This ensures that the cwd of the process is within the chroot
environment, improving security for root processes.
The cwd after the chroot is the same as before, this is needed to
start binaries given as relative path name.
Using the new 'join()' function, the caller can explicitly block for the
completion of the thread's 'entry()' function. The test case for this
feature can be found at 'os/src/test/thread_join'. For hybrid
Linux/Genode programs, the 'Thread_base::join()' does not map directly
to 'pthread_join'. The latter function gets already called by the
destructor of 'Thread_base'. According to the documentation, subsequent
calls of 'pthread_join' for one thread may result in undefined behaviour.
So we use a 'Genode::Lock' on this platform, which is in line with the
other platforms.
Related to #194, #501
When an IPC server is finalized two important things should happen:
First, the association of the server socket with a capability must be
invalidated. And finally, the server socket pair (server side and client
side) must be closed.
Related to #38.
The IPC-server object exists solely on the stack of the entrypoint
thread and, therefore, would never be destructed as the thread is just
killed. Now, the object is explicitly destructed in the entrypoint
destructor. An alternative solution could instruct the entrypoint thread
the terminate, which would automatically cleanup its stack.
The object pool is assumed to be empty on destruction of the entrypoint.
If not, we warn and at least dissolve all RPC objects.
Set the right bg color instead of using a dimmed version of the fg
color. The colors are stored in the first 6 bits of the color index.
Thereby the first 3 bits contain the fg and the second 3 bits the
bg color.
The debug message in _handle_esc_seq5() now shows the sequence in
question.
Fixes#495.
Since the number of the fds in the select call is not necassarily equal
to the number of fds SYSCALL_SELECT returns we have to reset the number
of fds given as argument to select().
This keeps OpenSSH from reading from a non-ready socket.
Fixes#494.
Currently the lookup of a specific record in a tar archive may take a long
time, because the records get searched in sequence. With this patch a tree
structure representing the directory layout gets created when loading the
tar file for speeding up record lookups.
Fixes#491.
The previous implementation disregards the fact that we actually have
to use libc's plugin mechanism if we play with fds. So in the end the
libc did not know to which plugin the fd belonged.
Fixes#493.
You cannot check an unsigned size_t variable for underflow, so I
changed the code to first check if an underflow would occur before
performing the subtraction.
Fixes#489.
'Core_tlb' ensures that core never throws pagefaults,
in contrast to its base 'Tlb' that is planned to use displacement
in the future.
'Core_tlb' enables the application of differenet memory attributes
in core, according to the board specific partitioning of the physical
address space. This way it enables caching in core.
Enable caches. Core is not cached by now. This is because kernel
creates core space and doesn't know any memory attributes by now.
Cacheable pages are cached write-through without write-allocate.
Caching and write-combining is not supported for IOMEM by now.
Implement 'Signal_receiver::pending()'.
Provide display-subsystem MMIO.
Avoid method ambiguousness in 'Irq_context' in
'dde_linux/src/drivers/usb/signal/irq.cc'
(it derives from two list element classes when using 'base_hw').
Enables demo scenario with 'hw_panda_a2'.
Fix bug regarding idle thread in thread scheduling in
'base-hw/src/core/kernel.cc'.
Fix regarding signal submit in signal framework in
'base-hw/src/core/kernel.cc'.
Implies support for the ARMv6 architecture through 'base-hw'.
Get rid of 'base/include/drivers' expect of 'base/include/drivers/uart'.
Merge with the support for trustzone on VEA9X4 that came from
Stefan Kalkowski.
Leave board drivers in 'base/include/platform'.
Rework structure of the other drivers that were moved to
'base_hw/src/core' and those that came with the trustzone support.
Beautify further stuff in 'base_hw'.
Test 'nested_init' with 'hw_imx31' (hardware) and 'hw_panda_a2' (hardware),
'demo' and 'signal' with 'hw_pbxa9' (qemu) and 'hw_vea9x4'
(hardware, no trustzone), and 'vmm' with 'hw_vea9x4'
(hardware, with trustzone).
The new 'Uart::Session' interface is an extension of the
'Terminal::Session' interface that allows for configuring UART-specific
parameters, i.e., the baud rate.
This patch introduces principal support for extending session interfaces
with specialized functionality in a clean way. For example, an 'Uart'
interface may implement the 'Terminal' interface but also offers
additional functions for setting the baud rate. A service that
implements the 'Uart' service will then automatically announce both the
'Uart' and 'Terminal' services.
Extend tracking of delegated and of translated items. The additional
information is used to solely free up unused/unwanted mapped capabilities and
to avoid unnecessary revokes on capability indexes where nothing have been
received.
Fixes#430
Since FD_ZERO() resets a whole fd_set (which is 128 bytes) using it to
reset dst_fds will override otherwise used memory if the memory was
allocated dynamically and is less than sizeof (fd_set). So instead of
using this macro we reset the fd_set manually.
The Io_receptor is now used to unblock certain I/O channels from lwip's
callback-function.
There was also a bug in which all ready-to-ready fds were overriden by
the ready-to-write ones.
The Socket_io_channel class now uses the Io_channel_backend to provide
the network related methods. In addition the Socket_io_channel_registry
was replaced with a simpler implementation which uses Io_receptors to
unblock I/O channels from the callback-function of lwip.
This patch fixes the 'lx_hybrid_pthread_ipc.run' test. In order to use
the 'Genode::Lock' we need to set the SIGUSR1 handler to an empty handler.
Normally, this happens when creating a thread via the Genode API. But as
this test creates a thread via the pthread library and thereby bypasses
the Genode API, the signal handler remained unset.
Using the host compiler in this case seems to be an artifact from an
older change. On x86_64, this approach ended in unsable hybrid binaries
due to incompatible handling of non-trivial return values, i.e.
structures. See '-freg-struct-return' in GCC manual page:
"[...] If there is no standard convention, GCC defaults to
-fpcc-struct-return, except on targets where GCC is the principal
compiler. In those cases, we can choose the standard, and we chose
the more efficient register return alternative."
In other words: All x86_64 Linux systems break the ABI standard :-(
The thread ID reported to core was not always initialized prior the RPC
call. The 'startup_lock' ensures that the thread is completely
initialized before this information gets propagated.
Since the recent move of the process creation into core, the original chroot trampoline
mechanism implemented in 'os/src/app/chroot' does not work anymore. A
process could simply escape the chroot environment by spawning a new
process via core's PD service. Therefore, this patch moves the chroot
support into core. So the chroot policy becomes mandatory part of the
process creation. For each process created by core, core checks for
'root' argument of the PD session. If a path is present, core takes the
precautions needed to execute the new process in the specified chroot
environment.
This conceptual change implies minor changes with respect to the Genode
API and the configuration of the init process. The API changes are the
enhancement of the 'Genode::Child' and 'Genode::Process' constructors to
take the root path as argument. Init supports the specification of a
chroot per process by specifying the new 'root' attribute to the
'<start>' node of the process. In line with these changes, the
'Loader::Session::start' function has been enhanced with the additional
(optional) root argument.
When building in hybrid Linux/Genode mode, there exist two definitions
of 'size_t', one in the 'Genode' namespace and one imported from the
glibc headers.
