genode/repos/base
Norman Feske b9280678fb base-linux: fix race in region_map_mmap
This patch fixes a race condition triggered by the thread test running
on Linux inside VirtualBox. The 'test_stack_alloc' sporadically produced
one of two errors: A segfault in the 'Thread::deinit_platform_thread' on
the attempt to access the 'native_thread' of the to-be-destructed thread
(this data structure is located on the thread's stack). Or, an error
message about a region conflict within the stack area.

The problem was that two instances of 'Region_map_mmap' issued a
sequence of munmap and mmap each. Even though each instance locked the
attach/detach operations, the lock was held per instance. In a situation
where two instances performed attach/detach operations in parallel, the
syscall sequences could interfere with each other.

In the test scenario, the two region-map instances are the test's
address space and the stack area. When creating a thread, the thread's
trace-control dataspace is attached at an arbitrary place (picked by
the Linux kernel) within the address space whereas the stack is attached
at the stack area. The problem is the following sequence:

Thread A wants to destruct a thread:
1. Remove stack from stack area
   (issue unmap syscall)
2. Preserve virtual address range that was occupied from the stack
   so that Linux won't use it
   (issue mmap syscall)

Thread B wants to construct a thread:
1. Request trace-control dataspace from CPU session
2. Attach trace-control dataspace to address space at a location
   picked by the Linux kernel
   (issue mmap syscall)

The problem occurs when thread B's second step is executed in between
the steps 1 and 2 of thread A and the Linux kernel picks the
just-unmapped address as the location for the new trace-control mapping.
Now, the trace control dataspace is mapped at the virtual address that
was designated for the stack of the to-be-created thread, and the
attempt to map the real stack fails.

The patch fixes the problem by replacing the former region-map-local
locks by a component-global lock.

Furthermore, it cleans up core's implementation of the support function
for the region-map-mmap implementation, eliminating the temporary
unlocking of the region-map lock during RPC.
2016-11-08 15:26:30 +01:00
..
etc Let default tools.conf cover each architecture 2016-07-15 11:38:26 +02:00
include base: let string accept multiple arguments 2016-11-08 15:26:30 +01:00
lib ldso-startup: support build from non-base repos 2016-07-15 11:38:27 +02:00
mk core: unify handling of boot modules 2016-11-08 15:26:27 +01:00
run base: let string accept multiple arguments 2016-11-08 15:26:30 +01:00
src base-linux: fix race in region_map_mmap 2016-11-08 15:26:30 +01:00
README Move repositories to 'repos/' subdirectory 2014-05-14 16:08:00 +02:00

This is generic part of the Genode implementation. It consists of two parts:

:_Core_: is the ultimate root of the Genode application tree
  and provides abstractions for the lowest-level hardware resources
  such as RAM, ROM, CPU, and generic device access. All generic parts of Core
  can be found here - for system-specific implementations refer to the
  appropriate 'base-<system>' directory.

:_Base libraries and protocols_: that are used by each Genode component
  to interact with other components. This is the glue that holds everything
  together.