#
79da0792 |
|
01-Mar-2020 |
Gerwin Klein <gerwin.klein@data61.csiro.au> |
Convert license tags to SPDX identifiers This commit also converts our own copyright headers to directly use SPDX, but leaves all other copyright header intact, only adding the SPDX ident. As far as possible this commit also merges multiple Data61 copyright statements/headers into one for consistency.
|
#
acfc3c52 |
|
31-Oct-2016 |
Anna Lyons <Anna.Lyons@data61.csiro.au> |
mcs: tickless driver for x86 Add a tickless timer driver for x86. The driver defaults to using TSC_DEADLINE mode, but falls back to the apic if that feature is not available.
|
#
761006e0 |
|
18-Mar-2019 |
Anna Lyons <Anna.Lyons@data61.csiro.au> |
style: consistently align pointer with name Run astyle with align-pointer=name
|
#
de42f826 |
|
05-Feb-2018 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Introduce IO port control caps Changes the way IO ports work such that instead of 'minting' IO port caps down into new IO port caps with smaller ranges new IO port ranges must be allocated centrally from an IO port control cap. This mechanism acts in a very similar fashion as IRQ handler/control capabilities and ensures that allocated IO ports do not overlap. Disallowing overlapping IO ports is necessary to ensure the CDT remains valid as capabilities are deleted.
|
#
29695d26 |
|
07-Jan-2018 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x64: SKIM window to mitigate Meltdown (CVE-2017-5754) on x86-64 Introduces a kernel option that, when enabled, reduces the kernel window in a user address space to just be Static Kernel Image and Microstate (SKIM), instead of the full kernel address space. This isolates the important kernel data from the user preventing a Meltdown style attack being able to violate secrecy. The kernel text and read only data, i.e. anything that is static from boot, is not secret and can be allowed in the SKIM window and potentially read by the user. Additionally to switch to and from the actual kernel address space a small amount of state needs to also be in the SKIM window. This is only an implementation for x86-64, although the same design is applicable to ia32
|
#
3a7fdde8 |
|
05-Jan-2018 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Define per node arch global state Global state in this context is state/datastructures that need to be available at all times, both in user and kernel mode, by the hardware for correct operation. The purpose of creating a separate per-node structure for it is so that there is the option of treating it specially in the future from other per node state
|
#
a9e1f517 |
|
21-Aug-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
SELFOUR-1062: Hide all IOMMU related code behind #ifdef guards The IOMMU implementation is not going to be verified at the moment, and so the code for it needs to be hidden from verification, which we do by #ifdef'ing it out if the IOMMU is not enabled. As a result the IOMMU configuration depends on a non verification target
|
#
ae8f2c99 |
|
23-Feb-2017 |
amrzar <azarrabi@nicta.com.au> |
x86: move current active FPU owner to node state
|
#
323e60a7 |
|
23-Feb-2017 |
amrzar <azarrabi@nicta.com.au> |
x86: define number of restore since switch as node state
|
#
4fe72d09 |
|
02-Feb-2017 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Mechanism for catching GP faults and returning to an error handler Provides a mechanism where if af GP fault is potentially expected it can be caught and the calling code returned to. The GP happening can be detected by setting a specific return to handler and additionally by the return to handler being cleared if a GP happened.
|
#
cea45cd1 |
|
31-Jan-2017 |
Jack Suann <Jack.Suann@data61.csiro.au> |
x86: Handling pending interrupts in kernel mode This commit allows x86 to completely handle a pending interrupt without switching out to user mode. To handle an interrupt on x86 the APIC *must* generate an exception, prior to you being able to acknowledge it. Previously we only allow exceptions (i.e. interrupts) to be generated outside of kernel mode when we are in user mode. This change allows us to 'poll' for an interrupt and transition the APIC whilst in kernel mode by enabling and taking interrupts at carefully defined points. A pending interrupt will be stored by the exception handler, allowing us to then handle the interrupt and acknowledge the hardware APIC. Handling is done by waiting until after we have 'left' the kernel and are about to switch to user mode and then 'entering' the kernel again by jumping to the interrupt entry point. Handling interrupts entirely in kernel mode provides two advantages * It will allow, in the future, the ability to handle kernel interrupts in situations where we need to handle the interrupt before actually performing the hardware switch back to user mode. This case happens where the user thread is using vt-x and so pending interrupts do not generate an interrupt exception, but rather cause an exception to be generated telling the system that there is a pending interrupt * Where there are multiple pending interrupts it is more efficient to avoid additional switches in and out of the user thread Whilst this change does not enable pre-emption points to handle the interrupt before returning out of `handleSyscall` it should be easily implementable with what is provided.
|
#
564b9839 |
|
05-Dec-2016 |
Donny Yang <work@kota.moe> |
x86: Avoid writing the fs/gs base if we don't have to
|
#
1c312610 |
|
23-Nov-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Switch to NULL FPU state if suspect no one using it Adds a heuristic to switch to a NULL fpu state if we think the FPU is not presently in use. A NULL fpu state is more efficient as we do not have to enable/disable the FPU when switching threads
|
#
90f6a986 |
|
31-Oct-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
x86: Initial support for SMP vt-x Enables vt-x code to compile when CONFIG_MAX_NUM_NODES is set to greater than 1 and adds code to manage VMCS state on different cores
|
#
7fbde1bb |
|
14-Jun-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
SELFOUR-287: 32-bit vt-x implementation This is an implementation of vt-x for x86 kernels running in ia32 mode.
|
#
2cbc7123 |
|
28-Sep-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-630:preliminary booting application processors - update core detection code and Kconfig file - update kernel stack managment so that BSP does not use boot stack before IPI APs - move arch dependant data to a single structure - add cache line size to Kconfig - add cpu indexing and apic id mapping - boot APs to halting state - add guard for kernel stack if there is only one core
|
#
4044e204 |
|
21-Sep-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Revert "Merge pull request #358 in SEL4/sel4 from ~AZARRABI/sel4:multicore to master" This reverts commit ce2f666bb811c5e4c779829fcb09d5a189ebcdbb, reversing changes made to dc183f96b81f2344d7d0d910fc430f924eaae940.
|
#
fbc071b4 |
|
12-Sep-2016 |
amrzar <azarrabi@nicta.com.au> |
SELFOUR-630:preliminary booting application processors - update core detection code and Kconfig file - update kernel stack managment so that BSP does not use boot stack before IPI APs - move arch dependant data to a single structure - add cache line size to Kconfig - add cpu indexing and apic id mapping - boot APs to halting state - add guard for kernel stack if there is only one core
|
#
1287590e |
|
16-May-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Correct separation of printing and debug builds Fixes some build issues with 541289a32603cee8242b5360b05e8f0c52795433 as well as further allowing debugging (via the capdl interface) to happen when printing is turned off.
|
#
541289a3 |
|
11-May-2016 |
Adrian Danis <Adrian.Danis@data61.csiro.au> |
Further separate 'release' and 'verification' builds Originally building the kernel was largely considered to be done in one of two ways 1. Release build with no assertions, no debug symbols and no printing. This was generally considered to be a 'verified' build 2. Debug build with assertions, debug symbols and printing Since then various options were added, such as the 'code injection' option, which we wanted on builds that did not have assertions or other options that affected performance. As such it did not depend upon a debug build and had large warning signs saying that enabling this in a release build would not give you a verified or trusted kernel. Most recently the ability to print from the kernel in release mode was added. For the same reason that tying the ability to print with the performance reduction of various debugging was not always desireable. This change attempts to unify the current state and have a single top level option to enable a 'verification friendly' build. All other options (assertions, printing, code injection) then depend upon this configuration not being set.
|
#
dd593539 |
|
06-Dec-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: More portable user mode IO port restriction For x86-64, to disable IO instructions in user mode requires a IO permission map being set up properly in TSS. Setting the IO map base field of TSS larger than the TSS works for 32-bit, but not 64-bit. This commit sets up a IO permission map usable for both 32-bit and 64-bit kernel and changes the TSS to use the mapping. The IO permission bitmap is appened to the bitfield generated tss_t, resulting the tss_io_t structure.
|
#
d20ca20a |
|
13-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Rename ia32->x86 This is a stylistic commit to make names of variables/constants and functions in the kernel more consistent. That is, things that are not IA32 specific, but are generic x86, get renamed to having an x86 name
|
#
bddd804a |
|
06-Jan-2016 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: IOAPIC/MSI syscalls Restructure the x86 interrupt handling to allow for a more flexible method of using IOAPIC and MSI interrupts. The essence of this change is to allow for the user to pick, for both IOAPIC and MSIs, which CPU vector to use. Additionally there is future support, in the API, for seL4 to eventually protect MSI interrupts with the vt-d interrupt routing tables. API behaviour for legacy systems using the PIC is preserved Part of SELFOUR-281
|
#
e13c41fa |
|
23-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Use an unsigned value for IO domain state Verification prefers not to deal with signed numbers, and there is no reason for these to be signed
|
#
c6139ce4 |
|
01-Jul-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Rename ia32KScurInterrupt -> x86KScurInterrupt
|
#
4e81ed05 |
|
05-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Extract 32-bit specific vspace functions in mode/vspace.c
|
#
19620c93 |
|
17-Jun-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Create 32-bit specific statedata
|
#
8e15c429 |
|
03-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Port some of the IOMMU changes on the experimental branch This changes the IOMMU from using passthrough devices and instead directly mapping in the reserved regions that are needed for each device.
|
#
b03c6dbf |
|
09-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: With multi-kernel support removed make the kernel PDs etc global instead of passing them around
|
#
646638ef |
|
09-Nov-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Do not conditionally compile IOMMU code, use build/run time checks Guarding code with #ifdef's makes even cursor testing of 'does this code compile' difficult due to code being hidden by the pre-processor. Using config_set in regular C if statements is performant as the compiler can trivially detect dead code at compile time, and at -O1 and above will not even link in symbols referenced by dead code in these blocks, so this will not bloat image size
|
#
ec788900 |
|
24-Jul-2015 |
Anna Lyons <Anna.Lyons@nicta.com.au> |
xIntroduce RELEASE_PRINTF, which allows a renamed printf (release_printf) to be used in a release build of the kernel - userful for debugging tests that only fail on a release build of the kernel
|
#
914741ea |
|
27-May-2015 |
Adrian Danis <Adrian.Danis@nicta.com.au> |
x86: Make x86 the name of the architecture instead of IA32 IA32 is 32bit version of the x86 architecture. Whilst only IA32 is supported, much of the code is generic x86. Using a generic x86 architecture will aid in future 64bit support
|