicker GUI server specifically for
|
|
displaying the codec's output on screen and hands out the buffer returned by
|
|
nitpicker to the codec. However, the GUI retains the privilege to control the
|
|
way how the buffer is displayed on screen. By using the 'QNitpickerViewWidget',
|
|
the GUI is thereby able to embed the codec's view seamlessly into the Qt4 GUI
|
|
as a widget. But both the GUI and the codec have completely independent data
|
|
paths to the GUI server. So the operation of the codec does not depend on
|
|
proper and timely operation of the GUI. Vice versa, the GUI process cannot be
|
|
compromised by the codec because the codec is sandboxed in a separate process.
|
|
The GUI interacts with the codec by virtualizing the input session interface
|
|
used by the codec. I.e., when the user clicks on the play or pause button, the
|
|
GUI submits artificial keyboard events with key codes interpreted by the
|
|
'avplay' program.
|
|
|
|
Besides the separation of the codec from the GUI, the 'qt_avplay' example is
|
|
interesting because it makes use of Genode's new dynamic configuration
|
|
facility. The SDL audio back end used by the codec repeatedly evaluates its
|
|
configuration during runtime. This configuration includes a volume prescale
|
|
factor. Via the dynamic configuration mechanism, the parent (the GUI) is able
|
|
to update the value of the volume prescale factor at any time and thereby
|
|
influence the behaviour of the codec.
|
|
|
|
[image media_effects]
|
|
|
|
Furthermore, the concept of running 'avplay' as a slave of the GUI clears the
|
|
way to even more sophisticated features such as the transparent addition of
|
|
video post-processing steps in the form of individual components. Instead of
|
|
connecting the codec directly with the nitpicker session, the GUI may decide to
|
|
route the framebuffer-session request to another slave (aka "effect plugin").
|
|
The effect plugin is a component that requests a framebuffer session at its
|
|
parent (the GUI) in order to provide a framebuffer service itself (to the GUI).
|
|
Each time, its client invokes the 'refresh()' function, the effect plugin
|
|
transforms pixels targeting its own framebuffer session. By routing the
|
|
framebuffer session between the codec, one or more instances of effect plugins,
|
|
and the nitpicker GUI server, any number of effect plugins can be chained
|
|
together to form a pipe of video-processing components. All this flexibility
|
|
comes with no addition to the Genode API. It is merely the result of composing
|
|
plain Genode components.
|
|
|
|
|
|
Terminal
|
|
========
|
|
|
|
Our custom terminal emulator that is hosted within the 'gems' repository has
|
|
been enhanced to support tab characters as well as the escape sequences needed
|
|
to use 'ls --color=auto'.
|
|
|
|
|
|
Device drivers
|
|
##############
|
|
|
|
USB
|
|
===
|
|
|
|
The new 'dde_linux' repository will host device drivers ported from the Linux
|
|
kernel. In contrast to the original 'linux_drivers' repository, 'dde_linux'
|
|
does not contain any 3rd-party source code. To download the Linux kernel source
|
|
code and extract the drivers, execute the 'make prepare' rule of the top-level
|
|
Makefile. The initial version of the 'dde_linux' repository comes with a USB
|
|
driver. The porting methodology follows the path of the Intel GEM port. Instead
|
|
of attempting to provide a generic Linux environment that works across drivers,
|
|
each driver comes with a specially tailored DDE.
|
|
|
|
The DDE consists of Genode-specific implementations of Linux API functions as
|
|
declared in 'lx_emul.h'. Most of these functions are dummies that must merely
|
|
be provided to resolve dependencies at the linking stage. They are called by
|
|
unused code-paths.
|
|
|
|
As of now, the USB driver supports UHCI and EHCI on the x86_32 platform. It
|
|
exposes USB HID devices and USB storage devices via Genode's input-session
|
|
and block-session respectively.
|
|
|
|
The HID driver supports keyboard and mouse. A run script can be found under
|
|
'dde_linux/run/usb_hid.run'. Configuration snippet:
|
|
|
|
!<start name="usb_drv">
|
|
! <resource name="RAM" quantum="3M"/>
|
|
! <provides><service name="Input"/></provides>
|
|
! <config>
|
|
! <hid/>
|
|
! </config>
|
|
!</start>
|
|
|
|
Note that we observed that certain 1.0 versions of Qemu do not generate mouse
|
|
interrupts. The mouse driver should work correctly on Qemu 1.0.93 and above.
|
|
|
|
The USB storage driver supports one USB storage device. Hot plugging has not
|
|
been tested. A run script can be found under 'dde_linux/run/usb_storage.run'.
|
|
Configuration snippet:
|
|
|
|
!<start name="usb_drv">
|
|
! <resource name="RAM" quantum="2M"/>
|
|
! <provides> <service name="Block"/> </provides>
|
|
! <config><storage /></config>
|
|
!</start>
|
|
|
|
|
|
Noux
|
|
####
|
|
|
|
Running GCC, binutils, coreutils natively on Genode
|
|
===================================================
|
|
|
|
We introduced support for stacked file systems alongside new glue code for
|
|
accessing File-system implementations provided via Genode's new
|
|
file-system-session Interface. Using stacked file systems, an arbitrary number
|
|
of file systems (such as TAR archives or file systems implemented as separate
|
|
Genode Components) can be composed to form one merged virtual file system.
|
|
|
|
An example is given via the 'ports/run/noux_bash.run' script. This run script
|
|
creates a virtual file system out of multiple TAR archives each containing the
|
|
content of a particular GNU package. In addition, one 'ram_fs' is mounted,
|
|
which enables Noux to perform write operations. This way, the shell output can
|
|
be redirected to a file, or files can be saved in VIM.
|
|
|
|
With the implementation of stacked file systems and the writeable RAM file
|
|
system in place, we are ready to greatly extend the range of GNU packages that
|
|
run (almost) unmodified on Genode. For us, the most important achievement is
|
|
the new ability to run binutils, the GNU compiler collection, and GNU Make. To
|
|
see Noux executing 'gcc' and 'readelf', please give the
|
|
'ports/run/noux_tool_chain.run' script a try.
|
|
|
|
Executing binutils and GCC has been successfully tested on OKL4, L4/Fiasco,
|
|
and L4ka::Pistachio. Fiasco.OC, NOVA, Linux, and Codezero are not yet
|
|
supported.
|
|
|
|
|
|
Networking support
|
|
==================
|
|
|
|
We desire to use a wide range of Unix networking tools such as wget, lynx, ssh,
|
|
and netcat on Genode. For this reason, the second focus of our Noux-related
|
|
developments is the added support for networking. The Noux syscall interface
|
|
has been extended with system calls for 'socket', 'getsockopt', 'setsockopt',
|
|
'accept', 'bind', 'getpeername', 'listen', 'send', 'sendto', 'recv',
|
|
'shutdown', 'connect', and 'getaddrinfo'. Within Noux, those system calls
|
|
are translated to calls to the libc and the libc-lwip plugin. This design
|
|
principally enables us to easily replace the TCP/IP stack in the future if
|
|
needed.
|
|
|
|
To experiment with the new networking support of Noux, you may use the
|
|
'ports/run/noux_net_netcat.run' as a good starting point. The test communicates
|
|
a message between two instances of netcat one running on the host system and
|
|
one running within the Noux runtime in qemu.
|
|
|
|
|
|
Platform support
|
|
################
|
|
|
|
Fiasco.OC microkernel
|
|
=====================
|
|
|
|
Releasing kernel resources
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
By now, the Fiasco.OC base platform was still lacking proper handling of
|
|
kernel resources especially the tracking and releasing of capability selectors.
|
|
With release 12.02 we introduced a capability map for Fiasco.OC to circumvent
|
|
the usage of more than one kernel-selector for the same capability (please,
|
|
refer to the release notes 12.02 for further details).
|
|
With the current release we turned the capability class of the Fiasco.OC base
|
|
platform into a smart-pointer-like object which releases the corresponding entry
|
|
from the capability map whenever it detects that a capability gets unused.
|
|
Thereby leaking of kernel resources in terms of capability selectors gets
|
|
eliminated.
|
|
|
|
While reworking the capability handling of the Fiasco.OC base platform the
|
|
following problems were solved:
|
|
|
|
* A patch for the 'l4_task_cap_equal' syscall in Fiasco.OC was added, that
|
|
fixes some false positives, meaning: when comparing two capability selectors
|
|
that referenced the same kernel object including the same, rights false
|
|
was returned.
|
|
* There existed a race-condition when inserting a new capability into the
|
|
capability map
|
|
* Due to the re-usage of capability ids it was possible that a newly received
|
|
capability was exceptionally freed when actually an old entry should be
|
|
removed from the capability map
|
|
* At some points in the generic code base capabilities were copied in a way
|
|
that circumvented tracking by overloading assignment operators respectively
|
|
copy constructors effectively breaking the smart pointer semantic
|
|
|
|
Basic PandaBoard support
|
|
~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
With the current release we introduce basic support to build Genode/Fiasco.OC
|
|
for the popular PandaBoard OMAP4 platform. Although most needed drivers are
|
|
still lacking, it is at least possible to see core, init, and other
|
|
applications via serial line running on the PandaBoard.
|
|
|
|
Kernel debugger
|
|
~~~~~~~~~~~~~~~
|
|
|
|
The Fiasco.OC kernel debugger's object name buffer was too limited for most
|
|
Genode scenarios incorporating more than just a handful of threads. That
|
|
complicated debugging sometimes. An additional kernel patch extends the name
|
|
buffer.
|
|
|
|
Linux
|
|
=====
|
|
|
|
Using the chroot mechanism
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
When used as component framework on Linux, Genode tries to preserve as many
|
|
native Linux features as possible. In some instances, those features go
|
|
surprisingly well with Genode. One particular feature is Linux' 'chroot'
|
|
mechanism, which is a popular way to execute Linux processes in a jailed
|
|
environment. When using Genode, the reliance on a file system is naturally
|
|
reduced to a minimum because the framework comes with abstractions vastly
|
|
different from a classical file system, namely capability-based naming of
|
|
resources. Still, the file system is there and can be exploited. In theory,
|
|
segregating different parts of Genode into different 'chroot' environments can
|
|
improve the situation. In practice, the use of such platform-specific solutions
|
|
raises the question of how to integrate the solution in way that is coherent
|
|
with the rest of the framework.
|
|
|
|
The new chroot component at 'os/src/app/chroot' makes the use of the chroot
|
|
mechanism within Genode scenarios an almost seamless experience. The component
|
|
behaves identical to Genode's init process except for the fact that its
|
|
subsystem is constrained to a configurable chroot path. The chroot path is
|
|
specified using a '<root>' node of the chroot configuration:
|
|
|
|
! <root path="chroot_path" />
|
|
|
|
The remaining part of the configuration is identical to the configuration of
|
|
init. In fact, under the hood, the chroot component is barely more than a
|
|
trampoline mechanism for spawning the actual init binary after taking all
|
|
precautions needed to setup the chroot environment.
|
|
|
|
To see how to deploy the new facility, please refer to the run script at
|
|
'os/run/chroot.run'. The run script uses POSIX file capabilities to allow the
|
|
use of the 'chroot' component under the account of a normal user. However, for
|
|
granting the needed capabilities, the run script will ask for root permission.
|
|
|
|
|
|
Non-executable mappings
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Up to now, the Genode API provided no way to devise the use of non-executable
|
|
memory mappings. There is only the distinction between read-only and
|
|
read-writable dataspaces. This limitation becomes a severe limitation when
|
|
combining Genode with PaX. This prompted us to introduce the executable flag
|
|
to the 'Rm_session::attach()' function using non-executable as the default. So
|
|
far, Linux is the only platform that evaluates this flag. Only if set, the
|
|
'mmap' syscall will enable 'MAP_EXECUTABLE'. This is actually a rare exception.
|
|
The flag is set by the dynamic linker only. For hybrid Linux/Genode programs
|
|
(that do use the Linux 'ld-linux.so' instead of Genode's dynamic linker) the
|
|
executable flag is never set.
|
|
|
|
|
|
OKL4
|
|
====
|
|
|
|
The hard-coded dependency on a '/usr/bin/python2' binary spawned a bit of
|
|
confusion (or at least an inconvenience) among Genode users. So we introduced
|
|
simple heuristics for determining the actually installed python-2 version
|
|
during the 'make prepare' procedure and use the best match.
|
|
|
|
|
|
Build system and tools
|
|
######################
|
|
|
|
:Support proper shadowing of target.mk files:
|
|
|
|
The build system overlays multiple source trees (repositories) such that they
|
|
can shadow libraries and include search paths. We have extended the shadowing
|
|
concept to build targets. Furthermore, the change of the build system
|
|
streamlines the build stage for generating library dependencies, reducing the
|
|
processing time of this stage by 10-20 percent.
|
|
|
|
:Explicitly use qemu-system-i386 rather than qemu:
|
|
|
|
Up to now, the run tool used the plain 'qemu' binary for all (non-Linux)
|
|
x86_32 platforms and resorted to 'qemu-system-*' variants for x86_64 and
|
|
ARM platforms. To remove this inconsistency, the run tool has been changed
|
|
to always use the specific 'qemu-system-*' binary.
|
|
|