A sandboxed execution environment for unikernels
-Werror
(@hannesm, @palainp, #565)gdb
support and the EFLAGS
register (@greydot, @reynir, #567)HOSTAR
and HOST_PKG_CONFIG
for the NixOS support (@sternenseemann, #508)Be able to build spt
, virtio
, muen
and xen
targets on OpenBSD
(@adamsteen, #544). This change does not allow us to "run" these targets on
OpenBSD
Fix linker scripts with TLS (Thread Local Storage) sections (@palainp, @hannesm, @dinosaure, #542)
Export TLS symbols (@palainp, @hannesm, @dinosaure, #546)
breaking change due to #542 & #546, tenders must be upgraded. Indeed,
solo5.0.7.* tenders will not be able to load correctly unikernels compiled
with solo5.0.8.0. The internal ABI version for solo5-hvt
/solo5-spt
was
upgraded accordingly.
This version implements Thread Local Storage. The user can initialise a TLS
block with solo5_tls_init
on a pointer to solo5_tls_size()
free bytes.
Then, the user is able to set the tp
(Thread Pointer) pointer via
solo5_set_tls_base(solo5_tls_tp_offset(tls_block))
. More details are
available into solo5.h
.
Note: this change does not allow a Solo5 unikernel to use multiple cores! It only provides an API required by OCaml 5 / pthread to launch, at most, one thread.
Fix tests reported by NixOS (@greydot, @ehmry, #547)
Split out the time.c
implementation between Muen and HVT
(@dinosaure, @Kensan, #552)
User hypercall instead of TSC-based clock when the user asks for the wall-clock (@dinosaure, @reynir, #549, #550)
Note: only hvt & virtio are updated to avoid a clock drift on the wall-clock. Indeed, when the unikernel is suspended, the wall-clock is not updated. Muen & Xen still use a TSC-based wall-clock. The spt target was already in sync with the host's wall-clock.
Improve the muen clock (@Kensan, #553)
Fix the .bss
section according to #542 & #546. The .bss
section is tagged
with PT_LOAD
. Tenders are available to load this section properly.
(@Kensan, @dinosaure, #551, #554)
Fix the cross-compilation of Solo5 for aarch64
(@dinosaure, @palainp, @hannesm, #555)
Increase the Muen ABI (2 to 3) due to TLS changes (@Kensan, #557)
Support lifecycle management for Muen (@Kensan, #557)
The user is able to configure automatic restarting of unikernels that invokes
solo5_ext()
Fix the test_fpu
test & ensure the alignment of variables (@Kensan, #557)
Since MirageOS moved from PV mode to PVH on Xen, and thus replacing Mini-OS with solo5, there was an issue in the solo5 code which failed to properly account the already written bytes on the console. This only occurs if the output to be performed does not fit in a single output buffer (2048 bytes on Xen).
The code in question set the number of bytes written to the last written count
written = output_some(buf)
, instead of increasing the written count
written += output_some(buf)
.
Thanks to Krzysztof Burghardt, Pierre Alain, Thomas Leonard & Hannes Mehnert for the issue, review and proposal. The fix is available here: #538.
realpath
to determine toolchain paths - allowing tools being symlinks
as they are on NixOS (@greydot, #526)x-ci-failures
on our OPAM files about CentOS 7 (@dinosaure, #535)test_zeropage
(@felixmoebius, #515)mem_size
uniformly via XENMEM_memory_map
hypercall.
Previously, the memory map was extracted from the HVM start info (if
available and booting directly via PVH), or multiboot info (if booting via
multiboot). The fallback for direct PVH booting was the XENMEM_memory_map
hypercall (which retrieves an E820 memory map). This lead to three distinct
paths, with no fallback for the memory map not being present in the multiboot
info. With QubesOS 4.1 (Xen 4.14), this didn't work anymore (it worked with
QubesOS 4.0 (Xen 4.8)).
Now, there is a single path of the code, which uses the hypercall. Since this
is only executed once at startup, the overhead is negligible (@hannesm, #516,
review and discussions with @marmarek @xaki23 @palainp)note.not_openbsd
instead of note.not-openbsd
as section name in
solo5-stubs.ld
to be compatible with GNU ld 2.37 on e.g. Arch Linux, Fedora
35, Alpine 3.15 (@TheLortex, #509)opam-release.sh
: the second variant is -cross-aarch64
(@dinosaure, #511)-
character (@ehmry, #510)test_tls
on ppc64
architecture (@dinosaure,
@hannesm, #514)Remove Genode bindings (#494, #506) The Genode bindings becomes incompatible with the upcoming LLVM/Clang based toolchain. It can be reinstated in the future if there is interest.
GENODE_ABI_TARGET
is not removed to disallow to re-use it for another
purpose than the Genode binding.
New packaging, toolchains, cross-compilation (#494, #506)
pkg-config
by generated toolchain wrappers
installed as "PREFIX/bin/ARCH-solo5-none-static-{cc,ld,objcopy}"solo5
remains)aarch64
)virtio: FreeBSD requires the grub-bhyve command (#506)
virtio: FreeBSD: wait a bit for cat
to create the nmdm device (#506)
OpenBSD: all supported releases of OpenBSD use ld.ldd
(#495, #506)
Be able to release our cross toolchain via our opam-release.sh script (#504)
NOTE: pkg-config
still is required by Solo5 to get flags from
libseccomp
.
Bug fixes:
New features:
Acknowledgements: