The first metadata-block, which is inherent part of the allocator object
itself has a fixed size which isn't suitable enough for some 64bit platforms
(e.g. core's RAM-allocator on a 64bit platform with lots of different regions).
This commit let the block size be address-width aware.
The code intended to stop after the first failed attempt,
however the bool variable to control this was reseted
inside the loop and so it endless loops.
Fixes#51
If nobody is blocked in a semaphore, nothing can be dequeued. If
the semaphore is used for signalling, there can be somebody in the queue,
but not necessarily.
This patch extends the RAM session interface with the ability to
allocate DMA buffers. The client specifies the type of RAM dataspace to
allocate via the new 'cached' argument of the 'Ram_session::alloc()'
function. By default, 'cached' is true, which correponds to the common
case and the original behavior. When setting 'cached' to 'false', core
takes the precautions needed to register the memory as uncached in the
page table of each process that has the dataspace attached.
Currently, the support for allocating DMA buffers is implemented for
Fiasco.OC only. On x86 platforms, it is generally not needed. But on
platforms with more relaxed cache coherence (such as ARM), user-level
device drivers should always use uncacheable memory for DMA transactions.
When creating a 'Child' object with an already active entrypoint,
session requests may arrive as soon as the '_process' is created. We
have to make sure that at least all parts of the 'Child' object needed
for serving 'session' requests are constructed. This is particularly
important for the '_policy' member.
This commit introduces placement new/delete, and a constructor for
Heap::Dataspace objects. It fixes the usage of uninitialized Dataspace
objects when expanding the heap that lead to problems in conjunction
with Native_capability smart-pointer in base-foc. Please refer to
issue #203.
Whenever Native_capability or its derivation Capaility is memcpy'd no copy-
constructor/assignment-operator is used and thereby implementation of
reference-counting gets impossible for these objects. Use object-oriented
means like e.g. copy-constructor instead.
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.
Partially fixes#176.
The 'copy_to' function turned out to be not flexible enough to
accommodate the Noux fork mechanism. This patch removes the function,
adds an accessor for the capability destination and a compound type
'Native_capability::Raw' to be used wherever plain capability
information must be communicated.
We cannot trust signal imprints received with signals to represent valid
pointers to signal contexts. After a signal context has been dissolved
from its receiver, a signal corresponding to the context might still be
in flight. Hence, we need a facility to check received signal imprints
against the list of valid contexts at reception time. The new
'Signal_context_registry' is a very simple attempt to create such a
facility.
This commit unifies the policy name for the template argument for
Native_capability_tpl to Cap_dst_policy, like suggested by Norman in the
discussion resulting from issue #145. Moreover, it takes the memcpy
operation for copying a Native_capability out of the template, which is
included by a significant bunch of files, and separates it in a library,
analog to the suggestion in issue #145.
Because we use to pass a policy class to 'Native_capability_tpl'
we can pass the dst type as part of the policy instead of as
a separate template argument. This patch also adds documentation
of the POLICY interface as expected by 'Native_capability_tpl'.
This patch unifies the Native_capability classes for the different kernel
platforms by introducing an appropriate template, and eliminating naming
differences. Please refer issue #145.
Introduce a factory-, and dereference method for local capabilities. These are
capabilities that reference objects of services, which are known to be used
protection-domain internally only. To support the new Capability class methods
a protected constructor and accessor to the local object's pointer is needed
in the platform's capability base-classes. For further discussion details please
refer issue #139.
The 'Child' framework used to perform the transfer of session quota
using 'env()->ram_session()' as hard-wired reference account. When
locally virtualizing the RAM session supplied to the 'Child', this
policy does not work. When closing a session, core would try to transfer
session quota to the virtualized RAM service, which is of course not
possible. This patch makes the reference RAM session configable via the
'Child_policy' interface.
The new function 'Platform_env::reload_parent_cap' triggers a reload
of the parent capability and its respective resources. It is needed
during the bootstrap of a new process forked from an existing Noux
process.
Until now, the RPC framework did not support const RPC functions. Rather
than being a limitation inherent to the concept, const RPC functions
plainly did not exist. So supporting them was not deemed too important.
However, there are uses of RPC interfaces that would benefit from a way
to declare an RPC function as const. Candidates are functions like
'Framebuffer::Session::mode()' and 'Input::Session::is_pending()'.
This patch clears the way towards declaring such functions as const.
Even though the patch is simple enough, the thorough support for
const-qualified RPC functions would double the number of overloads for
the 'call_member' function template (in 'base/include/util/meta.h'). For
this reason, the patch does support const getter functions with no
arguments only. This appears to be the most common use of such
functions.
This patch implements the support needed to handle exceptions that occur
during the construction of objects dynamically allocated via the
'Allocator' interface. In this case, the compiler automatically invokes
a special delete operator that takes the allocator type (as supplied to
'new') as second argument. The implementation of this delete operator
has been added to the 'cxx' library. Because the operator delete is
called without the size of the object, we can use only those allocators
that ignore the size argument of the free function and print a warning
otherwise. The added 'Allocator::need_size_for_free()' function is used
to distinguish safe and unsafe allocators.
- Let hybrid Linux/Genode programs use POSIX threads for the
implementation of the Thread API.
- Prevent linkage of cxx library to hybrid Linux/Genode programs because
the cxx functionality is covered by glibc.
