l4-hackers

Download

l4-hackers@os.inf.tu-dresden.de

April 2022

2 participants
2 discussions

Creating tasks and the l4_task_map function
by Paul Boddie 01 Oct '22

01 Oct '22

Hello, I finally got round to experimenting with L4Re again, but in attempting to investigate task creation, I seem to have some difficulties understanding the mechanism by which tasks are typically created and how the l4_task_map function might be used in the process. After looking at lots of different files in the L4Re distribution, my understanding of the basic mechanism is as follows: 1. Some memory is reserved for the UTCB of a new task, perhaps using the l4re_ma_alloc_align function (or equivalent) to obtain a dataspace. 2. A task is created using l4_factory_create_task, indicating the UTCB flexpage, with this being defined as... l4_factory_create_task(l4re_env()->factory, new_task, l4_fpage(utcb_start, utcb_log2size, L4_FPAGE_RW)) 3. A thread is created using l4_factory_create_thread. l4_factory_create_thread(l4re_env()->factory, new_thread) 4. The thread attributes are set using the l4_thread_control API. 5. The l4_thread_ex_regs function is used to set the instruction pointer (program counter) and stack pointer of the thread. 6. The l4_scheduler_run_thread function is used to initiate the thread. The expectation is that the thread will immediately fault because there is no memory mapped at the instruction pointer location. However, it seems to me that it should be possible to use l4_task_map to make a memory region available within the task's address space, although I don't ever see this function used in L4Re for anything. (The C++ API makes it difficult to perform ad-hoc searches for such low-level primitives, in my view, so perhaps I am missing use of the equivalent methods.) Tentatively, I would imagine that something like this might work: l4_task_map(new_task, L4RE_THIS_TASK_CAP, l4_fpage(program_start, program_log2size, L4_FPAGE_RX), task_program_start) Here, the program payload would be loaded into the creating task at program_start, but the new task would be receiving the payload at task_program_start, with the configured instruction pointer location occurring within the receive window (after task_program_start, in other words). There are, of course, many other considerations around creating tasks, which I have noted from looking at the different packages (libloader, l4re_kernel, moe, ned), and I am aware that a few other things need to be done to start a task such as... * Defining capability selectors and mapping appropriate capabilities to the new task. * Creating a stack for the task and populating it with arguments and environment information. * Defining a suitable pager and exception handler, with this usually being provided by the l4re binary, as I understand it. Also, when actually dealing with program loading generally, I realise that the ELF binary needs to be interpreted and the appropriate regions associated with different parts of memory, this typically being handled by the region mapper/ manager in L4Re. And there is also the matter of dynamic library loading. But here, I am just attempting to establish the basic mechanism when a task starts up. Unfortunately, the only discussion I found was this (after some initial discussion about a related topic): http://os.inf.tu-dresden.de/pipermail/l4-hackers/2014/015366.html There are various examples in Subversion (maybe somewhere in the Git repositories, too) that create tasks or threads, but I don't find them particularly helpful, apparently being oriented towards very specific applications. A previous example was referenced in the above thread for the older L4Env system (or maybe an even earlier system): http://os.inf.tu-dresden.de/pipermail/l4-hackers/2000/000384.html As for why I would be wondering about such things - a question inevitably asked in the first thread referenced above - I firstly want to be able to understand the mechanism involved, but I also want to be able to integrate work I have been doing on file paging into task creation. Although I can probably do this by customising the "app model" normally used by the different loaders, it seems that I would need to construct an alternative l4re binary, which is rather cumbersome and perhaps a weakness of the abstractions that are provided, these being rather oriented towards obtaining dataspaces via the namespace API which I don't want to have to support in my filesystem. In any case, I wonder if there are any resources that describe the use of l4_task_map and the details of the program environment within tasks. Paul

4 26

Unresolved page faults when running l4linux-mag
by Haohui Mai 18 Apr '22

18 Apr '22

Hello, I'm trying to run the l4linux-mag example in the L4Re snapshot. It seems it will result in an unresolved page fault using the current snapshot (22.01.0): Loading: rom/ramdisk-amd64.rd INITRD: Size of RAMdisk is 4096KiB RAMdisk from 01816000 to 01c16000 [4096KiB] l4lx_thread_create: Created thread 429 (timer0) (u:b3001c00, v:00000000, sp:01557f28) WARNING: Unknown rdmsr: c0000100 at 0x212a20 WARNING: Unknown wrmsr: c0000100 at 0x212a33 WARNING: Unknown rdmsr: c0000100 at 0x212a4f WARNING: Unknown wrmsr: c0000100 at 0x212a70 Non-resolvable page fault at 3612f82, ip 302265. Page fault (non-resolved): pfa=3612f82 pc=302265 Non-resolvable page fault at 3612f82, ip 302265. Page fault (non-resolved): pfa=3612f82 pc=302265 qemu-system-x86_64: terminating on signal 2 Changing the console from ttyS0 to ttyLv0 will go a little bit further, but still result in a page fault: BUG: unable to handle page fault for address: 0000000003612f80 #PF: user write access in kernel mode #PF: error_code(0x0006) - not-present page PGD 0 P4D 0 Oops: 0006 [#1] SMP CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.15.0-l4-ge2ad9258b98e #2 RIP: 0028:cache_alloc_refill+0x365/0x610 Code: 54 24 24 31 db 85 d2 74 2e 49 8b 44 24 50 48 85 c0 74 11 89 df 41 0f af 7c 24 14 49 03 7d 28 ff d0 0f 1f 00 49 8b 55 20 89 d8 <88> 1c 02 83 c3 01 41 39 5c 24 24 77 d2 45 85 f6 0f 85 fd 01 00 00 RSP: 319f9f00:000000001006bca0 EFLAGS: 00000246 ORIG_RAX: 00000000000000f0 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 6db6db6db6db6db7 RDX: 0000000003612f80 RSI: 0000000000000001 RDI: 0000000000e57840 RBP: 000000000000003c R08: 00000000000194ff R09: 0000000000000002 R10: 00000000000194f8 R11: 0000000000000006 R12: 000000001001fc00 R13: 00000880000bd3f0 R14: 0000000000000400 R15: 0000000000000dc0 FS: ffffffffffffffff(0000) GS:ffffffffffffffff(0000) knlGS:ffffffffffffffff CS: 0028 DS: 0023 ES: 0023 CR0: ffffffffffffffff CR2: ffffffffffffffff CR3: ffffffffffffffff CR4: ffffffffffffffff Call Trace: ? idr_alloc_cyclic+0x52/0xb0 kmem_cache_alloc+0xc7/0xe0 __kernfs_new_node.constprop.0+0x59/0x1a0 ? vsnprintf+0x3e6/0x5b0 ? kernfs_link_sibling+0x8d/0xd0 ? kernfs_next_descendant_post+0x7d/0x90 ? kernfs_activate+0x5a/0x80 ? kernfs_add_one+0xdd/0x130 kernfs_new_node+0x1b/0x40 __kernfs_create_file+0x20/0xb0 sysfs_add_file_mode_ns+0x96/0x180 sysfs_create_file_ns+0x5d/0x90 bus_create_file+0x3f/0x60 bus_register+0x180/0x240 subsys_system_register+0x16/0x40 ? ntp_init+0x21/0x21 init_clocksource_sysfs+0xe/0x1f do_one_initcall+0x44/0x190 kernel_init_freeable+0x161/0x1ab ? rest_init+0xb0/0xb0 kernel_init+0x11/0x100 Any ideas to debug this? Your help is appreciated. Thanks, Haohui

2 3