thread_i.h

Go to the documentation of this file.

// AUTOMATICALLY GENERATED -- DO NOT EDIT!         -*- c++ -*-

#ifndef thread_i_h
#define thread_i_h

#include <cassert>
#include <cstdlib>              // panic()
#include "atomic.h"
#include "entry_frame.h"
#include "globals.h"
#include "irq_alloc.h"
#include "kdb_ke.h"
#include "logdefs.h"
#include "map_util.h"
#include "sched_context.h"
#include "space_index_util.h"
#include "std_macros.h"
#include "thread_state.h"

#include "config.h"
#include "cpu.h"
#include "cpu_lock.h"
#include "mem_layout.h"
#include "logdefs.h"
#include "paging.h"
#include "processor.h"          // for cli/sti
#include "regdefs.h"
#include "std_macros.h"
#include "thread.h"
#include "timer.h"
#include "trap_state.h"
#include "vmem_alloc.h"
#include "globalconfig.h"
#include "idt.h"
#include "io.h"
#include "kernel_console.h"
#include "simpleio.h"
#include "terminate.h"
#include "utcb_init.h"
#include "watchdog.h"

#include <cstdio>

#include "l4_types.h"

#include "config.h"
#include "irq.h"
#include "irq_alloc.h"
#include "logdefs.h"
#include "map_util.h"
#include "space.h"
#include "space_index.h"
#include "space_index_util.h"
#include "std_macros.h"
#include "thread.h"
#include "warn.h"

#include "l4_types.h"
#include "config.h"
#include "space_index.h"

#include <cstdlib>              // panic()

#include "l4_types.h"

#include "config.h"
#include "cpu_lock.h"
#include "dirq.h"
#include "ipc_timeout.h"
#include "lock_guard.h"
#include "logdefs.h"
#include "map_util.h"
#include "processor.h"
#include "kdb_ke.h"

// The ``long IPC'' mechanism.

// IDEAS for enhancing this implementation:

// Currently, we flush the address-space window used for copying
// memory during IPC every time we switch threads.  This is costly
// because it involves a TLB flush.  We could maybe avoid a lot of
// flushes by doing them lazily -- that is, we only do them when the
// window is used by someone else. -- I haven't really thought about
// whether this really makes sense with a fully interruptible IPC path
// that is possibly executed by more than one thread at the same time.

// We should use only the first one of the two address-space windows
// if an indirect string actually refers to a buffer that is already
// mapped in the first window.

// The address-space-window setup function should actually fill the
// corresponding page-directory entries safely (using cli) instead of
// leaving that work to the page-fault handler.  This is safe because
// those page-directory entries are flushed during the next thread
// switch.

// XXX: I'm not sure whether we return the correct error codes for
// page fault timeouts in any of the sender's and receiver's address
// spaces.

#include "l4_types.h"

#include "config.h"
#include "cpu_lock.h"
#include "std_macros.h"

#include "globalconfig.h"
#include "kmem.h"
#include "long_msg.h"
#include "std_macros.h"

#include "cpu_lock.h"

#include <cstdio>

#include "config.h"
#include "cpu.h"
#include "kmem.h"
#include "processor.h"
#include "thread.h"

#include <alloca.h>
#include <cstring>
#include "config.h"
#include "idt.h"
#include "jdb_tbuf.h"
#include "types.h"

#include <cstdio>
#include "simpleio.h"
#include "cpu.h"
#include "kernel_console.h"
#include "reset.h"
#include "tss.h"
#include "watchdog.h"

//
// IMPLEMENTATION of inline functions follows
//




inline void
Thread::user_invoke_generic()
{
  assert (current()->state() & Thread_ready);

  // release CPU lock explicitly, because
  // * the context that switched to us holds the CPU lock
  // * we run on a newly-created stack without a CPU lock guard
  cpu_lock.clear();

  current_thread()->rcv_startup_msg();          // set sp and ip
}



inline void
Thread::enqueue_thread0_other_task()
{
  // other task -> enqueue in front of this task
  present_enqueue
    (lookup_first_thread
     (Thread::lookup (thread_lock()->lock_owner())
      ->space_index())->present_prev);
  // that's safe because thread 0 of a task is always present
}



inline int
Thread::is_privileged_for_debug(Trap_state * /*ts*/)
{
#if 0
  return ((ts->eflags & EFLAGS_IOPL) == EFLAGS_IOPL_U);
#else
  return 1;
#endif
}



inline bool
Thread::get_ioport(Address /*eip*/, Trap_state * /*ts*/,
                   unsigned * /*port*/, unsigned * /*size*/)
{
  return false;
}



inline void
Thread::enqueue_thread_other_task()
{
  enqueue_thread0_other_task();
}



inline void
Thread::setup_lipc_utcb()
{}



inline void
Thread::setup_exception_ipc() 
{}


inline void
Thread::arch_init()
{
  // clear out user regs that can be returned from the thread_ex_regs
  // system call to prevent covert channel
  Entry_frame *r = regs();
  r->sp(0);
  r->ip(0);
  if(Config::enable_io_protection)
    r->flags(EFLAGS_IOPL_K | EFLAGS_IF | 2);    // ei
  else
    r->flags(EFLAGS_IOPL_U | EFLAGS_IF | 2);    // XXX iopl=kernel
  r->cs(Gdt::gdt_code_user | Gdt::Selector_user);
  r->ss(Gdt::gdt_data_user | Gdt::Selector_user);

#ifdef CONFIG_HANDLE_SEGMENTS
  _fs = Gdt::gdt_data_user | Gdt::Selector_user;
  _gs = Utcb_init::gs_value();
#endif

  // make sure the thread's kernel stack is mapped in its address space
  _task->kmem_update(this);
}



inline int
Thread::check_trap13_kernel(Trap_state *ts, bool from_user)
{
  if (EXPECT_FALSE (ts->trapno == 13 && (ts->err & 3) == 0))
    {
      // First check if user loaded a segment register with 0 because the
      // resulting exception #13 can be raised from user _and_ kernel. If
      // the user tried to load another segment selector, the thread gets
      // killed.
      // XXX Should we emulate this too? Michael Hohmuth: Yes, we should.
      if (EXPECT_FALSE (!(ts->ds & 0xffff)))
        {
          Cpu::set_ds (Gdt::data_segment (from_user));
          return 0;
        }
      if (EXPECT_FALSE (!(ts->es & 0xffff)))
        {
          Cpu::set_es (Gdt::data_segment (from_user));
          return 0;
        }
      if (EXPECT_FALSE (!(ts->fs & 0xffff)))
        {
          ts->fs = Gdt::gdt_data_user | Gdt::Selector_user;
          return 0;
        }
      if (EXPECT_FALSE (!(ts->gs & 0xffff)))
        {
          ts->gs = Utcb_init::gs_value();
          return 0;
        }
      if (EXPECT_FALSE (ts->ds & 0xfff8) == Gdt::gdt_code_user)
        {
          WARN("%x.%x eip=%08lx: code selector ds=%04lx",
               d_taskno(), d_threadno(), ts->eip, ts->ds & 0xffff);
          Cpu::set_ds (Gdt::data_segment (from_user));
          return 0;
        }
      if (EXPECT_FALSE (ts->ds & 0xfff8) == Gdt::gdt_code_user)
        {
          WARN("%x.%x eip=%08lx: code selector es=%04lx",
               d_taskno(), d_threadno(), ts->eip, ts->es & 0xffff);
          Cpu::set_es (Gdt::data_segment (from_user));
          return 0;
        }
      if (EXPECT_FALSE (ts->ds & 0xfff8) == Gdt::gdt_code_user)
        {
          WARN("%x.%x eip=%08lx: code selector fs=%04lx",
               d_taskno(), d_threadno(), ts->eip, ts->fs & 0xffff);
          ts->fs = Gdt::gdt_data_user | Gdt::Selector_user;
          return 0;
        }
      if (EXPECT_FALSE (ts->ds & 0xfff8) == Gdt::gdt_code_user)
        {
          WARN("%x.%x eip=%08lx: code selector gs=%04lx",
               d_taskno(), d_threadno(), ts->eip, ts->gs & 0xffff);
          ts->gs = Utcb_init::gs_value();
          return 0;
        }
    }

  return 1;
}



inline void
Thread::check_f00f_bug(Trap_state *ts)
{
  // If we page fault on the IDT, it must be because of the F00F bug.
  // Figure out exception slot and raise the corresponding exception.
  // XXX: Should we also modify the error code?
  if (ts->trapno == 14          // page fault?
      && ts->cr2 >= Idt::idt()
      && ts->cr2 <  Idt::idt() + Idt::_idt_max * 8)
    ts->trapno = (ts->cr2 - Idt::idt()) / 8;
}



inline bool
Thread::handle_io_page_fault(Trap_state *ts, Address eip, bool from_user)
{
  // check for page fault at the byte following the IO bitmap
  if (Config::enable_io_protection 
      && ts->trapno == 14           // page fault?
      && (ts->err & 4) == 0         // in supervisor mode?
      && (eip < Kmem::mem_user_max) // delimiter byte accessed?
      && (ts->cr2 == Mem_layout::Io_bitmap + L4_fpage::Io_port_max / 8))
    {
      // page fault in the first byte following the IO bitmap
      // map in the cpu_page read_only at the place
      Space::Status result =
        space()->v_insert (space()->virt_to_phys_s0 
                             ((void*)Kmem::io_bitmap_delimiter_page()),
                           Mem_layout::Io_bitmap + L4_fpage::Io_port_max / 8,
                           Config::PAGE_SIZE,
                           Pd_entry::global());

      switch (result)
        {
        case Space::Insert_ok:
          return true;
        case Space::Insert_err_nomem:
          // kernel failure, translate this into a general protection
          // violation and hope that somebody handles it
          ts->trapno = 13;
          ts->err    =  0;
          return false;
        default:
          // no other error code possible
          assert (false);
        }
    }

  // Check for IO page faults. If we got exception #14, the IO bitmap page is
  // not available. If we got exception #13, the IO bitmap is available but
  // the according bit is set. In both cases we have to dispatch the code at
  // the faulting eip to deterine the IO port and send an IO flexpage to our
  // pager. If it was a page fault, check the faulting address to prevent
  // touching userland.
  if (Config::enable_io_protection && eip < Kmem::mem_user_max &&
      (ts->trapno == 13 ||
       ts->trapno == 14 && Kmem::is_io_bitmap_page_fault (ts->cr2)))
    {
      unsigned port, size;
      if (get_ioport (eip, ts, &port, &size))
        {
          Mword io_page = L4_fpage::io (port, size, 0).raw();

          // set User mode flag to get correct EIP in handle_page_fault_pager
          // pretend a write page fault
          static const unsigned io_error_code = PF_ERR_WRITE | PF_ERR_USERMODE;

          CNT_IO_FAULT;

          if (EXPECT_FALSE (log_page_fault()))
            page_fault_log (io_page, io_error_code, eip);

          if (Config::monitor_page_faults)
            {
              if (_last_pf_address    == io_page &&
                  _last_pf_error_code == io_error_code)
                {
                  if (!log_page_fault())
                    printf ("*IO[%x,%x,%lx]\n", port, size, eip);
                  else
                    putchar ('\n');

                  kdb_ke ("PF happened twice");
                }

              _last_pf_address    = io_page;
              _last_pf_error_code = io_error_code;

              // (See also corresponding code in
              //  Thread::handle_page_fault() and Thread::handle_slow_trap.)
            }

          // treat it as a page fault in the region above 0xf0000000,

          // We could also reset the Thread_cancel at slowtraps entry but it
          // could be harmful for debugging (see also comment at slowtraps:).
          //
          // This must be done while interrupts are off to prevent that an
          // other thread sets the flag again.
          state_del (Thread_cancel);

          Ipc_err ipc_code = handle_page_fault_pager (io_page, io_error_code);

          if (!ipc_code.has_error())
            {
              // check for cli/sti
              Unsigned8 instr = space()->peek ((Unsigned8*) eip, from_user);

              if (space()->is_privileged() &&
                  (instr == 0xfa /*cli*/ || instr == 0xfb /*sti*/))
                {
                  // lazily link in IOPL if necessary
                  if ((ts->eflags & EFLAGS_IOPL) != EFLAGS_IOPL_U)
                    ts->eflags |= EFLAGS_IOPL_U;
                }

              return true;
            }
          // fallthrough if unsuccessful (maybe to user installed handler)
        }
    }
  return false;
}



inline bool
Thread::handle_sysenter_trap(Trap_state *ts, Address eip, bool from_user)
{
  if (EXPECT_FALSE
      ((ts->trapno == 6 || ts->trapno == 13)
       && (ts->err & 0xffff) == 0
       && (eip < Kmem::mem_user_max - 2)
       && (space()->peek ((Unsigned16*) eip, from_user)) == 0x340f))
    {
      // somebody tried to do sysenter on a machine without support for it
      WARN ("%x.%x (tcb=%p) killed:\n"
            "\033[1;31mSYSENTER not supported on this machine\033[0m",
            d_taskno(), d_threadno(), this);

      if (Cpu::have_sysenter())
        // GP exception if sysenter is not correctly set up..
        WARN ("SYSENTER_CS_MSR: %llx", Cpu::rdmsr (SYSENTER_CS_MSR));
      else
        // We get UD exception on processors without SYSENTER/SYSEXIT.
        WARN ("SYSENTER/EXIT not available.");

      return false;
    }

  return true;
}



inline bool
Thread::trap_is_privileged(Trap_state *)
{ return space()->is_privileged(); }



inline void
Thread::do_wrmsr_in_kernel(Trap_state *ts)
{
  // do "wrmsr (msr[ecx], edx:eax)" in kernel
  Cpu::wrmsr (ts->eax, ts->edx, ts->ecx);
}



inline void
Thread::do_rdmsr_in_kernel(Trap_state *ts)
{
  // do "rdmsr (msr[ecx], edx:eax)" in kernel
  Unsigned64 msr = Cpu::rdmsr (ts->ecx);
  ts->eax = (Unsigned32) msr;
  ts->edx = (Unsigned32) (msr >> 32);
}



inline int
Thread::handle_not_nested_trap(Trap_state *ts)
{
  // no kernel debugger present
  printf (" %x.%02x EIP=%08lx Trap=%02lx [Ret/Esc]\n", 
          d_taskno(), d_threadno(), ts->eip, ts->trapno); 

  int r;
  // cannot use normal getchar because it may block with hlt and irq's
  // are off here
  while ((r=Kconsole::console()->getchar (false)) == -1)
    Proc::pause();

  if (r == '\033')
    terminate (1);

  return 0;
}



inline bool
Thread::handle_lldt(Trap_state *)
{
  return 0;
}


/*
 * Return current timesharing parameters
 */

inline void
Thread::get_timesharing_param(L4_sched_param *param,
                               L4_uid *preempter,
                               L4_uid *ipc_partner)
{
  Mword s = state();

  *preempter = _ext_preempter ? _ext_preempter->id() : L4_uid::Invalid;

  *ipc_partner = s & (Thread_polling | Thread_receiving) && partner() ?
                      partner()->id() : L4_uid::Invalid;

  if (s & Thread_dead)
    s = 0xf;
  else if (s & Thread_polling)
    s = (s & Thread_ready) ? 8 : 0xd;
  else if (s & Thread_receiving)
    s = (s & Thread_ready) ? 8 : 0xc;
  else
    s = 0;

  param->prio (sched_context()->prio());
  param->time (sched_context()->quantum());
  param->thread_state (s);
}


/*
 * Set scheduling parameters for timeslice with id 'id'
 */

inline Mword
Thread::set_schedule_param(L4_sched_param param, unsigned short const id)
{
  if (EXPECT_FALSE (param.prio() > thread_lock()->lock_owner()->mcp()))
    return ~0U;

  // We need to protect the priority manipulation so that this thread
  // cannot be preempted and ready-enqueued according to a wrong
  // priority and the current timeslice cannot change while we are
  // manipulating it

  Lock_guard <Cpu_lock> guard (&cpu_lock);

  Sched_context *s = sched_context (id);
  if (!s)
    return ~0U;

  if (s->prio() != param.prio())
    {
      // Dequeue from ready-list if we manipulate the current time slice
      if (s == sched())
        ready_dequeue();

      // ready_enqueue happens during thread_lock release
      s->set_prio (param.prio());
    }

  Unsigned64 q = param.time();
  if (q != (Unsigned64) -1)
    {
      q = round_quantum (q);
      s->set_quantum (q);
      if (s != sched())
        s->set_left (q);
    }

  return 0;
}


/*
 * Set preempter unless "invalid"
 */

inline void
Thread::set_preempter(L4_uid const preempter)
{
  if (EXPECT_FALSE (preempter.is_invalid()))
    return;

  Thread *p = lookup (preempter);

  if (p && p->exists())
    _ext_preempter = p;
}


/*
 * Add a realtime timeslice at the end of the list
 */

inline Mword
Thread::set_realtime_param(L4_sched_param param)
{
  if (EXPECT_FALSE (mode() & Periodic || _deadline_timeout.is_set() ||
      param.prio() > thread_lock()->lock_owner()->mcp() ||
      param.time() == (Unsigned64) -1))
    return ~0U;

  Sched_context *s = new Sched_context (this,
                                        sched_context()->prev()->id() + 1,
                                        param.prio(),
                                        round_quantum (param.time()));

  s->enqueue_before (sched_context());

  return 0;
}


/*
 * Remove all realtime timeslices
 */

inline Mword
Thread::remove_realtime_param()
{
  Lock_guard <Cpu_lock> guard (&cpu_lock);

  if (EXPECT_FALSE (mode() & Periodic || _deadline_timeout.is_set()))
    return ~0U;

  assert (sched() == sched_context());

  preemption()->set_pending (0);
  preemption()->sender_dequeue (preemption()->receiver()->sender_list());

  Sched_context *s, *tmp;

  for (s  = sched_context()->next();
       s != sched_context();
       tmp = s, s = s->next(), tmp->dequeue(), delete tmp);

  return 0;
}



inline ALWAYS_INLINE int
Thread::handle_inter_task_ex_regs(Sys_ex_regs_frame *,
                                  L4_uid *, Thread **, Task **, Thread **)
{
  return 0;
}


inline Unsigned64
Thread::round_quantum(Unsigned64 quantum)
{
  return quantum + Config::scheduler_granularity - 1
       - mod32 (quantum + Config::scheduler_granularity - 1,
                Config::scheduler_granularity);
}


inline Unsigned64
Thread::snd_timeout(L4_timeout t, Sys_ipc_frame const * regs)
{
  // absolute timeout
  if (EXPECT_FALSE (regs->has_abs_snd_timeout()))
    {
      Unsigned64 sc = Timer::system_clock();
      Unsigned64 tval = t.snd_microsecs_abs (sc, regs->abs_snd_clock());

      // check if timeout already expired
      return tval <= sc ? 0 : tval;
    }

  // zero timeout
  if (t.snd_man() == 0)
    return 0;

  // relative timeout
  return t.snd_microsecs_rel (Timer::system_clock());
}


inline Unsigned64
Thread::rcv_timeout(L4_timeout t, Sys_ipc_frame const *regs)
{
  // absolute timeout
  if (EXPECT_FALSE (regs->has_abs_rcv_timeout()))
    {
      Unsigned64 sc = Timer::system_clock();
      Unsigned64 tval = t.rcv_microsecs_abs (sc, regs->abs_rcv_clock());

      // check if timeout already expired
      return tval <= sc ? 0 : tval;
    }

  // zero timeout
  if (t.rcv_man() == 0)
    return 0;

  // relative timeout
  return t.rcv_microsecs_rel (Timer::system_clock());
}


inline void Thread::prepare_receive(Sender *partner,
                             Sys_ipc_frame *regs)
{
#if 0
  if (partner && partner->state() == Thread_invalid) // partner nonexistent?
    return;                     // just return
  // don't need to signal error here -- it will be detected later
#endif

  setup_receiver (partner, regs);

  // if we don't have a send, get us going here; otherwise, the send
  // operation will set the Thread_ipc_in_progress flag after it has
  // initialized
  if (!regs->has_snd())
    {
      state_add (Thread_ipc_in_progress);
      if (state() & Thread_cancel)
        {
          state_del (Thread_ipc_in_progress);
        }
    }
}



inline bool
Thread::invalid_ipc_buffer(void const *a)
{
  return Mem_layout::in_kernel(((Address)a & Config::SUPERPAGE_MASK)
                               + Config::SUPERPAGE_SIZE - 1);
}

#endif // thread_i_h

---