Git Sourcecode Log

This log is updated daily

The 100 latest Nexus git commits
commit 4afbcc9d301b520edc8e47e7caa1f211e0a27397
Author: Shrutarshi Basu 
Date:   Mon Oct 1 13:46:56 2012 -0400

    Fixed close implementation

commit 79385049504909d1d9daa4f7f140810d1128a259
Author: Robert Soule 
Date:   Tue Jun 19 21:52:19 2012 +0200

    Added initialization of max value in sema constructor.

commit d00760658e12f6e59ac7880654767541b6b77947
Author: willem 
Date:   Tue Oct 11 23:19:44 2011 -0400

    Guard update: Externalize + Delete
    
    Guard
    - implement proof eviction (per processgroup)
    - implement externalize
    - implement credential deletion
      ^-- only when caller speaksfor P in credential ``P says S''
    
    Other
    - fat32: fail without error if no partition exists

commit c7441839f087376d7171f7803dc2a285e03cf57a
Author: willem 
Date:   Mon Oct 10 22:36:57 2011 -0400

    Guard: support label handles (part 1)
    
    Guard
    - This version adds support for label handles, to reflect their
      reference in the paper. Handles are used to operate on labels
      in their labelstore. They actually already existed, but were
      never exposed to the client and never used. Label hashes are
      simple MD5 sums over a canonical representation of the DER encoded
      credential. This means that no two labels with have the same handle,
      but also that anyone can create a handle.
    
      To simplify implementation, I did NOT change the existing
      nxguard_cred_add_* interfaces, but only added
    
        nxguard_cred_add_ex(label, principal, handle)
    
      which exposes the MD5 on success.
    
    - Add interfaces for label operations using label handles. The guard
      interface adds
      - Guard_DelCred: removes a credential from a labelstore. In my
                       opinion wrong to have, as users may assume that
    		   may that this revokes all instances of a label and
    		   use it as a poor man's revocation architecture.
      - Guard_Externalize: encode a label as an X509 credential of the type
                       ``kernel:x says process:labelstore says principal:x says S''
      - Guard_internalize: import a previously externalized label.
    
    Other
    - Compiler warning fix for kernel/core/sync.c (gcc 4.3.3)

commit 71e5a7d4ada1fe33aebb5702c7c8bea79003497f
Author: EC2 Default User 
Date:   Sun Oct 2 21:08:58 2011 +0000

    guard: resource limits per process group

commit 0ef648d4486219c481c449bb406ed180c8e9341c
Author: Willem de Bruijn 
Date:   Sun Oct 2 15:47:43 2011 -0400

    update uclibc to 0.9.32 to build with gcc 4.5 and binutils 2.21

commit aceb35bf73c74ecd6681c333752ef2ffd17acbf8
Author: Willem de Bruijn 
Date:   Sun Sep 25 21:13:49 2011 -0400

    update openssl to build with gcc (ubuntu?)

commit 963a81164b4991eb0f2b778b9bc293812a74b95c
Author: Willem de Bruijn 
Date:   Sun Sep 25 21:10:10 2011 -0400

    update packages to build with latest gcc (ubuntu?)

commit 0417692c903ac0975a1541dd81b8abd1d0e408c9
Author: EC2 Default User 
Date:   Sun Oct 2 19:41:18 2011 +0000

    minor: compilation fix of previous changes

commit 49b87456a4fbd43fdf66c514292505dbbe536f51
Author: Willem de Bruijn 
Date:   Sun Sep 25 18:44:18 2011 -0400

    update keystore on every vDIR write

commit 8c1ee9177fed260045f3825eb85ea517d9a3b2b4
Author: Willem de Bruijn 
Date:   Sun Sep 25 18:28:32 2011 -0400

    lockbox unpriv + priv

commit 63a7962e893c0486f5fdf31dcff44d89698db14b
Author: Willem de Bruijn 
Date:   Sat Sep 24 15:03:06 2011 -0400

    lockbox unprivileged changes

commit b92b7ed3edf876eecd4d86a53e6b0c89c8be5a83
Author: Willem de Bruijn 
Date:   Sat Feb 26 09:20:54 2011 -0500

    Python: authority on running code + Guard: quota
    
    Python
    - expanded embedded authority with label
      `name.python says code = bytes(0xab...)'
    
    Guard
    - added processgroup accounting to proofs and goals
      ^-- a basis for a quota system
    
    Hash protection
    - set out method of merging old hashtree and new fs_crypto hash methods
      ^-- in common/code/hashtree-code.c

commit cecfc08a329f816f8d96b0cab8cce6157a4a12f6
Author: Willem de Bruijn 
Date:   Fri Feb 25 19:39:08 2011 -0500

    (minor) see previous

commit 9f10aece7b7a66f7f24be17750214a64cf762dcf
Author: Willem de Bruijn 
Date:   Fri Feb 25 14:43:05 2011 -0500

    Python: new embedded authority on user and friend
    
    Python: Access Control
    - added embedded authority that responds to labels
      name.python says "user" = $USERNAME
      name.python says $USERNAME in friends
    - updated protect module to set username and project
      to correspond with application-level authentication
    
    Python: Analyzer
    - made analyzer module add a label
          'process.$PID says "safe" = 1'
      when application passes the language checks
    - added python binding to insert a label

commit 91c110890f70079be41b5a3029494a16b8871491
Author: Willem de Bruijn 
Date:   Sat Jan 8 19:15:30 2011 +0100

    minor: updated LoC count

commit 3b9b482bfd530ba58e01c77d45064bb0c937ef62
Author: Willem de Bruijn 
Date:   Sat Jan 8 13:39:27 2011 +0100

    import binary livecd image (for demos)

commit da41bfe3cf8154e15e1ef4afc623d39d38f1e03a
Author: Willem de Bruijn 
Date:   Fri Jan 7 22:21:45 2011 +0100

    release 2001-1

commit 2cc7fecbe183d316bf5671a737b5dbd0679e99c0
Author: Willem de Bruijn 
Date:   Fri Jan 7 18:38:55 2011 +0100

    last fixes before release 2011-1
    
    - 'kernel' command in explorer
    - vmware configuration file update
    - makefile fixes
    T fix mplayer regressions
    T reenable fauxbook on boot

commit a8ce4e06bc8d96be392838a97c3352e3e81b776b
Author: Willem de Bruijn 
Date:   Tue Jan 4 22:09:29 2011 +0100

    minor: print sha1 on protected screen section

commit bb4120d44e48412977f10805eba8cfb917240fed
Author: Willem de Bruijn 
Date:   Thu Dec 23 21:30:04 2010 -0500

    minor

commit 97382b27d77bafdd7204d9ff7043891b30c6f60f
Author: Willem de Bruijn 
Date:   Thu Dec 23 17:12:10 2010 -0500

    update to previous
    
    - python version of sign/encrypt test works
    - bandaid to race condition on pthread_create
      ^-- no idea why this was never triggered in thread.test
      T find out the root cause

commit 4899e1a1e73c23b23855d088a5a0394ab19e6d4e
Author: Willem de Bruijn 
Date:   Thu Dec 23 09:24:08 2010 -0500

    Bench: sign and encrypt
    
    Bench
    - fixed last signature verification bugs
    - fixed last encryption bugs
    - added sign + encrypt options to bench_setupfiles initialization tool
    - tested sign + encrypt options of httpd webserver

commit 4561e9444710e086125eed6a81350dc4e46cf7a6
Author: Willem de Bruijn 
Date:   Wed Dec 22 19:42:19 2010 -0500

    Net: 90% blind driver reverted copy mode
    
    Net
    - blind driver works with blind data
      T still requires write access to tx descriptor ring: trap doesn't work correctly
    - removed NXCONFIG_NET_COPY due to lack of time

commit 81b17ab18faf22e81abf5c7466fd7b7880938fbd
Author: Willem de Bruijn 
Date:   Wed Dec 22 11:37:14 2010 -0500

    Net: blind+copy_based continued

commit 9c8c3e4df9de2c961658cc8aa2ac860c0535849e
Author: willem 
Date:   Wed Dec 22 05:39:55 2010 +0000

    Net: support for copy-based communication + further blind driver (WIP)
    
    Net
    - NXCONFIG_NET_COPY option replaces page-swapping with copy-based networking
      ^-- for finding bugs in page swapping (if any)
      T finish
    - NXCONFIG_DEVICE_BLIND passes data to device drivers only in protected
      buffers whose contents the userspace driver cannot access

commit e1be23f1fd8f4d7b3f1df4646bf0fa9e2a8d7748
Author: Willem de Bruijn 
Date:   Tue Dec 21 19:12:49 2010 -0500

    Concurrent IPC stresstest

commit b067ce70b0d243a9902adb3a75fa7a019e5504ae
Author: Willem de Bruijn 
Date:   Mon Dec 20 21:20:09 2010 -0500

    update to previous

commit 509f57d7de0c038cb02a4716fd775186423825bf
Author: Willem de Bruijn 
Date:   Mon Dec 20 15:29:44 2010 -0500

    Net: finalize blind driver
    
    Net
    - support 'blind' network drivers: those that cannot access packet contents
      - convert e1000 in userspace to blind mode
    - paravirtualize driver
      - replace trap on TDT/RDT write with system call

commit 46333f923d6408f4f426eda19321a70640918958
Author: Willem de Bruijn 
Date:   Mon Dec 20 12:27:36 2010 -0500

    Device: protected pages

commit 9e3bccdb0ee4d5634da2433d16715fc54cc9f8e6
Author: Willem de Bruijn 
Date:   Sun Dec 19 15:40:19 2010 -0500

    minor
    
    - changed webserver benchmark to use exponential scale

commit adf602734ae15d0c1247a238d14616f483f40f0a
Author: Willem de Bruijn 
Date:   Sat Dec 18 17:33:51 2010 -0500

    Bench: fastcgi benchmark
    
    Bench
    - standalone fastcgi stresstest/benchmark app
    - fixed dynamic access control test
    
    Other
    - disabled fast vrouter, because quick version breaks localhost TCP

commit 7fcfa726187350e776247f7b53bbc3859b2533d3
Author: Willem de Bruijn 
Date:   Sat Dec 18 13:23:54 2010 -0500

    minor

commit eaef0447b6aeb4944f58bec294a0cf99e809f10f
Merge: 0d69ee6 65794e2
Author: Willem de Bruijn 
Date:   Fri Dec 17 18:42:55 2010 -0500

    Merge branch 'master' of git.systems.cs.cornell.edu:/opt/git/nexus

commit 0d69ee68756af5fadba3275512d0c139e23ff0e5
Author: Willem de Bruijn 
Date:   Fri Dec 17 12:51:10 2010 -0500

    (minor) fixes
    
    Fixes
    - performance regression in kernel refmon cache:
      cache was only installed on request upcall, not response upcall
    - incorrect port_put in ipc_poll caused memory corruption

commit 65794e23224a0254702a4f8e654800caa62b9cda
Merge: 0a6c763 cddcfa1
Author: eliza 
Date:   Fri Dec 17 09:17:12 2010 -0500

    Merge branch 'master' of ssh://git.systems.cs.cornell.edu/opt/git/nexus

commit 0a6c7638fcb27412f73b169a7b971759696b0b53
Author: eliza 
Date:   Fri Dec 17 09:13:51 2010 -0500

    boinc-client, without my personal information, with README

commit cddcfa19e1ddbd8e38848d77aaa294c6cb14b241
Author: Willem de Bruijn 
Date:   Thu Dec 16 13:55:31 2010 -0500

    Net: vrouter optimization
    
    Net
    - vrouter fastpath for TCP/UDP unicast
      - avoid generic pattern matching
      - stack of rules to trigger server first (before ARP, ..)
    - updated httpget to be able to stresstest local requests
    
    Event Handling
    - collated multiple port lookups
    - made wait/poll atomic operations
    
    Performance
    - replaced disable/restore intr in queue with proper calling with ints disabled
    - replaced mutexes with cheaper interrupt disabling:
      {porttable, process_table, port->thread_mutex, mem_mutex}
    - tested various network configurations
      - inline vrouter call (avoid IPC): about 200 http req/s extra
      - inline device call from vrouter: timing errors <-- XXX investigate
      - high priority device interrupt scheduling: no effect
    
    Other
    - queue iterate function
      - moved vrouter to use regular queue
    - bench setupfiles

commit 7f6c232c37c4b964b0914fd9827fb2a9d8947be5
Author: Willem de Bruijn 
Date:   Wed Dec 15 13:06:29 2010 -0500

    minor
    
    Other
    - added introspection benchmark: a variant of bench_posix

commit 426ab9987697e0e92a443f8348a5a03f818a8bd9
Author: Willem de Bruijn 
Date:   Tue Dec 14 19:58:11 2010 -0500

    minor
    
    status: up to 100K for httpd, including {knetdev @ 3900, unetdrv @ 3600, urefmon cache @1800}.
            not nearly for lighty {unetdev @ 2692}

commit e36c77bacf090a621ddcc10c5d7b5359f3e11531
Author: Willem de Bruijn 
Date:   Mon Dec 13 15:30:50 2010 -0500

    Performance Debugging
    
    Other
    - fixed rpc.test cleanup
    - added Debug_LinuxCall to trace emulated linuxcalls on segfault
    - added Debug_Abort
      - call from uClibC
    - lwip mbox implementation replaced semaphores with condvars

commit 7862bc89bc9cfcdb1fa371cff4141568ef6eba9c
Author: Willem de Bruijn 
Date:   Sun Dec 12 20:43:12 2010 -0500

    Locking: primitives and IPC
    
    Locking
    - removed spinlock versions of userspace synchronization primitives
      - instead, optimistically tries to acquire lock using P_try before sleeping
    - changed IPC synchronization to use single sti/cli versus multiple explicit locks
      ^-- limits us to uniprocessor, but is cheaper and easier to reason about correctness

commit 6e8ef18592eebda69418d165e9b9fb2a29c0469f
Author: eliza 
Date:   Sun Dec 12 19:06:35 2010 -0500

    boinc-client with my personal info

commit c93ba673173e3a0a5df247f9d5fb09d89c77d55f
Merge: 637bbdd f4176a8
Author: eliza 
Date:   Sun Dec 12 18:29:16 2010 -0500

    Merge branch 'master' of ssh://git.systems.cs.cornell.edu/opt/git/nexus
    
    Conflicts:
    	kernel/security/attest.c

commit 637bbddbbc3be6ec9599368f768f674c0b259c11
Author: eliza 
Date:   Sun Dec 12 16:58:27 2010 -0500

    boinc-client that supports remote attestation

commit f4176a851f340e168d98d25b00c87527b96274cb
Author: Willem de Bruijn 
Date:   Sat Dec 11 15:07:05 2010 -0500

    (minor) benchmarking checkpoint
    
    Other
    - bugfix: refmon regression (introduced with new kcache)

commit 2a4f882d25d88c888c03bc05d011b7f9be56a5bb
Author: Willem de Bruijn 
Date:   Thu Dec 9 11:23:07 2010 -0500

    Various
    
    Introspection
    - ipc ports: /proc/os/ipc/ (dynamically generated)
    - guard cache: /proc/os/guard/cache
    
    Guard
    - drop privileges selftest
      - added whitelist test
      - added introspect kernel guard test
    
    Sema
    - extended stress test
    
    Other
    - added 'strace' reference monitor that prints all syscalls

commit 5cdc78494b7a51d1ef41ef8a2bcc1c22e23baf97
Author: Willem de Bruijn 
Date:   Wed Dec 8 19:15:52 2010 -0500

    Introspection + Various
    
    Introspection
    - added introspection on refmon IPC port (in kernel)
    - added introspection on refmon decision cache (in kernel)
    T finish introspection on IPC ports
    
    Bench
    - getppid() system call (for benchmarking)
    - updated posix fileio benchmark to no longer allocate (using SEEK_SET)
    
    Optimization
    - replaced refmon rwlock with sti/cli for performance
    - extended FS_Unpin to allow sync, reducing #rpc calls for posix files
    
    Other
    - added kernel cache statistics: {#calls, #upcalls, ...} in debug build

commit c2b1af18f8535b1a093d7e1dbf2f135d1b02a12e
Author: Willem de Bruijn 
Date:   Mon Dec 6 16:51:36 2010 -0500

    Guard: drop privileges selftest
    
    Guard
    - added selftest guard.drop
      - test blacklist method: Thread_DropPrivilege
      - test whitelist method: Thread_RecordStart/Thread_RecordStop
        T finish
    - dropped deprecated first attempt at interpositioning
      - dropped guard_interpose.test
    
    Status
    - benchmarking

commit df3c82eeb256e38afb83e94d66e6d04990091b73
Author: Willem de Bruijn 
Date:   Mon Dec 6 13:40:25 2010 -0500

    Guard: new kcache performance improvements
    
    Guard
    - replaced kcache hash function
    - optimized kcache key match function
    - reenabled lazy copying of parameters on system call
    - reduced linear probing

commit bf0d5eb1614b28c92eb872734108f53b7f95e857
Author: Willem de Bruijn 
Date:   Sun Dec 5 22:20:10 2010 -0500

    Guard: revised kernel cache
    
    Guard
    - new kernel cache that
      - enables meaningful introspection into subject privileges
        without collisions, it is now possible to exhaustively list all allowed actions
      - decreases system call overhead
      - fixes correctness bugs (whoops!)
    - new 'drop privilege' mechanism:
      processes can voluntarily drop privileges and through introspection
      demonstrate this to distrusting third parties

commit 9364f03c5b7a046a7fd171a042a070de3b298229
Author: Willem de Bruijn 
Date:   Sun Dec 5 15:02:38 2010 -0500

    minor: added selftest for new automatic trivial proof generation (see previous commit)

commit 16c0b30f0f6064d72b2c2dddaa454f219b93cffc
Author: Willem de Bruijn 
Date:   Sat Dec 4 20:43:03 2010 -0500

    Guard: automatically try ``assume <>'' on lack of proof
    
    Guard
    - automatically try to satisfy a trivial goal by assuming it is backed by a credential
      the option is computationally expensive, but a cachable decision is made on failure.
    
    Other
    - reenabled kernel cache bypass (for debugging)

commit 8501b4bddaf6a97b5216524aa1c265f9430832df
Author: Willem de Bruijn 
Date:   Sat Dec 4 19:56:36 2010 -0500

    FS: move to reader-writer locks in RamFS

commit 3f05f7823e6073acfcfcd751b8ba4c2d9c019f6e
Author: Willem de Bruijn 
Date:   Sat Dec 4 19:07:20 2010 -0500

    FS regression fixes
    
    FS
    - bench_posix works
      ^-- required for paper
    - added O_APPEND selftest
    - added concurrent RamFS read-only test
    - added RamFS locking
    
    Other
    - added Debug_Trace support to request a trace of user thread

commit caf490b548ad7fb8b17f74be52b6f249eaaf7187
Author: Willem de Bruijn 
Date:   Fri Dec 3 14:42:53 2010 -0500

    Test: various
    
    Test
    - added drop privilege selftest
    - fixed guard_fs test
      T fix: kill all listening threads on exit
    - fixed guard_cred test (minor) (and reenabled at boot)
    
    Other
    - added kguard:decision cache locking using reader-writer lock
      - added rwlocks to the kernel
      - moved kguard:calltables from mutex to rwlocks
    
    Status
    - guard_bench works as expected

commit f6917e731e75991a9db01dd3e3ddf154e7b07810
Author: Willem de Bruijn 
Date:   Fri Dec 3 10:28:46 2010 -0500

    minor

commit 9af48df101461aba63b8155c879d9fec52856591
Merge: dbbe85e 5024450
Author: Willem de Bruijn 
Date:   Fri Dec 3 10:19:27 2010 -0500

    Merge branch 'master' of git.systems.cs.cornell.edu:/opt/git/nexus

commit dbbe85e47a104f3fa3a044419a6470a8311d1787
Author: Willem de Bruijn 
Date:   Fri Dec 3 10:18:34 2010 -0500

    Guard: new 'drop privilege' instruction
    
    Guard
    - Thread_DropPrivilege(..) drops the right to perform an operation voluntarily.
      It reuses the same kernel logic used for guards and reference monitors

commit 50244505570e6b97a3f2220986ad9879a7a39ead
Author: willem 
Date:   Fri Dec 3 03:40:12 2010 +0000

    minor: safe macros and compiler checks

commit bd1aa56e8b908d2e809da2ed106cd1f837953089
Author: Willem de Bruijn 
Date:   Thu Dec 2 18:13:27 2010 -0500

    Guard
    - add option to voluntarily drop privileges.
      ^-- together with introspection, can build trustworhty apps

commit a14959c945f3fe4b13d87613998c863baa96bef5
Author: Willem de Bruijn 
Date:   Thu Dec 2 18:01:36 2010 -0500

    (minor)
    
    - regression fix: return cachable result on missing proof (was: non-cachable)
    - moved lighttpd back to stable serialized version
    - bugfix: load at most one kernel driver on machines with > 1 matching devices
    - bugfix: handle xen system call correctly (never triggered, but still..)
    
    Status
    - works on Dell Optiplex 745 with Intel Core2Duo E6400

commit e9c5a35e31f31978f701cf0aa332b0e8608ed9b8
Author: Willem de Bruijn 
Date:   Wed Dec 1 22:03:50 2010 -0500

    Synchronization: spinlocks
    
    Sync
    - added optional spinlocks in userspace to avoid system calls into
      the kernel on the uncontended path (common case)
      - extended semaphore selftest

commit 61c7098001ba23624b2c8dd1cfc0e3c5d86121fa
Author: Willem de Bruijn 
Date:   Wed Dec 1 10:37:32 2010 -0500

    minor

commit c77d5f29b9d93f2e49629ca5126f9864819c72a3
Author: Willem de Bruijn 
Date:   Tue Nov 30 19:33:41 2010 -0500

    Synchronization (again)
    
    Sync
    - new CondVar kernel primitives to support user locking
      - non-interposed versions for efficiency
    - updated tcp/ip stack
      - use fast locking (bypass threads)
      - disable zerocopy transfer on rx (because possible source of infrequent crash)
    - yet more stringent user semaphore selftest
    
    Other
    - support for per-app library call tracing in debug builds
    
    Status
    - httpd with net.drv runs without hiccups for 100K+ reqs
      - but slow @ 2100 req/s (vs. 4400 @ peak)

commit 9fada10e5f85c9dabd71a7980ae95f2ac72f06a9
Author: Willem de Bruijn 
Date:   Tue Nov 30 14:05:15 2010 -0500

    minor: regression and debugging
    
    Net
    - fixed synchronization regression in user driver
    
    Debugging
    - added support for library call tracing in all NDEBUG builds

commit 23e068fa340725b09600d8dfc3e4b4beb79719fa
Author: Willem de Bruijn 
Date:   Mon Nov 29 19:52:53 2010 -0500

    Milestone: net_echo and httpd work with most stringent tests

commit d80f961fd42371c8f443d216062b57b31af1e12d
Author: Willem de Bruijn 
Date:   Mon Nov 29 11:39:09 2010 -0500

    Synchronization: condvar/mutex bounds checks + kernel sema reallocation
    
    Sync
    - optional bounds checking on non-counting mutex and condvar uses of semaphores
    - new 'futexes' require a kernel semaphore foreach user lock:
      give each process a fixed number of locks and allow reallocation
      - ksema allocation selftest

commit 8f982f734f17a17dd7f2fbb3dee658c0ecde75b1
Merge: 032ecda cdb892a
Author: Willem de Bruijn 
Date:   Mon Nov 29 11:08:36 2010 -0500

    Merge branch 'master' of git.systems.cs.cornell.edu:/opt/git/nexus
    
    Conflicts:
    	Makefile
    	user/packages/sr5sieve/sr2data.txt

commit 032ecda2be96e436866d08008e67c572428f5478
Author: Willem de Bruijn 
Date:   Sun Nov 28 21:54:49 2010 -0500

    minor: more regressions

commit 488b0e213dd7ceb9ff7138f5142d8eda24b32e33
Author: Willem de Bruijn 
Date:   Sat Nov 27 17:17:54 2010 -0500

    Bugfixes (incl. regressions)
    
    Regression
    - fixed regression in user semaphores
      - strengthened selftest
    - fixed regression in thread + process lifecycle
    - fixed possible races in memory address translation

commit 9b3ddc6b2b6eb60ea3f75523edfa2aeb6e07dbbb
Author: eliza 
Date:   Sat Nov 27 23:06:49 2010 -0500

    Boinc_client that downloads and executes work

commit 1bff36d93a52d548fa84504fb6292c77575c7888
Author: Willem de Bruijn 
Date:   Fri Nov 26 23:07:11 2010 -0500

    Bugfix: race in thread exit
    
    Bugfix
    - cleaned up process and thread exit code to fix bugs

commit 2d0027833c41068dc409e1a4b079a2b1b48b93fc
Author: Willem de Bruijn 
Date:   Fri Nov 26 18:48:24 2010 -0500

    Bugfix: doubly queued thread
    
    Bugfix
    - rpc server threads could be enqueued both on the scheduler runqueue
      and on the rpc queue. Race only happened at high rate (of course, sigh)

commit b878a27b79a3615bbcf2904365cfc4728f44b5a6
Author: Willem de Bruijn 
Date:   Wed Nov 24 22:26:17 2010 -0500

    (minor) Synchronization: Part 2 (cleanup)
    
    Sync
    - dismantled old synchronization code
    
    RPC
    - add stress test for race detection
    
    Other
    - collapsed various thread types onto single structure

commit cdb892a769c49a9c4f7967fe2090b9ffffce0558
Merge: 9ec961d 49fb709
Author: Willem de Bruijn 
Date:   Wed Nov 24 19:39:43 2010 -0500

    Merge branch 'master' of ssh://git.systems.cs.cornell.edu/opt/git/nexus

commit 9ec961dbd9214796eff8ec917c5554a0e5c5835d
Author: Willem de Bruijn 
Date:   Wed Nov 24 12:25:46 2010 -0500

    Attestation: various changes for BOINC attestation
    
    Attest
    - enable attestation that binds process with sha1 for arbitrary processes
    - incorporate ip address in platform certificate
    - incorporate system private key in initrd (remove disk/nfs dependency)
    
    Other
    - added linux system calls getpriority/setpriority

commit 316338264890d09ef602f6a45b3f68b57c173f4d
Author: Willem de Bruijn 
Date:   Wed Nov 24 15:43:26 2010 -0500

    Synchronization: various
    
    Sync
    - Fast futex-like semaphores
      ^-replace duplicate queue handling in userspace with busy polling (spinlocks)
    - Fast simple condition variables
      - using new atomic release-lock-and-acquire-sema() system call

commit 49fb70917b5112d73df835323004ca877473b127
Author: Willem de Bruijn 
Date:   Wed Nov 24 12:25:46 2010 -0500

    minor: added linux system calls getpriority/setpriority

commit 4f4a49b99e91511630d1d709761290a0f4996f59
Author: Willem de Bruijn 
Date:   Tue Nov 23 14:45:00 2010 -0500

    Net: zerocopy Rx up through lwip

commit 4bdbd2264eaddbdc0c1256faf5fb9556769d6e55
Author: Willem de Bruijn 
Date:   Mon Nov 22 16:25:40 2010 -0500

    Boinc: import of sr2sieve (sieve of eratosthenes) BOINC application
    
    Boinc
    - new sieve app
    
    Other
    - separate userspace/kernel cycle accounting in kernel
      - times() cycle accounting system call (for sr2sieve)
    - optional non-preemptable kernel (for debugging)
    - cleaned out thread tracing code
    
    Other (minor)
    - removed thread->sleepsema (superfluous)
    - new: config.h central configuration option header file
    - minor update to lighttpd refmon for benchmarking
    - new Makefile.shared to reuse CFLAGS, LDFLAGS and LDLIBS between packages

commit 2ce639ad87cb0cc6f0681250c1ceda3b611bcd14
Author: Willem de Bruijn 
Date:   Sun Nov 21 21:30:12 2010 -0500

    minor: thread name support (for profiling)

commit 74f563d8f32e1997603582fbc6d7fa75e444753b
Author: Willem de Bruijn 
Date:   Sun Nov 21 18:26:29 2010 -0500

    Bugfix: queue dequeue operation left ghost state (causing synchronization errors)

commit 461a522e8c169284a38bb15b5903f7b126175c81
Author: Willem de Bruijn 
Date:   Sat Nov 20 13:56:20 2010 -0500

    Evaluation: generate median in udp_echo test
    
    Evaluation
    - adapted echo to generate median
    - ported echo server to linux
    - added sempaphore profiling support

commit 2089aaf2188c20f1202dd9f13a919d323fff8a6a
Author: Willem de Bruijn 
Date:   Thu Nov 18 15:23:19 2010 -0500

    Device Drivers: enable checksum offload on E1000

commit c0dc126fba0a02cf10c8fe34c789bde59d1b72c3
Author: Willem de Bruijn 
Date:   Wed Nov 17 22:36:57 2010 -0500

    (minor) optimization alternatives

commit 211e2af4e9ef76e419dd60eed94bb79f1379e120
Author: Willem de Bruijn 
Date:   Wed Nov 17 14:11:39 2010 -0500

    Bench: new lowlevel multithreaded UDP echo server
    
    Bench
    - net_echo uses only lowlevel IPC to respond to UDP requests
      - possibly multithreaded to expose race conditions in IPC layer
      - net_echo_client is a linux client that floods the server
        - again, multithreaded
      ^-- webservers experience timeouts every N*1000 packets and crashes every N*10K
          this low level test will show whether IPC code is to be blamed
          + it offers a good benchmark for device driver reference monitor overhead
    
    Bugfixes
    - fixed deadlock when ipc listener queue overflowed

commit 943278515845ecabb6cb131f56df91b24f3f13d4
Author: Willem de Bruijn 
Date:   Tue Nov 16 20:22:23 2010 -0500

    Bench: various
    
    Bench
    - updated refmon_kernel and refmon_vlance to be able to interpose on Intel Pro/1000
    - imported benchmark spreadsheet

commit 85fc995bb5457d242581b9fa16b5fc2694d0bb5d
Author: Willem de Bruijn 
Date:   Tue Nov 16 18:26:17 2010 -0500

    Guard: updated access control policies

commit ad600f1370d5db0fa52d8991abaef97d453c110f
Merge: 18d2725 a395b22
Author: Willem de Bruijn 
Date:   Tue Nov 16 16:18:26 2010 -0500

    Merge branch 'master' of git.systems.cs.cornell.edu:/opt/git/nexus
    
    Conflicts:
    	user/apps/simple/httpd.c

commit a395b228ced910cddf317e00c7432e991a1ab6a4
Author: root 
Date:   Tue Nov 16 15:26:53 2010 -0500

    minor: fixed new gcc 4.4.1 warnings on `make linux`

commit 18d272572861b3d8ed228a4cc2f973c990ccabc2
Author: Willem de Bruijn 
Date:   Tue Nov 16 13:46:48 2010 -0500

    Device Drivers: e1000 fixes
    
    Drivers
    - added NAPI-like background processing to e1000 in kernel
    - removed unnecessary watchdog timer from e1000
    
    Other
    - removed obsolete kernel task infrastructure

commit c5cc43989c72f87342d26e50b1921a51878bc57f
Author: Willem de Bruijn 
Date:   Mon Nov 15 11:50:32 2010 -0500

    Device Drivers: e1000 kernelspace driver
    
    Drivers
    - add e1000 to kernel
      ^-- because tg3 in userspace witnesses hard-to-solve timing issue
      T get checksum offload working
    - removed kernel:iomem.c virtual memory accounting for device memory
    - tg3 removed debug statements

commit 9deaec9be93fb708619230dd3cef2dbacd82b899
Author: Willem de Bruijn 
Date:   Fri Nov 12 18:33:30 2010 -0500

    UDriver: net fixes

commit c05422e5dd964a556dd6d9d8bfaedc47e1a0f326
Author: Willem de Bruijn 
Date:   Wed Nov 3 21:30:20 2010 -0400

    (minor update to previous): Device fixes
    
    Userspace device drivers
    - keyboard works
    - mouse works
    - pci works
    - ide works
    - e1000 works
    T tg3 fails at dma selftest
    T reenable checksum offload support for udrivers

commit 92e48ef15e1b74e15309645ad7eeaab6809cadb5
Author: Willem de Bruijn 
Date:   Wed Nov 3 19:12:55 2010 -0400

    Devices: removed all pci + netdev code --> 25% smaller kernel
    
    Devices
    - made kernel network drivers optional
      - made all legacy linux pci code optional
      T remove video driver (only kernel driver left)

commit 80616da47893eaa7674d9cf9a4f64d476e7f224d
Author: Willem de Bruijn 
Date:   Tue Nov 2 22:21:39 2010 -0400

    Drivers: userspace keyboard and mouse + kernel cleanout
    
    Drivers
    - new kbd.drv userspace keyboard + mouse driver
      - new userdriver headerfiles
      - simplified console, removed kernel mouse handling
    - removed kernel garbage
      - NexusDevice/NexusOpenDevice
      - per process Framebuffer code

commit 55f8f12eba13693c462879a44ff73d6b5f1ca182
Author: Willem de Bruijn 
Date:   Mon Nov 1 21:47:27 2010 -0400

    Userdriver: ported tg3
    
    Userdriver
    - ported tg3 driver to be able to benchmark ddrm and throw out kernel pci code
      ^-- compiles, but needs further debugging
      T fix trapped memory access
      T expand user driver headerfiles

commit 3d92e349d5e8a6badc74028a656ae966155c111a
Merge: ad33f63 8407d7f
Author: Willem de Bruijn 
Date:   Fri Oct 29 18:10:12 2010 -0400

    Merge branch 'master' of git.systems.cs.cornell.edu:/opt/git/nexus

commit ad33f63bffaa86e0cc9262990a3fc063cde38635
Author: Willem de Bruijn 
Date:   Fri Oct 29 18:09:05 2010 -0400

    minor