5c8373bec3
This patch introduces clean synchronization between the entrypoint thread and the caller of the 'Rpc_entrypoint' destructor. The most important change is the handling of the 'Ipc_server' destruction. This object is in the local scope of the server's entry function. However, since the server loop used to be an infinite loop, there was hardly any chance to destruct the object in a clean way. Hence, the 'Rpc_entrypoint' destructor used to explicitly call '~Ipc_server'. Unfortunately, this approach led to problems because there are indeed rare cases where the server thread leaves the scope of the entry function, namely uncaught exceptions. In such a case, the destructor would have been called twice. With the new protocol, we make sure to leave the scope of the entry function and thereby destroy the 'Ipc_server' object as expected. This is achieved by propagating the exit condition through a local RPC call to the entrypoint. This way, the blocking state of the entrypoint becomes unblocked. Furthermore, '~Rpc_entrypoint' makes use of the new 'join' function to wait for the completion of the server thread.
93 lines
2.2 KiB
C++
93 lines
2.2 KiB
C++
/*
|
|
* \brief Default version of platform-specific part of RPC framework
|
|
* \author Norman Feske
|
|
* \date 2006-05-12
|
|
*
|
|
* This version is suitable for platforms similar to L4. Each platform
|
|
* for which this implementation is not suited contains a platform-
|
|
* specific version in its respective 'base-<platform>' repository.
|
|
*/
|
|
|
|
/*
|
|
* Copyright (C) 2006-2012 Genode Labs GmbH
|
|
*
|
|
* This file is part of the Genode OS framework, which is distributed
|
|
* under the terms of the GNU General Public License version 2.
|
|
*/
|
|
|
|
/* Genode includes */
|
|
#include <base/rpc_server.h>
|
|
#include <base/sleep.h>
|
|
|
|
using namespace Genode;
|
|
|
|
|
|
/***********************
|
|
** Server entrypoint **
|
|
***********************/
|
|
|
|
Untyped_capability Rpc_entrypoint::_manage(Rpc_object_base *obj)
|
|
{
|
|
Untyped_capability ep_cap = Native_capability(_cap.dst(), 0);
|
|
Untyped_capability new_obj_cap = _cap_session->alloc(ep_cap);
|
|
|
|
/* add server object to object pool */
|
|
obj->cap(new_obj_cap);
|
|
insert(obj);
|
|
|
|
/* return capability that uses the object id as badge */
|
|
return new_obj_cap;
|
|
}
|
|
|
|
|
|
void Rpc_entrypoint::entry()
|
|
{
|
|
Ipc_server srv(&_snd_buf, &_rcv_buf);
|
|
_ipc_server = &srv;
|
|
_cap = srv;
|
|
_cap_valid.unlock();
|
|
|
|
/*
|
|
* Now, the capability of the server activation is initialized
|
|
* an can be passed around. However, the processing of capability
|
|
* invocations should not happen until activation-using server
|
|
* is completely initialized. Thus, we wait until the activation
|
|
* gets explicitly unblocked by calling 'Rpc_entrypoint::activate()'.
|
|
*/
|
|
_delay_start.lock();
|
|
|
|
while (!_exit_handler.exit) {
|
|
|
|
int opcode = 0;
|
|
|
|
srv >> IPC_REPLY_WAIT >> opcode;
|
|
|
|
/* set default return value */
|
|
srv.ret(ERR_INVALID_OBJECT);
|
|
|
|
/* atomically lookup and lock referenced object */
|
|
{
|
|
Lock::Guard lock_guard(_curr_obj_lock);
|
|
|
|
_curr_obj = obj_by_id(srv.badge());
|
|
if (!_curr_obj)
|
|
continue;
|
|
|
|
_curr_obj->lock();
|
|
}
|
|
|
|
/* dispatch request */
|
|
try { srv.ret(_curr_obj->dispatch(opcode, srv, srv)); }
|
|
catch (Blocking_canceled) { }
|
|
|
|
_curr_obj->unlock();
|
|
_curr_obj = 0;
|
|
}
|
|
|
|
/* answer exit call, thereby wake up '~Rpc_entrypoint' */
|
|
srv << IPC_REPLY;
|
|
|
|
/* defer the destruction of 'Ipc_server' until '~Rpc_entrypoint' is ready */
|
|
_delay_exit.lock();
|
|
}
|