#
6af6d2d2 |
|
18-Sep-2018 |
Mark Seaborn <mseaborn@google.com> |
[kernel] Use "status != ZX_OK" pattern instead of "status < 0" "status != ZX_OK" is the preferred and most common pattern for checking for an error status. "status < 0" is less common and not preferred, so convert instances of that in kernel/ to use the preferred pattern. Bug: none Test: runtests Change-Id: I4c014be288d2378d8698f8d748de99c03020f2da
|
#
989ee4e8 |
|
13-Jun-2018 |
David Moore <davemoore@google.com> |
[syscalls] Change vmar_... calls - Create zx_vm_option_t type - Change ZX_VM_FLAG_... to ZX_VM_... and make them new type. - Change int32_t flags parameters to zx_vm_option_t options - Make the options parameter be second. - Modify vmar_..._old functions to keep other repos working. Once they've all been updated these functions will go away. ZX-2264 Test:CQ Change-Id: I1faf4cc4e1e4dabf3d8ef680e398d83a545b0f09
|
#
7d81deec |
|
19-Apr-2018 |
Christopher Anderson <cja@google.com> |
[kernel][rsrc] Change ResourceDispatcher model In general, this change moves resources to a model of "resource allocation" and "resource validation" as separate but related concepts. On resource creation, an allocation against physical address space is made. On resource validation, a syscall checks that the resource provided has the correct allocation to permit the call asked. This means that the ROOT resource /can/ allocate resources, but does not have to if it simply wants to pass syscall validation. This is important so that the ROOT resource can create specific resources that are then passed out to drivers and used to validate access to their hardware resources. - Change low/high to base/length and change logic to match. - Wire in usage of PhysicalAspaceManager so MMIO/IOPORT/IRQ resources try to allocate from the global address space. - Change resource access so that only the root resource can create sub-resources. - Track ResourceDispatchers created across the system. - Define ZX_RSRC_KIND_ROOT as a privileged resource that will pass all validation so that platform bus implementations like ACPI can behave as they may. - Initialize the allocators after the heap is initialized. - Reserve regions marked as memory by the bootloader for x86. - Reserve regions marked as memory in the zbi structures for ARM. - zx_vmo_create_physical calls validate_resource_mmio - zx_ioports_request calls validate_resource_ioports - zx_interrupt_create calls validate_resource_irq Test: For kernel tests, 'k ut resources'. Syscall tests are run as part of core-tests. ZX-971 #done Change-Id: Iac6c4aa9e95718a0a0768ef8e3036353e73de8dd
|
#
30ac10bf |
|
18-Jun-2018 |
Carlos Pizano <cpu@google.com> |
[zircon] non-resizable VMOS This CL introduces the first option for VMO creation ZX_VMO_NOT_RESIZABLE that 'locks' the size of a root (non-clone) VMO Also enables the same for COW clones via ZX_VMO_CLONE_NON_RESIZEABLE This is meant to answer safety hazards of having a client pass VMOs to servers which the client can resize while the server is copying data into via a memory map. Today this is done via ZX_INFO_HANDLE_COUNT but that turns out is racy. This CL also cleans up vmo-tests so they using proble_for_read and probe_for_write instead of using unrelated syscalls to test memory mappings. TEST=added unittests in vmo_tests ZX-2279 #comment progress Change-Id: If69ce772dcccd92db83f5bda313ae2343ebb448e
|
#
e5d429fb |
|
28-Mar-2018 |
Shai Barack <shayba@google.com> |
[syscall][vmo] removal of zx_vmo_{read,write}() actual parameter 16/n Plumb removal of actual further down. Still need to plumb into sys_process_{read,write}_memory ZX-1802 Change-Id: Ibba8ce14815f34a9ca08abf854996418a25d1a87
|
#
e03f6e82 |
|
12-Dec-2017 |
Todd Eisenberger <teisenbe@google.com> |
[syscall][mexec] Append LAST_CRASHLOG bootdata if we have a crashlog Also make crashlog VMO readonly in userspace. ZX-1485 #done Change-Id: Ifd54e3d38065d295c4aaef79ad39929e27f26711
|
#
e1df9715 |
|
12-Dec-2017 |
Todd Eisenberger <teisenbe@google.com> |
[kernel][userboot] Stash crashlog for mexec to maybe use later Change-Id: Icebaade38d33f08a63482c6a928ba0593d06ae9d
|
#
3a828bef |
|
06-Dec-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][object] Clean up Handle implementation This moves everything into the Handle class. The code that was in global functions before is now in class and instance methods, and there's miscellaneous refactoring to make the code tighter. Almost all the public API functions now use the HandleOwner smart pointer type rather than raw Handle* pointers. The <object/handle_owner.h> header is gone and now HandleOwner is defined directly in <object/handle.h>, which simplifies things. Change-Id: I578c948c347e1ffa74c3a254738387303610da79
|
#
75cd3680 |
|
05-Dec-2017 |
Roland McGrath <mcgrathr@google.com> |
Clean up sloppy zx_handle_t/integer conflation Change-Id: I5659232efa8531ef97261639cc65f211ee9f0cc8
|
#
41ec851b |
|
28-Nov-2017 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][cmdline] do some additional bounds check on indexes It was possible to end up with a case where the index went negative, causing an early kernel crash. Change-Id: I9ac3dcdb07b9cd1464da8833ab9dc5d1291d1731
|
#
07e82268 |
|
05-Oct-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel] Remove kernel/app module This is no longer used at all. The kernel/app/tests code doesn't use the "app" infrastructure. So move it to kernel/tests. Change-Id: I6cd8ec1bf569fd95940e5ebf4dc5f640b265eb69
|
#
de91daa6 |
|
05-Oct-2017 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][shell] remove app/shell, move the functionality into lib/console Will add the ability to conditionally enable the kernel shell in an upcoming commit. Change-Id: I28b4ca17d66677ee76bfe38c0aa3fe88206b55c4
|
#
f3e2126c |
|
12-Sep-2017 |
Roland McGrath <mcgrathr@google.com> |
[zx] Magenta -> Zircon The Great Renaming is here! Change-Id: I3229bdeb2a3d0e40fb4db6fec8ca7d971fbffb94
|
#
59e644b1 |
|
07-Sep-2017 |
George Kulakowski <kulakowski@google.com> |
[zircon][mxtl->fbl] Rename mxtl to fbl Change-Id: Ie21b6498e1bfb0a7fa0315e40b9e5c3ee78646be
|
#
ea31f442 |
|
01-Sep-2017 |
Dave Bort <dbort@google.com> |
[libobject] Split magenta.h handle fns into handles.h Change-Id: Ic1ad6964128d34c206df3f3f325ed6c115ec5e0e
|
#
e1490736 |
|
01-Sep-2017 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][vm] move kernel/kernel/vm to just kernel/vm Change-Id: I8f724a9f8a61415712661d1fdd3dc4e1c70cf620
|
#
388a7f68 |
|
31-Aug-2017 |
Dave Bort <dbort@google.com> |
[lib/magenta] Rename kernel/lib/magenta to kernel/object TODO: Rename magenta.{cpp,h} and other instances of "magenta" in this module. For MG-1091 "Rename kernel/lib/magenta" Change-Id: I2abc316f543798e00d3a4d1c2c83195da26e6836
|
#
22256063 |
|
21-Aug-2017 |
George Kulakowski <kulakowski@google.com> |
[kernel][status] Convert the rest of kernel/lib to mx_status_t Change-Id: Iba1bb7024bcefa7c5e3ee58b02d0be758c6545ae
|
#
4efe154a |
|
20-Aug-2017 |
George Kulakowski <kulakowski@google.com> |
[kernel][channel] Remove unused flags/options argument in channel creation Change-Id: I1c2a68566e63b36214691e52a97e5b03cd1b6015
|
#
70c32602 |
|
04-Aug-2017 |
Andrew Krieger <andrewkrieger@google.com> |
[kernel][entropy] Add entropy collector class Introduce a new type to represent entropy collectors. Currently, the kernel has a few functions that read entropy into a buffer, e.g. hw_rng_get_entropy. This commit basically just wraps hw_rng_get_entropy in a C++ object. The main advantage will come once there are more sources, so that we can use virtual functions to provide a common interface and use class instances to save state (e.g. hardware configuration, for some entropy sources). Change-Id: I17d9e6a0146faae2b56a7fb3031bea4d64f8a011
|
#
07b2a26e |
|
02-Aug-2017 |
Brian Swetland <swetland@google.com> |
[userboot][devmgr][crashlog] wire up platform_recover_crashlog() Pass a vmo with the crashlog contents through userboot to devmgr so it can be installed in /boot/log/last-panic.txt Change-Id: I07c1b01c642e60a095736b34beffd5b04bb55a24
|
#
a23c93a6 |
|
03-Aug-2017 |
Andrew Krieger <andrewkrieger@google.com> |
[kernel][entropy] Move entropy collector test Before this commit, the entropy collector quality test code was mixed into global_prng.cpp. After this commit, it gets its own file. The actual test code was very minimally modified. In particular: - lines 11--93 of the new entropy/quality_test.cpp are almost an exact cut/paste of lines 86--168 of the old global_prng.cpp, except: * the namespace was changed from "internal" to "test" * "static" was removed from the definition of TestEntropyCollector() - declarations were moved from global_prng.h to entropy/quality_test.h - namespaces and includes were updated in various places Magenta still builds and boots both with and without ENABLE_ENTROPY_COLLECTOR_TEST, and runs as expected with the ENABLE. Change-Id: I00c25fa14c93401ca91ee92c2f35c7e21ac42896
|
#
022aebb9 |
|
01-Aug-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] Remove obsolete ARM32 Thumb hack This is no longer relevant since ARM32 support is gone. Change-Id: Idfa1e4963c9e0b029482613f349f5cba8b31fae3
|
#
95cfc67e |
|
26-Jul-2017 |
Brian Swetland <swetland@google.com> |
[kernel] make handles unsigned The kernel was already 99.999% unsigned-handle-clean. The bulk of this change is updating a ton of trace printfs. Change-Id: Ief1dd6344fdccbd6da47fb1174961ca080eaf5e8
|
#
c83278ba |
|
24-Jul-2017 |
George Kulakowski <kulakowski@google.com> |
[magenta][userthread] Collapse UserThread and ThreadDispatcher Change-Id: Ib4ff94acf0f25d08d13073e7f7ce0fea4f943e0c
|
#
96115257 |
|
27-Jun-2017 |
Andrew Krieger <andrewkrieger@google.com> |
[kernel][rng] Add entropy collector test Add a special build of Magenta that will pause during boot to test entropy collectors. It gathers approximately 1 Mbit of random data into a buffer, then proceeds with boot. Later the data will be copied to a VMO and exposed in the filesystem as /boot/kernel/debug/entropy.bin. To build the entropy collector test system, set the ENABLE_ENTROPY_COLLECTOR_TEST preprocessor flag, either by adding EXTERNAL_DEFINES := ENABLE_ENTROPY_COLLECTOR_TEST=1 to local.mk, or by adding EXTERNAL_DEFINES=ENABLE_ENTROPY_COLLECTOR_TEST=1 to the call to make. When ENABLE_ENTROPY_COLLECTOR_TEST is not set, no extra kernel memory is allocated and no debug file is produced. Change-Id: I55e6d5bb6323b5434e407b12ca14ddc79fe9237d
|
#
464f7a4d |
|
11-Jul-2017 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][vm] flip the VmObject::Create() calls to returning an error and taking a ref ptr as an arg Lets us more easily check errors inside the create function and return the right thing instead of just MX_ERR_NO_MEMORY Change-Id: I20f6e9453204a8d0f6ce2eabf735451c8d10d952
|
#
23775189 |
|
05-Jul-2017 |
Dave Bort <dbort@google.com> |
[magenta][channels] Hide the internals of MessagePacket Will make it easier to switch to using mbuf-style data buffers. Also, avoid ktracing when sys_channel_write fails. Change-Id: I5d7f0c2e771e7d3c84c592c1b26f868470f0f6e1
|
#
c1374227 |
|
29-Jun-2017 |
Brian Swetland <swetland@google.com> |
[resources] massively simplify resources Resources now are simple access tokens with a 32bit "kind" and a 64bit "range". If you have the WRITE right, you can create a child resource, provided that child is of the same kind and of a range that fits within the parent's range. The kernel gives userspace a single "root" resource which may be used to create any kind of resource. Change-Id: I4817b7b787386059e02a36ee235723bfb1244934
|
#
4449da79 |
|
20-Jun-2017 |
Mark Seaborn <mseaborn@google.com> |
Remove some unnecessary semicolons Change-Id: I0ae2824f1aeae1af977a9e213963706d02186bb4
|
#
afa9d2b6 |
|
15-Jun-2017 |
George Kulakowski <kulakowski@google.com> |
[kernel][lib] Use the new MX_OK and MX_ERR_* names Change-Id: I436bb0728838729bef6e20a6db0e8ce6a96b5534
|
#
9cb0b3cb |
|
09-Jun-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot][system][core][userboot] Name remaining VMOs Make the kernel give the userboot process's initial VMOs (stack and raw RAM disk) names. Make userboot give its child's initial stack VMO a name. Change-Id: I30f87603ce25c30f5aa3e29729c054d38f7d8bfb
|
#
4d682aee |
|
26-May-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][vdso][userboot][devmgr] Machinery for variant vDSOs This provides machinery to implement multiple variants of the vDSO. Each variant can blacklist some of the functions so their symbols are not visible to dynamic linking and their code gets blacked out so there's no secret jump targets to use. Because all the variants are just subsets of the full-featured vDSO, all the code addresses still match across all variants and the syscall entry enforcement machinery doesn't need to care which variant is being used. All the available vDSO VMOs are attached at /boot/vdso/<name>, where <name> is "full" for the primary vDSO and other names will be used for variants. Currently, only some test variants are implemented. Each variant can blacklist one or more category of syscalls. A category is any attribute name used in syscalls.sysgen. A new variant is added by adding an element to the VDso::Variant enum and adding a case for that to VDso::CreateVariant that sets the name and calls blacklist_<category>_syscalls for each category to be blacklisted in that variant. Change-Id: I32e5ee658a903365fff234e22738f7127622ed33
|
#
1fb8124a |
|
16-May-2017 |
George Kulakowski <kulakowski@google.com> |
[mxcpp][mxalloc] Split mxcpp into mxcpp and mxalloc mxcpp used to provide three things. (1) is a very minimal C++ runtime environment. This means essentially the definition of __cxa_pure_virtual, which is a function the compiler expects to have ambient. This functionality is necessary for code written in environments which cannot link the standard library (the kernel and a handful of initial userspace processes). (2) is the definitions of the standard new and delete overloads. Again, these are needed for code that wants to call them but to not link the standard library, but this time only in userspace (the kernel does not want certain behavior stemming from the standard overloads). The behavior is slightly different than the standard ones in failure cases, but not in a way particularly interesting to the rest of this email. (3) is the userspace version of our special AllocChecker new overloads. This mechanism exists for kernelspace, where allocation failure is real and needs to be handled. This mechanism works perfectly well in userspace, in that it compiles, even though the underlying allocator is unlikely to ever return nullptr. It's therefore essentially harmless in userspace. A handful of small libraries are used in both userspace and in the kernel, and also use this mechanism. Note that this feature is essentially copy-pasted between the kernel and userspace. This all works perfectly well for the kernel. Some userspace code also uses these mechanisms, as mentioned. As long as the standard library isn't linked, there are again no issues. But as soon as you want both (3) and std::vector, which is a reasonable thing to want!, there are issues because (1) and (3) come in the same static library. This causes link failures due to duplicate __cxa_pure_virtual symbols. This issue is exacerbated by different behavior in Linux, OS X, and target linkage, in terms of confusion and it-works-on-my-machine sort of issues. This patch splits mxcpp into: mxcpp, containing (1) __cxa_pure_virtual and (2) only if in userspace, the standard new and delete overloads; and mxalloc, containing (3) AllocChecker. mxcpp is mutually exclusive of the standard library. mxalloc can be linked against both code using the standard library, and against code using mxcpp. This patch also deduplicates the AllocChecker between userspace and kernel, and moves the InlineArray class into the kernel (its only callsites are in the kernel). Change-Id: Id42d5d019ee977d44d6cb89ce7ab6884f7a56cd1
|
#
a13858d7 |
|
08-May-2017 |
Abdulla Kamar <abdulla@google.com> |
[hypervisor] Add e820 to guest_create_bootdata. Add e820 tables to guest_create_bootdata so that we can describe the memory map to the guest. Change-Id: Ifafe50297c549d04fc6050902587076628e5cb99
|
#
c97d939b |
|
08-May-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][vm] Track and restrict each process's mapping of the vDSO Executable mappings from the vDSO VMO are limited to one per process and must map exactly the whole code segment from the VMO. NOTE: The "one per process" rule is not actually enforced yet. It breaks thread-injection-test, which tries to load the vDSO twice. That will be fixed by later changes. Change-Id: Id99b567e9381d6e2941dde7851e13a582ef5d331
|
#
c294fabb |
|
24-Apr-2017 |
Brian Swetland <swetland@google.com> |
[processargs] tidy up naming and numbering This cleans stuff up ahead of the addition of string tables for the upcoming PA_NS_DIR and PA_NS_REQ types and the eventual flattening of PA_MXIO_* to a single type, using subtypes for protocol. - Align names with current-day usage - Organize numbering / ordering around subsystem usage - Reduce "type" field to 8 bits - Reserve space for "subtype" field - Use PA_ namespace and shorter a lot of very long names Change-Id: I5e59f412c3b9bd79d90f921a248a6d98d4b703bc
|
#
763f4c85 |
|
22-Apr-2017 |
Roland McGrath <mcgrathr@google.com> |
[core][userboot] Clean up bootdata-scanning code Functions do it with more fun. Change-Id: I3ddbc0cbc4e156570d2c42dafd36323d9ef4a258
|
#
d6ccb8a0 |
|
20-Apr-2017 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][vm] split the vm_object.h file into three separate files No functional change. Change-Id: I0407497936a716c0fa38417b4ef732774e7ff5fa
|
#
3ee7f9d4 |
|
12-Apr-2017 |
George Kulakowski <kulakowski@google.com> |
[process] Have CreateUserThread return a ThreadDispatcher directly All existing callers ignored the UserThread and just created a ThreadDisptacher anyway. Change-Id: Idf707d24697c39760d5ee406d413575987e5818c
|
#
c96a94fe |
|
02-Mar-2017 |
Brian Swetland <swetland@google.com> |
[kernel] remove last bits of bootfs embedding Change-Id: Ia0a6a7efcb587c1931f7b9e5b216962e42957a65
|
#
27eb826d |
|
27-Feb-2017 |
George Kulakowski <kulakowski@google.com> |
[kernel][style] Use nullptr rather than NULL in kernel C++ code Change-Id: I7feea6a42c00531be28a98c820b2c234484bfe3b
|
#
227fcab8 |
|
27-Feb-2017 |
Mike Voydanoff <voydanoff@google.com> |
[userboot] Fix command line corruption problem Reserve an extra slot in bootstrap_message handle_info array for uncompressed bootfs handle. Otherwise we overwrite the first 4 bytes of the kernel command line. Change-Id: Ifd8af2440eb250cda990f094c0c5b04ddeb94a8c
|
#
150e27c6 |
|
26-Feb-2017 |
Brian Swetland <swetland@google.com> |
[userboot] cleanup and prep for multi-bootdata world - enable the system to boot when EMBED_USER_BOOTFS is false (a valid primary bootfs image must be in the ramdisk in this case) - kernel passes bootdata containers to userboot as TYPE_BOOTDATA - userboot passes decompressed bootfs to devmgr as TYPE_BOOTFS - bootdata/decompress is more general purpose, can decompress a single bootdata section from a vmo, doesn't depend on userboot's fail() and print() interfaces Change-Id: Ibfe0ebdb8000030bd10162967e6687db02d0604d
|
#
b8fe7962 |
|
20-Jan-2017 |
George Kulakowski <kulakowski@google.com> |
[handles] Allow MapHandleToValue to use a HandleOwner This obviates a bunch of needless .get() calls. Change-Id: Ib3e6df10def8b5b63e97602d0d44f62a6ab5a552
|
#
82ed65e3 |
|
19-Jan-2017 |
James Robinson <jamesr@google.com> |
[magenta] Rename HandleUniquePtr -> HandleOwner and make it safer This renames HandleUniquePtr to HandleOwner now that it is no longer a specialization of unique_ptr and also restricts visibility for ~Handle so that only DeleteHandle can be used to cause a Handle's destruction. Change-Id: I25556a87a7038ca6fd72b210bff5f4e1ea55a8d0
|
#
935f944f |
|
12-Jan-2017 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] Use a VMAR for the userboot+vDSO image Change-Id: I0d3e60e884f8a7a564e762f07e5ca884ab4ebada
|
#
b5c488c1 |
|
09-Jan-2017 |
James Robinson <jamesr@google.com> |
[magenta] Remove Dispatch::get_specific() and solidify DownCastDispatcher get_specific() returned a raw pointer to a reference counted object which is tricky to use correctly without leaks, as evidenced by the leak in DownCastDispatcher. With our RefPtr and C++ move semantics there is no need to escape to raw pointers - it is fine and preferable to remain in RefPtr<> objects and move when appropriate to avoid reference counting churn. This implements a non-leaking version of DownCastDispatcher and transforms calls of the form mxtl::RefPtr<Dispatcher> dispatcher = ....; DispatcherSubclass* disp_subclass = dispatcher.get_specific<DispatcherSubclass>(); (with disp_subclass normally hidden in 'auto') to this: mxtl::RefPtr<Dispatcher> dispatcher = ....; mxtl::RefPtr<DispatcherSubclass> disp_subclass = DownCastDispatcher<DispatcherSubclass>(&dispatcher); This moves the reference count into the subclass object when the type check succeeds. Change-Id: I950a46273bd513d7c178016a7d222ca59669cd9b
|
#
aba56c69 |
|
16-Dec-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel] Make ProcessDispatcher::Create return a VmAddressRegionDispatcher All (both) callers ProcessDispatcher::Create immediately set up a VmAddressRegionDispatcher for the root VMAR, so roll it into Create. Change-Id: I8f81b9390f1a66f90b3f357107c0b57aab75c572
|
#
2d1c46fe |
|
15-Nov-2016 |
Todd Eisenberger <teisenbe@google.com> |
[vm] Implement new VM Address Region syscall interface For compatibility, allow passing a process handle instead of a VMAR to the vmar_map/unmap/protect calls and add usermode shims that translate the old syscalls into the new ones. Change-Id: I9ba29921d45f47d0d068e46e113dac1d139fce52
|
#
2675ae30 |
|
18-Nov-2016 |
George Kulakowski <kulakowski@google.com> |
[userboot] Move UserThread into ThreadDispatcher Change-Id: I3f7c7fa4dfee11f28f88d17c7cb20178eefa076f
|
#
317cffbb |
|
14-Nov-2016 |
Brian Swetland <swetland@google.com> |
[kernel][resources] wire up get-children and get-records Change-Id: I523f05b4549897a573745d2d1c8a913c98660c3b
|
#
3a0c8d42 |
|
14-Nov-2016 |
Mark Seaborn <mseaborn@google.com> |
[kernel] Fix race between AddThread() and Kill()/Exit() AddThread() checks state_ and refuses to add a thread if the process is DYING or DEAD. However, before this change, it doesn't claim state_lock_, so that check is ineffective: it can race with terminating the process (via SetState()), which sets state_. As a result, a thread can get added after process termination has been started. If that happens, it's possible that process termination will never complete. The obvious fix is to claim state_lock_ in AddThread(). That doesn't work by itself, because there are two routes through which AddThread() is called: 1) Starting a process's initial thread: sys_process_start() -> ProcessDispatcher::Start() -> UserThread::Start() -> ProcessDispatcher::AddThread() ProcessDispatcher::Start() claims state_lock_, so AddThread() can't claim it too. 2) Starting subsequent threads: sys_thread_start() -> UserThread::Start() -> ProcessDispatcher::AddThread() This change resolves that by removing ProcessDispatcher::Start() and moving its functionality into AddThread(). This makes sys_process_start() and sys_thread_start() more uniform because both now call UserThread::Start(). MG-355 Change-Id: I2ad5a61d1c56268171e1389dd23126f5c62aa8b3
|
#
28b32d15 |
|
17-Oct-2016 |
Brian Swetland <swetland@google.com> |
[magenta][syscalls] Resource Objects (part 2 of n) - make resource objects a bit more real - resource objects have children - resource syscalls can create/interact with them - resource objects have components - start sketching out components - require name/subtype on creation - require self rrec on creation from userspace Change-Id: I7b2ee51edae64839b1137b8d8b9f0ee598ee5596
|
#
8d68ea49 |
|
10-Nov-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][system] Wire job to process Now process_create takes as firt param the job handle. We don't yet do much with it except print it in `mx ps Change-Id: Id1b8dd1e6a3d2f1fa35a5d5e3ef2a70c98428ece
|
#
f2bfd67b |
|
09-Nov-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] Factor vDSO and userboot image handling out of userboot.cpp This cleans things up to have some more modularity. Change-Id: I876a504a588f4d5419d4ce4a10abc7d6f07c980f
|
#
12be81b3 |
|
31-Oct-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][vm] refactor VMOs into a base vmo class, a paged version, and a physical memory version Can now create vmos that represent physical memory and map them. Physical VMOs are not resizeable or read/writable, but can be mapped and shared just like regular VMOs. Not exposed to syscall layer yet. Change-Id: I48ca4dd9e75392323b3a7b09833030338ad168b0
|
#
823fdb1e |
|
31-Oct-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] Tighten up code Prepare the bootstrap message directly in the MessagePacket object, avoiding a copy. Use RefPtrs for all input parameters at function boundaries and in a few more places. Change-Id: I8d39e1334d1b30ce6f7206e6e06fb8935c637cbf
|
#
f627c530 |
|
28-Oct-2016 |
George Kulakowski <kulakowski@google.com> |
[magenta] More msgpipe => channel conversion Change-Id: I16a4d0879251b5b32b0a01e9658d74da0725d4d6
|
#
739e0042 |
|
30-Sep-2016 |
Viet-Trung Luu <vtl@google.com> |
[magenta][syscalls][userboot] Add MessagePacket::Create(). For now, add no optimizations -- this is just a reorganization of logic for future improvements. Also, I'm not very satisfied with MessagePacket's Handle ownership model (but it wasn't very satisfactory before either). Change-Id: I5c259140701d221f681e745f0a1a8ecece96830b
|
#
22d7a167 |
|
30-Sep-2016 |
Viet-Trung Luu <vtl@google.com> |
[magenta][syscalls][userboot] Make MessagePipeDispatcher::Write() take a MessagePacket. This is so we'll be able to make allocation/creation of MessagePackets smarter. Note: That we duplicate some code in userboot.cpp is temporary messiness. Eventually, much of this will be part of a unified MessagePacket::Create() (or something like that). Change-Id: I77332ada93dfbb576dafe328b400010e37e9f9af
|
#
390d07ba |
|
14-Oct-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] Give ports some TLC 1- move port syscalls to their own file 2- rename the files to drop the io_ part 3- rename class to drop the IO part Some other files are touched because they had missing includes, uncovered by doing the above. Change-Id: I7195c8c5d4f4d84e1f9d533b1e222f19c0c9cace
|
#
79f9187c |
|
13-Oct-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] Job objects (part 2) In this installment we 'thread' the root job which is held in a global into the userboot process, which has a handle to it. The userboot sends the job object to the device manager which then creates a child job object, which is not used at the moment. The change includes a syscall to create a job object which only devmanager can call since its the only one that gets passed a job object. the `mx ps shoud show at total of two job object now, like this [00017.656] K id-s #t #h: #jb #pr #th #vm #mp #ev #ip #dp [name] [00017.656] K 270-R 6 104: 2 1 6 4 84 0 3 0 [bin/devmgr] Change-Id: If406588228e8b9dce641975add5194d7cfdc33b1
|
#
da415e67 |
|
10-Oct-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] New VmObject::CreateFromROData static method This moves the code to create a VMO and populate it from kernel RO-data pages into a static method on class VmObject. The knowledge of the VM layer's limitation about reusing pages from the kernel image mapping is moved into this VmObject method, rather than being implicit in the userboot code. Change-Id: I6dce9b4e72afde7c530f309a79b8c5db5702a68e
|
#
4f9ee8c6 |
|
10-Sep-2016 |
Travis Geiselbrecht <travisg@google.com> |
[system][vmo] add MAP right, test mappings against READ/WRITE/EXECUTE/MAP Change-Id: Ifc9e7502eb5f3cb86c0b03240008a0e3e95babeb
|
#
f7b7a23d |
|
01-Sep-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel][magenta] Use new GetDispatcher pattern for ThreadDispatcher Change-Id: I08fae8b8994bcbcc11f13f42185b7736f35f60d2
|
#
f6e9dfb9 |
|
01-Sep-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] redo RTTI scheme The previous scheme was not very amenable to simplifying callsites since the name of the downcast-to was weakly encoded in the downcast function. In addition this creates N * (N-1) empty vtable entries with N being the number of derived classes. currently about 240 Change-Id: I55fcd7059a4d8b99771f922a472778804b4502f1
|
#
accddb9a |
|
31-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[runtime][launchpad][userboot] Consolidate stack size computations This moves the code that knows the ABI requirements for the stack pointer, and the default user thread stack size, into a comment place shared by all places that need to know this, both in kernel and in user mode. It enforces the ABI-required alignment, rather than assuming that all stacks are allocated page-aligned. The stacks for additional user threads created by musl sometimes put the TLS data above the stack. Change-Id: I606aa10925760a0a3974fd1546e48ca3830f7cd6
|
#
1af68523 |
|
27-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel][userboot] Use ProcessDispatcher methods to map memory Go through the ProcessDispatcher as if doing process_vm_map system calls, so the userboot module doesn't need to know all the implementation details. Change-Id: Iefa9f77678d67afa038844f80e0a2887decd46be
|
#
fb48a3bf |
|
26-Aug-2016 |
John Grossman <johngro@google.com> |
[utils][mxtl] Rename utils:: --> mxtl:: Rename the old kernel utils:: namespace to mxtl:: (magenta template-library) Change-Id: I7f07296faedc270c14eebe4bc537e2a4d9bfc41b
|
#
451f29f6 |
|
26-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[userboot] Make userboot exit when it's done The initial user process doesn't need to stick around once it has loaded the first "real" user process, except for userboot.shutdown mode. Change-Id: I1e81eed5456c4915247093d76a34ffdc162b71df
|
#
4c64520f |
|
26-Aug-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][userboot] hold refs for the system vmos constructed from existing pages This avoids a situation where one of these vmos is closed from user space and the pages are freed out from the middle of the kernel. That shouldn't be a problem, except it blows up on the arm architectures due to the way the kernel is mapped. Added TODO to fix once we get the arm kernels moved out of the Big Memory Map. Change-Id: I10f6bebdb17db4ad72b4cdfed46e13e97bdf3685
|
#
bc324f46 |
|
26-Aug-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] Rename message pipe files The "msg" was the odd one out in the magenta naming of files. Change-Id: Ia8ec532fb253fc35d51ac8565a96a6ce9a67550b
|
#
9e769b90 |
|
25-Aug-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][userboot] directly populate the kernel generated fixed VMOs from kernel pages Instead of making a copy, populate the VMOs for bootfs, vdso, and userboot binary from the underlying pages in the kernel. Avoids a copy of all the pages. Change-Id: I457cf4d2c53ccee61836c2aa216621d21015ea39
|
#
25ed7d9d |
|
24-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel] Second user argument for process start The process_start syscall gets a second, plain integer, argument to pass to the initial thread's start function. This is used to pass down the vDSO mapping address. This is the last prerequisite for actually making the vDSO real. Change-Id: Id5a68f98658b499faa024bdb202a55241d98067d
|
#
bea41c57 |
|
01-Aug-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][magenta] switch thread/process creation syscalls to a two phase api -In both thread and process creation apis, require user space create the object first, then start it with additional args -For threads stack allocation is also moved to user space -Wire up the process/thread handles to be transferred through to new processes Change-Id: I43d447c86af1ab3199d8dcf29ff4fe3a384b6e65
|
#
e2ef24cc |
|
23-Aug-2016 |
Brian Swetland <swetland@google.com> |
[magenta][userboot] pass a resource root handle to userboot and beyond Change-Id: I3624dc90fcb0d91bda131e1e1c70cbeb2384bc82
|
#
7ebaaef8 |
|
16-Aug-2016 |
Todd Eisenberger <teisenbe@google.com> |
[kernel][vmm] Change VMM page permission polarity This makes all page permissions explicit and with positive polarity. Previously, specifying no flags would give you RWX permissions, and you'd need to pass RO to drop the write permission and NO_EXECUTE to drop the execute permission. This model more closely matches the one we wish to expose to usermode, and is less tied to the MMU flags of the arm/x86 implementations. It should also make it easier to talk about "mapping" regions with no permissions in order to reserve parts of an aspace. Change-Id: I20d99298888155f904fa2d1ae4fee7a72bce3f98
|
#
92111f7a |
|
15-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel] [userboot] Allocate user stack and pass down VMO handle This is in preparation for the new process/thread start model. Change-Id: Id46de3adfe45d5e470840c73862b8cf242c1ae3e
|
#
7c564c02 |
|
06-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel] [uapp] [userboot] Compensate for nm's lies about Thumb addresses This makes the entry point address extracted for userboot work as a Thumb-mode branch target, which covers what the compilers do on ARM today. To fix this more cleanly we might need to make the scripts use readelf or something else that does not molest symbol values in ARM binaries. The vDSO entry points don't need adjustment because they happen to be all ARM-mode code. Change-Id: If6e3984f95e363a53704a80442a9ee602f60024b
|
#
437a2643 |
|
04-Aug-2016 |
Roland McGrath <mcgrathr@google.com> |
[kernel] [userboot] Implement vDSO and new userboot scheme libmagenta.so is now the vDSO, magically embedded in the kernel and provided to userland as a read-only VMO at boot time. The old statically linked userboot program is replaced by a new userboot that is a pure read-only/reentrant DSO with a simplified layout (like the vDSO). The kernel loads this and the vDSO with simple hard-wired code, eliminating the need for a full ELF loader in the kernel. The userboot image is embedded directly into the kernel like the vDSO image, also eliminating the need for any handling of the bootfs format in the kernel. The kernel starts userboot with a message pipe handle as its argument after writing a bootstrap message to the pipe. This message has the standard mx_proc_args_t format, using the kernel command line as environment strings, and handles to the vDSO VMO and the bootfs VMO. userboot reads the bootfs to find the first real user program to run. It has a full ELF loader including PT_INTERP support, so this program can use the dynamic linker, which is also the shared libc.so; userboot does not implement the "loader service", so there is no means to load other shared libraries from the bootfs and the program must statically in link everything but libc itself. userboot interprets the kernel command line for its own options (so far just the "userboot=filename" option to change the default of what to run next from "bin/devmgr"). It then passes on the bootstrap message containing the kernel command line as the environment strings and the VMO handles from the kernel, so the startup of the first program is just like any other normal userland program's startup and it can access (and propagate) the kernel command line via its environment. Change-Id: I7f11ee84aaf585de6544731b722a420c616a2a26
|
#
c74192d8 |
|
22-Jul-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] Remove ProcessDispatcher (part 2) This is a mechanical rename. See CL 4407 for the first part. Change-Id: I02a3f1df3537dc9618ec3cdf64ddd064a89300b6
|
#
5fd566a6 |
|
22-Jul-2016 |
Carlos Pizano <cpu@google.com> |
[kernel][magenta] Remove ProcessDispatcher (part 1) We now have UserProcess doing its job, it was is not adding any value. In the next CL I'll rename UserProcess. Not done here to keep the CL to its core. Change-Id: Iebb4a6eea6ade69bb8b88e89c3640adbe013daf1
|
#
798ba99c |
|
17-Jul-2016 |
Brian Swetland <swetland@google.com> |
[magenta] pass kernel commandline to userspace "userboot" option can override what process is started second in userspace. run-magenta script now has -c option to add command line options for the kernel Change-Id: Ibef0173d0900bdaec82ea9ff6df25995c626cf68
|
#
f2819685 |
|
29-Jun-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel][magenta] add ref counting to process/thread objects, wire in kill semantics Processes and threads are now fully ref counted, and using newly added kernel kill feature, will be cleaned up properly when the last ref goes away, or when a process enters the dead state. Limitations (to be addressed in subsequent commits): -Threads may leak in a specific case where the last ref of the thread is dropped inside the exit path of the thread itself. Will need to be solved with a worker thread. -Process and thread kill are not wired to syscall layer yet. -Process and thread kill reason are not tracked yet. -Main thread of a process is still 'special' and will need to be made un-special as the user space syscall api is modified to reflect these changes. Change-Id: Id1311af49ec8f5f4a1001b986bb0c9b0fcc7a485
|
#
c42a2372 |
|
24-Jun-2016 |
Brian Swetland <swetland@google.com> |
[pc][userboot][devmgr] arrange for ramdisk to be appended to bootfs A second bootfs (in addition to the compiled-in one) may be passed through the zeropage ramdisk/initrd mechanism. It will be appended to the built-in bootfs and devmgr will import it into the /boot filesystem as well. Change-Id: If4295570e00075df390a2ca75afaac3afc22bffd
|
#
3edc247e |
|
19-Jun-2016 |
Travis Geiselbrecht <travisg@google.com> |
[kernel] move the userboot payload into a read only segment Needed to fix some assembly code in arm64 that couldn't handle the additional gap in the binary between .text and .data because of this. Change-Id: Iea875fe1efd496ceca7836a515736d2c0e413051
|
#
53b9e1c8 |
|
15-Jun-2016 |
The Fuchsia Authors <authors@fuchsia.local> |
[magenta] Initial commit
|