Hello
Recently we made an attempt to get
Genode-on-OKL4 (v2.1.1.patch9) running on ARM11 (core ARM1136jf-s). The outcome
was that the system stalled during initialization, because core waited
endlessly for init getting started. OKL4’s KDB showed that init’s
code section was set to read-only but not read-execute with the outrcome that
the OKL4 scheduler refused to pass control to init.
Interestingly this was not observed on an
ARM9 platform, and we think that this just happened by chance, because the main
reason of the problem seems to be how the class Dataspace_component
maintains properties.
In the OKL4 environment the protection domains
are packed into the ELF file as modules, being itself ELF objects which are
unpacked by function _setup_elf() of file base/src/base/process/process.cc.
The function receives from core the capability of the ELF object (init
is the first one) and parses the included segments to setup the pager. It
checks whether any segment has the writable flag set. For such segments
RAM is allocated and initialized, and the associated Dataspace_component
gets the boolean attribute _writable set. For all other segments a Dataspace_component
with the boolean attribute _writable unset is created, making no
distinction between read-only and read-execute segments.
The first attempt to start init
leads to a page fault, and the methode Rm_client::pager() in file base/src/core/rm_session_component.cc
is invoked. The method retrieves the Dataspace_component from the page
fault parameters. With that a Mapping object is created to setup the
response for the Ipc_pager. The constructor Mapping::Mapping() in
file base-okl4/src/base/ipc/pager.cc receives the attribute _writable
from the Dataspace_component. If it is set, the page attribute is set to
L4_FullyAccessible, otherwise to L4_Readable. The outcome is that
the code section is mapped with the X flag unset, and it is not executed while
the DATA and BSS sections get the X flag set although this makes little sense.
We could solve the problem by setting the
page attribute to L4_Readable | L4_eXexcutable, but we still keep
wondering why the problem only appears on ARM11 but neither on ARM9 or IA32,
although the constructor code is always the same. Finally we think that the
implementation of Dataspace_component is a bit short-handed regarding the
handling of page attributes: there should be a distinction between read-only
and read-execute (and DATA/BSS sections should not have the execute attribute
set). At least both the ELF format and OKL4’s MapControl interface
maintain the full set of RWX flags.
Regards
Frank Kaiser
OpenSynergy GmbH
Rotherstr. 9
10245 Berlin
Tel.: +49 (30) 20
18 18 35 28
Fax: +49 (30) 20
18 18 35 02
Email: Frank.Kaiser@...24...
Handelsregister: Amtsgericht Charlottenburg, HRB 108616B
Geschäftsführer: Frank-Peter Böhm, Dr. Stefaan Sonck
Thiebaut, Rolf Morich