On the Versatile Express Cortex A9x4 platform the first memory region
0x0 - 0x4000000 is a hardware remapped memory area, containing flash
and DDR RAM copies and thus should not be added in addition to all
DDR RAM regions and the SRAM region.
In the init configuration one can configure the donation of CPU time via
'resource' tags that have the attribute 'name' set to "CPU" and the
attribute 'quantum' set to the percentage of CPU quota that init shall
donate. The pattern is the same as when donating RAM quota.
! <start name="test">
! <resource name="CPU" quantum="75"/>
! </start>
This would cause init to try donating 75% of its CPU quota to the child
"test". Init and core do not preserve CPU quota for their own
requirements by default as it is done with RAM quota.
The CPU quota that a process owns can be applied through the thread
constructor. The constructor has been enhanced by an argument that
indicates the percentage of the programs CPU quota that shall be granted
to the new thread. So 'Thread(33, "test")' would cause the backing CPU
session to try to grant 33% of the programs CPU quota to the thread
"test". By now, the CPU quota of a thread can't be altered after
construction. Constructing a thread with CPU quota 0 doesn't mean the
thread gets never scheduled but that the thread has no guaranty to receive
CPU time. Such threads have to live with excess CPU time.
Threads that already existed in the official repositories of Genode were
adapted in the way that they receive a quota of 0.
This commit also provides a run test 'cpu_quota' in base-hw (the only
kernel that applies the CPU-quota scheme currently). The test basically
runs three threads with different physical CPU quota. The threads simply
count for 30 seconds each and the test then checks wether the counter
values relate to the CPU-quota distribution.
fix#1275
Do not support the global construction from of objects from within a global
constructor of another object. This can happen if, for example, dlopen is called
from a global constructor. The construction will be post-boned until the current
constructor has finished.
On Arndale, the kernel timer resets to the initial value of the last
count-down and continues as soon as it reaches zero. We must check this
via the interrupt status when we read out the timer value and in case
return 0 instead of the real value.
fix#1299
The way this function is currently used in dde_linux expects this
function to return. Since there is dde_kit_panic it should better
be used in such a case the output should block.
Kernel::Processor was a confusing remnant from the old scheme where we had a
Processor_driver (now Genode::Cpu) and a Processor (now Kernel::Cpu).
This commit also updates the in-code documentation and the variable and
function naming accordingly.
fix#1274
The run test 'hw_info' prints the content of the basic ARMv7 identification and
feature registers in a pretty readable format. It is a kernel-internal test
because many of these registers are restricted to privilege level 1 or higher.
fix#1278
The new scheduler serves the orthogonal requirements of both
high-throughput-oriented scheduling contexts (shortly called fill in the
scheduler) and low-latency-oriented scheduling contexts (shortly called
claim in the scheduler). Thus it knows two scheduling modes. Every claim
owns a CPU-time-quota expressed as percentage of a super period
(currently 1 second) and a priority that is absolute as long as the
claim has quota left for the current super period. At the end of a super
period the quota of all claims gets refreshed. During a super period,
the claim mode is dominant as long as any active claim has quota left.
Every time this isn't the case, the scheduler switches to scheduling of
fills. Fills are scheduled in a simple round robin with identical time
slices. Order and time-slices of the fill scheduling are not affected by
the super period. Now on thread creation, two arguments, priority and
quota are needed. If quota is 0, the new thread participates in CPU
scheduling with a fill only. Otherwise he participates with both a
claim and a fill. This concept dovetails nicely with Genodes quota based
resource management as any process can grant subsets of its own
CPU-time and priorities to its child without knowing the global means of
CPU-time and priority.
The commit also adds a run script that enables an automated unit test of the
scheduler implementation.
fix#1225
To serve the needs of the coming CPU scheduler, the double list needs
additional methods such as 'to_tail' and 'insert_head'.
The commit also adds a run script that enables an automated unit test
of the list implementation.
ref #1225
Kernel tests are done by replacing the implementation of an otherwise
empty function 'Kernel::test' that gets called once at the primary CPU
as soon as all kernel initialization is done. To achieve this, the test
binary that implements 'Kernel::test' must be linked against the core
lib and must then replace the core binary when composing the boot image.
The latter can be done conveniently in a run script by setting the new
argument 'core_type' of the function 'build_boot_image' to the falue
'test'. If no kernel test is needed the argument does not have to be
given - it is set to 'core' by default which results in a "normal"
Genode image.
ref #1225
Previously, Idle_thread inherited from Thread which caused an extra
processor_pool.h and processor_pool.cc and also made class models for
processor and scheduling more complex. However, this inheritance makes
not much sense anyway as an idle context doesn't trigger most of the code
in Thread.
ref #1225
The memory barrier prevents the compiler from changing the program order
of memory accesses in such a way that accesses to the guarded resource
get outside the guarded stage. As cmpxchg() defines the start of the
guarded stage it also represents an effective memory barrier.
On x86, the architecture ensures to not reorder writes with older reads,
writes to memory with other writes (except in cases that are not
relevant for our locks), or read/write instructions with I/O
instructions, locked instructions, and serializing instructions.
However on ARM, the architectural memory model allows not only that
memory accesses take local effect in another order as their program
order but also that different observers (components that can access
memory like data-busses, TLBs and branch predictors) observe these
effects each in another order. Thus, a correct program order isn't
sufficient for a correct observation order. An additional architectural
preservation of the memory barrier is needed to achieve this.
Fixes#692
GCC 4.7.4 and newer seems to optimize the lock-variable accesses more
radically, which uncovered the missing volatile qualifier and resulted
in:
Assertion "(int)locked >= 0" failed in file '.../okl4_x86/kernel/include/kernel/read_write_lock.h', line 151 (fn=f0104771)
--- "KD# assert" ---
Invalidating all branch predictors before switching the PD
fixes instability problems on Panda and has not much effect
on the performance of other boards. However, we neither know why
this is a fix nor wether it fixes the real cause of the problem.
fix#1294
Previously, the timer was used to remember the state of the time slices.
This was sufficient before priorities entered the scene as a thread always
received a fresh time slice when he was scheduled away. However, with
priorities this isn't always the case. A thread can be preempted by another
thread due to a higher priority. In this case the low-priority thread must
remember how much time he has consumed from its current time slice because
the timer gets re-programmed. Otherwise, if we have high-priority threads
that block and unblock with high frequency, the head of the next lower
priority would start with a fresh time slice all the time and is never
superseded.
fix#1287
Some SDL applications expect the SDL_image headers in include/SDL to be
reachable without the SDL/ prefix. This patch adds the corresponding
search path. Furthermore it enables support for XPM images.
Ported drivers list and extract all needed source files. This decouples
ports according to contrib sources and also enables us to revert lxip to
Linux version 3.9, while staying with 3.14 for usb.
Fixes#1285
The manpage to errno tells the following story:
The <errno.h> header file defines the integer variable errno, which is
set by system calls and some library functions in the event of an error
to indicate what went wrong. Its value is significant only when the
return value of the call indicated an error (i.e., -1 from most system
calls; -1 or NULL from most library functions); a function that
succeeds is allowed to change errno.
Valid error numbers are all nonzero; errno is never set to zero by any
system call or library function.
When the 'Mtd::FPU' flag is set during the registration of a
virtualization event handler, it must also be set whenever the event
handler returns.
Fixes#1283
This patch ensures that priority values passed as session arguments
are within the valid range of priorities. Without the clamping, a child
could specify a priority of a lower priority band than the one assigned
to the subsystem. Thanks to Johannes Schlatow for reporting this issue.
Fixes#1279
This is just a quick fix to calm down the buildbot - a revised
implementation is needed according to issue #1277. Further, the reason
for the increased test duration on several platforms must be
investigated.
The alias is rather Linux-specific and also prevents particularly
tailored jiffies implementations. For the existing dde_linux ports (usb
and lxip) we just define jiffies to be dde_kit_timer_ticks with a
preprocessor macro.
The menu view generates a simple dialog of widgets and reports the
hovered element. It is meant to be embedded into applications that
require simple GUIs but don't want to deal with the pecularities of
a full-blown widget set.
The new 'session_control' function can be used to perform operations on
the global view stack that span one or multiple sessions, e.g., bringing
all views of specific sessions to the front, or hiding them.
If the Rom_session::update function returns false, the ROM dataspace may
have been physically destructed (and core has removed all mappings).
In this case, we have to omit the detach operation in the destructor
of 'Attached_dataspace' to avoid detaching the same region twice.
The headers 'texture_rgb565.h' and 'texture_rgb888' contain
template specializations needed for using the 'Texture::rgba' function
for the respective pixel formats. The specializations were formerly
contained in application-local code.
This patch add an optional alpha argument to the constructor, which may
be passed to a pixel type representing an alpha channel. Furthermore,
a new overload of the mix function has been added to accommodate use
cases where one texture is applied to both a pixel surface and an alpha
channel.
When X-ray mode is active, nitpicker filters motion events that are not
referring to the currently focused domain. However, domains configured
as xray="no" (such as a panel) need to obtain motion events regardless
of the xray mode. This patch relaxes the motion-event filtering to
accommodate such clients.
The buffer offset was wrongly accounted for. The miscalculation went
unnoticed until now because the buffer offset was apparently never used
in combination with alpha-channels.
If a domain is configured as xray="no", we want to let the views of the
domain respond to input events like in flat mode, even if xray mode is
active. Normally, the input mask of views with an alpha channel is
disregarded in X-ray mode. However, for non-ray views, the input mask
should always be considered.
The 'Signal_rpc_member' takes care about dissolving its signal context
from the receiver. So we don't need to manually perform this operation
in the session destructor.
With this patch, the VESA driver chooses the video mode with the highest
resolution from the list of available modes if no resolution is
explicitly configured.
Fixes#1263.
* use seoul branch containing vbios emulator
* report the memory model in the VBE mode info as otherwise the
Genode framebuffer driver will ignore this mode
Fixes#1261
It turned out that the controller configuration can change during the self
tests, so now it is read before running the tests and restored afterwards.
Fixes#1260.
This component merges the input events of multiple sources.
Example configuration:
<start name="input_merger">
<resource name="RAM" quantum="1M" />
<provides>
<service name="Input" />
</provides>
<config>
<input label="ps2" />
<input label="usb_hid" />
</config>
<route>
<service name="Input">
<if-arg key="label" value="ps2" /> <child name="ps2_drv" />
</service>
<service name="Input">
<if-arg key="label" value="usb_hid" /> <child name="usb_drv" />
</service>
<any-service> <parent /> <any-child /> </any-service>
</route>
</start>
For each 'input' config node, the component opens an 'Input' session with the
configured label. This label is then evaluated by 'init' to route the session
request to a specific input source component.
Fixes#1259.
* When flushing the data and unified cache on ARM, clean and invalidate
instead of just cleaning the corresponding cache lines
* After zero-ing a freshly constructed dataspace in core, invalidate
corresponding cache lines from the instruction cache
The backend allocator for the slab is a sliced heap, which hands out
allocations with page-size granularity (4096 bytes). Therefore, the
slab-block size should also be about a multiple of the page size minus
some bytes of overhead.
Additional adjustments:
- The slab-block size and the default quota-upgrade amount for SIGNAL
sessions depends on the platform bit width now.
- The signal test also stresses the case of many managed context in one
session including creation and destruction of the used signal receiver
in repeated rounds.
- correctly catch and report non-existing root directories
- remove *all* leading slashes from root-directory attributes and
sanitize empty declarations to current working directory
The older SOAP EOI protocol is not supported with AMT version 9+. By default
the wsman tool will be used if installed.
RUN_OPT examples to enforce amtool or wsman:
--target amt --amt-tool wsman
--target amt --amt-tool amttool
Fixes#1251
The weak implementation was added for quite special purposes years ago
and is no longer needed. On the other hand, the weak attribute does not
help if the implementation ends up in a shared library, which first
resolves symbols locally before asking ldso (that includes the acutal
thread library) *shiver*
The original git:// URL produced the following error:
Cloning into 'jbig2dec'...
fatal: remote error: access denied or repository not exported: /jbig2dec.git
Until now, the rumpkernel based tools were installed with all symbols
included. This accounts for about 200MiB used space on 64Bit system.
Stripping the binaries prior to installation brings the space
requirements down to 20MiB.
Fixes#1245.
The clean rule is used to delete already built binaries as well as to
clean-up any left-overs from previous build attempts. If there was
no previous attempt just return true to prevent make from complaining.
Fixes#1245.
Before the pointer handling was removed from the nitpicker server, the
pointer was always the first view, which was skipped in the find_view
function. However, since we support pointer-less operation by now, we
have to consider all views starting with the top-most one.
The port was succesfully tested a echo test and lighttpd. DHCP over
OpenVPN is not tested and probably will not work out of the box.
Therefore, the ip address etc. need to be specified manually.
For now, only ethernet bridging (using a TAP device) is supported.
Fixes#1235.
This commit adds a port the jitterentropy library to Genode. As
backend on x86_{32,64} 'rdtsc' is used and on ARMv{6,7} the
performance-counter.
Fixes#1239.
These file systems are provided on-demand by loading a shared library
when the fstab node is traversed. By convention this library is named
after the file system it provides. For example a file system that
provides a 'random' file system node is called 'vfs_random.lib.so'. It
is still possible to give the the node another name in the vfs. The
following code snippts illustrates this matter:
! [...]
! <config>
! <libc>
! <vfs>
! <dir name="dev"> <jitterentropy name="random"/> </dir>
! </vfs>
! </libc>
! </config>
! [...]
Here the jitterentropy file system, implemented in
'vfs_jitterentropy.lib.so' provides a file system node named 'random'
in the 'dev' directory. When traversing the vfs section the libc will
try to load 'vfs_jitterentropy.lib.so' but programs may access the
file system only via '/dev/random'.
Fixes#1240.
This patch fixes a potential race condition that could happen if a
client connects to nitpicker before the signal for the import of the
initial configuration was delivered. In this case, nitpicker would be
unable to assign a domain to the session (because this information comes
from the configuration), rendering subsequent calls to 'mode' invalid.
The patch solves this problem by manually calling the signal handler
for importing the configuration.
This provides bootable disk images for x86 platforms via
! RUN_OPT="--target disk"
The resulting disk image contains one ext2 partition with binaries from
the GRUB2 boot loader and the run scenario. The default disk size fits
all binaries, but is configurable via
! --disk-size <size in MiB>
in RUN_OPT.
The feature depends on an grub2-head.img, which is part of the commit,
but may also be generated by executing tool/create_grub2. The script
generates a disk image prepared for one partition, which contains files
for GRUB2. All image preparation steps that need superuser privileges
are conducted by this script.
The final step of writing the entire image to a disk must be executed
later by
sudo dd if=<image file> of=<device> bs=8M conv=fsync
Fixes#1203.
After modifying mode transition for branch prediction tz_vmm wasn't
working anymore on hw_imx53_tz but the modifications had nothing to do
with the VM code. However, the amount of instructions in the MT before the
VM exception-vector changed. So I tried stuffing the last working version with
NOPs and found that tz_vmm worked for some NOP amounts and for others not.
Thus, I increased the alignment of the VM exception-vector from 16 bytes to 32
bytes, é voila, its working with any amount of NOPs as well as with branch
prediction commits.
ref #474
Previously, we did the protection-domain switches without a transitional
translation table that contains only global mappings. This was fine as long
as the CPU did no speculative memory accesses. However, to enabling branch
prediction triggers such accesses. Thus, if we don't want to invalidate
predictors on every context switch, we need to switch more carefully.
ref #474
The console included nitpicker_view headers, which were not used. The
headers vanished with the recent nitpicker API change, which broke the
build of seoul.
This patch reimplements the nit_fb server using the server API and
thereby enables the dynamic resizing the of the framebuffer.
Note that the new implementation does not feature the ability to perform
a periodic refresh via the 'refresh_rate' configuration argument. This
feature was removed because the refresh policy can (and should) always
be implemented on the client side.
The QPluginWidget used to be a QNitpickerViewWidget but the new loader
interface does no longer hand out a view capability. So we need to
decouple both classes. This patch moves the view-geometry calculation to
a separate class to make it easier reusable, in particular for the
QPluginWidget.
The window manager provides a nitpicker session interface. In contrast
to the nitpicker server, which leaves the view layout up to the client,
the window manager organizes the views on screen according to a policy
provided by a window layouter. Furthermore, it equips views with window
decorations as provided by a window decorator. Both layouter and
decorator are independent programs.
This patch adds support for the consecutive re-dimensioning the virtual
framebuffer. When changing the buffer size, the session gets upgraded by
the missing portion of the quota instead of donating the whole size of
the new buffer each time.
This patch introduces a way to tweak the coordinate systems per
domain. The 'origin' attribute denotes the origin of the coordinate
system. Valid values are "top_left", "top_right", "bottom_left",
"bottom_right", and "pointer". Furthermore, the screen dimensions as
reported to the nitpicker client can be tweaked per domain using the
'width' and 'height' attributes. If the specified value is positive,
it is taken as literal boundary. If the value is negative, the size
if deducted by the specified amount from the physical screen area.
This patch introduces a mandatory layer attribute to domains. The layer
ordering is superimposed on the stacking order of the views. The
top-most layer can be assigned to a pointer-managing client. An example
for such a pointer is located at os/src/app/pointer. It replaces the
formerly built-in nitpicker mouse cursor.
The new layering mechanism replaces the former "stay-top" session
argument. So the Nitpicker::Connection no longer takes the stay-top flag
as the first argument.
A session can be explicitly configured to present its views in a
completely opaque way when the X-ray mode is active as opposed to the
default where each view gets tinted and surrounded by a frame. This
is useful for decorator views, which look overly busy otherwise.
This patch introduces the notion of a "domain" to the nitpicker
configuration concept. Session policies always refer to a domain where
multiple session policies can refer to the same domain. Thereby a domain
provides a way to express the grouping of sessions. This is useful for
applications that open multiple nitpicker sessions (such as Qt5 apps that
use one nitpicker session per window, menu, etc.). We want to assign all
those sessions to a single domain.
The configuration looks as follows:
<config>
...
<domain name="default" color="#ffffff"/>
<policy label="" domain="default"/>
...
</config>
This patch changes nitpicker's session interface to use session-local
view handles instead of view capabilities. This enables the batching
of multiple view operations into one atomic update.
This patch introduces a focus-management facility to the nitpicker
session interface. As a side effect of this change, we remove the notion
of a "focused view". There can only be a "focused session". This makes
sense because input is directed to sessions, not views.
Issue #1168
This patch changes nitpicker's way of redrawing. Originally, redraw
operations were triggered immediately by the RPC functions invoked by
clients. In the presence of clients that invoked a large number of those
functions, the server could become overloaded with processing redraw
operations. The new version performs redraw operations out of band with
the RPC functions. Similar to the design of the DOpE GUI server, redraw
operations are processed periodically. The RPC functions merely modify
meta data and track the dirty areas that need to be updated.
Consequently, nitpicker's RPC functions become light-weight operations.
As a nice collateral effect of this patch, nitpicker's internal
structure could be simplified because the drawing backend is no longer
needed by the code that dispatches the RPC interface.
So far, the lifetime-management utilities 'Weak_ptr' and 'Locked_ptr'
had been preserved for core-internal use only. However, the utilities
are handy for many use cases outside of core where object lifetimes
must be managed. So we promote them to the public API.
The new Rom_session::update function can be used to request the update of
an existing ROM dataspace. If the new data fits into the existing
dataspace, a subsequent call of 'dataspace' can be omitted. This way,
ROM dataspace updates don't suffer from page-fault-handling costs that
would occur when replacing the dataspace with each update.
When calling 'sub_node' on a node with no sub nodes, the Xml_node would
interpret the characters after the current node while searching for sub
nodes. The patch adds a sanity check that lets the 'sub_node' function
throw an exception when called on a node with no sub nodes.
This patch makes the handling of constructor arguments consistent among
the Volatile_object and Lazy_volatile_object classes. Arguments are
always forwarded. Otherwise, passing a reference as argument would result
in an unwanted copy of the passed object.
Some session interfaces use session-local handles for referring to
server-side objects, e.g., a file-system session hands out file handles
to the client. The new 'Handle_registry' class template can be used to
associate numeric handles with objects on the server side and thereby
simplifies the implementation of such servers.
This patch enables the debugging on services that rely on dynamic
session upgrades. For example, nitpicker expects its clients to donate
RAM quota that matches the size of the virtual framebuffer, which might
change during the lifetime of a nitpicker session.
* repos/ports/include/vmm
- add support to specify cpu location during vCPU construction
* seoul
- update to latest seoul branch supporting smp
- adjust to vmm interface changes
- vCPUs will be put in a round robin fashion on the available host CPUs,
beginning with the next CPU after the default (boot) CPU
- number of vCPUs can be specified in run script
* virtualbox
- adjust to vmm interface changes
- uses still one vCPU, placed on default (boot) CPU
Fixes#1212
This reverts commit edc03489b3.
Since commit
"timer: nova specific version of the service"
a nova specific timer is used and this quirk is not necessary anymore.
Issue #1211
When a page fault cannot be resolved, the GDB monitor can get a hint about
which thread faulted by evaluating the thread state object returned by
'Cpu_session::state()'. Unfortunately, with the current implementation,
the signal which informs GDB monitor about the page fault is sent before
the thread state object of the faulted thread has been updated, so it
can happen that the faulted thread cannot be determined immediately
after receiving the signal.
With this commit, the thread state gets updated before the signal is sent.
At least on base-nova it can also happen that the thread state is not
accessible yet after receiving the page fault notification. For this
reason, GDB monitor needs to retry its query until the state is
accessible.
Fixes#1206.
The build config for core is now provided through libraries to enable
implicit config composition through specifiers and thereby avoid
consideration of inappropriate targets.
fix#1199
The count value can be used to batch timeouts. I.e., if a periodic
timeout triggered multiple times before the timer had a chance to
process them, the count corresponds to the number of passed periods.
Until now, the HW platform support for the TrustZone features of the
i.MX53 boards could only be used, when adding a "trustzone" SPEC variable
manually. This commit adds a create_builddir target for HW i.MX53 with
TrustZone features enabled, fo convenience reasons.
- Log elapsed time per test in summary
- Command-line switch `--time-stamp` prefixes log output lines with
current time stamp (requires ts utility from Debian package _moreutils_)
Fixes#1156.
A subject that inherits from Processor_client not necessarily has the need for
doing a processor-global TLB flush (e.g. VMs). At the other hand the Thread
class (as representation of the only source of TLB flushes) is already one of
the largest classes in base-hw because it provides all the syscall backends
and should therefore not accumulate other aspects without a functional reason.
Hence, I decided to move the aspect of synchronizing a TLB flush over all
processors to a dedicated class named Processor_domain_update.
Additionally a singleton of Processor_domain_update_list is used to enable
each processor to see all update-domain requests that are currently pending.
fix#1174
and add xml configuration option to switch it on if required. Avoids trouble
on Windows 7 guest where IRQ injected by VMMDev PCI device is not delivered.
If ioapic is required and Windows guest addition "hangs", look in file
DevPCI.cpp, function pciSetIrqInternal, variable fIsApicEnabled. If
config[0xde] == 0xbe
config[0xad] == 0xef
it works. "Deadbeaf" seems to/should be set in ACPI file vbox.dsl. Happens for
unknown reason not on Genode/Nova.
Fixes#1188
By adding: "--target jtag \
--jtag-debugger <debugger configuration> \
--jtag-board <board configuration>" to the RUN_OPTs
this commits enables the run-tool to load and execute an ELF image
via JTAG to the target platform.
Fixes#1191
Commit 6a3368ee that refactored the mode transition assembler path, and
high-level entry point, fundamentally broke that part for the TrustZone VMs.
Instead of jumping to the appropriated address, the instruction value at that
point where used as target address.
Moreover, the TrustZone part of the mode transition page was not included into
the boundary check.
Ref #1182
On ARM it's relevant to not only distinguish between ordinary cached memory
and write-combined one, but also having non-cached memory too. To insert the
appropriated page table entries e.g.: in the base-hw kernel, we need to preserve
the information about the kind of memory from allocation until the pager
resolves a page fault. Therefore, this commit introduces a new Cache_attribute
type, and replaces the write_combined boolean with the new type where necessary.
Depending on 'src_w' and 'dst_w', different lines of a block to copy may be
32-bit aligned or not, so the alignment of each line needs to get checked.
Fixes#1111.
Don't define assembler constants inside macros, thereby calling the
corresponding macros isn't needed anymore. To prevent having to much
constants included in files where they aren't needed, split macros.s
file into a generic mode_transition.s part, and globally used macros.s.
Fix#1180
Previously this was not done before Thread_base::start(..) in
base-hw as it was not needed to have a valid cap that early. However,
when changing the affinity of a thread we need the cap to be valid
before Thread_base::start(..).
fix#1151
By now the scheduling timer was only refreshed for a new scheduling timeout
when the choosen scheduling context has changed. But we want it to be refreshed
also when the scheduled context yields without an effect to the schedulers
choice (this is the case e.g. when the idle thread gets a scheduling timeout
or a thread yields without any competitor in its priority band).
ref #1151
By using &&, we prevent the accidental copying of deallocator instances,
passed to the destroy function. We always want to take the deallocator
as reference or pointer.
For the correct integration of a QPluginWidget in a parent QWidget, with
this commit the parent QWidget's Nitpicker view is made the parent view of
the plugin's Nitpicker view.
Fixes#1173.
This commit adds a 'parent_view()' function to the loader session, which
allows to set the parent view of the subsystem's Nitpicker view.
If the function is to be used, this must get done before calling
'start()'.
Fixes#1172.
In file
src/VBox/Additions/WINNT/SharedFolders/driver/file.c
the function
static int vbsfTransferCommon(VBSFTRANSFERCTX *pCtx)
in the
VbglR0CanUsePhysPageList()
branch does not correctly evaluate the read or written bytes from
the VMM. It ever assumes that whole pages are read/written.
Workaround the bug in the Windows guest additions of Vbox until fixed
upstream by filling up the read/write buffer completely within the VMM code
of Vbox.
Fixes#1176
Genode::strncpy() enures the destination string is null terminated by
writing a null-byte. In this case, the null-bytes always overwrote the
last character of the output byte stream.
Ensures that the Exynos5 CPU is clocked equally no matter how the kernel
initialized it. This makes the result of this time critical test more
comparable.
fix#1162
Now that it is possible to resize the stack of the Genode main thread, it
is not necessary anymore to create a new Genode thread as Qt main thread.
Fixes#1134.
This patch changes both the Input::Session interface and the skeleton
for the server-side implementation of this interface
('input/component.h').
The Input::Session interface offers a new 'sigh' function, which can be
called be the client to register a signal handler. The signal handler
gets notified on the arrival of new input. This alleviates the need to
poll for input events at the client side.
The server-side skeleton for implementing input services underwent a
redesign to make it more modular and robust. I.e., there are no
global functions needed at the server side and the event-queue
enable/disable mechanism is implemented at a central place (in the root
component) rather than inside each driver.
Fixes#46
Fixes an alignment problem introduced by commit "hw: map core on demand"
where physical address alignment wasn't checked anymore, when inserting
a section within the first-level table of ARM's short translation table
format.
Many thanks to Christian Prochaska for helping to debug the problem.
In case the storage-entry point dispatches more then one packet, wait for the
previous command to finish before setting a new request. This has to be done
because the 'queuecommand' does actually *not* queue things, but can only handle
one request at the time.
Fix#1143
On ARM, when machine instructions get written into the data cache
(for example by a JIT compiler), one needs to make sure that the
instructions get written out to memory and read from memory into
the instruction cache before they get executed. This functionality
is usually provided by a kernel syscall and this patch adds a generic
interface for Genode applications to use it.
Fixes#1153.
Using 'upvar' instead of 'global' in the 'append_if' and 'lappend_if'
functions makes it possible to use these functions with local variables
of the calling function.
Fixes#1137.
The 'rump_cgd' server provides block level encryption for a block
session by employing the 'cgd(4)' device provided by the rumpkernel.
'rump_cgd' uses a Block_session to get access to an existing block
device and provides another Block_session to its clients. Each block
written or read by the client is transperently encrypted or decrypted
by the server.
For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable
to generate a configuration. The used cipher is hardcoded to
_aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to
serve one client only.
To ease the usage, its interface is modelled after the interface of
'cgdconfig(8)'. As implications thereof the key must have the same
format as used by 'cgdconfig'. That means the key is a base 64 encoded
string in which the first 4 bytes denote the actual length of the key
in bits (these 4 bytes are stored in big endian order).
Preparing a raw (e.g. without partition table) encrypted Ext2 disk
image is done by executing 'tool/rump':
! dd if=/dev/urandom of=/path/to/disk_image
! rump -c /path/to/disk_image # key is printed to stdout
! rump -c -k <key> -F ext2fs /path/to/disk_image
To use this disk image the following config snippet can be used:
! <start name="rump_cgd">
! <resource name="RAM" quantum="8M" />
! <provides><service name="Block"/></provides>
! <config action="configure">
! <params>
! <method>key</method>}
! <key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key>
! </params>
! </config>
! <route>
! <service name="Block"> <child name="ahci"/> </service>
! <any-service> <parent/> <any-child/> </any-service>
! </route>
! </start>
the Block service provided by rump_cgd may be used by a file system
server in return:
! <start name="rump_fs">
! <resource name="RAM" quantum="16M"/>
! <provides><service name="File_system"/></provides>
! <config fs="ext2fs">
! <policy label="" root="/" writeable="yes"/>
! </config>
! <route>
! <service name="Block"> <child name="rump_cgd"/> </service>
! <any-service> <parent/> <any-child/> </any-service>
! </route>
! </start>
Since 'tool/rump' just utilizes the rumpkernel running on the host
system to do its duty there is a script called 'tool/cgdconf' that
extracts the key from a 'cgdconfig(8)' generated configuration file
and also is able to generade such a file from a given key. Thereby
the interoperabilty between 'rump_cgd' and the general rumpkernel
based tools is secured.
The rumpkernel based tools are intended to be used by executing
'tool/rump'. Since it covers the most common use cases for these
tools, this script is comparatively extensive, hence giving a short
tutorial seems reasonable:
* Format a disk image with Ext2:
To format a disk image with the Ext2 file system, first prepare the
actual image by executing dd:
! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128
Second, use 'tool/rump' to format the disk image:
! rump -f -F ext2fs /path/to/disk_image
Afterwards the just created file system may be populated with the
content of another directory by executing
! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image
The content of the file system image can be listed by executing
! rump -F ext2fs -l /path/to/disk_image
* Create a encrypted disk image:
Creating a cryptographic disk image based on cgd(4) is done by
executing the following command:
! rump -c /path/to/disk_image
This will generate a key that may be used to decrypt the image
later on. Since this command will _only_ generate a key and NOT
initialize the disk image, it is highly advised to prepare the disk
image by using '/dev/urandom' instead of '/dev/zero' (only new blocks
that will be written to the disk image are encrypted). In addition
while generating the key a temporary configuration file will be
created. Although this file has proper permissions, it may leak the
generated key if it is created on persistent storage. To specify a more
secure directory the '-t' option should be used:
! rump -c -t /path/to/secure/directory /path/to/disk_image
Decrypting the disk image requires the key generated in the previous
step:
! rump -c -k <key> /path/to/disk_image
For now this key has to specified as command line argument. This is
an issue if the shell, which is used, is maintaing a history of
executed commands.
For completness sake let us put all examples together by creating a
encrypted Ext2 image that will contain all files of Genode's _demo_
scenario:
! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \
! /ramfs/key # key is printed out to stdout
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \
! -p $(BUILD_DIR)/var/run/demo /tmp/demo.img
To check if the image was populated succesfully, execute the
following:
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \
! /tmp/demo.img
The rumpkernel tools are used within the Genode OS Framework tool chain
for preparing and populating disk images as well as creating cgd(4)
based cryptographic disk devices.
Execute 'tool/tool_chain_rump build' to build the tools and afterwards
'tool/tool_chain_rump install' to install the binaries. The default
install location is _/usr/local/genode-rump_.
On ARM in one way or another 'string.h' prototypes will be used. Move
the definitions from rump_fs to the rump library because it is needed
by all rump based servers running on ARM.
Issue #1141.
Use _italic_ for path names rather than 'verbatim'. Because path names
tend to be quite long, the overly use of verbatim makes paragraphs hard
to read.
The new 'select_from_ports' function allows a target description file to
query the path to an installed port. All ports are stored in a central
location specified as CONTRIB_DIR. By default, CONTRIB_DIR is defined
as '<genode-dir>/contrib'. Ports of 3rd-party source code are managed
using the tools at '<genode-dir>/tool/ports/'.
Issue #1082
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.
Issue #1082
This patch avoids the construction of the Genode::Config object in Noux
processes. The construction of this object would populate the Noux
process with additional capabilities, which cannot be handled by
'fork()'.
The old implementation of sleep_forever() used a local Ipc_server
object, which is not announced (i.e., known) outside of the blocking
process/thread, to infinitely wait for incoming messages. In past and
present, this leads to problems (e.g., issues #538 and #1032).
Fixes#1135.
Fixes#538.
Fixes#1032.
Use the libc Mem_alloc implementation per MMTYP of virtualbox. With this the
invariant that all memory allocation of a MMTYP are dense located.
Fixes#1130
Instead of mapping all physical memory 1:1 into core/kernel's address space,
this commit limits the 1:1 mapping to the binary image, and I/O memory
regions used by the kernel only. All subsequent memory accesses of core
are done by mapping the corresponding memory on demand, and not necessarily
1:1.
This commit has several side effects:
The page table code had to be revisited completely. The kernel inserts no
longer anything into the page tables, apart from the initial translations
to have the core/kernel image available when enabling the MMU. The page
tables and higher level translation tables are no longer named Tlb, but
Translation_table instead. There is no indirection class required to define
the translation tables of a concrete SoC, the appropriated ARM specifier
is sufficient.
The ability to map core's memory the same way like it's done for all other
protection domains, makes a special treatment of core's threads (no context
area) obsolete.
Ref #567 (partly solves it)
Fix#723Fix#1068
Removes the generic processor broadcast function call. By now, that call
was used for cross processor TLB maintance operations only. When core/kernel
gets its memory mapped on demand, and unmapped again, the previous cross
processor flush routine doesn't work anymore, because of a hen-egg problem.
The previous cross processor broadcast is realized using a thread constructed
by core running on top of each processor core. When constructing threads in
core, a dataspace for its thread context is constructed. Each constructed
RAM dataspace gets attached, zeroed out, and detached again. The detach
routine requires a TLB flush operation executed on each processor core.
Instead of executing a thread on each processor core, now a thread waiting
for a global TLB flush is removed from the scheduler queue, and gets attached
to a TLB flush queue of each processor. The processor local queue gets checked
whenever the kernel is entered. The last processor, which executed the TLB
flush, re-attaches the blocked thread to its scheduler queue again.
To ease uo the above described mechanism, a platform thread is now directly
associated with a platform pd object, instead of just associate it with the
kernel pd's id.
Ref #723
It covers bugs which we should detect and fix, especially depending on
the result of pthread_myself locking implementation (ours and vbox) takes
decision to take a lock or just to assume it is a reentrant locking attempt.
Fixes#1128
The pointer-report facility used to report the screen-absolute position
of the mouse pointer. For nitpicker clients, however, this position is
meaningless because their coordinate is always constrained to the area
below the menu bar. This patch offsets the reported position
accordingly.
The rm_session quota of the context area is not sufficient to start more
then ~95 threads per address space. If one really needs so many threads per
address space one could increase the quota or dynamically respond to it using
the Expanding_rm_session class. Until now there is no need to support so much
threads per address space.
Issue #1122
By separating the VFS from Noux, we become able to reuse the
VFS for libc-using programs. The most substantial change is the
removal of Noux::Sysio data structures from the VFS. Instead, the
Noux::Sysio refers to the VFS types now.
The new VFS library is located at 'os/include/vfs/'.
Furthermore, the patch removes various code duplications related
to pseudo file systems that provide a single file (block, zero,
random, terminal, null). The new 'Single_file_system' holds the
common boilerplate code for those.
Issue #999
Until now, there was not exception type for the condition where a
symlink was created on a file system w/o supporting symlinks, e.g., FAT.
The corresponding file-system server (ffat_fs) used to return a negative
handle as a work around. I added 'Permission_denied' to the list of
exceptions thrown by 'File_system::Session::symlink' to handle this case
in a clean way.
Genode's file system interface returns the number of directories
multiplied by sizeof(Directory_entry) as size of a directory. The
tar_fs server used to return zero. The fix counts the sub nodes of
the given directory.
The test used to rely on a writable root directory. To reuse the test
for the new VFS, where '/' is never writable, I changed all absolute
paths to relative paths.
By introducing the new 'File_system_registry', we can remove the
knowledge about the actual file-system implementations from the
'Dir_file_system'. Thereby the code becomes more generic, which is
a precondition for using it as the basis for Genode's VFS library.
Issue #999
* Perform sanity check before calculating memory available to rump kernel
* Distinguish between 'Hard_context' and 'Hard_context_thread', so no dead
threads (that will not be started) are created
* Install signal-handler for memory-resource requests. This way the fs server
will not block forever when the quota is execeeded and a resource requests
fails, leaving the rump kernels to perform necessary actions
Fixes#1127
The version string was generated when core/main.cc was rebuilt, which
happens on changes in the file itself or in a header file it includes.
But, the version should reflect if the Genode repository was changed at
any place. Therefore, I moved the version string to its own version.cc
which is forcedly rebuilt any time core is examined by the build system.
@nfeske what do you think about it? Core is now relinked on any build.
Fixes#551.
Turn Genode user-level spinlock into a user-level "helpinglock". This requires
support by the kernel introduced with kernel branch r5.
The commit avoids live-locks when multiple threads with SCs on different
priority levels compete for the same user-level Genode "spinlock".
Issue #986
The commit switches the kernel branch to r5 and updates the syscall bindings
in base-nova accordingly. Beside some cleanups, r5 extents the ec_ctrl syscall
to support following features:
* An EC may yield its current timeslice. The timeslice gets enqueued at the end
of the run queue without refreshing the left budget of the quantum.
* An EC helps with the current SC another EC. Used in Genode to implement
helping over a user-level lock to avoid live-lock situation. (Think of
a limited priority-inheritance mechanism.)
* An EC requests a new scheduler decision. Used in Genode to transfer back the
potentially helping SC to the helper EC.
Issue #986
Set cpu_session default affinity space already during
construction of the thread, so that main thread is placed in the cpu affinity
space as defined by the parent. Otherwise the main thread is placed potentially
outside the affinity space, typically on the first/boot CPU.
Fixes#1107
Otherwise affinity space is set to 1x1 and in cpu_session_component.cc the cpu
session local affinity space defined by parent is not taken because
"Location::valid()" returns true.
Issue #1107
Kernel::resume_thread was restricted to core when the targeted thread was in
another domain. Now there are two kernel calls, resume_local_thread and
resume_thread, where the former is never restricted and is provided via
public kernel/interface.h and the latter is always restricted to core and
is provided via core-local kernel/core_interface.h.
ref #1101
Kernel::pause_current_thread can be implemented much simpler and is not
restricted to core threads, in contrast to Kernel::pause_thread which
also benefits from the split and can be moved to core_interface.h.
ref #1101
If an RM fault ends up in any trouble, the faulter remains paused and
the pager activation continues with the next fault. Thus we can print
a warning instead of an error and safe execution time in release mode.
ref #1096
In most cases an error report is not necessary in the kernel as the problem
does not affect the kernel itself but the according user-land context. Thus
we can also do a warning that is not printed in release mode and hence safe
execution time.
ref #1096
As the message "replay: missing dataspace info for ..." occurs multiple times
on every fork, it slows down at least noux_tool_chain_auto with hw_arndale
about 10 seconds. To avoid this overhead in release mode I've turned it into a
warning rather than an error.
ref #1096
Previously for determining wether boot-up succeeded or not, we looked
for a message that is switched off in release mode. Now the kernel
provides a reliable message as soon as initialization is done.
ref #1096
We changed the test hardware and the new one does not support 1400x1050 anymore.
Choose some conservative resolution since this is anyway a auto test nobody
is really looking at the screen output.
The 'tinfo.cc' file needs to get built, because it implements
'std::type_info::operator==(std::type_info const&) const', which
is needed by the 'icu' library on ARM.
Fixes#1109.
If counter drops to 0, the wrap flag is set also. That means we have actually
no wrap around. The patch avoids to add too much time to the elapsed time
variable.
Issue #1106
The generalization of nitpicker's graphic backend changed the interface
of 'Mode::forget', which is a (non-pure) virtual function implemented
by 'User_state::forget'. Unfortunately, the signature change was not
applied to 'User_state::forget' so that the actual implementation was
no longer called. This inconsistency remained unnoticed because there
is a default implementation of the virtual function.
The effect of the omission of the 'User_state::forget' call was a
dangling pointer ('User_state::_pointed_view').
Lesson learned: Always annotate functions with the C++11 'override' when
implementing virtual functions.
The error message given to the 'errx()' function does not always contain a
'\n' character. Adding 'printf("\n")' ensures that the message appears on
the log console.
Fixes#1103.
Reserve first bit in bit allocator for main thread of context allocator and
remove special cases in context allocator. Without the reservation there is
is one context outside the context area allocated.
Fixes#1100
The do statement ensures the macros to generate just one expression that
is compatible with any programming construct. The concrete bug was
if (cond)
PDBG(...);
else
...
which was expanded to
if (cond)
if (DO_PDBG)
Genode::printf(...);
else
...
This is obviously wrong as the *else* branch is then connected to the
second *if*.
* Core_mem_allocator: implement Range_allocator interface
* Core_mem_allocator: allocate with page-granularity only
* Use slab allocators in core where meaningful (e.g. dataspace objects)
Fix a use-after-free bug concerning the use case where the config
of the init process changes dynamically. The childs' services were not
removed from the corresponding Service_registry properly.
Fixes#1094
When an object derived from Genode::Connection is copied we had
strange issues. An example is that the first RPC invocation works
correctly but the second one blocks or even delivers incorrect data.
We can avoid this issue if the object is always passed by reference.
Ensure this by deriving from Genode::Noncopyable.
The processor scheduler can determine without much overhead wether
the currently scheduled client becomes out-dated due to the insertion
of another client. This can be used to safe inter-processor interrupts
when a remote insertion doesn't imply an update of the currently
scheduled client.
fix#1088
At least with the ARM generic interrupt controller, inter-processor interrupts
are edge triggered and banked for all source processors. Thus it might be
possible that such an interrupt gets triggered redundantly until the targeted
processor is able to grab the kernel lock. As we're only interested in making
a processor recognize accumulative updates to its scheduler, we can omit
further interrupts if there is one pending already at the targeted processor.
ref #1088
This is needed as soon as we do inter-processor interrupts to
inform a processor about a remote modification in its scheduling plan.
In this case we can not explicitely decide wether to reset timer
or not. Instead we must decide it according to the choices of the
scheduler before and after the modification.
ref #1088
This patch removes the 'Framebuffer::Session::release()' function from
the interface to make the mode-change protocol consistent with the way
the Rom_session interface handles ROM-module changes. That is, the
client acknowledges the release of its current dataspace by requesting a
new dataspace via the 'Framebuffer::Session::dataspace()' function.
Fixes#1057
Previously this was not done before Thread_base::start(..) in
base-hw as it was not needed to have a valid cap that early. However,
when changing the affinity of a thread we need the cap to be valid
before Thread_base::start(..).
ref #1076
Express that the target binary files depend on the generated files not
the source files. The old expression seems to confuse Make, which then
logs a bogus error like the following
COMPILE Runtime/common/err/errmsg.o
genode-x86-g++: error: Runtime/common/err/errmsg.cpp: No such file or directory
genode-x86-g++: fatal error: no input files
compilation terminated.
make[2]: *** [Runtime/common/err/errmsg.o] Error 1
make[1]: *** [virtualbox-runtime.lib] Error 2
With this patch, functions which execute blocking syscalls on Fiasco.OC
are built with frame pointers to get a correct backtrace shown in GDB.
Also, the backtrace test for a thread currently executing a syscall now
traces the 'Genode::Thread_base::join()' function instead of
'Genode::sleep_forever()', because base-nova has a custom implementation
of 'Genode::sleep_forever()' with a different backtrace than on Fiasco.OC.
Fixes#1061.
Instead of using a special bitfield use a compound of boolean
values for the generic page attributes. To reduce copy overhead,
change the corresponding functions, where Page_flags are used as
arguments, to use references.
This is normally needed in LDSO and was previously done by the LDSO specific crt0.s.
I forgot to keep it during the unification of the different crt0s.
fix#1077
Substitute 'swpb' (swap byte) instruction with 'ldrexb/strexb', because 'swpb'
needs to be enabled explicitly by the kernel, which is done by neither HW or FOC.
When disabled, 'swpb' will cause an undefined instruction exception.
Issue #1048
If opening a report session fails (for example because of invalid
session arguments) and an exception is thrown during the session
construction, the report would wrongly keep the enabled state.
By moving the assignment of the state after the construction,
the report stays disabled as it should be.
This patch improves the focus handling by updating the menubar each time
the user clicks on a different view, even the old and new view belong
to the same session.
Check that in every round really all threads are alive on all CPUs. It
happened that only the first round was ok (all alive) and in the next rounds
some were dead. Unfortunately the test claimed to be successful.
The destructor of the Area object uses invalid caps which results in
a wanted abort of the process on nova. This is mainly the case in forked
process in noux.
Within the central security unit of the i.MX53 SoC, one can set protection
level of various DMA bus master requests, distinguishing them between normal,
and secure access. Although, the access level was meant to be set correctly,
the enumeration values that denoted the kind of access were incorrect. Thereby,
until now every DMA requests was set as being secure. This commit corrects
the enumeration values, and sets all DMA operations as being unsecure, accept
from the graphical subsystem which is controlled by the secure world only.
Thanks to Andrea Barisani and Andrej Rosano from Inverse Path for discovering
this bug, as well as the hardware limitation!
The timed semaphore supports a minimum timeout of 10 ms and logs a
warning if the timeout is lower than the minimum. To prevent the
warning, we limit timeouts to >= 10 ms.
Adding this function eases the implementation of realloc based on
'Libc::Mem_alloc'. Note that this allocator is not used by libc's
default malloc implementation but it is useful for customized C
runtimes, e.g., for the runtime of VirtualBox.
This function provides a way to request the size of an previously
allocated block. It is useful to to ease the implementation of realloc
functionality based on Allocator_avl.
This information is useful if 'libc-common.inc' is included from
another repository, i.e., for building stripped-down libc variants
tailored to an individual application.
Out of laziness we only provide two dummy functions for all FUSE
operations, which are used in case the FUSE file system does not
implement them itself.
Fixes#1058.
Omit the main rountine in fuse-ext2.c. Otherwise using fuse-ext2 with
fuse_fs is not possible because the server framework already defines
a main routine.
Fixes#1058.
* add sync method:
Since file systems tend to have a inbuild caching mechansim we need to
sync these caches at the end of session when using the fuse_fs server.
Therefore each FUSE file system port has to implement a Fuse::sync_fs()
function that executes the necessary actions if requested.
* add symlink check
* allow to check FUSE fs initialization
This changes the private API of the FUSE implementation. The init_fs
method now has to return true if the initialization was successful and
otherwise false. All current users of the API are also changed
accordingly.
Fixes#1058.
Noux generates 'argv[0]' for the initial child automatically (in contrast
to the 'config_args' library), so the first argument stated in the
configuration should not be the GDB program name.
Fixes#1062.
On Genode/Fiasco.OC, when an unresolved page fault occurs, only the IP and
SP registers are valid in the thread state read by GDB monitor. This was
not taken into account so far and the other (possibly outdated) register
values got reported to the client, too.
With this patch, only IP and SP get reported to the client in the page
fault case.
Fixes#1063.
For further information see: http://wiki.netbsd.org/rumpkernel/. In this version
I ported the central rump components to Genode in order to take advantage of
NetBSD file system implementation. The new 'dde_rump' repository contains the
Genode version of the rump libraries and a 'rump_fs' server that implements
Genode file-system-session interface. Currently ext2, iso9660, and fat
file-systems are supported.
Issue #1048
'check_installed' takes a command name as argument and tries to call 'which' in
order to find the command path. If that does not succeed, paths like '/sbin' are
'/usr/sbin' searched. On success the absolute path of the command is returned,
on failure 'exit' is called with an error message.
Issue #1048
Previously we used to many registers in syscalls with much arguments
to build with optimization level O0. Additionally this fix fastens the
userland backend of syscalls.
All the pre- and post-processing of the startup lib around the main
function of a dynamic program is now done by LDSO. Hence LDSO directly
calls the main function of the program.
Issue #1042
This is needed later when eliminating the need for a startup lib in
dynamic programs to enable LDSO to call ctors and dtors of the program.
Issue #1042
After some research we found that the stack pointer on ARM platforms must be
at least double word aligned (See: "Procedure Call Standard for the ARM
Architecture" - 5.2.1.1). Since a 'call' on ARM will not result in a stack pointer
change (like on x86), the current behavior resulted in a 4 Byte aligned stack
only.
Follow up to #1043
This commit generalizes the bit array in 'base/util/bit_array.h',
so that it can be used in a statically, when the array size is known
at compile time, or dynamically. It uses the dynamic approach of the
bit array for a more generalized version of the packet allocator,
formerly only used by NIC session clients. The more generic packet
allocator is used by the block cache to circumvent the allocation
deadlock described in issue #1059.
Fixes#1059
Base libraries are already contained within ldso.lib.so. Remove unnecessary
filtering from 'dep_lib.mk', make ldso depend on base libs.
Issue #1017
Issue #989
This patch make the handling of resizing the virtual framebuffer more
consistent. Liquid_fb keeps track of two sizes. The "next size" is the
size of the framebuffer handed out via the next call of 'dataspace'.
The "designated size" is the size as demanded by the user. The latter
size may be updated more often than the "next" size, depending on the
responsiveness of the framebuffer client to mode-change signals.
The patch also removes the synchronization with refresh calls because
the synchronization made the flickering artifacts worse when executing
nitpicker within liquid_fb. So it was not properly working anyway.
In the future, we might reimplement such a synchronization mechanism
when switching to the server API.
Issue #1056
As the initial main-thread stack is not used for the whole main-thread life
anymore but only for the initialization of the Genode environment it can be
downsized to 32Kb for all architectures.
ref #989
For a main thread a thread object is created by the CRT0 before _main gets
called so that _main can already run in a generic environment that, e.g.,
catches stack overflows as a page-fault instead of corrupting the BSS.
Additionally dynamic programs have only one CRT0 - the one of the LDSO -
which does the initialization for both LDSO and program.
ref #989
Normally for intptr_t the printf format PRIiPTR should be used. As Genode
printf doens't support this format we cast it to long int (intptr_t is int
for 32 bit and long int for 64 bit).
ref #989
This patch adds accessors to obtain the buffer of an attribute value,
which is useful to avoid the copying-out of such information by
maintaining pointers into the XML string as meta data.
There exist different default setups for a specific autoconf version:
* autoconf
* autoconf$(VERSION)
* autoconf-$(VERSION)
As of now, only the second option is recognized by the check in tool_chain.
This patch ensures that if one of those is present in the correct
version, it will be found and used in the build process.
Fixes#1053.
With this patch, the liquid_fb title bar height gets reserved at the top of the
screen, so if a Qt application wants to position a window at (0,0), there's
still enough space to show the title bar above.
Issue #1054.
This utility allows for the manual placement of objects without the need
to have a global placement new operation nor the need for type-specific
new operators.
Issue #989
The trace_fs server provides access to a Trace_session by using a
File_system_session as frontend.
Each trace subject is represented by a directory ('thread_name.subject')
that contains specific files ('active', 'cleanup', 'enable', 'events',
'buffer_size' and 'policy'), which are used to control the tracing
process of the thread as well as storing the content of its trace
buffer.
The tracing of a thread is only activated if there is a valid policy
installed and the intend to trace the subject was made clear by writing
'1' to the 'enable' file.
The tracing of a thread may be deactived by writing a '0' to the
'enable' file.
A policy may be changed by overwriting the currently used one. In this
case the old policy is replaced by the new policy and is automatically
utilize.
Writing a value to the 'buffer_size' file changes the appointed size of
the trace buffer. This value is only evaluted by reactivating the
tracing process.
The content of the trace buffer may be accessed by reading from the
'events' file. Throughout all tracing session new trace events are
appended to this file.
Nodes of UNTRACED subjects are kept as long as they do not change their
tracing state to DEAD. In this case all nodes are removed from the
file system. Subjects that were traced before and are now UNTRACED will
only be removed by writing '1' to the 'cleanup' file - even if they
are DEAD by now.
To use the trace_fs a config similar to the following may be used:
! <start name="trace_fs">
! <resource name="RAM" quantum="128M"/>
! <provides><service name="File_system"/></provides>
! <config>
! <policy label="noux -> trace" interval="1000" subject_limit="512" trace_quota="64M" />
! </config>
! </start>
'interval' sets the periode in which the Trace_session is polled. The
time is given in milliseconds.
'subject_limit' speficies how many trace subject should by acquired at
most when the Trace_session is polled.
'trace_quota' is the amount of quota the trace_fs should use for the
Trace_session connection. The remaing amount of RAM quota will be used
for the actual nodes of the file system and the 'policy' as well as the
'events' files.
In addiition there are 'buffer_size' and 'buffer_size_limit' that define
the initial and the upper limit of the size of a trace buffer.
Tracing of parent processes or rather threads may be enabled by setting
'parent_levels' to a value greater than '0' (though this attribute is
available, the trace session component within core still lacks support
for it).
A ready-to-use runscript can by found in 'ports/run/noux_trace_fs.run'.
Fixes#1049.
Until now, block drivers had to deal with a pointer to the client
session component, e.g.: to acknowledge block packets already processed.
When a session was closed, the driver object wasn't informed explicitly,
which leads to defensive programming, or lastly to a race-condition in
test-blk-srv. To prevent from this class of errors, the pointer is now
private to the generic block driver base class, and not accessible to
the concrete driver implementation. Moreover, the driver gets explicitly
informed when a session got invalidated.
Ref #113
This block cache component acts as a block device for a single client.
It uses fixed 4K blocks as caching granularity, thereby implicitly reads
ahead whenever a client requests lesser amount of blocks. Currently,
it only supports a least-recently-used replacement policy.
Fixes#113
When using the server framework, it might happen that the main thread
tries to forward a signal to the entrypoint, while the context of that
signal is already destroyed. In that case the main thread will get an
ipc error exception as result.
Related to #113
Instead of terminating tool/tool_chain when finding the first
missing tool, this patch runs all checks to completion before
bailing out. This eases finding missing programs, because the
user has to run the script only once to get a list of all missing
software.
Fixes#1046Fixes#1047
On 64-bit platforms Qt's JavaScript engine tries to reserve 1GiB of
virtual memory via 'mmap()', to be backed by physical memory on demand.
Genode's 'mmap()' implementation currently does not support on-demand
allocation of physical memory and tries to allocate the whole amount at
once, which is usually far more than needed.
With this patch, the amount to be reserved gets decreased to 32MiB.
Fixes#1041.
The x86_64 ABI requires the stack pointer to be 16-byte aligned before the
call of a function and decreased by 8 at the function entrypoint (after
the return address has been pushed to the stack).
Currently, when a new Genode thread gets created, the initial stack
pointer is aligned to 16 byte. On Genode/Linux, the thread entry function
is entered by a 'call' instruction, so the stack pointer alignment at the
function entrypoint is correct. On Fiasco.OC and NOVA, however, the thread
entry function gets executed without a return address being pushed to the
stack, so at the function entrypoint the stack pointer is still aligned to
16 byte, which can cause problems with compiler-generated SSE
instructions.
With this patch, the stack pointer given to a new thread gets aligned to
16 bytes and decreased by 8 by default, since most of the currently
supported base platforms execute the thread entry function without pushing
a return address to the stack. For base-linux, the stack pointer gets
realigned to 16 bytes before the thread entry function gets called.
Fixes#1043.
- 'kill()' syscall added
- 'wait()' gets unblocked when a signal occurs
- syscalls can get called from a signal handler without corrupting the 'sysio' object
- the child's exit status gets correctly reported to 'wait()'
- SIGCHLD gets ignored by default
- pending signals survive 'execve()'
Fixes#1035.
Delete operators with additional allocator reference/pointer parameters
are needed if the constructor of an 'new(allocator)' allocated object
throws an exception. Also, destroy now uses the operator to free memory
and provides variants with allocator reference and pointer.
The commit includes a simple test scripts 'run/new_delete', which
exercises the several 'delete' cases.
Related to #1030.
Use a bit allocator for the allocation management of thread contexts,
instead of holding allocation information within the Thread_base objects,
which lead to race conditions in the past.
Moreover, extend the Thread_base class interface with the ability to
to add additional stacks to a thread, and associate the context they're
located in with the corresponding Thread_base object. Additional stacks
can be used to do user-level scheduling with stack switching, without breaking
Genode's API.
Fixes#1024Fixes#1036
Change the template parameter for Bit_allocator, and Bit_array. Instead of
assigning words to be used by the bit array, you can now tell the count of
items that shall be used.
Moreover, some dead code, previously using the Bit_allocator, was removed.
Related to #1024
Splitting the new Genode::Deallocator interface from the former
Genode::Allocator interface enables us to restrict the accessible
operations for code that is only supposed to release memory, but not
perform any allocations.
Additionally, this patch introduces variants of the 'new' operator
that takes a reference (as opposed to a pointer) to a Genode::Allocator
as argument.
By assigning the file name as label, we may become able to remove the
filename argument in the future by just interpreting the last part of
the label as filename. By keeping only the label, we won't need to
consider conditional routing (via <if-arg>) based on session arguments
other than the label anymore.
The new Attached_dataspace complements the existing Attached_*
utilities with a simple version that can be used with any kind of
dataspaces. It may be even useful as a common base type for the other
variants. For example, this patch simplifies Attached_rom_dataspace
and removes the Terminal::Client::Io_buffer.
This patch integrate the scout widgets with Genode's new API headers
'util/geometry.h', 'os/surface.h' and 'os/texture.h'. Thereby, we get
almost rid of the platform-abstraction shim that was never used anyway.
Furthermore, it extracts the parts that are worth reusing from the
scout implementation to the public location 'demo/include/scout'.
This patch re-arranges nitpicker's graphics backend in a more modular
and expandable way. Generalized versions of the 'Canvas',
'Chunky_canvas', and 'Pixel_*' classes have been moved to
'os/include/util/' and 'os/include/os'. The only remaining parts that
are specific to nitpicker's needs are a few drawing functions, each
located in a distinct header at 'os/include/nitpicker_gfx/'.
This patch makes nitpicker's geometry utilities available for the use
by other programs. Thereby, the 'Point', 'Area', and 'Rect' classes
have become templates that take the coordinate type and distance type
as arguments.
Unless '-ignorestderr' is set on 'exec' in expect, any output on stderr
is interpreted as execution failure. In this case, 'create_iso' logs
some diagnostics but does not fail.
We repeatedly promote our ISOs to be bootable from USB storage.
Therefore, we have a hard dependency on 'isohybrid' and should fail in
the case that the tool is missing.
Access to a block session is provided by using the block file system.
By specifying the label, each block session request can be routed to
the proper block session provider:
! <fstab>
! ...
! <dir name="dev">
! <block name="blkdev0" label="block_session_0" />
! </dir>
! ...
! </fstab>
In addition to this file system, support for the DIOCGMEDIASIZE ioctl
request was added. This request is used by FreeBSD and therefore our
libc to query the size of the block device in bytes.
Fixes#1010.
All source codes of the glue code between Vancouver and Genode that were
based on existing GPL code had already stated that Genode Labs is not
the sole owner of the code. To make the distinction between the Genode
OS framework and the glue code more clear, this patch removes the text
"is part of the Genode OS framework" from the glue code.
Instead of, passing responsibility to manage and dissolve Signal_rpc_member
objects at a corresponding entrypoint to the user, hand over entrypoint's
reference to the constructor, and do it in the constructor resp. destructor
of the class.
Fixes#1022
Both base/src/test/thread and base-okl4/src/test/okl4_03_thread used the
same target name, which ultimately confused the build system when
building on OKL4.
File systems using the File_system_session interface can now be
synchronized by using this syscall. This is needed for file system
that maintain an internal cache, which should be flushed.
Fixes#1008.
Users of a File_system_session might want to force a file system
to flush or rather to synchronize its internal cache. A concret
default implementation is provided because not all file systems
maintain an internal cache and are not required to synchronize
caches.
Fixes#1007.
Fail hard if no large enough virtual memory area can be found where to map
the memory from the kernel to core.
Additionally clear dataspaces in junks if it can't be done in one large junk.
Fixes#1011
Make 'set_program_var' accessible outside of 'rtld.c'. Also, compile
dynamically linked programs with the '-fPIC' option. Doing not so,
yields to program-global symbols being put in the '.symtab' section
(which can be stripped) only. In order to get access to global
variables from the dynamic linker, the symbols need to reside within
the '.dynsym' section additionally. Hence the '-fPIC'.
ref #989fix#1002
If an RM client gets dissolved the RM server tries to first
dissolve and then destruct the according pager object. As pager objects
previously cancelled unresolved faults only in destructor the dissolve
operation blocked forever when an unresolved fault existed.
As every pager object should get dissolved before it gets destructed
(signal-context complains otherwise) no more unresolved-fault cancelling
is needed in the destructor.
ref #989
As synchronization of signal contexts is now the users business instead of
cores and the signal framework ensures that every context of a receiver gets
synchronously destructed before the destruction of the receiver itself
synchronization and thus blocking at the destruction of a kernel
receiver-object isn't necessary anymore.
ref #989
Kernel::signal_context_kill can be used by any program to halt the processing
of a signal context synchronously to prevent broken refs when core destructs
the according kernel object. In turn, Kernel::bin_signal_context doesn't block
anymore and destructs a signal context no matter if there are unacknowledged
signals. This way, cores entrypoint doesn't depend on signal acks of a
untrustworthy client anymore.
ref #989
In the future bin_* means the direct destruction of a kernel object
without any blocking. kill_* in contrast is used for bringing a
kernel object such as signal contexts synchronized into a sleeping
state from where they can be destructed without the risk of getting
broken refs in userland.
ref #989
To remap its UTCB to its context area later, a main thread needs
to know the according dataspace capability. This is done through
the start-info it receives from its creator at startup.
ref #989
I have no idea where the previous default alignment = 2 in the unsynchronized
singleton came from but as at least the Arndale IC-driver in base-hw needs an
alignment of 4 = address width, unmanaged singleton now uses sizeof(addr_t)
as default alignment.
ref #989
An unmanaged singleton is a singleton object that isn't
constructed or destructed implicitly through the C++ runtime
enviroment. The new header provides a helper to create such objects
and is located in src/base/include.
ref #989
* Increase entrypoint stack size for part_blk server,
since it crashes on 64 bit
* Consider packet alignment in bulk buffer size calculation of test-blk-cli
* allow to handle a maximum of packets in parallel
that fits free slots in the ack queue
* stop processing packets, when the driver can't handle
more requests in parallel, and resume packet handling,
when the driver is ready again
As hw_arndale is a bit slower than foc_arm and spawn_serial timing
calculation has changed in general, timeouts of noux_tool_chain_auto test
must be adjusted.
fix#996
The Genode-specific implementation of 'QWaitCondition' contains a race
condition which can make the 'qt5_samegame' application hang on Fiasco.OC.
Since most of the pthread synchronization functions needed by the
UNIX-specific implementation of 'QWaitCondition' and 'QMutex' are
available now, we can use these now instead of fixing and keeping
the Genode-specific implementation.
Fixes#993.
Instead of using an additional thread in each Session_component of a
block server, which uses the generic block component and driver classes,
replace it with signal dispatchers.
Ref #113
With 64K stack size, when doing 'make core' in noux on base-hw, the main thread
of /libexec/gcc/arm-elf-eabi/4.7.2/cc1plus runs into a stack overflow during
the compilation of core/main.o . Thus raise the stack size to 128K.
fix#964
The previously used RAM 0x0..0x10000000 was just an alias for
0x70000000..0x80000000. Qemu provides up to of 768 MB RAM with the
correct -m argument. This RAM is located at 0x70000000..0x90000000 and
0x20000000..0x30000000. At least the noux_tool_chain scripts are
happy to have that much RAM.
ref #964
For PBXA9 qemu adjusts provided RAM chips to the -m arg. Thus we
filter user values and force value that enables all chips that Genode
expects to be available. Not doing so leads to inexplicable errors.
ref #964
Makeinfo versions greater 5 treat an @itemx that isn't preceeded by an @item
not as warning anymore but as error. The GCC version 4.7.2 that is used by
noux currently triggers this error multiple times. This commit adds a patch
to 'make prepare PKG="gcc"' that avoids the use of @itemx without preceeding
@item. As GCC versions greater than 4.8 should fix this problem by themselves
this should be seen as temporary quick fix.
ref #964
At least with base-hw, the endless loop at the end of the fork
parent slows execution of the fork child dramatically. Using
libc function pause() is a cleaner solution anyways.
ref #964
When using the initial SP of a main thread for the UTCB
startup-argument, fork_trampoline in libc_noux gets broken.
The function expects the SP to be initialized already in contrast
to the _start function in crt0.s that is called for processes that
are not forked. As the main-thread UTCB is located at the same virtual
address for every PD anyways, we can circumvent this problem by
defining it statically.
ref #964
Struct Msg was introduced due to the handling of pagefaults
and interrupts via synchronous IPC. Its only purpose was to provide
the message type in front of the typed message. Now pagefaults and
interrupts are handled via signals and struct Msg is not necessary
anymore.
ref #958
If the script is executed with an obscure path (e.g.,
'../tool/autopilot'), just taking the argv0 string fails. Therefore, the
file path is now normalized prior to the directory detection.
This patch enables experimental QML support in Qt5.
Only the QtQuick plugin is available yet.
Currently runs best on Linux and has some problems on NOVA and Fiasco.OC.
Fixes#979.
Replace the static lock with the file descriptor lock because recursive
calls of p{read,write} would result in a deadlock when using multiple
libc-plugins at the same time.
Fixes#948.
This FUSE implementation consists of libfuse, which provides a
subset of the FUSE 2.6 API and libc_fuse, which provides support
for accessing FUSE based file system via the libc.
Fixes#942.
In addition, file-system tests will use the AHCI driver instead of the
ATAPI driver. This change side-steps certain issues with Qemu's IDE
emulation.
Fixes#942.
Since RM sessions can be used as dataspaces and dataspace sizes are
supposed to have page granularity, RM session sizes should have page
granularity, too.
Fixes#972.
Among other changes, this patch makes it possible to let Mesa render into
a user-provided buffer instead of the screen. This can be achieved with
the 'eglCreateWindowSurface()' function, which takes a buffer
description as third argument.
Fixes#974.
One of the Qt5 patches is supposed to create symbolic links, which is not
supported by GNU patch before version 2.7. Using 'git apply' to apply the
patches solves this problem.
Fixes#969.
In programs with dynamic linker, _main and thus also platform_main_bootstrap
are called twice. By now, platform_main_bootstrap tried to always access the
startup message in the UTCB of the main thread that gets overridden till the
second call.
fix#967
Since dde_linux now contains the port of the Linux IP stack available for all
Genode base-* platforms move the repository out of drivers_arm and drivers_x86
build.conf to the optional build.conf (available to all platforms).
To support components, which implement the block session's server side
rpc object, and which doesn't write data to their device backend immediately,
an additional synchronization call is needed. Thereby, clients like for
instance a file system can tell these components, when a synchronization is
required.
Ref #113
Issue #949
Related to issue #808 - one way to nearly double the maximum VM size for
VMs on 32bit Genode/Nova host if decreased performance is acceptable.
To ease the creation of custom virtual machine monitors on top of
NOVA, this patch moves generic utilities from vancouver resp. seoul to the
public include location 'ports/include/vmm'. As a nice side effect,
this change simplifies 'vancouver/main.cc'.
Issue #949
The platform driver is used to access the features provided by the
Videocore mboxes, i.e., power configuration and framebuffer setup. The
framebuffer driver uses the platform interface to setup a screen mode of
1024x768.
At the current stage, the USB HID and storage drivers are prinicpally
working but not stable. If interrupts are not processed fast enough,
devices will get sporadically disconnected.
The USB host-controller driver is not part of the normal Linux kernel.
For this reason, we need to download it separately. There exists a
'prepare_rpi' rule in the 'dde_linux/Makefile' to automate this process.
This patch principally allows to install symlinks to out-of-Linux tree
drivers into the contrib directory. Those files are then considered for
the 'lx_emul.h' symlink procedure. Is useful as a temporary mechanism
while developing the rpi USB driver.
When saving/resuming translation table base registers, and data fault register
a VMM is able to translate the VM's virtual addresses, and to analyse aborts
it has generated.
Every thread receives a startup message from its creator through the initial
state of its userland thread-context. The thread-startup code remembers the
kernel name of the new thread by reading this message before the userland
thread-context gets polluted. This way, Kernel::current_thread_id becomes
unnecessary.
fix#953
Don't set priority and label in platform thread and then communicate this
core object via Kernel::new_thread but communicate priority and label directly.
This way kernel doesn't need to know anymore what a platform thread is.
ref #953
Instead of writing initial thread context to the platform-thread members
and then communicating this core object to kernel, core calls
Kernel::access_thread_regs first to initialize thread context and then
Kernel::start_thread without a platform-thread pointer. This way
the frontend as well as the backend of Kernel::start_thread loose
complexity and it is a first step to remove platform thread from the
vocabulary of the kernel.
ref #953
This patch enables the recursive startup of launchpad instances, which
was not possible since the recent removal of launchpad's built-in
default configuration.
Open a capability receive window according to the number of the capabilities
expected as out parameter per RPC function.
Typically the number of capabilities expected during the reply of a RPC/IPC
call is 0 to 1. Before this patch ever a capability receive window of 4 has
been opened.
On Nova the capability selectors of receive windows must be naturally aligned
to the size/order of the expected capabilities. This leads until now to the
issue that the left over 3 capabilities couldn't be reused for new IPCs since
they are not naturally aligned to 4.
Issue #905
Enable routing of thread events to signal contexts via
Kernel::route_thread_event.
Replace Kernel::set_pager by Kernel::route_thread_event.
In base-hw a pager object is a signal context and a pager activation
is a signal receiver. If a thread wants to start communicating its page
faults via a pager object, the thread calls Kernel::route_thread_event with
its thread ID, event ID "FAULT", and the signal context ID of the pager object.
If a pager activation wants to start handling page faults of a pager object,
the pager activation assigns the corresponding signal context to its signal
receiver. If a pager activation wants to stop handling page faults of a pager
object, the pager activation dissolves the corresponding signal context from
its signal receiver. If a thread wants to start communicating its page faults
via a pager object, the thread calls Kernel::route_thread_event with its
thread ID, event ID "FAULT", and the invalid signal context ID.
Remove Kernel::resume_faulter.
Move all page fault related code from generic kernel sources to CPU
specific cpu_support.h and cpu_support.cc.
fix#935
Provide core-local signal service before other services to enable the use
of signal connections while initialzing the other services. This has been
introduced due to the use of the signal framework by the pager lib in
base-hw (RM service).
ref #935
DosBox is DOS-Emulator which is mainly used for playing old
DOS games on POSIX systems and newer Windows versions.
This port of DosBox runs natively on Genode by using its
SDL backend. It is currently only works on x86_*.
Fixes#937.
This patch changes the noux.run script to use the new log_terminal
component instead of an UART driver. Besides being a nice way to test
the log_terminal service, the new version is much simpler and it just
became compatible to Linux as it no longer relies on an UART driver.
Issue #947
Since we switched to using C++11 by default, the webkit-related
parts of qt4 failed to compile because of C++11 compatibility
issues. This patch disables the use of C++11 for the offenders.
There are programms that use struct stat's st_ino field to check certain
conditions. Since we are using multiple filesystems in a noux session we
cannot use the inode number which the actual filesystem provides.
Therefore we calculate a random inode number by hashing the stated path.
Fixes#299.
A timer session is now used instead of a jiffy counter. This way, libSDL
can use a time source that is not bound to the granularity our libc's
nanosleep implementation. Currently, the granularity of nanosleep is in
the order of 10 milliseconds, which is far to coarse for the use of
SDL-using applications such as DosBox.
Fixes#934.
In general, requesting a dataspace from a server twice is no good
idea. The server might react in a unrecoverable fashion. E.g. the rom_fs
service always throws away the corresponding dataspace from the first call
of dataspace(), and constructs a new one.
This patch adds a 'gdb' command to 'cli_monitor', which makes it possible
to debug an application with GDB.
The command works similarly to the 'start' command, but instead of
starting the subsystem binary directly, an 'init' subsystem gets
started, which then starts 'terminal_crosslink', 'noux', GDB and
'gdb_monitor' (which starts the application binary as its target).
So, for the 'gdb' command to work, these additional components need to
be available, too. 'terminal_crosslink', 'noux', 'gdb_monitor' and the
file 'gdb_command_config' are expected to be ROM modules. The Noux GDB
client needs to get mounted at '/bin' in Noux and the target binaries need
to be available as ROM modules (loaded by 'gdb_monitor') and also mounted
at '/gdb' in Noux (loaded by the GDB client).
Additionally, the source code of the target application can be provided
at '/gdb/src/ in Noux. How the Noux mountings get established can
be configured in the 'gdb_command_config' file. The default configuration
in 'os/src/server/cli_monitor/gdb_command_config' mounts GDB from a tar
archive named 'gdb.tar', the GDB target binaries from a tar archive named
'gdb_target.tar' and the target source code from a tar archive named
'gdb_target-src.tar'.
The patch includes an 'expect' include file (ports/run/noux_gdb.inc)
which provides functions that help to create those tar files:
- 'create_gdb_tar' creates a tar archive for the 'gdb' client
- 'create_binary_tar' creates a tar archive for the target application
- 'create_source_tar' creates a tar archive for the source code of
the target application
- 'create_binary_and_source_tars' is a convenience wrapper for the previous
two functions
The patch also includes an example run script
(ports/run/noux_gdb_dynamic.run).
The 'gdb' command supports the following command line options:
- --ram: the initial RAM quota provided to the whole subsystem
(including the GDB-related components)
- --ram-limit: limit for expanding RAM quota
- --gdb-ram-preserve: the RAM quota that 'gdb_monitor' ahould preserve
for itself
Fixes#928.
When a child requests more ram resources, it gets blocked immediately when
the preservation limit is reached. Otherwise, it might happen that the
cli_monitor runs out of memory.
When a command was executed, it is necessary to check not only whether the
preservation limit of the ram quota is reached, but also whether new ram quota
is available (e.g.: consequence of the kill command), and children are waiting
for additional resources.
Implement a ballooning mechanism in L4Linux similar to solutions like XEN's
balloon driver. Therefore the new parent interface extensions for requesting
and yielding resources are used. L4Linux registers a yield signal context at
its parent. Whenever the parent triggers a yield, the balloon driver blows up,
which means it requests all pages available, and then frees the corresponding
backend memory.
This patch changes the interface of Nitpicker to support dynamically
dimensioned virtual frame buffers. This solves two problems:
First, it enables a client to create a connection to nitpicker without
donating much session quota in advance. The old interface required each
screen-size-dependent client to donate as much memory as needed to
allocate a screen-sized virtual framebuffer. For clients that are
interested int the screen size but cover just a small portion of the
screen (e.g., a banner, a menu, an applet that sits in the screen
corner), this overprovisioning is painful. The new interface allows such
clients to upgrade the session quota for an existing session as needed.
Second, because each nitpicker session used to have a virtual frame
buffer with a fixed size over the lifetime of the session, a client that
wanted to implement a variable-sized window had to either vastly
overprovide resources (by opening a session as large as the screen just
in order to be prepared for the worst case of a maximized window), or it
had to replace the session by a new one (thereby discarding the stacking
order of the old views) each time the window changes its dimensions. The
new interface accommodates such clients much better.
This patch implements the POSIX signal functionality needed to interrupt a
running Noux GDB by pressing 'Ctrl-C'.
It allows to register a signal handler for the 'SIGINT' signal, which
gets executed after 'Ctrl-C' is received from the terminal. With the
current state of the implementation, the signal handler only gets executed
when the Noux application calls a 'read()', 'write()', 'ftruncate()' or
'select()' syscall.
Fixes#923.
With this patch, the 'Ring_buffer' class can be made unsynchronized by
setting the 'Ring_buffer_unsynchronized' policy as third template
argument.
Fixes#922.
USB HID gets stuck due to strange kernel error
as HDMI starts simulatnously. This workaround
delays HDMI init by a second (only in case we
build for Exynos5 & FOC with USB) to let
scenarious like demo get their USB HID started
without much CPU load.
ref #796
For the framebuffer driver of the i.MX53 platform to work even when u-boot
didn't prepared the display previously, there were some IOMUX routes missing.
Fixes#914
By now, only one button press/release event per IRQ was handled correctly.
Pressing and/or releasing several buttons concurrently could bring the input
driver into an inconsistent state.
Fixes#913
* Remove far too low default values from Nic::Connection constructor
* Extend lwip initialization function with desired TX/RX buffer sizes
* Add configuration possibility to libc_lwip_dhcp plugin to define
buffer sizes, like the following:
'<libc tx_buf_size="1M" tx_buf_size="1M"/>'
Fixes#892
Previously, if two ID allocators for different kernel objects had the
same size, the kernel-object framework managed both objects types
through the same allocator instance. This is caused by the use of
unsynchronized singletons in the accessor functions and can be avoided
by creating new types through inheritance instead of using typedefs.
Anyways, this fix is a little bit ugly and should replaced by avoiding
the use of unsynchronized singletons in the future.
fix#906
At this point we cannot close the connection anymore because all
mappings are gone and the needed stack is invalid. This is not a
problem since process will be discarded anyway.
Fixes#909.
With this patch, the register contents of a paused thread (which is not
currently executing a syscall) can get modified by the
'Cpu_session::state()' function.
Fixes#896.
The copy constructor of Signal did not copy the Signal::Data contents of
the copy source. This bug could survive undetected because the compiler
can optimize code in a way, that copy constructor and destructor are not
necessary when returning by value from simple functions. I assume that
it creates the object in CPU registers instead of RAM and reuses it
instead of copying it to save time. This way the bug triggered first
after wait_for_signal was changed in a way that avoided optimization.
ref #912
In hybrid mode, all programs are dynamic executables and ld.lib.so is
not supported. Therefore, only the "static" variant of the test can be
build and executed.
This change allows for the testing of cli_monitor's automatic resource
balancing by executing the following command:
start ram_eater --ram-limit 1G --count 5
The command starts 5 instances of a RAM-eating process, which is,
however, able to yield resources when instructed. The RAM quota for the
processes gets automatically extended because of the overly large limit
of 1 GiB, which is far more than CLI monitor's RAM resources (100 MiB).
When the RAM usage hits the preservation limit, CLI monitor broadcasts
yield requests to each ram_eater instance, which allow the scenario to
remain alive.
If a local thread is attempted to be 'pause'd via cpu_session, don't wait
until it gets into the recalled state. If the caller is lucky it is, if not
return only the stack pointer.
Avoids deadlocking of the gdb when attached to a process running a server.
Issue #478
The 'pause' call on base-nova assumes that a thread can solely block in its
associated semaphore. Main reason is that so core can unblock a thread in order
that the recall exception gets delivered and the register state can be
obtained.
Unfortunately the signal session implementation creates a semaphore, which is
unknown by the pager code. Instead create the semaphore via the pager of the
thread, so that the pager can unblock the signal thread when a pause is issued.
Issue #478
If a thread caused a page fault and later on get be paused, then it left
the recall handler immediately due to the pause call instead of staying
in this handler.
Add some (complicated) state machine to detect and handle the case. Still not
waterproof, especially server threads may never get recalled if they never get
a IPC from the outside.
Fixes#478
This patch introduces new commands for dynamically balancing RAM between
subsystems. The 'status' command prints a table with the RAM status of
each subsystem. The 'ram' command changes the quota or a quota limit of
a given subsystem. The quota limit can be defined to allow the on-demand
expansion of the quota. Finally, the 'yield' command can be used to
instruct a subsystem to yield a specified amount of resources.
For trying out the new commands, a so-called 'ram_eater' example has
been added to the 'terminal_mux.run' scenario. This program simulates a
subsystem with a growing demand for resources, yet with the capability
to yield resources when instructed by the parent (i.e., cli_monitor).
Besides implementing the new features, the patch splits the
implementation of 'cli_monitor' into multiple files.
In order to be able to dynamically balance resources of slaves, we need
to provide an accessor to the slave's RAM session and a way to issue
yield requests.
The new 'String' buffer type is meant to replace the manually created
character buffers that are scattered throughout Genode. It plainly holds
a null-terminated string to be stored as a member variable (e.g., a
session label) or passed as RPC argument. It is not intended to become a
string API.
Revised region management detects region conflicts by using _soft_
mappings per default. Overmapping is activated for population of managed
dataspaces only. For more information see header documentation of
base-linux/src/base/env/rm_session_mmap.cc.
Fixes#883.
To prevent multiple execution of main-bootstrap, I moved the code to a
statically initialized object. The reason for this change is that
_main() is exeuted twice when starting dynamic binaries. Now, the object
is part of the base-common library which is linked with ld.lib.so.
Deleting the generated 'launchpad.config' file is a bad idea because in
contrast to most base platforms, on Linux, we merely create symlinks
from the 'var/run/demo/' directory to the 'bin/' directory instead of
copying the files.
For ARM support on N900, commit 4a9b1c6 changed the process library to
start dynamic binaries directly depending on the Linux kernel to comply
to the interp section info ("ld.lib.so"). This seems not required on
more recent platforms or kernel versions and also introduced challenging
corner cases in region handling on Linux. Therefore, this commit
restores the original behavior.
This patch makes sure that a line break is printed before the test
finishes. This way, the "Test succeeded" message is printed on a new
line, which was not always the case (i.e., on Pistachio) otherwise.
The macro 'enter_kdebug' appended the 'text' argument immediately after
the '"' literal. Apparently, the old C++ standard accepted this code but
the new standard is more strict.
Statically configured NIC bridge clients must be configured via
<policy...> nodes in the config. Otherwise, the bridge can't answer ARP
requests or route traffic.
After announcing the NIC service, the bridge connects to the driver to
ensure to see any incoming traffic in case the client itself only reacts
on connects from LAN (e.g., the netperf server).
Also, some styling issues were fixed.
Both 'platform_session/capability.h' and 'platform_session/connection.h'
do not contain platform-specific information. By moving them from
'include/platform/imx53/platform_session/' to 'include/platform_session/',
this patch enables other platforms to reuse them.
Prior this change, the attempt to re-schedule a timer from its timer
handler resulted in a clear '_pending' flag. This caused the timer event
to disappear from the scheduling queue without the handler being called
ever again. By resetting the '_pending' value before calling the hander,
we prevent a re-scheduled '_pending' flag to be cleared immediately
after calling the handler.
On non-PC platforms, the variable 'build' remains undefined, which lets
the 'build $build' step fail. Use the traditional 'build_components'
variable instead. As a further plus, this avoids multiple passes of the
build system.
With this patch, if an ELF dataspace to be executed does not have a path
in the host file system, the dataspace content gets copied into a
temporary file whose path can be given to 'execve()'.
Fixes#879.
This patch updates the launchpad config to use XML attributes and
removes the built-in default configuration (which is only meaningful
for demo.run anyway).
By splitting Session_policy into two classes, we make it more flexible.
Originally, the constructor accepted solely an args string, which made it
unusable for situations where we already have extracted the session
label (e.g., stored in the session meta data of a server). Now, the
extraction of the label from the args string is performed by the new
Session_label class instead, which, in turn, can be passed to the
constructor of Session_policy.
This change causes a minor API change. The following code
Session_policy policy(session_args);
Must be turned into
Session_label label(session_args);
Session_policy policy(label);
This patch overhauls the signal handling of nitpicker to clear the way
towards dynamic reconfiguration. Furthermore, it moves the
implementation of the global-keys handling and input utilities to
separate files.
Originally, the convenience utility for accessing a process
configuration came in the form of a header file. But this causes
aliasing problems if multiple compilation units access the config while
the configuration gets dynamically updated. Moving the implementation of
the accessor to the singleton object into a library solves those
problems.
This patch adds support for iterating through a const list. This allows
users of lists to be more rigid with regard to constness. Furthermore,
the patch adds the function 'List::insert_at' for inserting an element
at a specified position. By adding this function, we can remove code
duplication in nitpicker.
To enable the specification of key names in configuration files parsed
at runtime, we need the association between key-code values and their
respective names.
binary_ds cap is attempted to free up twice by
_root_dir->release(_name, _binary_ds) in ~Child de-constructor and by
Static_dataspace_info _binary_ds_info de-constructor.
This commit keeps all binary related information inside a struct which gets
freed up after all noux session book keep cleaning is done.
Issue #485
The netperf test configures the target Genode system for with
10.0.2.55/24. Also, nic_drv on base-linux uses the virtual ethernet
device 'tap0', which must be configured for the test user and network
address 10.0.2.1/24 on the test host like follows.
tunctl -t tap0 -u <user running test>
ip address add 10.0.2.1/24 dev tap
ip link set tap0 up
This patch moves the GDB commands to set a breakpoint in the 'main()'
function into a separate file that can be included from other run scripts.
Fixes#876.
If the path of a Genode source file (as extracted from the binary test
application) contains a part like '/a/b/../' where '/a' exists, but '/a/b'
does not exist anymore, 'tar' complains. With this patch, the run script
normalizes the path before calling 'tar'.
Fixes#875.
- if no affinity was set for a new thread before calling
Cpu_session::start(), the CPU session's affinity gets set for this
thread
- documentation fix: <affinity_space> -> <affinity-space>
Fixes#873.
In case there is not enough quota left to create the trace buffer
or trace policy dataspace throw Out_of_metadata explicitly instead
of rethrowing the Ram_session::Quota_exceeded exception. Now one
can catch Trace::Out_of_metadata exception in a client application.
In addition fix Allocator_guard::withdraw() checks because this
method does not throw any exceptions and a failed withdrawal goes
unoticed.
Fixes#871.
This patch adds some of lwip's checksum calculation options to the
Genode-specific 'lwiptops.h' configuration file. The checksum calculations
are enabled by default.
Fixes#868.
Instead of using msleep to sleep periodically, and then increase jiffies
counter in the alarm scheduler implementation of the timed semaphore
use the 'trigger_periodic' call introduced by the change of the timer session
interface into an asynchronous one. Thereby, we can reduce the necessary IPC
communication with the timer service effectively.
Ref #35
As it turns out using -fPIC was not the issue but discarding certain
sections. The policy_module_table is now located in .data.rel which
needs to be at the beginning of the binary.
Fixes#849.
The regions reported by the RMRR structure are used by legacy devices for DMA
requests. Theses would need to be added to the device_pd to avoid DMAR faults
when used in legacy mode.
For now parse and print them, so that one has a clue about why we get DMAR
faults.
Issue #683
Be more robust. If the attachment fails continue to operate and just print a
error message. Before the commit the device_pd stopped to operate if an
attachment did not succeed.
Issue #683
Only the directories and files which were created in the first place
by the libc port should be removed. Thereby ignore the exit code of
the find command to prevent GNUmake from stopping its execution.
Fixes#841.
Don't account the boottime to the actual compile time - since it varies quite
a lot if somebody else utilize the network with lwip tests for example ;-).
Syscall binding functions which use '__L4_INDIRECT_CALL' need to tell the
compiler that the 'edi' register gets modified. Since 'edi' is an input
operand and input operands may not get added to the clobber list, this
patch defines 'edi' also as an output operand instead.
Fixes#834.
At least 64bit Seoul dies with Region_conflict reliable and reproducible.
When during startup of Seoul some Genode code (caused by executing some
constructors) try to attach a region, the region manager code in the rm_session
will try to place the attachment at the smallest large enough aligned free
virtual region.
For now, I observed one attachment causing trouble (but not knowing who causes
this - it does also not really matter). The questionable region is 0x4000 of
size for 32bit and 0x8000 of size for 64bit.
To steer the region manager a bit, we try now following trick:
With this commit the load address of the binary for 32 and 64 bit is moved
close to the end of the virtual address space, but leaving enough free virtual
space for the above observed attachment (and a bit more).
The region manager code now will try to fill up the virtual region behind
the binary up to the end of the virtual address space, effectively letting the
lower virtual region untouched - hopefully.
Works for now, but it will break again - for sure.
Fixes#519
To avoid build conflicts with Qt5, with this patch, 'qt4_deprecated' needs
to be added to the 'SPECS' variable (in specs.conf) when building for Qt4.
Issue #345.
By now Signal_session_component has allocated initial SLAB
blocks in constructor, wich crashed with the root
components assumptions about the RAM quota needs of
session creation. Thus, if the background allocator was already
exhausted from component allocation the session was created
with broken initial SLAB blocks.
fix#574
If a script is executed which uses a interpreter that does not exist the
construction of the child fails and potentially leaks memory because the
wrong delete operator is called.
Therefore the binary dataspace of the script and the binary dataspace of
the interpreter are now checked before a new child will be created.
Fixes#812.
The assignment of affinities consists of two parts, the definition
of the affinity space dimensions as used for the init process, and
the association sub systems with affinity locations (relative to the
affinity space). The affinity space is configured as a sub node of the
config node. For example, the following declaration describes an
affinity space of 4x2:
<config>
...
<affinity_space width="4" height="2" />
...
</config>
Subsystems can be constrained to parts of the affinity space using
the '<affinity>' sub node of a '<start>' entry:
<config>
...
<start name="loader">
<affinity xpos="0" ypos="1" width="2" height="1" />
...
</start>
...
</config>
This patch extends the 'Parent::session()' and 'Root::session()'
functions with an additional 'affinity' parameter, which is inteded to
express the preferred affinity of the new session. For CPU sessions
provided by core, the values will be used to select the set of CPUs
assigned to the CPU session. For other services, the session affinity
information can be utilized to optimize the locality of the server
thread with the client. For example, to enable the IRQ session to route
an IRQ to the CPU core on which the corresponding device driver (the IRQ
client) is running.
This patch introduces new types for expressing CPU affinities. Instead
of dealing with physical CPU numbers, affinities are expressed as
rectangles in a grid of virtual CPU nodes. This clears the way to
conveniently assign sets of adjacent CPUs to subsystems, each of them
managing their respective viewport of the coordinate space.
By using 2D Cartesian coordinates, the locality of CPU nodes can be
modeled for different topologies such as SMP (simple Nx1 grid), grids of
NUMA nodes, or ring topologies.
r3 contains the recent Nova upstream kernel version plus the Genode specific
extensions and changes as known from r2.
Additionally, the r3 branch
* contains the assign_pci patch now directly,
* adds support for cross CPU IPC,
* fixes some issues with freeing up kernel memory part of r2 and
* update the documentation a bit.
Fixes#814
* read out supported number of CPUs
* start per CPU a thread
* monitor by main thread liveness of remote CPU threads
* add a round variable
* terminate run script after a specific round or after 90s
* on qemu wait 5 rounds, on native runs 40
Add run script to autopilot list
Issue #814
This avoids a deadlock if during issuing a printf the low level IPC fails.
. Printf uses an address space local lock and if we are trying again
to make a printf we deadlock forever ...
This patch eliminates the "no attachment at..." warnings, which
were caused by a use-after-free problem of dataspaces. When a
dataspace was destroyed, the users of the dataspace were not
informed and therefore could not revert possible attachments to
RM sessions. The fix introduces a callback mechanism that allows
dataspace users (i.e., RM regions) to register for the event that
a dataspace vanishes.
The following types of dataspaces are handled:
* RAM dataspaces
* ROM dataspaces
* The process binary
* The binary of the dynamic linker
* Args dataspace
* Sysio dataspace
* Env dataspace
* managed RM dataspaces
The handling of ROM dataspaces is still not complete. When forking,
the ROM dataspace of the parent process gets just reused without
creating proper meta data ('Dataspace_info') for the forked process.
Similar issues might arise from other special dataspaces (e.g.,
args, env, sysio).
This patch removes all "no attachment at..." warnings except for
one (an attachment at 0).
Issue #485
The 'check_dev_tty()' function calls 'ttyname()', which calls the pthread
stub function 'pthread_main_np()', which prints a 'not implemented'
message. Calling 'check_dev_tty()' doesn't seem to be necessary, so this
patch removes the call.
Issue #815.
With this patch, the 'not implemented' messages of the pthread function
stubs always get printed to the Genode log console instead of stdout.
Issue #815.
Previous commit denies the creation of regions larger then the dataspace.
Noux does it by setting the default size to the dataspace size without
subtracting the offset.
Fixes#591
The rm_session implementation expects that offset + size must be
part of one dataspace. Unfortunately the parameters are not checked
properly during an rm::attach.
During an detach memory behind the actual region can be unmapped by such
bogus region entries.
Issues #591
Since RM sessions can be used as dataspaces and dataspace sizes are
supposed to have page granularity, RM session sizes should have page
granularity, too.
Fixes#799.
Forgetting to restore the old utcb content results in hard to debug bugs.
Save only the amount of word items which are actually on the UTCB.
Issue #806
Avoids the message
cxx: operator delete (void *) called - not implemented. A working implementation is available in the 'stdcxx' library
during a " new ..." which causes exceptions. Happens for seoul in disk.cc
Issue #806
The Rpc_exit call is delivered via RPC which results in a deadlock
if the Rpc_entrypoint has not been started yet. To prevent this
situation we active the Rpc_entrypoint explicitly before we call
Rpc_exit.
Fixes#811.
'alloc_skb' might now fail, the Nic component will then send a 'packet
available' signal and return. Fix broken SKB list implementation as well as
completely bogus initialization of SKBs.
Related to #778.
In this case "mv A B" works slightly different than "cp A B; rm A" as
symbolic links come into play. The statements should copy the contents
of A into the symboliv link at B (preserving it as is) and remove A. The
mv would replace the link B by the binary A.
Fixes#805.
When using certain assembler instructions, e.g. 'smc' that are
only available on some CPUs of the same architecture like ARMv7a,
it's necessary to specify the target CPU for the assembler. Otherwise
it will complain about.
Use NATIVE MAX ADDRESS EXT to retrieve last block for LBA48. Also check not only
for enabled LBA48 support but for the 'host protected area' bit before using the
LBA48 version. This is because the high order byte (HOB) data retrieval is
broken in Qemu.
Fixes#761.
Split the netperf run script into 3 ones so that it can be used more easily
in an automated run.
It is solely for foc_arndale by now.
l4linux_netperf.run - use nic via usb2.0
l4linux_netperf-usb30.run - use nic via usb3.0
l4linux_netperf-bridge.run - use nic via usb3.0 + bridge
Split the netperf run script into 3 ones so that it can be used more easily
in an automated run.
netperf.run - use native nic driver (x86) or usb2.0 (arndale, panda)
netperf_usb30.run - use native nic driver (x86) or usb3.0
netperf_bridge.run - use native nic driver (x86) or usb3.0 (arndale) and bridge
Issue #794
- use the generic 'crt0.s' for Linux
- move the read-only '__dso_handle' definition into the '.text' section
- move the '__initial_sp' definition into the '.bss' section
- remove the '_main_utcb' definition
Part of #766.
Until now the print procedure call in the Log_session_component
did contain a hardcoded 'init' string. Adding a method to filter
the session args to prefix the label and labelling the initial
Cpu_connection for the init-process enabled us to remove the
hardcoded string.
Fixes#789.
The given number of bytes is consumed but not actually allocated. This
feature may be used for accounting and use memory within core which is
in fact provided by a session client.
Fixes#792.
* Always download md5sum file and check downloaded binaries
* Extend sleep time in l4linux_netperf script, so that DHCP has enough time
* Fix regexp rule in l4linux_netperf run script to work with MAC addresses
containing only numbers
Fix#787
Sometimes the ports are not freed up quick enough by the host system after the
first test finished. The port restriction is mainly required for qemu, so don't
use it for bare metal hardware tests.
* Add platform_drv for usb_drv, sd_card_drv and ahci
* Add ahci driver and part_blk on top of it
* add linux instance using SATA partition
* add VIM using SATA partition
The window scale option (http://tools.ietf.org/html/rfc1323) patch of lwIP
definitely works solely for the receive window, not for the send window.
Setting the send window size to the maximum of an 16bit value, 65535,
or multiple of it (x * 65536 - 1) results in the same performance.
Everything else decrease performance.
We will have to check this window scale patch before using higher values.
Minor speed improvements of ~6Mbit. Additionally a ethernet frame fits now
into one memory allocation per pbuf. Beforehand two were allocated - one being
1514 bytes and another one being 2 bytes (monitored by instrumenting copy loop
in libports/src/lib/lwip/platform/nic.cc).
lwip reports via getsockopt the size of the default size of the receive buffer
to the netperf server. lwip returns 2GB and netperf server uses this value to
allocate some buffers - which of course fails with out of memory.
Reduces the "default size" to some smaller value.
With the commit we are not forced anymore to (but still can) use specific
netperf client options regarding memory allocations of the receive buffer.
MAERTS is STREAM backwards and effectively lets the netserver sends the packets
to the netperf client. So, TCP_STREAM measure the receive performance of the
lwIP stack on Genode and TCP_MAERTS the send performance of the lwIP stack
on Genode.
Normally this bench has read all data to one large buffer and
than written it back to the drive but for SATA 3 (6 Gbps) benchmarks
we would need a buffer of approximately 1.2 GB to do it this way
and reach 2 seconds bench time. Thus we use a buffer of SATA request size
and override it with every request.
This commit splits the Fiasco.OC-specific extension for the cli_monitor
into one for the Arndale platform, and one for all others. On Arndale
we add the cpu_frequency command beside the ones defined on all platforms.
Initialize and limit port speed to 3 Gbps in general because the Seagate
Barracuda 1TB throws much errors with 6 Gbps by now.
Try all port speeds from the highest to the lowest as long as debouncing fails
and try them all again in this order when falling back to slower debouncing.
Try to recover from all types of interface error.
When a port was recovered from an error during a NCQ command
get the last LBA that was accessed successfully and continue command from
this point.
Use a platform driver through the 'Regulator' service to do CMU and PMU config.
Switch off verbosity by default.
To raise expressiveness of the benchmark it dynamically adjusts the
transfer amount at any test to get a result that was measured
over a transfer time of 2000 ms at least and 2300 ms at a max.
* Retry debouncing first with a higher trial time and if this also doesn't
work with lower link speed additionaly.
* Ignore DevSlp feature because it isn't needed anyway as far as i can see.
* Relax some restrictions according the feedback of the drive as far as it
seem to have no effect in Linux too
Fix#753
The verbosity must be enabled at two levels: at compile time
via an enum that switches the availability of verbosity code
and via two members of 'Mmio' named '_read_verbose' and
'_write_verbose'. The latter are initialized to 0 (change this to
enable verbosity globally) and can be used to locally enable
(or disable) verbosity in deriving classes.
Ref #753
Currently, on the Arndale platform, core uses a different thread context
area base address than the other tasks (0x20000000 vs. 0x40000000). This
is problematic, because core calculates the location of the UTCB area of a
new thread relatively to core's own thread context area base. So, the UTCB
area of non-core threads ends up in a virtual address range which is
outside of the task's thread context area and not marked as used in the
task's RM session.
With this patch, the same thread context area base address gets used in
core and in the other tasks.
Fixes#779.
Added spec file for ARM-VFPv3 floating-point unit. This shadows
'base/include/arm/' with 'base/include/arm/vfp' and enables a 'memcpy_cpu'
version that mainly uses the FPU. Enabled VFP support for 'foc_arndale'.
Ref #773
* Implements platform driver for Arndale providing Regulator for CPU clock
* Implements a cpu frequency scaling test using the affinity test
* Fixes#770
TFTP server requiring absolute directory names are supported (better) -
specify in RUN_OPT "--tftp-absolute" to create Pulsar config with absolute
path names for PXE boot.
Additional a symbolic link is created from the build directory to
"$PXE_TFTP_DIR_BASE$PXE_TFTP_DIR_OFFSET" automatically. This eases the use
together with autopilot for x86.
Commit c464ee2e6673fe328a8717342dca30f3b0204cb8 removed the RX_BUF_SIZE from
the NIC session interface. Mistakenly, the nic_loopback server was missed
when doing this change.
The PWD variable contains the current working directory of the original
location where 'make -C' is executed, not the directory specified as
argument of '-C'. The tools referenced by ports/libports, however,
expect PWD to point to the root of the respective repository.
This patch splits the download of signatures from the download of the
archive to improve robustness. This way, signature files will be
downloaded even if the corresponding archive is already in place.
Issue #748
In fact, the sizes were the same the whole time, but by using
the same enum in both cases to instantiate the Packet_stream_tx
and Packet_stream_rx members of the e.g. RPC object, it allows
for more flexible generalization between e.g. source or, sink
objects, when programming event-driven, and implementing generic
handlers for their signals.
Just use configuration values when existent, otherwise when no configuration
is given use the default values. When an incomplete configuration is given,
take the supplied ones, and for the rest the default ones. Fix#762
Don't use the xhci USB host controller for HID and NIC in the l4linux
run script. It doesn't work on the Pandaboard, and isn't needed for the
Arndale board. Moreover, provide a MAC address, and add a providing
rule in the KDB UART driver to supress ugly warnings. Fix#763
This patch makes the handling of failed integrity checks of 3rd-party
packages more robust. Previously, a once failed 'make prepare PKG=curl'
would not leave any trace of the verification state. Hence, a successive
attempt to perform the 'make prepare' step again succeeded even if the
signature check failed.
To solve this problem, the outcome of a successful signature check is
represented by a tag file called 'download/<archive-name>.verified'.
Because the rule for extracting the archive depends on the .verify tag
file, the extraction step is not performed until the signature check
succeeds.
Issue #748
The downloaded archives for building the tool chain are checked for its
signature before using them. In case of a signature failure, the build
is interrupted.
Issue #748
The signature verification tool uses gpg to verify the detached
signature of the given file.
It also tries to obtain the signing key if it is not part of the local
key ring.
Signature verification implies the verification of the integrity and
authenticity of a given file.
Issue #748
Instead of using a fixed command like picocom in the run tool,
it's better to have the flexibility to set the whole command that
connects to the serial device. Therefore, it's possible for instance
to connect to a remote serial device exported via TCP/IP by using tools
like socat.
This patch introduces a new platform 'linux_arm' for building and running
Genode/Linux on an ARM device.
Known limitations:
- libc 'setjmp()'/'longjmp()' doesn't currently save/restore floating
point registers
Fixes#746.
With this patch, 'liquid_framebuffer' can be reconfigured at runtime.
The configuration arguments are now provided as XML attributes, matching
those for 'nit_fb'. Furthermore, two new configuration options are added:
<config ...
resize_handle="off" - show/hide a resize handle widget in the lower
right window corner
decoration="on" - show/hide window decoration
(title bar and borders)
/>
Fixes#740Fixes#14
This is a first version of the AHCI driver. It supports SATA HDDs
with UDMA-133 only, up to 6 Gbps and native command queueing.
The more blocks one transfers with one command, the higher is the
chance that the driver produces a fatal handshake error. Nevertheless
the driver is stable with one block per ATA command. Although NCQ is
used the driver doesn't queue multiple commands simultanously.
The driver was tested with a western digital HDD "WDC WD2500BEVS-08VAT1
13.01A13" (250 GB) with hw_arndale (run/ahci) and foc_arndale
(run/ahci, run/l4linux: dd). SSDs were not tested.
Fix#706
The previous version of the PS/2 mouse backend manged mouse motion
events in a strange way, effectively throwing away most information
about the motion vector. Furthermore, the tracking of the mouse-button
states were missing. So drag-and-drop in a guest OS won't work. The new
version fixes those issues. For the transformation of input events to
PS/2 packets, a the Genode::Register facility is used. This greatly
simplifies the code.
This patch replaces the error-prone manual locking with the use of the
'Synced_interface' for the motherboard and the VCPU dispatcher. It also
removes all globally visible locks. Locks are now explicitly passed to
subsystems when needed.
This patch moves the implementation of the 'Arm::memory_region_attr'
function from the generic ARM code to the ARM v6/v7 specific code
to enable the customization of page-table bits depending on the
specific CPU core type. I.e., the ARM1176 apparently does not cope
well with setting the 'Tex::bits(2)' for MMIO mappings.
This patch eliminates calls of 'cmpxchg' prior enabling the MMU. This is
needed because the 'ldrex' and 'strex' instructions do not always work
with MMU and L1 cache disabled, i.e., on Raspberry Pi.
Changes GPIO session interface to a one-GPIO-pin-per-session style. Moreover,
this commit introduces a generic driver interface for GPIO drivers. Thereby
generalizes root- and session component for GPIO.
In issue #313 the SO_RCVBUF was intended to be enabled, however the current
lwip port looks for another define LWIP_SO_RCVBUF instead of LWIP_RCVBUF.
Fixes#716
If the target machine is connected locally one may specify
"serial" as target in the RUN_OPT variable to get the test output.
Used for panda and arndale on foc and hw.
Use RUN_OPT="--target ..." to select the backend test method.
Supported values so far:
qemu - qemu + grub bootloader (default)
qemu+pxe - qemu + pulsar bootloader (PXE)
amt - Intel AMT (reset+serial output) + pulsar bootloader
Related to issue #598
A run script which sends raw ethernet packets from the host machine to the
target machine. Three tests are implemented:
- The network_stat instrumented driver of usb_drv and net_drv
are used to get the raw receive performance of the network driver.
- A simple nic_session client is receiving from the un-instrumented network
driver raw ethernet packets.
- A bridge is added between driver and simple nic_session client.
genode_until_run can be called now with a spawn id to able to reattach to a
spawned process (amt, serial output). Run scripts can now call genode_until_run
multiple times.
Additionally, we do the cleanup of the remains of a previously failed
run prior creating the run directory. Otherwise, the directly creation
may fail because of a pending bindmount.
With this patch, the thread context area RM session gets created at
program startup to have the thread context area's virtual address range
reserved right from the beginning.
Fixes#734.
This patch implies that all Genode processes try to create an RM
session. So a route to the RM service must be present even for processes
that have only a single thread. Hence, the patch contains an update of
affected components.
lwIP only supports the 'AF_INET' domain, but doesn't check the 'domain'
argument of the 'lwip_socket()' function.
This patch avoids an error message from lwIP when the Arora browser
tries to connect a socket of the 'AF_LOCAL' domain.
Fixes#732.
The parent-service registry is populated on demand by the
'Loader::Child' whenever a prior unknown service is requested. Since the
number of parent services is limited, we expect the registry to settle
after a while. However, each loader session has a private instance of
a parent-service registry. So when creating and destroying loader
sessions, parent registries will be populated again and again. We
have to make sure to discard the entries along with the destruction
of a loader session to avoid the leakage of memory.
Issue #717
Try to free the metadata of a thread only if created by Genode. The code
did not cause any actual problems. I just stumbled over the inconsistency
while reviewing the code.
Enable optinal support for double buffering in the i.MX53 framebuffer
driver. This prevents flickering in certain scenarios, where applications
directly render in the framebuffer dataspace given by the driver.
* Simplify IPU register definitions using templates
* Distinguish between i.MX53 QSB and SMD board in driver
* Support IPU specific overlay mechanism by framebuffer session extension
With this patch, the 'libc_lwip_nic_dhcp' plugin provides the DNS server
address acquired by lwIP via DHCP in the file '/etc/resolv.conf'.
This feature can be disabled from the config file:
<libc resolv="no" />
The static network interface configuration attributes are now also a part
of the '<libc>' config node:
<libc ip_addr="..." netmask="..." gateway="..." />
Fixes#731.
This commit removes an endless loop, that occurred when the sd_card driver
called usleep, or msleep on its Timer_delayer object. Fixes#705
Also fixes the same problem for the Omap4 GPIO driver.
'Gratuitous ARP' broadcast messages are used to announce newly created
IP<->MAC address mappings to other hosts. nic_bridge-internal hosts
would expect a nic_bridge-internal MAC address in this message, whereas
external hosts would expect the NIC's MAC address in this message.
The simplest solution to this problem is to just drop those messages,
since they are not really necessary.
Fixes#709.
This patch adds the consideration of suddenly disappearing managed
dataspaces in the 'Rm_session_component::reverse_lookup' function.
Previously, this case resulted in a seamingly valid translation.
Fixes#701
This commit simplifies the creation of additional threads and VCPUs in L4linux.
By now, some Genode::Thread_base methods where overridden to use a Fiasco.OC
specific Cpu_session when creating threads.
Recent commit: 297538678e moved the actual creation
of the platform thread into the constructor of the generic Thread_base class.
Thereby the Vcpu class, which extended the Thread_base class, now unnecessarily
created two platform threads for each thread created via Vcpu. Nowadays, the
cpu_session capability is available via the Genode::env() environment. So we can
use the Thread_base parent class for the setup of the platform thread, and
afterwards create a Fiasco.OC specific cpu session client with the same cpu
session capability, Thread_base used for creation, to make use of the L4Linux
specific features of this interface (VCPU enabling, irq object creation etc.).
When destroying a thread, which was not bound to a protection domain via kernel
primitives beforehand, it is critical to change the pager and exregs the thread
in the destruction process. Therefore, this commit introduces two thread states:
DEAD and RUNNING. On the basis of the thread state, we can decide whether to
reset the thread before destroying it, or not.
This patch clears the terminal each time the menu appears and thereby
wipes away artifacts that might occur when combining terminal_mux with
kdb_uart_drv and the kernel prints messages directly.
This fixes issues with several HID keyboards by implementing
get_unaligned_le16(), which obviously may also fix other not-yet-known
issues. Hint: I had to look out for suspicious lines like follows in the
verbose log.
[init -> usb_drv] get_unaligned_le16 called, not implemented
Also, quirks for cherry keyboards are now applied.
Because the template instantiation rules of C++ do not deal well with
null pointers specified as '0', the constructor of 'Local_addr' was
instantiated for [T = int], which does not make sense. To avoid the
warning "cast to pointer from integer of different size", we need to
explicitly state that '0' is a pointer. In C++11, there is the 'nullptr'
keyword, but until we switch to this version, we have to state (void *)0.
In usb.inc all required Linux include files of the Linux code are looked up
by 'sed'ing through the files of SRC_C and SRC_CC. The Linux include files
are then added as dependency to the SRC_C and SRC_CC files and during dependency
resolution symbolic links to the lx_emul.h will be created.
In the platform specific usb.mk file there are the Linux driver files
added, but unfortunately after including usb.inc. So, for them no dependency
to any Linux include header file is generated and so no symbolic files are
generated.
If the driver code file is compiled as first, as for asix.c, the symbolic links
of the include files are missing and compilation fails.
Add the Linux driver code files to SRC_C before including usb.inc in the
platform specific usb.mk files.
Originally, a thread was created at core not before calling the 'start'
function. In order to configure the thread affinity before starting the
thread, we have to make the thread known at core right at construction
time. This patch moves the needed thread-creation sequence from the
'start' function to the '_init_platform_thread' function.
When L4Linux tries to allocate a dataspace of the size of its physical
memory, this allocation can fail, because the 'l4re_ma_alloc()' function
in the 'l4lx' library always tries to allocate a contiguous dataspace of
the given size and there might be no contiguous free area left.
With this patch, memory gets allocated in chunks: if the size to be
allocated exceeds the configured chunk size, a managed dataspace gets
created and filled with multiple memory chunks of at most the chunk size.
The chunk size is 16M by default and can be configured in an l4linux
config node:
<config args="...">
<ram chunk_size="16M"/>
</config>
Fixes#695.
Don't do anything in Mapping::prepare_map_operation. At this point and in the
current implementation, the memory has been mapped and cleared already. Touching
the memory may only pollute the cache causing data corruption in DMA memory.
Fixes issue #452
The KDB UART driver uses the Fiasco(.OC) kernel debugger console as backend
for input and output. This is useful in the case that only one UART is
available.
Fixes#665.
In this version of the transition the Hip structure from Genode is reused,
@nfeskes seoul_libc_support is used for the string functions and the
nul/config.h is replaced by just using a constant value in the one place where
the file was needed.
Related to #666.
- search for alternative virtual address regions upwards, starting from
the given start address, in the 'l4re_rm_attach()' and
'Region_manager::reserve_range()' functions
- don't treat memory locations above 0x80000000 in l4linux's virtual
address space as device memory
- align the start address of the vmalloc area according to the assumption
in 'devicemaps_init()'
Fixes#414.
Explicitly set default mode for legacy interrupts to not rely on kernel
default settings. This patch fixes the constantly busy IRQ threads for
IRQ 1 and 12 as soon as the PS/2 driver was loaded until the point when
the first IRQ occurred.
Remove the 'epit' variable from the generic imx31 and imx53 specification,
and only add it to base-hw specific i.MX specs. Thereby the EPIT timer
library gets build for base-hw only.
Moreover, fix some const-ness issues in the platform_timer implementation
for the EPIT timer.
Fixes#688.
The new core-internal 'Address_space' interface enables cores RM service
to flush mappings of a PD in which a given 'Rm_client' thread resides.
Prior this patch, each platform invented their own way to flush mappings
in the respective 'rm_session_support.cc' implementation. However, those
implementations used to deal poorly with some corner cases. In
particular, if a PD session was destroyed prior a RM session, the RM
session would try to use no longer existing PD session. The new
'Address_space' uses the just added weak-pointer mechanism to deal with
this issue.
Furthermore, the generic 'Rm_session_component::detach' function has
been improved to avoid duplicated unmap operations for platforms that
implement the 'Address_space' interface. Therefore, it is related to
issue #595. Right now, this is OKL4 only, but other platforms will follow.
This enables us to use the run scripts applied to a native machine equipped
with Intel's AMT. If the environment variables are correctly set up, the remote
test machine is reseted via 'amttool', then via 'amtterm' the serial output
is collected and the normal run script matching pattern for success/failure of
the run script are applied.
'amttool' and 'amtterm' are part of the package called 'amtterm' shipped with
the Linux distributions like Ubuntu, Debian and lot more.
Following environment variables are required, to run the run scripts with a
native AMT test machine:
PXE_TFTP_DIR_BASE - absolute path of TFTP directory
PXE_TFTP_DIR_OFFSET - relative path to PXE_TFTP_DIR_BASE where the config file
will be generated - named 'config-00-00-00-00-00-00'
AMT_TEST_MACHINE_IP - TCP/IP address of target AMT test machine
AMT_TEST_MACHINE_PWD - password of target AMT test machine
Issue #679
Since checking if the certificate is valid is not that important
(we currently do not check the signature of the archive which is the
bigger issue) we disable the checking to prevent certain wget version
from refusing to download the archive.
Fixes#681
mkisofs is the original ISO creation tool from cdrtools available on
many UNIX systems. genisoimage on the other hand is part of a mostly
unmaintained fork of cdrtools very specific to Debian Linux and its
derivates (e.g., Ubuntu). Fortunately, genisoimage (as we used it) is
completely invocation-compatible to mkisofs.
Fixes#627.
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
