This patch reflects eventual allocation errors in a more specific way to
the caller of 'alloc_aligned', in particular out-of-metadata and
out-of-memory are considered as different conditions.
Related to issue #526.
Rm_client is derived from Pager_object. If the Pager_object is also
derived from Thread_base (which is the case for NOVA) then the
Rm_client object must be destructed without holding the rm_session_object
lock. The native platform specific Thread_base implementation has to take
care that all in-flight page handling requests are finished before
destruction. On NOVA it is done by doing an IPC to the pager thread.
(performed in Pager_object::dissolve() in base-nova). The
called thread than executes its operation until end which also requires
in some cases to take the rm_session_object lock.
Since _client_slab insertion/deletion also must be performed
synchronized but can't be protected by the rm_session_object lock
because of the described dead_lock situation, we have
to use a synchronized allocator object to perform insertion and
deletion of Rm_clients.
With this patch clients of the RM service can state if they want a mapping
to be executable or not. This allows dataspaces to be mapped as
non-executable on Linux by default and as executable only if needed.
Partially fixes#176.
When using an ELF image as returned from the iso9660 server, such an
image is represented as a managed dataspace composed of various portions
of one RAM dataspace, each portion attached with a different offset.
Now, when mapping the text segment of the ELF image (usually starting at
0x1000 within the image), the code mapped at 0x1000 may correspond to
any offset within the RAM dataspace used by the iso9660 server. In
particular, the src-fault address (the one within the RAM dataspace) may
be higher than dst-fault address (somewhere just above 0x1000 where a
page-fault occurred). Thereby, 'curr_rm_base' may become negative
during the reverse lookup of 'Rm_client::pager'. This corner case used
to let the 'Fault_area::constrain' function return an invalid fault
area, and thereby let the reverse lookup fail. The improved version
explicitly checks for the address overflow condition and tries to
constrain the dst fault address to the largest possible log2 page within
the positive address range.
