The lazy-timer test depends on the faster-timer handler to be executed
before the fast timeout occurs, which was pretty hard to achieve on Qemu
and a busy host machine. Therefore, I increased the fast-to-faster
timeout ratio from 50/25 ms to 200/25 ms and set the test runtime to
4000 ms.
* added global offset table relative loading for global symbols
* removed 'initial_sp' and 'initial_x0' because they are currently not
used on this platform. If required they are easy to resurrect.
issue #3260
Components like kernel, core, and bootstrap that are built for a
specific board need to reside inside the same architectural dependent
build directory. For instance there are sel4, foc, and hw kernel builds
for imx6q_sabrelite and imx7d_sabre, which have to reside inside the same
arm_v7 build directory.
This commit names those components explicitely, and adapts the run-tool to it.
Fix#3316
Previously, only Invalid_dataspace, Region_conflict, and Out_of_ram were
handled for both allocate and attach with the same handlers. However,
both operations can also throw Out_of_caps and for all exceptions during
attach, the dataspace must be freed again whereas this is not the case
when the exception occured during allocate.
Issue #2953
With the new fact that plain time values are always 64 bit unsigned, the
timestamp type is never bigger than the plain time type. Therefore, a code path
in the curr_time interpolation that treated this condition is not neccessary
anymore.
Ref #3208
This enforces the use of unsigned 64-bit values for time in the duration type,
the timeout framework, the timer session, the userland timer-drivers, and the
alarm framework on all platforms. The commit also adapts the code that uses
these tools accross all basic repositories (base, base-*, os. gems, libports,
ports, dde_*) to use unsigned 64-bit values for time as well as far as this
does not imply profound modifications.
Fixes#3208
Issue #3111
remove_range may deny to the job on memory pressure or insane ranges,
which ends up in an endless loop when the Avl allocator is in destruction.
Since the Avl gets destructed, solely the memory free up is of importance,
not the correct range adjustments during remove_range.
Track the dataspaces used by attach and add handling of flushing VM space
when dataspace gets destroyed (not triggered via the vm_session interface).
Issue #3111
This patch adds the items necessary for building Genode components with
stack protection enabled, but it is not initialized at runtime. They are
provided at the moment as a convenience and do not implement a security
feature.
Fix#3066
If a component is being destroyed just before it calls `exit()` at its
parent, the `exit()` call causes an `Ipc_error` exception, which leads to
an `abort()` loop with repeated error messages, because `abort()` calls
`exit()` too. Catching the exception in `Expanding_parent_client::exit()`
avoids this problem.
Fixes#3228
* Introduces pending_signal syscall to check for new signals for the
calling thread without blocking
* Implements pending_signal in the base-library specific for hw to use the
new syscall
Fix#3217
The "schedule_post_signal_hook" method of the Genode::Entrypoint class
is problematic because the signal hook can be scheduled and replaced
multiple times during the signal dispatch cycle. Add an alternative to
this method with "register_io_progress_handler" and the "Post_signal_
hook" class with "Io_progress_handler". The difference being an
"Io_progress_handler" may be registered once during the lifetime of an
entrypoint to prevent arbitrary libraries from replacing a pending hook.
The "register_io_progress_handler" remains as a deprecated API, and is
now invoked for every I/O signal received and only for I/O signals
rather than for any signal.
Ref #3132
This commit removes APIs that were previously marked as deprecated. This
change has the following implications:
- The use of the global 'env()' accessor is not possible anymore.
- Boolean accessor methods are no longer prefixed with 'is_'. E.g.,
instead of 'is_valid()', use 'valid()'.
- The last traces of 'Ram_session' are gone now. The 'Env::ram()'
accessor returns the 'Ram_allocator' interface, which is a subset of
the 'Pd_session' interface.
- All connection constructors need the 'Env' as argument.
- The 'Reporter' constructor needs an 'Env' argument now because the
reporter creates a report connection.
- The old overload 'Child_policy::resolve_session_request' that returned
a 'Service' does not exist anymore.
- The base/printf.h header has been removed, use base/log.h instead.
- The old notion of 'Signal_dispatcher' is gone. Use 'Signal_handler'.
- Transitional headers like os/server.h, cap_session/,
volatile_object.h, os/attached*_dataspace.h, signal_rpc_dispatcher.h
have been removed.
- The distinction between 'Thread_state' and 'Thread_state_base' does
not exist anymore.
- The header cpu_thread/capability.h along with the type definition of
'Cpu_thread_capability' has been removed. Use the type
'Thread_capability' define in cpu_session/cpu_session.h instead.
- Several XML utilities (i.e., at os/include/decorator) could be removed
because their functionality is nowadays covered by util/xml_node.h.
- The 'os/ram_session_guard.h' has been removed.
Use 'Constrained_ram_allocator' provided by base/ram_allocator.h instead.
Issue #1987
This is a follow-up commit of "base/core: use references instead of
pointers". Because the 'Rm_root::_upgrade_session' implementation
lacked the 'override' keyword, my overzealous change of the pointer
argument went unnoticed.
This commit fixes the depot_rom (cached_fs_rom) failure in Sculpt.
When cached_fs_rom attempted to create a new managed dataspace while the
RM session quota was depleted, it tried to upgrade the session (via
Rm_connection::create). However, the upgraded resources never reached
the actual session because the default 'Root_component::_upgrade_session'
was called instead of 'Rm_root::_upgrade_session'.
Issue #3135
This patch adjusts the implementation of the base library and core such
that the code no longer relies on deprecated APIs except for very few
cases, mainly to keep those deprecated APIs in tact for now.
The most prominent changes are:
- Removing the use of base/printf.h
- Removing of the log backend for printf. The 'Console' with the
format-string parser is still there along with 'snprintf.h' because
the latter is still used at a few places, most prominently the
'Connection' classes.
- Removing the notion of a RAM session, which does not exist in
Genode anymore. Still the types were preserved (by typedefs to
PD session) to keep up compatibility. But this transition should
come to an end now.
- Slight rennovation of core's tracing service, e.g., the use of an
Attached_dataspace as the Argument_buffer.
- Reducing the reliance on global accessors like deprecated_env() or
core_env(). Still there is a longish way to go to eliminate all such
calls. A useful pattern (or at least a stop-gap solution) is to
pass the 'Env' to the individual compilation units via init functions.
- Avoiding the use of the old 'Child_policy::resolve_session_request'
interface that returned a 'Service' instead of a 'Route'.
Issue #1987
The notion of a RAM session does not exist anymore. Hence, we have to
adjust the name of 'init_env_ram_session'. Since this change modifies
the ABI, it comes as separate commit.
Issue #2407
- support to create multiple vCPUs
- support to implement Vm_session methods client side within base library
- adjust muen specific virtualbox4 version to compile/link
Issue #3111
This patch replaces the former prominent use of pointers by references
wherever feasible. This has the following benefits:
* The contract between caller and callee becomes more obvious. When
passing a reference, the contract says that the argument cannot be
a null pointer. The caller is responsible to ensure that. Therefore,
the use of reference eliminates the need to add defensive null-pointer
checks at the callee site, which sometimes merely exist to be on the
safe side. The bottom line is that the code becomes easier to follow.
* Reference members must be initialized via an object initializer,
which promotes a programming style that avoids intermediate object-
construction states. Within core, there are still a few pointers
as member variables left though. E.g., caused by the late association
of 'Platform_thread' objects with their 'Platform_pd' objects.
* If no pointers are present as member variables, we don't need to
manually provide declarations of a private copy constructor and
an assignment operator to avoid -Weffc++ errors "class ... has
pointer data members [-Werror=effc++]".
This patch also changes a few system bindings on NOVA and Fiasco.OC,
e.g., the return value of the global 'cap_map' accessor has become a
reference. Hence, the patch touches a few places outside of core.
Fixes#3135
This patch moves the removal of the signal context from the
'_platform_finish_dissolve' to the '_platform_begin_dissolve'
method. This is needed because the removal involves taking
the signal-registry lock. The latter must adhere the same
locking order as the code path used for signal delivery.
Fixes#3109
The former 'Genode::Timed_semaphore' mechanism is moved to the private
part of the two remaining users, namely dde_rump and the libc. Note
there are now two private copies of 'timed_semaphore.h'. This should be
regarded as an interim step until the use of this mechanism is removed
from both users.
This patch also cleans up the mechanism from legacy Genode API calls and
global side effects (alarm-thread singleton). The test/timed_semaphore
is now located at the libports repository as it now tests a mechanism of
the libc. The former timed_semaphore library is no more.
Fixes#3121
Since the timer and timeout handling is part of the base library (the
dynamic linker), it belongs to the base repository.
Besides moving the timer and its related infrastructure (alarm, timeout
libs, tests) to the base repository, this patch also moves the timer
from the 'drivers' subdirectory directly to 'src' and disamibuates the
timer's build locations for the various kernels. Otherwise the different
timer implementations could interfere with each other when using one
build directory with multiple kernels.
Note that this patch changes the include paths for the former os/timer,
os/alarm.h, os/duration.h, and os/timed_semaphore.h to base/.
Issue #3101
This commit solves several issues:
* correct calculation of overlap region when detaching regions
in managed dataspaces
* prevent unmap of Fiasco.OC's core log buffer
* calculate the core-local address of regions in managed dataspaces
if possible at all and use it to unmap on kernels where this is
needed
Fix#976Fix#3082
This can happen, for example, during 'dlopen' if unresolved symbols are
present.
* Unload already loaded shared libraries
* Delete dependencies
* Flush initializer list (ctors)
fixes#3073
Due to the changing environment this test is executed (like depot_autopilot)
the binary test-rm_fault used to check ROM dataspace's read-only property
does not suit anymore. This commit changes the binary to ld.lib.so that is
normally still provided as a ROM dataspace.
Ref #3027
This fixes the region-map component implementation in core, which uses a
'Genode::Weak_ptr<Genode::Region_map_component> _faulting_region_map'
member. This member is assigned a valid weak_ptr or an invalid weak_ptr
according to the state machine.
Fixes#3012
This patch fixes a problem in the non-const 'for_each' method of the
'Registry' data structure. If an exception was thrown from within the
functor of the 'for_each' operation, the not yet processed items of the
registry were dropped from the registry, which is not expected.
This patch removes the detection of statically linked executables from
the base framework. It thereby fixes the corner cases encountered with
Sculpt when obtaining the binaries of the runtime from the depot_rom
service that is hosted within the runtime.
Statically linked binaries and hybrid Linux/Genode (lx_hybrid) binaries
can still be started by relabeling the ROM-session route of "ld.lib.so"
to the binary name, pretending that the binary is the dynamic linker.
This can be achieved via init's label rewriting mechanism:
<route>
<service name="ROM" unscoped_label="ld.lib.so">
<parent label="test-platform"/> </service>
</route>
However, as this is quite cryptic and would need to be applied for all
lx_hybrid components, the patch adds a shortcut to init's configuration.
One can simply add the 'ld="no"' attribute to the <start> node of the
corresponding component:
<start name="test-platform" ld="no"/>
Fixes#2866
Previously, the trace control of a thread was initialized in its
constructor (which is generic for all components). This has the
disadvantage that the CPU-session-pointer member of the thread might not
be valid at this point. And it cannot be replaced by using the
"deprecated_env" CPU session neither as constructing the deprecated
environment in causes troubles in Core. But as the trace control
shouldn't be needed in Core anyway, the initialization can be moved to
the Thread::start implementation of non-core components. This code
already takes care of the CPU session pointer.
Fixes#2901
This patch addresses a corner case revealed by the resource_request test
on seL4 after changing the child-destruction handling with commit "base:
close PD on 'close_all_sessions'". During the destruction of the PD
session, the backing store (session-local RAM dataspace factory) of the
signal broker's slab was destroyed before destructing the signal broker.
Instantiating the signal broker after the RAM dataspace factory fixes
the destruction order.
This patch improves the handling of the corner case where a client
vanishes while a session request is in flight (CREATE_REQUESTED but
not yet AVAILABLE). This corner case could be sporadically observed with
the init_loop test on base-linux.
In the original version, the session would eventually be delivered but
never picked up by anyone. Such a stale session still uses resources that
should better be released. In the new version, the parent checks for the
liveliness of the client whenever a session is delivered. If there is no
client of the session, a close request is immediately issued to the
server. The session state must be preserved until the close requests has
been answered.
This patch moves the closing of a child's PD session from the 'Child'
destructor to the 'close_all_sessions' method. This way, the child's
PD quota is immediately returned as soon as init flags a child as
'abandoned', which removes jitter from init's RAM-state reports.
The patch is supposed to make the 'init_loop.run' test much happier.
This patch ensures that session-create requests are handled after close
requests, which solves the corner case where one single-session server
receives a close and create request at the same time. E.g., when
expanding a partition with Sculpt, the gpt-write tool is removed and
part_blk is started (to execute resize2fs on top) in one step. Both
interact with the USB-block driver, which is a single-session server.
Fixes#2877
The 'Child::_revert_quota_and_destroy' assumes to be called from the
client's context, which is normally the case when destroying sessions.
However, if a client's session outlives the client (because the
asynchronous close request to the server is still pending), the session
cleanup is performed in the context of the server. Here, the
'session_response' implementation wrongly called
'_revert_quota_and_destroy' to the effect that the session quota was
withdrawn from the server (good) but subsequently transferred back to
the server (bad). The patch replaces the call of
'_revert_quota_and_destroy' with only the first - correct - part of the
transaction.
In case of an Alloc_return error, don't free the address at 0. If this
is a managed dataspace, there could be valid attachments which then gets
lost.
Make decreasing alignment search working. Continue with lower alignment
restrictions in case the optimal alignment wish can't be fulfilled.
When an environment session is provided by a async service such as a
sibling component, the session metadata must be preserved until end of
the lifetime of the session at the server has been acknowledged by the
server. Since the session meta data of env sessions are always part of
the 'Child' object, the destruction of this object must be deferred
until this point.
