#
374da850 |
|
16-Jan-2018 |
Bamboo <bamboo@keg.ertos.in.nicta.com.au> |
[STYLE_FIX]
|
#
29695d26 |
|
07-Jan-2018 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x64: SKIM window to mitigate Meltdown (CVE-2017-5754) on x86-64 Introduces a kernel option that, when enabled, reduces the kernel window in a user address space to just be Static Kernel Image and Microstate (SKIM), instead of the full kernel address space. This isolates the important kernel data from the user preventing a Meltdown style attack being able to violate secrecy. The kernel text and read only data, i.e. anything that is static from boot, is not secret and can be allowed in the SKIM window and potentially read by the user. Additionally to switch to and from the actual kernel address space a small amount of state needs to also be in the SKIM window. This is only an implementation for x86-64, although the same design is applicable to ia32
|
#
43b4c551 |
|
06-Jan-2018 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Separate definition for kernel vspace root Introduces a separate definition for vspace root that the kernel runs on. Having this be distinct from the global vspace root allows for potential future distinction between the global root (that is copied into all user address spaces) and the address space that the kernel runs in.
|
#
a2d974f4 |
|
30-Nov-2017 |
Bamboo <bamboo@keg.ertos.in.nicta.com.au> |
[STYLE_FIX]
|
#
734320d7 |
|
20-Nov-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: add framebuffer info of MBI2 via boot_info
|
#
de610c22 |
|
23-Nov-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: evaluate ACPI RSDP v1 multiboot 2 information
|
#
9196023a |
|
23-Oct-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: validate RSDP pointer in try_boot_sys instead of re-initializing it. Issue #67
|
#
38b5bad3 |
|
04-Oct-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Use ROUND_UP macro instead of align_up The additional align_up helper is redundant and can be replaced with ROUND_UP
|
#
5ad81327 |
|
04-Oct-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Prevent format type warning `sizeof` returns an `int` and not a `long` on ia32, casting prevents warnings
|
#
4241b2df |
|
04-Oct-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: Support for mulitboot2 compatible booting Declares to a bootloader that we hare multiboot2 compliant and provides an additional try_boot_sys_mbi2 function for processing a multiboot2 information header.
|
#
566dcdf5 |
|
08-Sep-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: Remove assumptions on multiboot1 style booting This abstracts the existing try_boot_sys into two portions, one which pulls data out of a multiboot1 style information header, and one which performs generic booting without being multiboot1 specific.
|
#
023977fc |
|
04-Oct-2017 |
Alexander Boettcher <alexander.boettcher@genode-labs.com> |
x86: Provide copy of RSDP in bootinfo This gives a rootserver a way to find the ACPI tables in cases where there is no BIOS region to scan for an RSDP.
|
#
ee380609 |
|
04-Oct-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Copy RSDP table in acpi_init instead of returning physical address of rsdt The full RSDP is useful beyond just extracting the RSDT address out of it. In particular this prepares us for being able to pass a copy of the RSDP to the rootserver. The previous function signature might lead a user to believe that they were getting a pointer to a useable acpi_rsdt_t structure. This was in fact not the case and was actually returning the physical address, that may or may not be mapped in, of the rsdt table. All of the other acpi *_scan functions would therefore immediately map in the physical rsdt pointer they were given. This commit changes acpi_init to return a boolean indicating whether it found a valid rsdp, and then fills in a copy of the rsdp data. The copy is necessary as the rsdp data may be at a temporary mapping. As a result of changing acpi_init the boot code and state is changed to have a acpi_rsdt_t instance that can be filled out.
|
#
57fa0e0f |
|
07-Aug-2017 |
Hesham Almatary <hesham.almatary@data61.csiro.au> |
Share linker.h between architectures
|
#
ee28936d |
|
18-Jun-2017 |
Hesham Almatary <hesham.almatary@data61.csiro.au> |
SMP: Introduce ENABLE_SMP_SUPPORT - Make it more readable and less confusing compared to the 'CONFIG_MAX_NUM_NODES > 1' check
|
#
20383163 |
|
17-May-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Split large structs into portions The C parser does not enjoy parsing structs with many fields
|
#
ac28eec8 |
|
03-May-2017 |
Kent McLeod <Kent.Mcleod@data61.csiro.au> |
SELFOUR-865: Fix variable size errors
|
#
d13544c7 |
|
01-May-2017 |
Kent McLeod <Kent.Mcleod@data61.csiro.au> |
SELFOUR-865: Pass memory map information to user
|
#
43dea068 |
|
18-Apr-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Correct multiboot info definition The fields in the multiboot_info structure have precise sizes and should not use pointers types as these sizes change between ia32 and x86_64 builds. This commit changes such fields to be the correct fixed size uint32_t
|
#
93cc22b2 |
|
09-Mar-2017 |
amrzar <azarrabi@nicta.com.au> |
smp: fix bugs when stalling remote core - Restart TCB from inside the lock if it is waiting for anything other than IRQ - Only replace the TCB with idle thread if it is in ThreadState_RunningVM state Also, this makes the design generic to be shared with arm.
|
#
f42d6363 |
|
15-Mar-2017 |
Anna Lyons <Anna.Lyons@data61.csiro.au> |
refactor: initialise common core state in one place
|
#
256c30ae |
|
13-Feb-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Pass VBE information from multiboot through bootinfo
|
#
c4395425 |
|
26-Feb-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Remove assumption on 32-bit memory offsets On 64-bit platforms physical address could be >2^32 offset from a virtual address. This changes offsets to match the word size of the target architecture
|
#
b595d71f |
|
25-Feb-2017 |
amrzar <azarrabi@nicta.com.au> |
x86: initialize ksActiveFPUState for APs
|
#
cea45cd1 |
|
31-Jan-2017 |
Jack Suann <Jack.Suann@data61.csiro.au> |
x86: Handling pending interrupts in kernel mode This commit allows x86 to completely handle a pending interrupt without switching out to user mode. To handle an interrupt on x86 the APIC *must* generate an exception, prior to you being able to acknowledge it. Previously we only allow exceptions (i.e. interrupts) to be generated outside of kernel mode when we are in user mode. This change allows us to 'poll' for an interrupt and transition the APIC whilst in kernel mode by enabling and taking interrupts at carefully defined points. A pending interrupt will be stored by the exception handler, allowing us to then handle the interrupt and acknowledge the hardware APIC. Handling is done by waiting until after we have 'left' the kernel and are about to switch to user mode and then 'entering' the kernel again by jumping to the interrupt entry point. Handling interrupts entirely in kernel mode provides two advantages * It will allow, in the future, the ability to handle kernel interrupts in situations where we need to handle the interrupt before actually performing the hardware switch back to user mode. This case happens where the user thread is using vt-x and so pending interrupts do not generate an interrupt exception, but rather cause an exception to be generated telling the system that there is a pending interrupt * Where there are multiple pending interrupts it is more efficient to avoid additional switches in and out of the user thread Whilst this change does not enable pre-emption points to handle the interrupt before returning out of `handleSyscall` it should be easily implementable with what is provided.
|
#
e9922b74 |
|
15-Jan-2017 |
Hesham Almatary <hesham.almatary@data61.csiro.au> |
Unify kernel stack definition/declaration and share it between architecures/modes Rather than defining a kernel stack in random places for each architecure for each mode (32/64) and for single/SMP modes, make the stack definition shareable between all of the above. This is also useful for the future ARM SMP work.
|
#
af02927b |
|
12-Jan-2017 |
Hesham Almatary <hesham.almatary@data61.csiro.au> |
SMP: move lock.h to architecture-independent include/smp s/__sync_lock_test_and_set/__atomic_exchange_n in lock.h
|
#
5037717c |
|
11-Jan-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Explicitly define kernel stack size This commit changes the previous hard coded 4K kernel stack size to being a configurable power of 2 sized stack
|
#
ef0c3e37 |
|
02-Jan-2017 |
Stephen Sherratt <Stephen.Sherratt@data61.csiro.au> |
Searching for large enough region to load user img
|
#
6cd48520 |
|
11-Dec-2016 |
Donny Yang <work@kota.moe> |
x86: Add Skylake-related info
|
#
3ba3f2de |
|
04-Dec-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Add BSS regions for BOOT and PHYS code Uninitialized data structures in BOOT and PHYS code currently get placed in sections that are allocated in the file of the final image. Whilst these sections will get reclaimed during kernel boot, so no runtime memory is being wasted, it results in kernel images that are much larger to load and transport than necesary. This change adds explicit BSS regions for both BOOT and PHYS code and moves all appropriate data structures into them
|
#
9a35bc06 |
|
26-Nov-2016 |
amrzar <azarrabi@nicta.com.au> |
trival: initialize local variable in is_compiled_for_microarchitecture
|
#
50990126 |
|
24-Nov-2016 |
Bamboo <bamboo@keg.ertos.in.nicta.com.au> |
[STYLE_FIX]
|
#
b73651fa |
|
23-Nov-2016 |
amrzar <azarrabi@nicta.com.au> |
x86: check if kernel compiled for the host microarchitecture. also move x86_cpuid_initialize from init_cpu as it has nothing with initializing the cpu rather than just reading some info. as well as being in cpu_init cause it to run multiple times in smp.
|
#
a0cb9e67 |
|
09-Nov-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x64: Support multiple kernel stacks Adds support for per-core kernel stacks through the use of thread local storage and swapgs. In addition to the main kernel stack the IRQ stack also needs to be made per core
|
#
27afc1bd |
|
20-Nov-2016 |
amrzar <azarrabi@nicta.com.au> |
x86: add logical id mapping for x2APIC IPI boradcasting
|
#
93f59d49 |
|
10-Nov-2016 |
amrzar <azarrabi@nicta.com.au> |
x86: updating the bootinfo for number of cores
|
#
ffd0f34b |
|
08-Nov-2016 |
amrzar <azarrabi@nicta.com.au> |
Clean up x86KScurInterrupt: 1. Remove the locking dependancy on the value of x86KScurInterrupt 2. Remove confusing set/unset of x86KScurInterrupt
|
#
76b9441e |
|
06-Nov-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Remove unused function
|
#
25bb9437 |
|
24-Oct-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-635: support for TCB operations This will update TCB invocations to consider multicore environment, this may include: - adds the affinity invocation to transfer TCB between different cores and update TCB structure for core ID - checking the thread/core state before performing TCB operation, e.g. deleting the runnable TCB, etc
|
#
1887ae9d |
|
13-Oct-2016 |
amrzar <azarrabi@nicta.com.au> |
Update SMP idle thread handling
|
#
4f09f9c4 |
|
06-Oct-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Refactor elf code
|
#
03ec049d |
|
26-Sep-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x64: 64-bit elf loading
|
#
e63be664 |
|
30-Sep-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-631: implement CLH lock and barrier infrastructure
|
#
602836a2 |
|
26-Sep-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Generic setCurrentVSpaceRoot Defines a generic setCurrentVSpaceRoot to replace setCurrentPD in mode generic code
|
#
2cbc7123 |
|
28-Sep-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-630:preliminary booting application processors - update core detection code and Kconfig file - update kernel stack managment so that BSP does not use boot stack before IPI APs - move arch dependant data to a single structure - add cache line size to Kconfig - add cpu indexing and apic id mapping - boot APs to halting state - add guard for kernel stack if there is only one core
|
#
d507b2d3 |
|
09-Feb-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
SELFOUR-421 Introduce explicit device frames and untypeds Kernel objects cannot be created from device untypeds, with the exception of frames, which do not get zeroed and cannot be used as an IPC buffer. Device untypeds additionally cannot be used in the construction of ASID pools. This then changes the API to the rootserver (i.e. bootinfo) to send device untypeds instead of device frames. On ARM these device untypeds are the same as the previously exported device frame regions. On x86 PCI scanning is removed and all physical memory addresses (that are not important for kernel integrity) are released to the user. In order to have bits in the frame and untyped caps on ARM the number of software ASIDs had to be reduced from 2^18 to 2^17, and the maximum untyped size reduced from 2^31 to 2^30
|
#
4044e204 |
|
21-Sep-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Revert "Merge pull request #358 in SEL4/sel4 from ~AZARRABI/sel4:multicore to master" This reverts commit ce2f666bb811c5e4c779829fcb09d5a189ebcdbb, reversing changes made to dc183f96b81f2344d7d0d910fc430f924eaae940.
|
#
8ffc3531 |
|
21-Sep-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Revert "[STYLE_FIX]" This reverts commit d29f743bbcc3acff2f61b40dedb4fe0839db38b8.
|
#
d29f743b |
|
21-Sep-2016 |
Bamboo <bamboo@keg.ertos.in.nicta.com.au> |
[STYLE_FIX]
|
#
fbc071b4 |
|
12-Sep-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-630:preliminary booting application processors - update core detection code and Kconfig file - update kernel stack managment so that BSP does not use boot stack before IPI APs - move arch dependant data to a single structure - add cache line size to Kconfig - add cpu indexing and apic id mapping - boot APs to halting state - add guard for kernel stack if there is only one core
|
#
3c05b79a |
|
27-Jul-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Provide generic C entry/exit hook routines It can be deseriable to run code before/after user mode, but not have to write it in assembly. This commit adds such stubs that get called as the first/last C code when coming in and out of the kernel
|
#
b108cf4f |
|
19-Jun-2016 |
Hesham Almatary <Hesham.Almatary@nicta.com.au> |
x86: Use setCurrentPD instead of write_cr3 setCurrentPD caches a copy of the value that is written to cr3. This value is used by other operations (such as invalidateTLB) to avoid having to read cr3 in order to rewrite it. This fixes a bug where if benchmarking is enabled invalidateTLB will be called in boot code before setCurrentPD has ever been called, which will result in writing a garbage value to cr3
|
#
bdcbfd51 |
|
01-Jun-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Rearrange init_cpu in boot code The CPU should be initialized before calling init_sys_state, as this attempts to manipulate things such as the FPU, which may not be in a valid state before performing the full CPU init. In order to perform init_cpu earlier, init_vm_state is also moved into init_cpu, where it makes more sense to be to begin with
|
#
541289a3 |
|
11-May-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Further separate 'release' and 'verification' builds Originally building the kernel was largely considered to be done in one of two ways 1. Release build with no assertions, no debug symbols and no printing. This was generally considered to be a 'verified' build 2. Debug build with assertions, debug symbols and printing Since then various options were added, such as the 'code injection' option, which we wanted on builds that did not have assertions or other options that affected performance. As such it did not depend upon a debug build and had large warning signs saying that enabling this in a release build would not give you a verified or trusted kernel. Most recently the ability to print from the kernel in release mode was added. For the same reason that tying the ability to print with the performance reduction of various debugging was not always desireable. This change attempts to unify the current state and have a single top level option to enable a 'verification friendly' build. All other options (assertions, printing, code injection) then depend upon this configuration not being set.
|
#
3fdc41ad |
|
12-May-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Correct link error with -fwhole-program
|
#
dd5d5d77 |
|
19-Apr-2016 |
Partha Susarla <parthasarathi.susarla@nicta.com.au> |
[boot] A trivial patch that checks `mod_count` before using it. This patch just reorders the code, to actually do the check if there are any modules (represented by `mod_count`) before any setup or lookup is done.
|
#
ba2350c0 |
|
11-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Fix parse_mem_map to exclude physical memory not addressable on 32-bit systems if running on one
|
#
0fa6a0ce |
|
11-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
trivial: style
|
#
da7e068d |
|
11-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
trivial: Fix printing on x86
|
#
68887cd8 |
|
11-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Populate the freemem list from the multiboot mem list If the multiboot memory list exists, then it may contain more than just the single contiguous memory region listed in 'mem_upper' Therefore we use it to populate a more complete free memory list, if it exists
|
#
933bd8b0 |
|
10-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: add kpptr_to_paddr This commit introduces the idea of a 'kpptr', which is simply an address that is a kernel symbol. This allows for, in the future, to have two different translations (between pointers and physical addresses) one for kernel symbols, and one for other memory
|
#
e74123c3 |
|
10-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Remove underscores from symbols as they are in violation of the C standard
|
#
4222e2c5 |
|
10-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Move cpus to boot_state to avoid taking address of a local variable
|
#
3439c6bd |
|
28-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
Do not switch to the the root thread until after cpu initialization is done
|
#
8e15c429 |
|
03-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Port some of the IOMMU changes on the experimental branch This changes the IOMMU from using passthrough devices and instead directly mapping in the reserved regions that are needed for each device.
|
#
b03c6dbf |
|
09-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: With multi-kernel support removed make the kernel PDs etc global instead of passing them around
|
#
95e7b2c3 |
|
16-Dec-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Correctly align the PDPT
|
#
646638ef |
|
09-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Do not conditionally compile IOMMU code, use build/run time checks Guarding code with #ifdef's makes even cursor testing of 'does this code compile' difficult due to code being hidden by the pre-processor. Using config_set in regular C if statements is performant as the compiler can trivially detect dead code at compile time, and at -O1 and above will not even link in symbols referenced by dead code in these blocks, so this will not bloat image size
|
#
5d42d014 |
|
09-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Do not conditionally compile IRQ controller code, use build/run time checks Guarding code with #ifdef's makes even cursor testing of 'does this code compile' difficult due to code being hidden by the pre-processor. Using config_set in regular C if statements is performant as the compiler can trivially detect dead code at compile time, and at -O1 and above will not even link in symbols referenced by dead code in these blocks, so this will not bloat image size
|
#
71a45e6b |
|
05-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Strip multi kernel support from the x86 kernel. This is not used and is conflicting with planned future features
|
#
1b34ed08 |
|
14-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Define a KERNEL_BASE_OFFSET for translating the kernel image region This definition is different to BASE_OFFSET in that it is only meant to apply to the kernel image portion of the kernel window, and doesn't assume that the entire window can be translated by a single offset
|
#
ef85f94a |
|
05-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Rename constants and functions to have X86 prefix instead of IA32 prefix
|
#
64aed537 |
|
04-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Move APIC frequency calculation to APIC init, instead of doing it before we initialize paging
|
#
23680851 |
|
09-Dec-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
Update some printf's of loop counters that had their types changed
|
#
171824f7 |
|
07-Dec-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
Change additional int->word_t due to interraction with the C parser to ease verification
|
#
6ba40634 |
|
03-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Cast, where appropriate, to word_t type to support 32 and 64 bit
|
#
fee26a88 |
|
02-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
Change casting from int->long to be compatible with both 32 and 64 bit compilations
|
#
617df4a7 |
|
03-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
Rationalize standard types This commit aims to rationalize how we represent different types for compatiblity between ARM and x86, as well as between 32 and 64 bit code. The choices being made here is to declare that a uint32_t has a type of 'int', this allows uint32_t to be declared consistently across 32 and 64 bit (at least in GCC). The word_t type is declared using a 'long' (not a uint32_t or uint64_t) to allow for a word_t to be backed by the same type on both 32 and 64 bit All other types that want to be declared as the size of a native word get declared in terms of a word_t
|
#
40f27ac9 |
|
01-Oct-2015 |
Anna Lyons <Anna.Lyons@nicta.com.au> |
fix format strings for x86
|
#
07a7f4c4 |
|
29-Sep-2015 |
Anna Lyons <Anna.Lyons@nicta.com.au> |
generate warnings for incorrect format strings for kprintf, bring stdint.h inline for x86 and arm and fix some format strings as a consequence
|
#
60998167 |
|
10-Aug-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Mark page directories and stacks as externally visible The PD and stacks are referenced from assembly files and not C. If these are not set to visible the linker may throw them away. This has only been observed as a problem when building with '-fwhole-program-optimizations'
|
#
ec788900 |
|
24-Jul-2015 |
Anna Lyons <Anna.Lyons@nicta.com.au> |
xIntroduce RELEASE_PRINTF, which allows a renamed printf (release_printf) to be used in a release build of the kernel - userful for debugging tests that only fail on a release build of the kernel
|
#
914741ea |
|
27-May-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Make x86 the name of the architecture instead of IA32 IA32 is 32bit version of the x86 architecture. Whilst only IA32 is supported, much of the code is generic x86. Using a generic x86 architecture will aid in future 64bit support
|