IPC problem with dice-3.3.0

Marcel Selhorst m.selhorst at sirrix.com
Thu Mar 26 12:33:21 CET 2009

Hi Carsten,

>> 3) L4Linux kernel module
>> But as soon as I try to execute a "read"-call, I get:
>>    --Unset id on stack (c)----------------------------------IP:  
>> 00401e30
>> [l4lx.cpu0] (10.05) jdb: g
>> 00000505.00000002
>> failed CLI: 00000010.00000005

> Hard to tell without knowing any details about what you are doing in  
> the L4Linux kernel. You cannot "just use" IDL server stubs in the  
> L4Linux kernel, they have to run in interrupt threads (the ORe driver  
> in drivers/net/l4ore.c might serve as an example). The error message  
> you get might also indicate a stack overrun (maybe the generated DICE  
> code uses too much stack ... ?).

I think it is indeed a stack overrun.
I have implemented CORBA_alloc() and CORBA_free() to force DICE to allocate the
used buffers during IPC via the Linux kernel vmalloc, but it seems, that DICE is
not using these methods at all:

My IDL-File looks like this:
long read
 [in, size_is(name_len), max_is(MAX_NAME_LEN)] char *name,
 [in] unsigned long name_len,
 [in] unsigned long start,
 [in] unsigned long bytes_to_read,
 [out, prealloc_client, max_is(MAX_PAGE_SIZE)] unsigned char read_buffer[]

long write
 [in, size_is(name_len), max_is(MAX_NAME_LEN)] char *name,
 [in] unsigned long name_len,
 [in] unsigned long start,
 [in] unsigned long bytes_to_write,
 [in, prealloc_client, max_is(MAX_PAGE_SIZE)] unsigned char write_buffer[]

My according CORBA_alloc/free implementation looks like this:

#include <linux/vmalloc.h>

void *CORBA_alloc(unsigned long size)
    return vmalloc(size);

void CORBA_free(void *addr)

But the generated code doesn't even include a call for CORBA_free, instead it

            l4_fpage_t _dice_rcv_fpage;
            l4_msgdope_t _dice_size_dope;
            l4_msgdope_t _dice_send_dope;
            long _dice_opcode;
            unsigned long name_len;
            unsigned long start;
            unsigned long bytes_to_write;
            unsigned char write_buffer[4096];
            char name[100];
        } dummy_write_in;

What am I missing? ;)

Sirrix AG security technologies - http://www.sirrix.com
Marcel Selhorst      eMail: m.selhorst at sirrix.com
Tel +49(234) 61 0071-199    Fax +49(234) 61 0071-599
get my public key from keyserver, key id: 0x7C9821CC
Fingerprint 4138 E617 E62E 79D3 E663 BE5A 14E7 1CD8 7C98 21CC

Vorstand: Ammar Alkassar (Vors.), Ahmad-Reza Sadeghi, Christian Stüble
Vorsitzender des Aufsichtsrates: Prof. Dr. Kai Rannenberg
Sitz der Gesellschaft: Homburg/Saar, HRB 3857 Amtsgericht Saarbrücken

This message may contain confidential and/or privileged information.
If you are not the addressee, you must not use, copy, disclose or
take any action based on this message or any information herein.
If you have received this message in error, please advise the sender
immediately by reply e-mail and delete this message.

More information about the l4-hackers mailing list