alex-ab
commented
11 years ago I have now some early prototypes ready. In the branch issue_814 all adaptations of the Genode base framework and base-nova are kept which are required to create threads on CPUs other then the boot CPU - mainly adding support to create the pagers and server threads on the appropriate remote CPU. In Genode/Core still all threads beside the pager threads (for base-nova there are one per client thread, for base-foc there is only one) are solely on the boot CPU running. So in order that threads on CPUs other then the boot CPU can talk to the services on different CPUs or to Genode/Core services, some kind of cross CPU IPC (xCPU IPC) is required. The approach like done in NUL to force developer of servers to create on all CPUs at least one thread is believed be too strict for Genode by now.
For the xCPU IPC stuff I came up with three prototypically implemented options. In order to be able to get connected to a service running on a different CPU the issuer of the IPC need some proxy thread being on the CPU as the service. (The other option would be to pull the server thread on the CPU of the caller, which is not investigated nor implemented.). The question now is, who provides this proxy thread stuff.
Pointers to source code of the now to be discussed options:
- Option 1 - Core emulates xCPU IPC using Genode/Thread abstractions - core_genode_threads
- Option 2 - Core emulates xCPU IPC using just Syscall/Thread bindings - core_syscall_threads
- Option 3 - Kernel emulates xCPU IPC directly core_kernel
All three branches are based on issue_814 and one of them is required to actually let it fly.
For option 1 and 2 Genode/Core provides this service. If a client can't issue a CPU local IPC, it asks Genode/Core (actually the pager of the client thread) to do the job. Genode/Core would then spawn or reuse a proxy thread on the target CPU and do the IPC on behalf of the client. Option 1 and 2 only differs in regards of code size and whom to account the required resources (proxy thread needs a stack, some capability selectors).
For option 1 the Genode/Threads abstractions are used - that means inside Core some space for the Utcb and stack inside the Genode thread context area are required. (The thread context area is some fixed size virtual region where all threads have their stacks and Utcbs.) At this level Core would have now somehow to implicitly account it to the client (stack can be up to 1MB, 4K for the MessageBuffer), which is currently missing in the implementation. For now in option 1 the proxy threads are created once for all CPUs and then cached and reused.
For option 2 the proxy thread creation is done directly using solely the nova syscall bindings of create_sc/create_ec/create_pt to get the proxy thread constructed. The required stack space (128 Bytes) is part of the pager object, so it gets already accounted to client during pager thread creation. A free virtual region for the utcb is looked up directly in the allocator of core. In contrast to option 1 there is no Thread context area space 'wasted'. Additionally the source code compared to option 1 is (much) shorter (and from my perspective easier to read and understand).
A big issue for option 1/2 remains so far. In order to delegate capabilities during the emulated xCPU IPC - Genode/Core have to receive the capability mappings, to keep them and to delegate or translate it further to the target thread. In Genode there are no information for the low level layer for base-nova, whether actually the capability should be solely translated or solely delegated. In the most cases Core could revoke the received mappings because the target (server) gets the capability translated, but Core don't know by its own about this fact. That means - Core has to keep all received mappings. It has to spend per emulated xCPU IPC with capability delegation some capability selectors and has to track all of them - in order to free it up at end of the lifetime. The question is here whose lifetime - the one of the client thread (easy to implement) or one of the cap session of the client (which one ?, how to get access to from the pager) or of the address space (not so easy, missing interfaces). All this kind of tracking infrastructure is currently not implemented for the prototypes option 1 and 2, but of course would be required for a final solution based on these both options.
For option 3 the same general functionality as for option 1/2 is implemented in the kernel instead of Genode/Core. A separate xcpu_ipc syscall is added as kernel extension which is performed if the direct ipc call fails with bad_cpu kernel error code. The xcpu ipc kernel syscall creates - similar to option 1/2 - a sm and a, ec, sc on the remote cpu and let it run on behalf of the client thread. The client thread gets suspended until the remote proxy thread is done signalled by the semaphore. The remote proxy thread takes the utcb of the suspended client thread as is and issues the IPC call. When the proxy thread returns it wakes up the caller and de-schedules itself. The proxy thread itself actually never runs in user mode. If the client thread wakes up it takes care to initiate the deconstruction of the created proxy resources (ec, sc, sm). (Also caching could be added here as option.). The main advantage of option 3 compared to option 1/2 is that we have not to keep and to track the capability delegations during a xCPU IPC and we don't have potentially up to two additional address space switches per xCPU IPC (client to core, core to server). Additionally we don't have to come up with a new UTCB for each proxy thread as necessary for option 1/2. The disadvantage is of course that it is now in kernel and especially during destruction of the proxy thread we must take some care.
One main question for all options remains - which scheduling parameters should be chosen for the remote CPU. Currently the parameters are taken - as is - from the caller thread and applied to the proxy thread on the target CPU. If you imagine that on different CPUs different priority paradigm exists (so priority of level X on CPU 0 is not equal to priority level X of CPU 1) then you get in trouble. Or imagine for some of the CPUs some scheduling admission is performed and now out of thin air a Scheduling Context of a remote CPU pops up without any kind of admission checks (due to a xCPU IPC) - the admission is useless then.
That's all for the moment, I'm up for your comments and interested in the preferred option.
By now for all three options the affinity test (base/run/affinity.run) works and a simple mp_server (base/run/mp_server.run) which creates RPC Entrypoints (servers so to say) on different CPUs and performs RPC Genode calls triggering xCPU IPCs.
Some minor notes regarding the current implementation of the options:
For option 1/2 a kernel patch is added to get the remote CPU number back, when a IPC call fails. The CPU number is used by Core to get a proxy thread on the appropriate CPU. This patch is not required per se - Core would just have to store next to the portal selectors either directly the CPU number or a pointer to the threads a portal belongs to to find out the remote CPU number.
For option 2 another kernel patch is added to create the proxy thread on a remote CPU without getting a start-up exception. If option 2 would be chosen, this would be removed and replaced by having on every CPU in Genode/Core a thread to respond to the initial start-up exception for global threads (proxy threads for this discussion).
For option 3 all the mentioned kernel patches are not required - solely the actually xCPU IPC handling patch in the kernel is required.
udosteinberg
Genode/Nova currently supports only one CPU. Today we have plenty of CPUs - make use of them.