Michalis Pappas [Wed, 15 Nov 2023 15:24:52 +0000 (16:24 +0100)]
lib/vfscore: Handle CLONE_VM
vfork() sets the CLONE_VM and CLONE_VFORK flags. This triggers an
error in the clone handlers of vfscore as CLONE_FS is not set. Update
the handlers to additionally check against CLONE_VM, as that also
implies that the parent and child share filesystem state.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Sergiu Moga <sergiu@unikraft.io> Reviewed-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1386
Add a field to posix_thread to keep track of its parent. This is
populated during the creation of a posix_thread, and it is used
for deriving the parent's state in execve() / exit().
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Sergiu Moga <sergiu@unikraft.io> Reviewed-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1386
Michalis Pappas [Fri, 3 Nov 2023 09:45:59 +0000 (10:45 +0100)]
lib/posix-process: Add posix_thread state
The state provides information on whether a posix_thread is
running, blocked, or exited.
Notice that posix_thread_state is only updated by operations
at the posix_process / posix_thread level and may not
always be in sync with the state of the underlying uk_thread.
This specifically applies to the POSIX_THREAD_RUNNING state,
which may not be accurate e.g. if the underlying uk_thread
blocks at the scheduler due to a lock.
On the other hand, the variants of POSIX_STATE_BLOCKED always
reflect the state of a posix_thread, as it is certain that the
underlying uk_thread will also be blocked from the scheduler.
Given the above, a check against POSIX_STATE_RUNNING should only be
used to check if the state of a posix-thread is not terminated or
blocked.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Sergiu Moga <sergiu@unikraft.io> Reviewed-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1386
Michalis Pappas [Thu, 4 Jan 2024 09:46:12 +0000 (10:46 +0100)]
lib/posix-process: Migrate tid2pprocess / tid2pthread to process.h
Migrate the definitions of tid2pthread() and tid2pprocess() to
the private process.h to make them available to the rest of the
library. This requires to additionally migrate the definitions of
struct posix_process() and struct posix_thread().
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Sergiu Moga <sergiu@unikraft.io> Reviewed-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1386
Add definition of ARG_MAX to limits.h. POSIX defines ARG_MAX as the
number of bytes available for the combined arguments and env vars
of a new process. Whether that additionally includes NULL terminator,
pointers, or alignment bytes is IMPLEMENTATION DEFINED.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Sergiu Moga <sergiu@unikraft.io> Reviewed-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1386
libukbinfmt provides a minimal framework to register handlers of
executable files. Typical examples include binary executables like
ELF objects, or interpreted files like *nix scripts that use the
sha-bang sequence to specify an interpreter.
This commit only implements the functionality required to register
and execute loaders within the kernel's scope. Additional
functionality incl. application support via Linux's `binfmt_misc`
API shall be added as a future extension.
Clang (18) requires a space between identifier and literals for
preprocessor string concatenation. Otherwise, it results in build error.
The error shown is: "C++11 requires a space between literal and
identifier".
Andrei Tatar [Tue, 17 Dec 2024 19:48:25 +0000 (20:48 +0100)]
lib/vfscore: Fix missing syscall declaration
This change adds a declaration for `uk_syscall_r_fstat` as this syscall
is no longer implemented in vfscore and thus no longer implicitly
declared, previously causing a build warning.
GCC 14 and Clang no longer accept implicitly declared functions and will
error out in such situations.
Signed-off-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Reviewed-by: Razvan Deaconescu <razvand@unikraft.io> Approved-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1556
Michalis Pappas [Wed, 11 Dec 2024 13:39:27 +0000 (14:39 +0100)]
lib/ukrandom: Improve boot messages
Have libukrandom print an info message about the CSPRNG's seed source.
Since initialization of the library is driver-centric, drivers that
fail to probe can't know if the library can be initialize by another
driver, so the only way to know which driver was used at initialization
is to print an informational message from libukrandom.
Add debug messages for improved diagnostics on cmdline and dtb init,
as well as when drivers are ignored if libukrandom has been initialized
already.
Add a warning when seeding via the cmdline and dtb to make sure that
the user is aware that these are potentially insecure methods.
Florian Rommel [Wed, 30 Oct 2024 13:52:37 +0000 (14:52 +0100)]
drivers/ukconsole/vga: Add initial sanity check
On initialization, ensure that the VGA controller is present and in
the expected state, otherwise cancel the initialization and
registration of the VGA driver, but continue booting.
For platforms without an VGA controller (such as firecracker), this
avoids aborts due to an illicit registration of a non-existing VGA
memory region.
Signed-off-by: Florian Rommel <mail@florommel.de> Approved-by: Simon Kuenzer <simon@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1530
Simon Kuenzer [Wed, 11 Dec 2024 21:32:51 +0000 (13:32 -0800)]
lib/ukconsole: Enable as default
This commit enables ukconsole as default. This is something that should
never be done for libraries or options because a fresh and clean
configuration should always lead to a minimal unikernel configuration and
KConfig has no option to "unselect" an setting.
We consider the console as special case because otherwise no kernel
messages are visible for initial configurations.
Simon Kuenzer [Wed, 11 Dec 2024 02:04:21 +0000 (18:04 -0800)]
drivers/xengnttab: Move grant table to own library
This commit moves the code for the Xen grant table from the Xen platform
library to a separate driver library. This follows the goal of decomposing
`libxenplat`. All Xen drivers that require grant table support (`9pfront`,
`blkfront`, `netfront`) will specify their dependency to `libxengnttab`
with `select`. This simplifies the automatic configuration of dependencies.
For example, if an application requires networking and selects `uknetdev`,
`netfront` is automatically added to a build and will automatically resolve
its dependencies.
Simon Kuenzer [Tue, 10 Dec 2024 15:06:22 +0000 (07:06 -0800)]
plat/xen: Export public API of libxenplat
As part of platform rearch, this commit treats `libxenplat` as a regular
driver library that exports an API. Although it is intended that
`libxenplat` will be further decomposed into several driver libraries
(e.g., CPU, memory), this step avoids that other Xen drivers or services
require to cross-include headers and compile definitions from `libxenplat`
which were technically defined as platform-internal. Such an approach
breaks convention of regular libraries and is typical source of problems
that have to do with Makefile processing order and symbol linking errors.
As part of platform re-arch, the definition of a platform-internal scope
is intended to get removed because it caused confusion and restrictions
(e.g., application code was not able to directly access driver APIs that
were within platform scope).
With this change, the compile flag `CONFIG_PARAVIRT` is name spaced to
`XEN_PARAVIRT`, as well.
Simon Kuenzer [Mon, 9 Dec 2024 00:04:47 +0000 (01:04 +0100)]
drivers/xenbus: Properly export public API
This commit cleanly defines and exports the public API of the XenBus
driver. This is done to avoid that other Xen drivers or services
require to cross-include the XenBus headers which were technically
defined as "internal". Such an approach breaks library convention and
is typical source of problems that have to do with Makefile processing
order and symbol linking errors.
Simon Kuenzer [Fri, 20 Sep 2024 12:13:13 +0000 (14:13 +0200)]
plat/xen: Introduce `HAVE_XENBUS`
This commit introduces `HAVE_XENBUS` as replacement for `PLAT_XEN`. This
prepares the Xen drivers for potential re-use by platforms that implement
devices by the Xen standard.
Simon Kuenzer [Thu, 19 Sep 2024 15:25:15 +0000 (17:25 +0200)]
drivers/*: Introduce `HAVE_IBMPC`
This commit introduces the (invisible) feature option `HAVE_IBMPC`, which
describes that a platform uses non-discoverable devices that can be found
under an established address and operated according to the IBM PC/AT
standard.
At the moment this focuses on VGA compatible adapters and UART controllers.
The suboptions `HAVE_IBMPC_NS16550`, `HAVE_IBMPC_VGA` can be used instead
if only a subset of the devices are used by a platform. For example,
`HAVE_IBMPC_NS16550` enables the port-io mode of ns16550: Serial devices
are addressed under well-defined addresses: `0x3f8` (COM1), `0x2f8` (COM2).
Simon Kuenzer [Thu, 19 Sep 2024 15:20:58 +0000 (17:20 +0200)]
drivers/vgacons: Rename `libukconsole_vga` to `libvgacons`
Rename the driver library and driver directory to `libvgacons` to provide
a naming scheme that is more appropriate for general purpose devices and
to highlight that this driver is inteded for text-mode only.
Configuration options are adopted accordingly.
Simon Kuenzer [Thu, 19 Sep 2024 15:40:40 +0000 (17:40 +0200)]
drivers/pl011: Rename `libukconsole_pl011` to `libpl011`
Rename the driver library and driver directory to `libpl011` to provide
a naming scheme that is more appropriate for general purpose devices. The
name `pl011` is considered a precise description of the driver as it is
the name of the actual serial I/O controller.
Configuration options are adopted accordingly.
Simon Kuenzer [Thu, 19 Sep 2024 15:35:41 +0000 (17:35 +0200)]
drivers/ns16650: Rename `libukconsole_ns16550` to `libns16550`
Rename the driver library and driver directory to `libns16550` to provide
a naming scheme that is more appropriate for general purpose devices. The
name `ns16550` is considered a precise description of the driver as it is
the name of the actual serial I/O chip.
Configuration options are adopted accordingly.
Simon Kuenzer [Thu, 19 Sep 2024 14:23:25 +0000 (16:23 +0200)]
drivers/xenemgcon: Depend on `libukconsole`
Makes the Xen emergency console driver dependent on `libukconsole` instead
of selecting it. This fits our current driver model: only include drivers
when there is an application need.
Simon Kuenzer [Thu, 19 Sep 2024 14:19:35 +0000 (16:19 +0200)]
drivers/vga: Depend on `libukconsole`
Makes the VGA console driver dependent on `libukconsole` instead of
selecting it. This fits our current driver model: only include drivers
when there is an application need.
Simon Kuenzer [Thu, 19 Sep 2024 14:19:14 +0000 (16:19 +0200)]
drivers/pl011: Depend on `libukconsole`
Makes the pl011 console driver dependent on `libukconsole` instead of
selecting it. This fits our current driver model: only include drivers
when there is an application need.
Simon Kuenzer [Thu, 19 Sep 2024 14:18:51 +0000 (16:18 +0200)]
drivers/ns16550: Depend on `libukconsole`
Makes the ns16550 console driver dependent on `libukconsole` instead of
selecting it. This fits our current driver model: only include drivers
when there is an application need.
Simon Kuenzer [Thu, 19 Sep 2024 14:16:29 +0000 (16:16 +0200)]
plat/xen: Disable `libukintctrl` for Xen/x86_64
The platform code of Xen on x86_64 (PV) does not yet support the
`lib/ukintctrl` abstraction. In order to avoid failing builds due
to mis-configuration, we only enable `ukintctrl` with `HAVE_INTCTRL`
on Arm64.
Simon Kuenzer [Tue, 17 Sep 2024 15:23:23 +0000 (17:23 +0200)]
plat/xen: Fix entry symbol for x86
When linking the final Xen image, most of the symbols are hidden except
for the entry symbol. By mistake, the x86_64 entry symbol was also hidden,
which caused the following linker warning:
warning: cannot find entry symbol _libxenplat_start;
defaulting to 00000000
This commit makes sure that `_libxenplat_start` is not masked out.
Simon Kuenzer [Tue, 17 Sep 2024 13:08:42 +0000 (15:08 +0200)]
drivers/xenemgcons: Rename `libxenemgconsole` to `libxenemgcons`
This commit shortens the naming of the Xen emergency console driver
to `libxenemgcons`. It is intended that the naming is aligned with
the namr of Xen hypervisor console: `libxencons`.
Simon Kuenzer [Tue, 17 Sep 2024 12:58:28 +0000 (14:58 +0200)]
drivers/xencons: Rename `libxenconsole` to `libxencons`
Rename the driver library and driver directory to better match
the naming of Xen. The name "xencons" is derived from the naming
of the device by the official Xen headers. Configuration options
are adopted accordingly.
In order to reduce potential name clashes, the exported symbol
`flush_console()` is renamed to `xencons_flush()`.
Simon Kuenzer [Tue, 17 Sep 2024 09:31:22 +0000 (11:31 +0200)]
drivers/9pfront: Rename `libxen9pfront` to `lib9pfront`
Rename the driver library and driver directory to better match
the naming of Xen. Configuration options are adopted accordingly.
Additionally, this commit improves the titles of the ring
configuration options in the menu.
Simon Kuenzer [Tue, 17 Sep 2024 12:18:39 +0000 (14:18 +0200)]
drivers/xenheaders: Move public Xen headers to own library
This commit moves the official public Xen API headers to a separate
library. These headers are originally copy from the Xen source tree
and define the API to the hypervisor and virtual devices. This is done
to better organize Xen-related code and to have single place for
updates and dependency resolutions.
The created library is kept invisible because it is only needed by Xen
drivers and it is itself not a driver (reduce confusion).
Simon Kuenzer [Fri, 20 Sep 2024 15:25:40 +0000 (17:25 +0200)]
build, plat/*: Ensure building only a single platform
As part of the re-arch efforts and driver re-organization, the
re-arch team decided to no longer support creating multiple target
images with a single configuration and single `make` call. This is
to simplify the APIs, allow further specialization, and even allow
calling a driver API directly from application code.
As a temporary workaround, we stop a build when more than one
platform is selected and display a warning in the platform
configuration menu. This ensures backwards compatibility during
re-arch transition. In the longer term, we plan to restructure
the platform configuration submenu with a `choice` or similar.
Michalis Pappas [Tue, 15 Oct 2024 09:11:39 +0000 (11:11 +0200)]
lib/uklibparam: Namespace symbols to avoid conflicts
Namespace the `__uk_libparam_param` and `__uk_libparam_pdata`
symbols exported by each library to avoid conflicts when two
libraries export a parameter with the same name.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Reviewed-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1526
Michalis Pappas [Tue, 10 Dec 2024 09:10:00 +0000 (10:10 +0100)]
lib/ukschecoop: Remove invalid assertion
Remove an assertion for prev->s in schedcoop_schedule(),
as it is a valid case that uk_sched_yield() is called to
switch away from a terminated thread.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1550
Andrei Tatar [Tue, 19 Nov 2024 12:55:28 +0000 (13:55 +0100)]
lib/posix-pipe: Fix ref leak on pipe creation
Previously uk_sys_pipe would return pipe files with one too many
references counted, leading to pipes never closing and leaking memory.
This change corrects this oversight by releasing the raw pipe files
after they have been entered into the fdtab.
Michalis Pappas [Fri, 9 Aug 2024 06:00:28 +0000 (08:00 +0200)]
lib/ukfalloc: Export allocator stats
Export system-wide and per-allocator statistics via libukstore. This
is controlled by a hidden Kconfig option selected by frame allocator
libraries that wish to export metrics.
Entry IDs of the exported metrics are provided in include/uk/falloc_store.h
Since the frame allocator is initialized before the heap, early calls
to uk_falloc_init_stats() are deferred to init. This is not visible to
the caller.
Provide uk_falloc_init() helper that also initializes stats.
Checkpatch-Ignore: MACRO_ARG_REUSE Signed-off-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io> Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #942
Michalis Pappas [Mon, 22 May 2023 21:40:19 +0000 (23:40 +0200)]
lib/ukschedcoop: Add scheduler statistics
Instrument the cooperative scheduler to provide statistics
via the libuksched stats API.
Add a wrapper for yield() to increment the yield counter from
within libukschedcoop.
Use schedcoop_yield() in place of schedcoop_schedule() in the
idle thread, as the latter would cause num_sched to exceed
num_yield, which would errneously imply a preemption, given
that num_preempt = num_sched - num_yield.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@unikraft.io> Reviewed-by: Florin Postolache <florin.postolache.of@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1477
Michalis Pappas [Fri, 4 Oct 2024 09:57:26 +0000 (11:57 +0200)]
plat/xen: Relax requirement for RDRAND
Enabling cpu-generated randomness by default breaks execution on
legacy x86_64 CPUs that don't support RDRAND. Update config to
enable CPU-generated randomness conditionally to the selection
of libukrandom.
In x86_64 libukrandom will seed the CSPRNG using RDRAND if the CPU
implements these instruction, unless LIBUKRANDOM_CMDLINE_SEED is
selected in the config.
On arm64 libukrandom will check if a device-tree is provided and
if a seed is set in the `/chosen/rng-seed` property, and otherwise
fall back to RNDR / RNDRRS if the CPU implements FEAT_RNG.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Enabling cpu-generated randomness by default breaks execution on
legacy x86_64 CPUs that don't support RDRAND, as well as older
versions of QEMU provided by some distros when executing with TCG,
given that RDRAND support in TCG is introduced in QEMU 8.0.0.
Update config to enable CPU-generated randomness conditionally
to the selection of libukrandom. The TRNG will only be enabled
by applications that select libukrandom.
While this does not fix the problem at its core, it reduces its
scope to applications that explicitly require randomness.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
drivers/ukrandom: Introduce driver for CPU generated randomness
This is based on the implementation of ukarch_random (RDRAND / RDSEED
for x86_64, RNDR / RNDRRS for arm64).
Register to earlytab after earlycon. Libraries that require CSRNG
facilities at earlytab must register at a priority higher than
UK_RANDOM_EARLY_DRIVER_PRIO.
On arm64 this requires a CPU revision of at least armv8-5.a that
implements FEAT_RNG.
On x86_64 the minimum CPU requirement is Intel Ivy Bridge / AMD
Excavator (2012). RDSEED support is now optional, as it was introduced
in Intel Broadwell / AMD Zen (2015), so CPUs released between 2012 and
2015 support RDRAND but not RDSEED. On these CPUs seed_bytes() will
return an error, and seed_bytes_fb() will fall-back to random_bytes().
Michalis Pappas [Mon, 2 Dec 2024 13:12:53 +0000 (14:12 +0100)]
lib/ukrandom: Tighten the implementation of ukswrand
Add an internal check to ensure that the CSPRNG has been initialized.
This is an additional check so that we don't merely rely on the caller's
logic. Use __check_result on the definition of uk_swrand_randr().
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
This assertion is redundant and breaks earlytab calls that
happen before we configure the interrupt controller. Protect
the global context with a spinlock instead.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Add a new Kconfing option, namely LIBUKRANDOM_CMDLINE_INIT
to seed the CSPRNG via the cmdline. In ChaCha this is used
to pass 8 bytes for the key followed by 2 bytes for the nonce
in `random.seed` cmdline parameter.
When this option is enabled AND initialziation parameters are
passed to the cmdline, the underlying RNG driver is not used.
lib/ukrandom: Seed the CSPRNG from the cmdline
Provide the ability to seed ChaCha20 from the kernel's command
line. This is controlled by a newly introduced Kconfig option,
CONFIG_LIBUKRANDOM_CMDLINE_SEED. The relevant cmdline parameter
is `random.seed` that should by populted by the loader with an
array of 8 random 32-bit unsigned integers for the ChaCha20 key.
Seeding via the cmdline takes precedence over the device-tree and
drivers to RNG devices.
Checkpatch-Ignore: SPACING Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Michalis Pappas [Tue, 1 Oct 2024 14:51:54 +0000 (16:51 +0200)]
lib/ukrandom: Seed the CSPRNG from the device-tree
Provide the ability to seed ChaCha20 from the `/chosen/rng-seed` node
of the dtb. This is controlled by a newly introduced Kconfig option
CONFIG_LIBUKRANDOM_DTB_SEED, enabled by default in platforms that
select LIBFDT.
Seeding via the device-tree takes precedence over the drivers, so if
a seed is set in the dtb, any driver selected is not used.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Michalis Pappas [Tue, 1 Oct 2024 14:23:41 +0000 (16:23 +0200)]
lib/ukrandom: Limit libukrandom seed to ChaCha key
Unlike encryption, the nonce is not important when generating random
numbers as ChaCha20 can generate 2**64 blocks / 1ZiB with the same
(key, nonce) pair.
Set the nonce to a fixed value similarly to other ChaCha-based CSPRNG
implementations like [1]. This brings us in line with the device-tree's
`/chosen/rng-seed` node used by linux that consists of eight 32-bit
unsigned random integers for initializing the ChaCha key, allowing
Unikraft to use unmodified dtbs generated by VMMs.
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Michalis Pappas [Mon, 7 Oct 2024 13:52:19 +0000 (15:52 +0200)]
lib/ukrandom: Increase ChaCha rounds to 20
Although 8 rounds most likely provide enough security [1], ChaCha20
brings us in alignment with Linux, and allows us to implement tests
using the vectors defined in RFC8439.
[1] https://eprint.iacr.org/2019/1492.pdf
Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
lib/ukrandom: Update library to use the driver API
Update libukrandom to use the newly defined driver API. Make sure that
boot does not fail if libukrandom has not been successfully initialized.
Runtime errors should be returned instead. Specifically, getrandom() will
return -ENOSYS and device nodes won't be created. Similarly, calls to
the kernel API will return a negative value.
Update ChaCha to use seed with fallback, to handles cases where the
conditioned entropy is exhausted. Update /dev/hwrng to fill the buffer
with random_bytes() instead of random_seed().
Checkpatch-Ignore: AVOID_EXTERNS
Checkpatch-Ignore: ENOSYS Signed-off-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Alex Apostolescu <alexx.apostolescu@gmail.com> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1496
Simon Kuenzer [Thu, 21 Nov 2024 10:22:22 +0000 (11:22 +0100)]
lib/vfscore: Support embedded initrd with custom compiled-in fstabs
This commit enables compiling images with embedded initrds with "custom"
compiled-in mount tables (fstabs). As soon as one of the activated
compiled-in mount table references to the device `"embedded"`, the
configuration requires a path for an initrd for embedding at compile
time. Prio this change, an initrd could only be embedded via using
pre-configured (and non-"custom") table configuration that depends on
an embedded initrd, for example: "Embedded InitRD (CPIO)".
Robert Zamfir [Mon, 14 Oct 2024 18:51:25 +0000 (21:51 +0300)]
lib/vfscore: Change faccessat with AT_SYMLINK_NOFOLLOW
* Change faccessat with AT_SYMLINK_NOFOLLOW
* Move the path creation and logic before the AT_SYMLINK_NOFOLLOW
* Apply AT_SYMLINK_NOFOLLOW only if the file is an actual symlink
* I didn't implement the `don't follow link logic`
Checkpatch-Ignore: LONG_LINE_STRING
Checkpatch-Ignore: STRLCPY Signed-off-by: Robert Zamfir <georobi.016@gmail.com> Reviewed-by: Mihnea Firoiu <mihneafiroiu0@gmail.com> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Approved-by: Andrei Tatar <andrei@unikraft.io>
GitHub-Closes: #1462
Stefan Jumarea [Mon, 23 Sep 2024 12:14:27 +0000 (15:14 +0300)]
include/uk/arch: Define bool types for C++ compilers
If compiling using a C++ compiler, `_Bool` is undefined, as it is a C
built-in type and C++ compilers do not recognize it. Define `__bool`,
`__true` and `__false` for C++ compiler as `bool`, `true` and `false`.
Checkpatch-Ignore: REPEATED_WORD
Github-Fixes: #1513 Signed-off-by: Stefan Jumarea <stefanjumarea02@gmail.com> Reviewed-by: Razvan Deaconescu <razvand@unikraft.io> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1500
build: use different progress flags based on the wget version
The Unikraft build system uses the `--show-progress` flag for
Wget1. This flag has been renamed to `--force-progress` in Wget2.
That's why we need to check the version of Wget before using either
one of the flags. There's a list of CLI changes from Wget1 to Wget2
here:
https://gitlab.com/gnuwget/wget2/-/wikis/Home
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Cezar Craciunoiu <cezar.craciunoiu@unikraft.io> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Reviewed-by: Razvan Deaconescu <razvand@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1442
plat/xen: Include fp_arm64.c in FPSIMD Xen ARM64 builds
`fp_arm64.c` implements `fpsimd_save_state()` and
`fpsimd_restore_state()` that are required by FPSIMD ARM64 builds. The
file was not included in the build rules (in `Makefile.uk`) resulting in
a build error.
Fix the build error by including `fp_arm64.c` in the Xen build rules.
This is similar to its inclusion in the KVM build rules.
Sergiu Moga [Fri, 7 Jun 2024 15:28:58 +0000 (18:28 +0300)]
plat/common/x86: Use `X86_VIDEO_MEM_START` for SIPI vector allocation
Commit a001e41f607c ("plat/common/x86: Increase legacy high regions granularity")
changed the definitions of some x86 memregion related macro-definitions.
By mistake it forgot to adapt the `ukplat_memregion_alloc_sipi_vect`
function which was using one them. This was not caught at the time as it
required one to have SMP enabled in order to get the build error.
Andrei Tatar [Wed, 5 Jun 2024 15:30:09 +0000 (17:30 +0200)]
lib/nolibc: Compile string.c with -O3
This change makes nolibc's string.c compile with -O3 optimizations when
optimizing for performance. This gives compilers more freedom to better
optimize the often-used mem* and str* functions.
Signed-off-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1454
Andrei Tatar [Wed, 5 Jun 2024 18:45:55 +0000 (20:45 +0200)]
lib/posix-process: Use posix-fdtab for prlimit
This change makes the prlimit syscall report the maximum file descriptor
using Kconfig options of posix-fdtab, instead of the vfscore hardcoded
default, thus correctly reporting the fdtab size.
Signed-off-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Radu Nichita <radunichita99@gmail.com> Approved-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1455
Andrei Tatar [Wed, 5 Jun 2024 18:37:00 +0000 (20:37 +0200)]
lib/posix-sysinfo: Use posix-fdtab for SC_OPEN_MAX
This change makes `sysinfo` take the size of the fdtab from Kconfig
options of posix-fdtab instead of a macro defined by vfscore.
This correctly reports the size of the file descriptor table, instead of
the vfscore hardcoded default.
Signed-off-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Radu Nichita <radunichita99@gmail.com> Approved-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1455
plat/xen: Fix Arm setup to work with new Xen console
This fixes a regression introduced in the `ukconsole`
changes. The recent updates to the Xen console drivers
removed the `prepare_console()` and `init_console()`
functions in favor of calling the same code through
the early init tab.
The primary function of this README is to document how the
GDB stub is used. In future commits, this README could
potentially be extended with extra documentation describing
the other features of `ukdebug`.
The `plat/common/arm/fp_arm64.c` file uses the `|isr` flag as suffix.
This enables the `-mgeneral-regs-only` flag, as shown in
`arch/arm/arm64/Makefile.uk` file. The `-mgeneral-regs-only` flag
disables the use of specialized registers (such as floating-point
registers), with the aim of not saving them during ISR processing.
However, the `plat/common/arm/fp_arm64.c` file uses floating point. So,
when `-mgeneral-regs-only` is enabled, it causes a build error, as
floating point registers are undefined. For some reason, neither GCC,
not Clang <= 17 don't fail the build. It does happen, however with Clang
>= 18.
Fix the build error by removing the `|isr` flag.
Also make the `fp_arm64.c` build only if both `CONFIG_FPSIMD` and
`CONFIG_ARCH_ARM_64` configuration options are enabled.
Signed-off-by: Razvan Deaconescu <razvand@unikraft.io> Approved-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Reviewed-by: Maria Sfiraiala <maria.sfiraiala@gmail.com> Reviewed-by: Maria Pana <maria.pana4@gmail.com>
GitHub-Closes: #1497
If no [symbol] is associated with a choice, then you can not have multiple
definitions of that choice. If a [symbol] is associated to the choice,
then you may define the same choice (ie. with the same entries) in another
place."
libuklibparam: Fix symbols not present after linkage
In certain build (nginx/bincompat) linkage results into libukparam
symbols from individual libraries not making it into the executable
object.
Although the internal behavior of ld is not clear, it looks like the
issue is resolved by updating libuparam.ld.S to collect each library's
section rather than its individual symbols.
Razvan Rus [Sat, 30 Mar 2024 15:41:37 +0000 (17:41 +0200)]
libs/vfscore: Fix dirent64 warning
Current Musl-based builds generate warnings related to dirent64 definition.
Define _GNU_SOURCE in all souce files so it prevents the warning from happening.
Signed-off-by: Razvan Rus <razvanrus2003@gmail.com> Reviewed-by: Radu Nichita <radunichita99@gmail.com> Reviewed-by: Stefan Jumarea <stefanjumarea02@gmail.com> Reviewed-by: Razvan Deaconescu <razvand@unikraft.io> Approved-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1372
plat/kvm/arm64: Do not unmask PSTATE.D on IRQ entry
Enabling PSTATE.D at IRQ entry results into nested debug exceptions.
This is incorrect as the context restored on IRQ exit invalidates
any changes to the context made by the debug exception's handler.
Also remove the unmasking of PSTATE.F as at the present we don't
deal with FIQs.
Andrei Tatar [Wed, 5 Jun 2024 14:53:57 +0000 (16:53 +0200)]
include/uk/errptr: Fix NULL being an error pointer
Previously, `PTRISERR` would be true for NULL, breaking the convention
of error pointers that `PTR2ERR` returns a negative error code for
any pointer for which `PTRISERR` is true. This would add a subtle corner
case where errors could be silently ignored.
This change fixes this oversight. Code using `PTRISERR` ambiguously or
to erroneously check for NULL is also fixed.
Signed-off-by: Andrei Tatar <andrei@unikraft.io> Reviewed-by: Radu Nichita <radunichita99@gmail.com> Reviewed-by: Maria Pana <maria.pana4@gmail.com> Approved-by: Razvan Deaconescu <razvand@unikraft.io>
GitHub-Closes: #1453
Xen console dependency on nolibc in `Config.uk` (`select LIBNOLIBC`)
causes conflict with the `plat/xen/Config.uk` configuration (`select
LIBNOLIBC if !HAVE_LIBC`) when a libc (such as Musl) is used.
The dependency must consider both using nolibc and using a libc (such as
Musl). Update dependency to select nolibc only when a libc is absent.
Signed-off-by: Razvan Deaconescu <razvand@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1487
lib/ukdebug: Disable gdb's ack mode if the stub is connected
Using acknowledgment packets only makes sense on unreliable connections.
But if the connection is reliable, disabling acknowledgment packets
makes the communication between gdb and the stub much faster.
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
Thassilo Schulze [Thu, 27 Jun 2024 11:35:09 +0000 (13:35 +0200)]
drivers/uktty: Remove newline conversion from drivers
Turning a `\n` character into a `\r\n` character sequence
breaks the communication between the gdb stub and the gdb
host. The stub will calculate a checksum on the message
without the extra carriage returns but the host will receive
a message with the extra carriage returns that the drivers
add and thus the host will calculate a different checksum
than the stub.
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
lib/ukdebug: Add breakpoints to set up and connect to stub
If the gdb stub is enabled, it registers a function in the inittab
that tries to connect to the gdb host. This function first checks
if the console with the ID from `debug.gdbcon` is available. If so,
this function executes a breakpoint instruction to enter the gdb
stub. If the console is not available, the breakpoint is skipped.
Checkpatch-Ignore: LONG_LINE_STRING Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
lib/ukdebug: Add virtual kernel console to gdb stub
The `debug.gdb_kern` parameter is a tristate. It determines
if the gdb stub should send kernel output to the gdb host
over the gdb remote protocol. A negative value means "auto".
In this case, the gdb stub sends kernel output to the gdb
host if the backing console had the `UK_CONSOLE_FLAG_STD[OUT|IN]`
flags set. "auto" is the default. A value of zero means "off";
kernel output is never sent to the gdb host. A positive value
means "on"; kernel output is always sent to the gdb host.
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
Thassilo Schulze [Wed, 26 Jun 2024 14:04:47 +0000 (16:04 +0200)]
lib/ukdebug: Communicate with gdb host through `ukconsole`
The gdb stub now uses the `ukconsole` interface to talk
to gdb. That's why the stub also depends on `LIBUKCONSOLE`.
Without `ukconsole` providing a serial connection, the
stub is entirely useless.
The gdb stub communicates with the gdb host using one of
the console devices that are registered with `ukconsole`.
The ID of the console device that the stub should use is
specified in the `debug.gdb_cons` parameter. The stub will
clear the `UK_CONSOLE_FLAG_STD[OUT|IN]` flags on that device
and keep a reference to it to communicate with the gdb host.
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
Thassilo Schulze [Tue, 27 Aug 2024 09:39:39 +0000 (11:39 +0200)]
lib/ukdebug: Add `qAttached` packet to gdb stub
This packet is not mandatory but gdb will probe for
it. Now we respond properly to the probing. This
packet must be updated to support the multiprocess
features of the gdb remote protocol.
Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
Marc Rittinghaus [Mon, 19 Aug 2024 09:44:28 +0000 (11:44 +0200)]
lib/ukdebug: Add `vCont` packet to gdb stub
This packet is used by the gdb host as a replacement for the
`c`, `s`, `C` and `S` packets. `vCont` has some more features
than these packets on their own. These features are related to
multi-threading support for the most part. We don't support
the multi-threading features of the gdb remote protocol, so
the `vCont` packet isn't a real improvement over the `c`,
`s`, `C` and `S` packets. But the gdb host still prefers to
use it.
Co-authored-by: Thassilo Schulze <thassilo@unikraft.io> Signed-off-by: Thassilo Schulze <thassilo@unikraft.io> Signed-off-by: Marc Rittinghaus <marc.rittinghaus@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
Marc Rittinghaus [Mon, 19 Aug 2024 09:38:23 +0000 (11:38 +0200)]
lib/ukdebug: Add `q` commands to gdb stub for target information
The two `q` commands (`qSupported` and `qXfer:features:read:target.xml`)
allow the gdb host to retrieve information about the target system
that's being debugged.
Checkpatch-Ignore: AVOID_EXTERNS
Checkpatch-Ignore: UNNECESSARY_PARENTHESES
Checkpatch-Ignore: SPDX_LICENSE_TAG Signed-off-by: Marc Rittinghaus <marc.rittinghaus@unikraft.io> Reviewed-by: Michalis Pappas <michalis@unikraft.io> Reviewed-by: Simon Kuenzer <simon@unikraft.io> Approved-by: Simon Kuenzer <simon@unikraft.io>
GitHub-Closes: #1479
projects / unikraft / unikraft.git / log