ehmry/genode
ehmry
/
genode
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
genode/repos/base-foc/src/base/thread/thread_start.cc

102 lines
2.6 KiB
C++
Raw Normal View History

Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
/*
* \brief Fiasco-specific implementation of the non-core startup Thread API
* \author Norman Feske
* \author Stefan Kalkowski
base: setup thread object for main thread in CRT0 For a main thread a thread object is created by the CRT0 before _main gets called so that _main can already run in a generic environment that, e.g., catches stack overflows as a page-fault instead of corrupting the BSS. Additionally dynamic programs have only one CRT0 - the one of the LDSO - which does the initialization for both LDSO and program. ref #989
2014-01-28 14:30:36 +01:00
* \author Martin Stein
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
* \date 2010-01-19
*/
/*
Update copyright headers to 2013
2013-01-10 21:44:47 +01:00
* Copyright (C) 2010-2013 Genode Labs GmbH
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
*
* This file is part of the Genode OS framework, which is distributed
* under the terms of the GNU General Public License version 2.
*/
/* Genode includes */
#include <base/thread.h>
#include <base/printf.h>
#include <base/sleep.h>
#include <base/env.h>
Fiasco.OC: introduce Cap_index (fixes #149, #112) This commit introduces a Cap_index class for Fiasco.OC's capabilities. A Cap_index is a combination of the global capability id, that is used by Genode to correctly identify a kernel-object, and a corresponding entry in a protection-domain's (kernel-)capability-space. The cap-indices are non-copyable, unique objects, that are held in a Cap_map. The Cap_map is used to re-find capabilities already present in the protection-domain, when a capability is received via IPC. The retrieval of capabilities effectively fixes issue #112, meaning the waste of capability-space entries. Because Cap_index objects are non-copyable (their address indicates the position in the capability-space of the pd), they are inappropriate to use as Native_capability. Therefore, Native_capability is implemented as a reference to Cap_index objects. This design seems to be a good pre-condition to implement smart-pointers for entries in the capability-space, and thereby closing existing leaks (please refer to issue #32). Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way, that it should be relatively easy to apply the same concept to NOVA also. By now, these classes are located in the `base-foc` repository, but they intentionally contain no Fiasco.OC specific elements. The previously explained changes had extensive impact on the whole Fiasco.OC platform implementation, due to various dependencies. The following things had to be changed: * The Thread object's startup and destruction routine is re-arranged, to enable another thread (that calls the Thread destructor) gaining the capability id of the thread's gate to remove it from the Cap_map, the thread's UTCB had to be made available to the caller, because there is the current location of that id. After having the UTCB available in the Thread object for that reason, the whole thread bootstrapping could be simplified. * In the course of changing the Native_capability's semantic, a new Cap_mapping class was introduced in core, that facilitates the establishment and destruction of capability mappings between core and it's client's, especially mappings related to Platform_thread and Platform_task, that are relevant to task and thread creation and destruction. Thereby, the destruction of threads had to be reworked, which effectively removed a bug (issue #149) where some threads weren't destroyed properly. * In the quick fix for issue #112, something similar to the Cap_map was introduced available in all processes. Moreover, some kind of a capability map already existed in core, to handle cap-session request properly. The introduction of the Cap_map unified both structures, so that the cap-session component code in core had to be reworked too. * The platform initialization code had to be changed sligthly due to the changes in Native_capability * The vcpu initialization in the L4Linux support library had to be adapted according to the already mentioned changes in the Thread object's bootstrap code.
2012-03-15 12:41:24 +01:00
namespace Fiasco {
#include <l4/sys/utcb.h>
}
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
using namespace Genode;
void Thread_base::_deinit_platform_thread()
{
Fiasco.OC: introduce Cap_index (fixes #149, #112) This commit introduces a Cap_index class for Fiasco.OC's capabilities. A Cap_index is a combination of the global capability id, that is used by Genode to correctly identify a kernel-object, and a corresponding entry in a protection-domain's (kernel-)capability-space. The cap-indices are non-copyable, unique objects, that are held in a Cap_map. The Cap_map is used to re-find capabilities already present in the protection-domain, when a capability is received via IPC. The retrieval of capabilities effectively fixes issue #112, meaning the waste of capability-space entries. Because Cap_index objects are non-copyable (their address indicates the position in the capability-space of the pd), they are inappropriate to use as Native_capability. Therefore, Native_capability is implemented as a reference to Cap_index objects. This design seems to be a good pre-condition to implement smart-pointers for entries in the capability-space, and thereby closing existing leaks (please refer to issue #32). Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way, that it should be relatively easy to apply the same concept to NOVA also. By now, these classes are located in the `base-foc` repository, but they intentionally contain no Fiasco.OC specific elements. The previously explained changes had extensive impact on the whole Fiasco.OC platform implementation, due to various dependencies. The following things had to be changed: * The Thread object's startup and destruction routine is re-arranged, to enable another thread (that calls the Thread destructor) gaining the capability id of the thread's gate to remove it from the Cap_map, the thread's UTCB had to be made available to the caller, because there is the current location of that id. After having the UTCB available in the Thread object for that reason, the whole thread bootstrapping could be simplified. * In the course of changing the Native_capability's semantic, a new Cap_mapping class was introduced in core, that facilitates the establishment and destruction of capability mappings between core and it's client's, especially mappings related to Platform_thread and Platform_task, that are relevant to task and thread creation and destruction. Thereby, the destruction of threads had to be reworked, which effectively removed a bug (issue #149) where some threads weren't destroyed properly. * In the quick fix for issue #112, something similar to the Cap_map was introduced available in all processes. Moreover, some kind of a capability map already existed in core, to handle cap-session request properly. The introduction of the Cap_map unified both structures, so that the cap-session component code in core had to be reworked too. * The platform initialization code had to be changed sligthly due to the changes in Native_capability * The vcpu initialization in the L4Linux support library had to be adapted according to the already mentioned changes in the Thread object's bootstrap code.
2012-03-15 12:41:24 +01:00
using namespace Fiasco;
Fiasco.OC: only access valid UTCB (fix #547) If no platform thread was created before somebody destroys a thread object, there is no valid UTCB available. Thereby, we've to check this before accessing the UTCB when destroying a thread object.
2012-12-03 16:30:56 +01:00
if (_context->utcb && _thread_cap.valid()) {
Cap_index *i = (Cap_index*)l4_utcb_tcr_u(_context->utcb)->user[UTCB_TCR_BADGE];
cap_map()->remove(i);
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
_cpu_session->kill_thread(_thread_cap);
base: add remove_client to rm_session Fixes #13
2013-01-18 09:38:19 +01:00
env()->rm_session()->remove_client(_pager_cap);
Fiasco.OC: only access valid UTCB (fix #547) If no platform thread was created before somebody destroys a thread object, there is no valid UTCB available. Thereby, we've to check this before accessing the UTCB when destroying a thread object.
2012-12-03 16:30:56 +01:00
}
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
}
CPU session: apply quota via relative weightings Physical CPU quota was previously given to a thread on construction only by directly specifying a percentage of the quota of the according CPU session. Now, a new thread is given a weighting that can be any value. The physical counter-value of such a weighting depends on the weightings of the other threads at the CPU session. Thus, the physical quota of all threads of a CPU session must be updated when a weighting is added or removed. This is each time the session creates or destroys a thread. This commit also adapts the "cpu_quota" test in base-hw accordingly. Ref #1464
2015-03-27 14:05:55 +01:00
void Thread_base::_init_platform_thread(size_t weight, Type type)
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
{
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
/* if no cpu session is given, use it from the environment */
if (!_cpu_session)
_cpu_session = env()->cpu_session();
base: setup thread object for main thread in CRT0 For a main thread a thread object is created by the CRT0 before _main gets called so that _main can already run in a generic environment that, e.g., catches stack overflows as a page-fault instead of corrupting the BSS. Additionally dynamic programs have only one CRT0 - the one of the LDSO - which does the initialization for both LDSO and program. ref #989
2014-01-28 14:30:36 +01:00
if (type == NORMAL)
{
/* create thread at core */
char buf[48];
name(buf, sizeof(buf));
CPU session: apply quota via relative weightings Physical CPU quota was previously given to a thread on construction only by directly specifying a percentage of the quota of the according CPU session. Now, a new thread is given a weighting that can be any value. The physical counter-value of such a weighting depends on the weightings of the other threads at the CPU session. Thus, the physical quota of all threads of a CPU session must be updated when a weighting is added or removed. This is each time the session creates or destroys a thread. This commit also adapts the "cpu_quota" test in base-hw accordingly. Ref #1464
2015-03-27 14:05:55 +01:00
_thread_cap = _cpu_session->create_thread(weight, buf);
base: setup thread object for main thread in CRT0 For a main thread a thread object is created by the CRT0 before _main gets called so that _main can already run in a generic environment that, e.g., catches stack overflows as a page-fault instead of corrupting the BSS. Additionally dynamic programs have only one CRT0 - the one of the LDSO - which does the initialization for both LDSO and program. ref #989
2014-01-28 14:30:36 +01:00
/* assign thread to protection domain */
foc: check result of bind_thread Issue #1418
2015-02-24 13:18:35 +01:00
if (!_thread_cap.valid() ||
env()->pd_session()->bind_thread(_thread_cap))
throw Cpu_session::Thread_creation_failed();
base: setup thread object for main thread in CRT0 For a main thread a thread object is created by the CRT0 before _main gets called so that _main can already run in a generic environment that, e.g., catches stack overflows as a page-fault instead of corrupting the BSS. Additionally dynamic programs have only one CRT0 - the one of the LDSO - which does the initialization for both LDSO and program. ref #989
2014-01-28 14:30:36 +01:00
return;
}
/* adjust values whose computation differs for a main thread */
_tid = Fiasco::MAIN_THREAD_CAP;
_thread_cap = env()->parent()->main_thread_cap();
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
foc: check result of bind_thread Issue #1418
2015-02-24 13:18:35 +01:00
if (!_thread_cap.valid())
throw Cpu_session::Thread_creation_failed();
base: setup thread object for main thread in CRT0 For a main thread a thread object is created by the CRT0 before _main gets called so that _main can already run in a generic environment that, e.g., catches stack overflows as a page-fault instead of corrupting the BSS. Additionally dynamic programs have only one CRT0 - the one of the LDSO - which does the initialization for both LDSO and program. ref #989
2014-01-28 14:30:36 +01:00
/* make thread object known to the Fiasco environment */
addr_t const t = (addr_t)this;
Fiasco::l4_utcb_tcr()->user[Fiasco::UTCB_TCR_THREAD_OBJ] = t;
foc: Create thread at core at construction time Originally, a thread was created at core not before calling the 'start' function. In order to configure the thread affinity before starting the thread, we have to make the thread known at core right at construction time. This patch moves the needed thread-creation sequence from the 'start' function to the '_init_platform_thread' function.
2013-03-21 12:47:42 +01:00
}
void Thread_base::start()
{
using namespace Fiasco;
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
/* create new pager object and assign it to the new thread */
base: add remove_client to rm_session Fixes #13
2013-01-18 09:38:19 +01:00
_pager_cap = env()->rm_session()->add_client(_thread_cap);
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
_cpu_session->set_pager(_thread_cap, _pager_cap);
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
Fiasco.OC: introduce Cap_index (fixes #149, #112) This commit introduces a Cap_index class for Fiasco.OC's capabilities. A Cap_index is a combination of the global capability id, that is used by Genode to correctly identify a kernel-object, and a corresponding entry in a protection-domain's (kernel-)capability-space. The cap-indices are non-copyable, unique objects, that are held in a Cap_map. The Cap_map is used to re-find capabilities already present in the protection-domain, when a capability is received via IPC. The retrieval of capabilities effectively fixes issue #112, meaning the waste of capability-space entries. Because Cap_index objects are non-copyable (their address indicates the position in the capability-space of the pd), they are inappropriate to use as Native_capability. Therefore, Native_capability is implemented as a reference to Cap_index objects. This design seems to be a good pre-condition to implement smart-pointers for entries in the capability-space, and thereby closing existing leaks (please refer to issue #32). Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way, that it should be relatively easy to apply the same concept to NOVA also. By now, these classes are located in the `base-foc` repository, but they intentionally contain no Fiasco.OC specific elements. The previously explained changes had extensive impact on the whole Fiasco.OC platform implementation, due to various dependencies. The following things had to be changed: * The Thread object's startup and destruction routine is re-arranged, to enable another thread (that calls the Thread destructor) gaining the capability id of the thread's gate to remove it from the Cap_map, the thread's UTCB had to be made available to the caller, because there is the current location of that id. After having the UTCB available in the Thread object for that reason, the whole thread bootstrapping could be simplified. * In the course of changing the Native_capability's semantic, a new Cap_mapping class was introduced in core, that facilitates the establishment and destruction of capability mappings between core and it's client's, especially mappings related to Platform_thread and Platform_task, that are relevant to task and thread creation and destruction. Thereby, the destruction of threads had to be reworked, which effectively removed a bug (issue #149) where some threads weren't destroyed properly. * In the quick fix for issue #112, something similar to the Cap_map was introduced available in all processes. Moreover, some kind of a capability map already existed in core, to handle cap-session request properly. The introduction of the Cap_map unified both structures, so that the cap-session component code in core had to be reworked too. * The platform initialization code had to be changed sligthly due to the changes in Native_capability * The vcpu initialization in the L4Linux support library had to be adapted according to the already mentioned changes in the Thread object's bootstrap code.
2012-03-15 12:41:24 +01:00
/* get gate-capability and badge of new thread */
Thread_state state;
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
try { state = _cpu_session->state(_thread_cap); }
cpu_session: Access thread state by value
2012-11-12 17:48:18 +01:00
catch (...) { throw Cpu_session::Thread_creation_failed(); }
Fiasco.OC: introduce Cap_index (fixes #149, #112) This commit introduces a Cap_index class for Fiasco.OC's capabilities. A Cap_index is a combination of the global capability id, that is used by Genode to correctly identify a kernel-object, and a corresponding entry in a protection-domain's (kernel-)capability-space. The cap-indices are non-copyable, unique objects, that are held in a Cap_map. The Cap_map is used to re-find capabilities already present in the protection-domain, when a capability is received via IPC. The retrieval of capabilities effectively fixes issue #112, meaning the waste of capability-space entries. Because Cap_index objects are non-copyable (their address indicates the position in the capability-space of the pd), they are inappropriate to use as Native_capability. Therefore, Native_capability is implemented as a reference to Cap_index objects. This design seems to be a good pre-condition to implement smart-pointers for entries in the capability-space, and thereby closing existing leaks (please refer to issue #32). Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way, that it should be relatively easy to apply the same concept to NOVA also. By now, these classes are located in the `base-foc` repository, but they intentionally contain no Fiasco.OC specific elements. The previously explained changes had extensive impact on the whole Fiasco.OC platform implementation, due to various dependencies. The following things had to be changed: * The Thread object's startup and destruction routine is re-arranged, to enable another thread (that calls the Thread destructor) gaining the capability id of the thread's gate to remove it from the Cap_map, the thread's UTCB had to be made available to the caller, because there is the current location of that id. After having the UTCB available in the Thread object for that reason, the whole thread bootstrapping could be simplified. * In the course of changing the Native_capability's semantic, a new Cap_mapping class was introduced in core, that facilitates the establishment and destruction of capability mappings between core and it's client's, especially mappings related to Platform_thread and Platform_task, that are relevant to task and thread creation and destruction. Thereby, the destruction of threads had to be reworked, which effectively removed a bug (issue #149) where some threads weren't destroyed properly. * In the quick fix for issue #112, something similar to the Cap_map was introduced available in all processes. Moreover, some kind of a capability map already existed in core, to handle cap-session request properly. The introduction of the Cap_map unified both structures, so that the cap-session component code in core had to be reworked too. * The platform initialization code had to be changed sligthly due to the changes in Native_capability * The vcpu initialization in the L4Linux support library had to be adapted according to the already mentioned changes in the Thread object's bootstrap code.
2012-03-15 12:41:24 +01:00
_tid = state.kcap;
_context->utcb = state.utcb;
Fiasco.OC: several capability ref-counter fixes. This commit fixes several issues that were triggered e.g. by the 'noux_tool_chain' run-script (fix #208 in part). The following problems are tackled: * Don't reference count capability selectors within a task that are actually controlled by core (all beneath 0x200000), because it's undecideable which "version" of a capability selector we currently use, e.g. a thread gets destroyed and a new one gets created immediately some other thread might have a Native_capability pointing to the already destroyed thread's gate capability-slot, that is now a new valid one (the one of the new thread) * In core we cannot invalidate and remove a capability from the so called Cap_map before each reference to it is destroyed, so don't do this in Cap_session_component::free, but only reference-decrement within there, the actual removal can only be done in Cap_map::remove. Because core also has to invalidate a capability to be removed in all protection-domains we have to implement a core specific Cap_map::remove method * When a capability gets inserted into the Cap_map, and we detect an old invalid entry with the dame id in the tree, don't just overmap that invalid entry (as there exist remaining references to it), but just remove it from the tree and allocate an new entry. * Use the Cap_session_component interface to free a Pager_object when it gets dissolved, as its also used for allocation
2012-08-29 15:52:18 +02:00
Cap_index *i = cap_map()->insert(state.id, state.kcap);
l4_utcb_tcr_u(state.utcb)->user[UTCB_TCR_BADGE] = (unsigned long) i;
l4_utcb_tcr_u(state.utcb)->user[UTCB_TCR_THREAD_OBJ] = (addr_t)this;
Fiasco.OC: introduce Cap_index (fixes #149, #112) This commit introduces a Cap_index class for Fiasco.OC's capabilities. A Cap_index is a combination of the global capability id, that is used by Genode to correctly identify a kernel-object, and a corresponding entry in a protection-domain's (kernel-)capability-space. The cap-indices are non-copyable, unique objects, that are held in a Cap_map. The Cap_map is used to re-find capabilities already present in the protection-domain, when a capability is received via IPC. The retrieval of capabilities effectively fixes issue #112, meaning the waste of capability-space entries. Because Cap_index objects are non-copyable (their address indicates the position in the capability-space of the pd), they are inappropriate to use as Native_capability. Therefore, Native_capability is implemented as a reference to Cap_index objects. This design seems to be a good pre-condition to implement smart-pointers for entries in the capability-space, and thereby closing existing leaks (please refer to issue #32). Cap_index, Cap_map, and the allocator for Cap_index objects are designed in a way, that it should be relatively easy to apply the same concept to NOVA also. By now, these classes are located in the `base-foc` repository, but they intentionally contain no Fiasco.OC specific elements. The previously explained changes had extensive impact on the whole Fiasco.OC platform implementation, due to various dependencies. The following things had to be changed: * The Thread object's startup and destruction routine is re-arranged, to enable another thread (that calls the Thread destructor) gaining the capability id of the thread's gate to remove it from the Cap_map, the thread's UTCB had to be made available to the caller, because there is the current location of that id. After having the UTCB available in the Thread object for that reason, the whole thread bootstrapping could be simplified. * In the course of changing the Native_capability's semantic, a new Cap_mapping class was introduced in core, that facilitates the establishment and destruction of capability mappings between core and it's client's, especially mappings related to Platform_thread and Platform_task, that are relevant to task and thread creation and destruction. Thereby, the destruction of threads had to be reworked, which effectively removed a bug (issue #149) where some threads weren't destroyed properly. * In the quick fix for issue #112, something similar to the Cap_map was introduced available in all processes. Moreover, some kind of a capability map already existed in core, to handle cap-session request properly. The introduction of the Cap_map unified both structures, so that the cap-session component code in core had to be reworked too. * The platform initialization code had to be changed sligthly due to the changes in Native_capability * The vcpu initialization in the L4Linux support library had to be adapted according to the already mentioned changes in the Thread object's bootstrap code.
2012-03-15 12:41:24 +01:00
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
/* register initial IP and SP at core */
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
_cpu_session->start(_thread_cap, (addr_t)_thread_start, _context->stack_top());
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
}
void Thread_base::cancel_blocking()
{
base: add cpu_session parameter to thread creation Fixes #1114
2014-04-03 14:18:52 +02:00
_cpu_session->cancel_blocking(_thread_cap);
Imported Genode release 11.11
2011-12-22 16:19:25 +01:00
}