2011-12-22 16:19:25 +01:00
|
|
|
/*
|
|
|
|
* \brief Fiasco platform interface implementation
|
|
|
|
* \author Christian Helmuth
|
|
|
|
* \author Stefan Kalkowski
|
|
|
|
* \date 2006-04-11
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
2013-01-10 21:44:47 +01:00
|
|
|
* Copyright (C) 2006-2013 Genode Labs GmbH
|
2011-12-22 16:19:25 +01:00
|
|
|
*
|
|
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
|
|
* under the terms of the GNU General Public License version 2.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Genode includes */
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
#include <base/log.h>
|
2011-12-22 16:19:25 +01:00
|
|
|
#include <base/allocator_avl.h>
|
|
|
|
#include <base/sleep.h>
|
|
|
|
#include <util/misc_math.h>
|
|
|
|
|
2016-01-22 14:31:58 +01:00
|
|
|
/* base-internal includes */
|
|
|
|
#include <base/internal/crt0.h>
|
2016-03-03 17:57:29 +01:00
|
|
|
#include <base/internal/stack_area.h>
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
#include <base/internal/globals.h>
|
2016-01-22 14:31:58 +01:00
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
/* core includes */
|
|
|
|
#include <core_parent.h>
|
|
|
|
#include <platform.h>
|
|
|
|
#include <platform_thread.h>
|
|
|
|
#include <platform_pd.h>
|
|
|
|
#include <util.h>
|
|
|
|
#include <multiboot.h>
|
|
|
|
|
|
|
|
/* Fiasco includes */
|
|
|
|
namespace Fiasco {
|
|
|
|
#include <l4/sigma0/sigma0.h>
|
2015-05-09 21:48:12 +02:00
|
|
|
#include <l4/sys/icu.h>
|
2011-12-22 16:19:25 +01:00
|
|
|
#include <l4/sys/ipc.h>
|
|
|
|
#include <l4/sys/kip>
|
|
|
|
#include <l4/sys/thread.h>
|
|
|
|
#include <l4/sys/types.h>
|
|
|
|
#include <l4/sys/utcb.h>
|
2013-07-24 09:48:54 +02:00
|
|
|
#include <l4/sys/scheduler.h>
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
static l4_kernel_info_t *kip;
|
|
|
|
}
|
|
|
|
|
|
|
|
using namespace Genode;
|
|
|
|
|
|
|
|
|
|
|
|
/***********************************
|
|
|
|
** Core address space management **
|
|
|
|
***********************************/
|
|
|
|
|
2015-09-17 14:16:59 +02:00
|
|
|
static Synced_range_allocator<Allocator_avl> &_core_address_ranges()
|
2011-12-22 16:19:25 +01:00
|
|
|
{
|
2015-09-17 14:16:59 +02:00
|
|
|
static Synced_range_allocator<Allocator_avl> _core_address_ranges(nullptr);
|
2011-12-22 16:19:25 +01:00
|
|
|
return _core_address_ranges;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum { PAGER_STACK_ELEMENTS = 1024 };
|
|
|
|
static unsigned long _core_pager_stack[PAGER_STACK_ELEMENTS];
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Core pager "service loop"
|
|
|
|
*/
|
2014-03-03 19:45:53 +01:00
|
|
|
|
|
|
|
/* Build with frame pointer to make GDB backtraces work. See issue #1061. */
|
|
|
|
__attribute__((optimize("-fno-omit-frame-pointer")))
|
|
|
|
__attribute__((noinline))
|
2011-12-22 16:19:25 +01:00
|
|
|
static void _core_pager_loop()
|
|
|
|
{
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
bool send_reply = false;
|
|
|
|
l4_umword_t label;
|
|
|
|
l4_utcb_t *utcb = l4_utcb();
|
|
|
|
l4_msgtag_t snd_tag = l4_msgtag(0, 0, 0, 0);
|
|
|
|
l4_msgtag_t tag;
|
|
|
|
|
|
|
|
while (true) {
|
|
|
|
|
|
|
|
if (send_reply)
|
|
|
|
tag = l4_ipc_reply_and_wait(utcb, snd_tag, &label, L4_IPC_NEVER);
|
|
|
|
else
|
|
|
|
tag = l4_ipc_wait(utcb, &label, L4_IPC_NEVER);
|
|
|
|
|
|
|
|
if (!tag.is_page_fault()) {
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
warning("received something different than a pagefault, ignoring ...");
|
2011-12-22 16:19:25 +01:00
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* read fault information */
|
|
|
|
l4_umword_t pfa = l4_trunc_page(l4_utcb_mr()->mr[0]);
|
|
|
|
l4_umword_t ip = l4_utcb_mr()->mr[1];
|
|
|
|
bool rw = l4_utcb_mr()->mr[0] & 2; //TODO enum
|
|
|
|
|
|
|
|
if (pfa < (l4_umword_t)L4_PAGESIZE) {
|
|
|
|
|
|
|
|
/* NULL pointer access */
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
error("Possible null pointer ", rw ? "WRITE" : "READ", " "
|
|
|
|
"at ", Hex(pfa), " IP ", Hex(ip));
|
2011-12-22 16:19:25 +01:00
|
|
|
/* do not unblock faulter */
|
|
|
|
send_reply = false;
|
|
|
|
continue;
|
|
|
|
} else if (!_core_address_ranges().valid_addr(pfa)) {
|
|
|
|
|
|
|
|
/* page-fault address is not in RAM */
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
error(rw ? "WRITE" : "READ", " access outside of RAM "
|
|
|
|
"at ", Hex(pfa), " IP ", Hex(ip));
|
2011-12-22 16:19:25 +01:00
|
|
|
/* do not unblock faulter */
|
|
|
|
send_reply = false;
|
|
|
|
continue;
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
}
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* my pf handler is sigma0 - just touch the appropriate page */
|
|
|
|
if (rw)
|
|
|
|
touch_rw((void *)pfa, 1);
|
|
|
|
else
|
|
|
|
touch_ro((void *)pfa, 1);
|
|
|
|
|
|
|
|
send_reply = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-04-20 21:12:57 +02:00
|
|
|
Platform::Sigma0::Sigma0(Cap_index* i)
|
|
|
|
:
|
2016-09-05 11:24:51 +02:00
|
|
|
Pager_object(Cpu_session_capability(), Thread_capability(),
|
|
|
|
0, Affinity::Location(), Session_label(),
|
|
|
|
Cpu_session::Name("sigma0"))
|
2011-12-22 16:19:25 +01:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* We use the Pager_object here in a slightly different manner,
|
|
|
|
* just to tunnel the pager cap to the Platform_thread::start method.
|
|
|
|
*/
|
2016-06-15 15:04:54 +02:00
|
|
|
cap(*i);
|
2011-12-22 16:19:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
Platform::Core_pager::Core_pager(Platform_pd *core_pd, Sigma0 *sigma0)
|
2016-04-20 21:12:57 +02:00
|
|
|
:
|
|
|
|
Platform_thread("core.pager"),
|
2016-09-05 11:24:51 +02:00
|
|
|
Pager_object(Cpu_session_capability(), Thread_capability(),
|
|
|
|
0, Affinity::Location(), Session_label(),
|
|
|
|
Cpu_session::Name(name()))
|
2011-12-22 16:19:25 +01:00
|
|
|
{
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
Platform_thread::pager(sigma0);
|
2011-12-22 16:19:25 +01:00
|
|
|
|
2016-04-14 16:29:07 +02:00
|
|
|
core_pd->bind_thread(this);
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
cap(thread().local);
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* stack begins at the top end of the '_core_pager_stack' array */
|
|
|
|
void *sp = (void *)&_core_pager_stack[PAGER_STACK_ELEMENTS - 1];
|
|
|
|
start((void *)_core_pager_loop, sp);
|
|
|
|
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
l4_thread_control_start();
|
2016-06-15 15:04:54 +02:00
|
|
|
l4_thread_control_pager(thread().local.data()->kcap());
|
|
|
|
l4_thread_control_exc_handler(thread().local.data()->kcap());
|
2011-12-22 16:19:25 +01:00
|
|
|
l4_msgtag_t tag = l4_thread_control_commit(L4_BASE_THREAD_CAP);
|
|
|
|
if (l4_msgtag_has_error(tag))
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
warning("l4_thread_control_commit failed!");
|
2011-12-22 16:19:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Platform::Core_pager *Platform::core_pager()
|
|
|
|
{
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
static Core_pager _core_pager(core_pd(), &_sigma0);
|
2011-12-22 16:19:25 +01:00
|
|
|
return &_core_pager;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/***********************************
|
|
|
|
** Helper for L4 region handling **
|
|
|
|
***********************************/
|
|
|
|
|
|
|
|
struct Region
|
|
|
|
{
|
|
|
|
addr_t start;
|
|
|
|
addr_t end;
|
|
|
|
|
|
|
|
Region() : start(0), end(0) { }
|
|
|
|
Region(addr_t s, addr_t e) : start(s), end(e) { }
|
2013-02-21 17:47:15 +01:00
|
|
|
|
|
|
|
/**
|
|
|
|
* Returns true if the specified range intersects with the region
|
|
|
|
*/
|
|
|
|
bool intersects(addr_t base, size_t size) const
|
|
|
|
{
|
|
|
|
return (((base + size) > start) && (base < end));
|
|
|
|
}
|
2011-12-22 16:19:25 +01:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Add region to allocator
|
|
|
|
*/
|
|
|
|
static inline void add_region(Region r, Range_allocator &alloc)
|
|
|
|
{
|
|
|
|
/* adjust region */
|
|
|
|
addr_t start = trunc_page(r.start);
|
|
|
|
addr_t end = round_page(r.end);
|
|
|
|
|
|
|
|
alloc.add_range(start, end - start);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Remove region from allocator
|
|
|
|
*/
|
|
|
|
static inline void remove_region(Region r, Range_allocator &alloc)
|
|
|
|
{
|
|
|
|
/* adjust region */
|
|
|
|
addr_t start = trunc_page(r.start);
|
|
|
|
addr_t end = round_page(r.end);
|
|
|
|
|
|
|
|
alloc.remove_range(start, end - start);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Request any RAM page from Sigma0
|
|
|
|
*/
|
|
|
|
static inline int sigma0_req_region(addr_t *addr, unsigned log2size)
|
|
|
|
{
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
l4_utcb_mr()->mr[0] = SIGMA0_REQ_FPAGE_ANY;
|
|
|
|
l4_utcb_mr()->mr[1] = l4_fpage(0, log2size, 0).raw;
|
|
|
|
|
|
|
|
/* open receive window for mapping */
|
|
|
|
l4_utcb_br()->bdr &= ~L4_BDR_OFFSET_MASK;
|
|
|
|
l4_utcb_br()->br[0] = L4_ITEM_MAP;
|
|
|
|
l4_utcb_br()->br[1] = l4_fpage(0, L4_WHOLE_ADDRESS_SPACE, L4_FPAGE_RWX).raw;
|
|
|
|
|
|
|
|
l4_msgtag_t tag = l4_msgtag(L4_PROTO_SIGMA0, 2, 0, 0);
|
|
|
|
tag = l4_ipc_call(L4_BASE_PAGER_CAP, l4_utcb(), tag, L4_IPC_NEVER);
|
|
|
|
if (l4_ipc_error(tag, l4_utcb()))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (l4_msgtag_items(tag) != 1)
|
|
|
|
return -2;
|
|
|
|
|
|
|
|
*addr = l4_utcb_mr()->mr[0] & (~0UL << L4_PAGESHIFT);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static Fiasco::l4_kernel_info_t *sigma0_map_kip()
|
|
|
|
{
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
/* signal we want to map the KIP */
|
|
|
|
l4_utcb_mr()->mr[0] = SIGMA0_REQ_KIP;
|
|
|
|
|
|
|
|
/* open receive window for KIP one-to-one */
|
|
|
|
l4_utcb_br()->bdr &= ~L4_BDR_OFFSET_MASK;
|
|
|
|
l4_utcb_br()->br[0] = L4_ITEM_MAP;
|
|
|
|
l4_utcb_br()->br[1] = l4_fpage(0, L4_WHOLE_ADDRESS_SPACE, L4_FPAGE_RX).raw;
|
|
|
|
|
|
|
|
/* call sigma0 */
|
|
|
|
l4_msgtag_t tag = l4_ipc_call(L4_BASE_PAGER_CAP,
|
|
|
|
l4_utcb(),
|
|
|
|
l4_msgtag(L4_PROTO_SIGMA0, 1, 0, 0),
|
|
|
|
L4_IPC_NEVER);
|
|
|
|
if (l4_ipc_error(tag, l4_utcb()))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
l4_addr_t ret = l4_trunc_page(l4_utcb_mr()->mr[0]);
|
2015-10-27 14:25:46 +01:00
|
|
|
|
|
|
|
if (!ret)
|
|
|
|
panic("kip mapping failed");
|
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
return (l4_kernel_info_t*) ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Platform::_setup_mem_alloc()
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* Completely map program image by touching all pages read-only to
|
|
|
|
* prevent sigma0 from handing out those page as anonymous memory.
|
|
|
|
*/
|
|
|
|
volatile const char *beg, *end;
|
|
|
|
beg = (const char *)(((Genode::addr_t)&_prog_img_beg) & L4_PAGEMASK);
|
|
|
|
end = (const char *)&_prog_img_end;
|
|
|
|
for ( ; beg < end; beg += L4_PAGESIZE) (void)(*beg);
|
|
|
|
|
|
|
|
/* request pages of known page size starting with largest */
|
|
|
|
size_t log2_sizes[] = { L4_LOG2_SUPERPAGESIZE, L4_LOG2_PAGESIZE };
|
|
|
|
|
|
|
|
for (unsigned i = 0; i < sizeof(log2_sizes)/sizeof(*log2_sizes); ++i) {
|
|
|
|
size_t log2_size = log2_sizes[i];
|
2013-05-07 16:31:41 +02:00
|
|
|
size_t size = 1UL << log2_size;
|
2011-12-22 16:19:25 +01:00
|
|
|
int err = 0;
|
|
|
|
addr_t addr = 0;
|
|
|
|
Region region;
|
|
|
|
|
|
|
|
/* request any page of current size from sigma0 */
|
|
|
|
do {
|
|
|
|
err = sigma0_req_region(&addr, log2_size);
|
|
|
|
if (!err) {
|
|
|
|
/* XXX do not allocate page0 */
|
|
|
|
if (addr == 0) {
|
|
|
|
Fiasco::l4_task_unmap(Fiasco::L4_BASE_TASK_CAP,
|
2012-05-30 10:54:22 +02:00
|
|
|
Fiasco::l4_fpage(0, log2_size,
|
|
|
|
Fiasco::L4_FPAGE_RW),
|
2011-12-22 16:19:25 +01:00
|
|
|
Fiasco::L4_FP_ALL_SPACES);
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
region.start = addr; region.end = addr + size;
|
2016-03-03 17:57:29 +01:00
|
|
|
if (!region.intersects(stack_area_virtual_base(),
|
|
|
|
stack_area_virtual_size())) {
|
2013-02-21 17:47:15 +01:00
|
|
|
add_region(region, _ram_alloc);
|
|
|
|
add_region(region, _core_address_ranges());
|
|
|
|
}
|
2011-12-22 16:19:25 +01:00
|
|
|
remove_region(region, _io_mem_alloc);
|
|
|
|
remove_region(region, _region_alloc);
|
|
|
|
}
|
|
|
|
} while (!err);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-05-09 21:48:12 +02:00
|
|
|
void Platform::_setup_irq_alloc()
|
|
|
|
{
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
l4_icu_info_t info { .features = 0 };
|
|
|
|
l4_msgtag_t res = l4_icu_info(Fiasco::L4_BASE_ICU_CAP, &info);
|
|
|
|
if (l4_error(res))
|
|
|
|
panic("could not determine number of IRQs");
|
|
|
|
|
|
|
|
_irq_alloc.add_range(0, info.nr_irqs);
|
|
|
|
}
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
|
|
|
|
void Platform::_setup_basics()
|
|
|
|
{
|
|
|
|
using namespace Fiasco;
|
|
|
|
|
|
|
|
kip = sigma0_map_kip();
|
|
|
|
|
|
|
|
if (kip->magic != L4_KERNEL_INFO_MAGIC)
|
|
|
|
panic("Sigma0 mapped something but not the KIP");
|
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("");
|
|
|
|
log("KIP @ ", kip);
|
|
|
|
log(" magic: ", Hex(kip->magic));
|
|
|
|
log(" version: ", Hex(kip->version));
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* add KIP as ROM module */
|
|
|
|
_kip_rom = Rom_module((addr_t)kip, L4_PAGESIZE, "l4v2_kip");
|
|
|
|
_rom_fs.insert(&_kip_rom);
|
|
|
|
|
|
|
|
/* update multi-boot info pointer from KIP */
|
2015-10-27 14:25:46 +01:00
|
|
|
addr_t mb_info_addr = kip->user_ptr;
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log("MBI @ ", Hex(mb_info_addr));
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* parse memory descriptors - look for virtual memory configuration */
|
|
|
|
/* XXX we support only one VM region (here and also inside RM) */
|
|
|
|
using Fiasco::L4::Kip::Mem_desc;
|
|
|
|
|
|
|
|
_vm_start = 0; _vm_size = 0;
|
|
|
|
Mem_desc *desc = Mem_desc::first(kip);
|
|
|
|
|
|
|
|
for (unsigned i = 0; i < Mem_desc::count(kip); ++i)
|
|
|
|
if (desc[i].is_virtual()) {
|
|
|
|
_vm_start = round_page(desc[i].start());
|
|
|
|
_vm_size = trunc_page(desc[i].end() - _vm_start + 1);
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (_vm_size == 0)
|
|
|
|
panic("Virtual memory configuration not found");
|
|
|
|
|
|
|
|
/* configure applicable address space but never use page0 */
|
|
|
|
_vm_size = _vm_start == 0 ? _vm_size - L4_PAGESIZE : _vm_size;
|
|
|
|
_vm_start = _vm_start == 0 ? L4_PAGESIZE : _vm_start;
|
|
|
|
_region_alloc.add_range(_vm_start, _vm_size);
|
|
|
|
|
2016-01-23 14:42:55 +01:00
|
|
|
/* preserve stack area in core's virtual address space */
|
2016-03-03 17:57:29 +01:00
|
|
|
_region_alloc.remove_range(stack_area_virtual_base(),
|
|
|
|
stack_area_virtual_size());
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* preserve utcb- area in core's virtual address space */
|
2013-10-21 15:52:03 +02:00
|
|
|
_region_alloc.remove_range((addr_t)l4_utcb(), L4_PAGESIZE * 16);
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* I/O memory could be the whole user address space */
|
|
|
|
/* FIXME if the kernel helps to find out max address - use info here */
|
|
|
|
_io_mem_alloc.add_range(0, ~0);
|
|
|
|
|
|
|
|
/* remove KIP and MBI area from region and IO_MEM allocator */
|
|
|
|
remove_region(Region((addr_t)kip, (addr_t)kip + L4_PAGESIZE), _region_alloc);
|
|
|
|
remove_region(Region((addr_t)kip, (addr_t)kip + L4_PAGESIZE), _io_mem_alloc);
|
2015-10-27 14:25:46 +01:00
|
|
|
remove_region(Region(mb_info_addr, mb_info_addr + _mb_info.size()), _region_alloc);
|
|
|
|
remove_region(Region(mb_info_addr, mb_info_addr + _mb_info.size()), _io_mem_alloc);
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/* remove core program image memory from region and IO_MEM allocator */
|
|
|
|
addr_t img_start = (addr_t) &_prog_img_beg;
|
|
|
|
addr_t img_end = (addr_t) &_prog_img_end;
|
|
|
|
remove_region(Region(img_start, img_end), _region_alloc);
|
|
|
|
remove_region(Region(img_start, img_end), _io_mem_alloc);
|
|
|
|
|
|
|
|
/* image is accessible by core */
|
|
|
|
add_region(Region(img_start, img_end), _core_address_ranges());
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void Platform::_setup_rom()
|
|
|
|
{
|
|
|
|
Rom_module rom;
|
|
|
|
|
|
|
|
for (unsigned i = FIRST_ROM; i < _mb_info.num_modules(); i++) {
|
|
|
|
if (!(rom = _mb_info.get_module(i)).valid()) continue;
|
|
|
|
|
|
|
|
Rom_module *new_rom = new(core_mem_alloc()) Rom_module(rom);
|
|
|
|
_rom_fs.insert(new_rom);
|
|
|
|
|
2012-03-20 16:52:58 +01:00
|
|
|
/* map module */
|
|
|
|
touch_ro((const void*)new_rom->addr(), new_rom->size());
|
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
/* zero remainder of last ROM page */
|
|
|
|
size_t count = L4_PAGESIZE - rom.size() % L4_PAGESIZE;
|
|
|
|
if (count != L4_PAGESIZE)
|
|
|
|
memset(reinterpret_cast<void *>(rom.addr() + rom.size()), 0, count);
|
|
|
|
|
|
|
|
/* remove ROM area from region and IO_MEM allocator */
|
|
|
|
remove_region(Region(new_rom->addr(), new_rom->addr() + new_rom->size()), _region_alloc);
|
|
|
|
remove_region(Region(new_rom->addr(), new_rom->addr() + new_rom->size()), _io_mem_alloc);
|
|
|
|
|
|
|
|
/* add area to core-accessible ranges */
|
|
|
|
add_region(Region(new_rom->addr(), new_rom->addr() + new_rom->size()), _core_address_ranges());
|
|
|
|
}
|
|
|
|
|
|
|
|
Rom_module *kip_rom = new(core_mem_alloc())
|
|
|
|
Rom_module((addr_t)Fiasco::kip, L4_PAGESIZE, "kip");
|
|
|
|
_rom_fs.insert(kip_rom);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
Platform::Platform() :
|
2015-09-17 14:16:59 +02:00
|
|
|
_ram_alloc(nullptr), _io_mem_alloc(core_mem_alloc()),
|
2011-12-22 16:19:25 +01:00
|
|
|
_io_port_alloc(core_mem_alloc()), _irq_alloc(core_mem_alloc()),
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
_region_alloc(core_mem_alloc()), _cap_id_alloc(core_mem_alloc()),
|
2015-10-27 14:25:46 +01:00
|
|
|
_mb_info(sigma0_map_kip()->user_ptr, true),
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
_sigma0(cap_map()->insert(_cap_id_alloc.alloc(), Fiasco::L4_BASE_PAGER_CAP))
|
2011-12-22 16:19:25 +01:00
|
|
|
{
|
|
|
|
/*
|
|
|
|
* We must be single-threaded at this stage and so this is safe.
|
|
|
|
*/
|
|
|
|
static bool initialized = 0;
|
|
|
|
if (initialized) panic("Platform constructed twice!");
|
|
|
|
initialized = true;
|
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
init_log();
|
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
_setup_basics();
|
|
|
|
_setup_mem_alloc();
|
|
|
|
_setup_io_port_alloc();
|
|
|
|
_setup_irq_alloc();
|
|
|
|
_setup_rom();
|
|
|
|
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
log(":ram_alloc: "); _ram_alloc()->dump_addr_tree();
|
|
|
|
log(":region_alloc: "); _region_alloc()->dump_addr_tree();
|
|
|
|
log(":io_mem: "); _io_mem_alloc()->dump_addr_tree();
|
|
|
|
log(":io_port: "); _io_port_alloc()->dump_addr_tree();
|
|
|
|
log(":irq: "); _irq_alloc()->dump_addr_tree();
|
|
|
|
log(":rom_fs: "); _rom_fs.print_fs();
|
|
|
|
log(":core ranges: "); _core_address_ranges()()->dump_addr_tree();
|
2011-12-22 16:19:25 +01:00
|
|
|
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
Core_cap_index* pdi =
|
|
|
|
reinterpret_cast<Core_cap_index*>(cap_map()->insert(_cap_id_alloc.alloc(), Fiasco::L4_BASE_TASK_CAP));
|
|
|
|
Core_cap_index* thi =
|
|
|
|
reinterpret_cast<Core_cap_index*>(cap_map()->insert(_cap_id_alloc.alloc(), Fiasco::L4_BASE_THREAD_CAP));
|
|
|
|
Core_cap_index* irqi =
|
|
|
|
reinterpret_cast<Core_cap_index*>(cap_map()->insert(_cap_id_alloc.alloc()));
|
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
/* setup pd object for core pd */
|
2012-08-29 17:07:38 +02:00
|
|
|
_core_pd = new(core_mem_alloc()) Platform_pd(pdi);
|
2011-12-22 16:19:25 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* We setup the thread object for thread0 in core pd using a special
|
|
|
|
* interface that allows us to specify the capability slot.
|
|
|
|
*/
|
|
|
|
Platform_thread *core_thread = new(core_mem_alloc())
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
Platform_thread(thi, irqi, "core.main");
|
2011-12-22 16:19:25 +01:00
|
|
|
|
Fiasco.OC: introduce Cap_index (fixes #149, #112)
This commit introduces a Cap_index class for Fiasco.OC's capabilities.
A Cap_index is a combination of the global capability id, that is used by Genode
to correctly identify a kernel-object, and a corresponding entry in a
protection-domain's (kernel-)capability-space. The cap-indices are non-copyable,
unique objects, that are held in a Cap_map. The Cap_map is used to re-find
capabilities already present in the protection-domain, when a capability is
received via IPC. The retrieval of capabilities effectively fixes issue #112,
meaning the waste of capability-space entries.
Because Cap_index objects are non-copyable (their address indicates the position
in the capability-space of the pd), they are inappropriate to use as
Native_capability. Therefore, Native_capability is implemented as a reference
to Cap_index objects. This design seems to be a good pre-condition to implement
smart-pointers for entries in the capability-space, and thereby closing existing
leaks (please refer to issue #32).
Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way,
that it should be relatively easy to apply the same concept to NOVA also. By now,
these classes are located in the `base-foc` repository, but they intentionally
contain no Fiasco.OC specific elements.
The previously explained changes had extensive impact on the whole Fiasco.OC
platform implementation, due to various dependencies. The following things had to
be changed:
* The Thread object's startup and destruction routine is re-arranged, to
enable another thread (that calls the Thread destructor) gaining the
capability id of the thread's gate to remove it from the Cap_map, the
thread's UTCB had to be made available to the caller, because there
is the current location of that id. After having the UTCB available
in the Thread object for that reason, the whole thread bootstrapping
could be simplified.
* In the course of changing the Native_capability's semantic, a new Cap_mapping
class was introduced in core, that facilitates the establishment and
destruction of capability mappings between core and it's client's, especially
mappings related to Platform_thread and Platform_task, that are relevant to
task and thread creation and destruction. Thereby, the destruction of
threads had to be reworked, which effectively removed a bug (issue #149)
where some threads weren't destroyed properly.
* In the quick fix for issue #112, something similar to the Cap_map was
introduced available in all processes. Moreover, some kind of a capability
map already existed in core, to handle cap-session request properly. The
introduction of the Cap_map unified both structures, so that the
cap-session component code in core had to be reworked too.
* The platform initialization code had to be changed sligthly due to the
changes in Native_capability
* The vcpu initialization in the L4Linux support library had to be adapted
according to the already mentioned changes in the Thread object's bootstrap
code.
2012-03-15 12:41:24 +01:00
|
|
|
core_thread->pager(&_sigma0);
|
2016-04-14 16:29:07 +02:00
|
|
|
_core_pd->bind_thread(core_thread);
|
2011-12-22 16:19:25 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/********************************
|
|
|
|
** Generic platform interface **
|
|
|
|
********************************/
|
|
|
|
|
|
|
|
void Platform::wait_for_exit()
|
|
|
|
{
|
|
|
|
/*
|
|
|
|
* On Fiasco, Core never exits. So let us sleep forever.
|
|
|
|
*/
|
|
|
|
sleep_forever();
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-08-07 22:16:58 +02:00
|
|
|
Affinity::Space Platform::affinity_space() const
|
|
|
|
{
|
2013-07-24 09:48:54 +02:00
|
|
|
using namespace Genode;
|
|
|
|
using namespace Fiasco;
|
2013-08-07 22:16:58 +02:00
|
|
|
|
2013-07-24 09:48:54 +02:00
|
|
|
l4_sched_cpu_set_t cpus = l4_sched_cpu_set(0, 0, 1);
|
|
|
|
l4_umword_t cpus_max;
|
|
|
|
l4_msgtag_t res = l4_scheduler_info(L4_BASE_SCHEDULER_CAP, &cpus_max,
|
|
|
|
&cpus);
|
|
|
|
if (l4_error(res)) {
|
base: avoid use of deprecated base/printf.h
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
2016-07-13 19:07:09 +02:00
|
|
|
error("could not detect number of CPUs - assuming 1 CPU");
|
2013-07-24 09:48:54 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
unsigned cpus_online = 0;
|
|
|
|
for (unsigned i = 0; i < sizeof(cpus.map) * 8; i++)
|
|
|
|
if ((cpus.map >> i) & 0x1)
|
|
|
|
cpus_online ++;
|
2013-08-07 22:16:58 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Currently, we do not gather any information about the topology of CPU
|
|
|
|
* nodes but just return a one-dimensional affinity space.
|
|
|
|
*/
|
|
|
|
return Affinity::Space(cpus_online, 1);
|
2013-07-24 09:48:54 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-12-22 16:19:25 +01:00
|
|
|
void Core_parent::exit(int exit_value) { }
|