Drivers like SD-Card, platform, AHCI, and framebuffer are specified as Exynos5
compliant. But they are at least not compliant with Odroid-XU although this is
Exynos5. Thus, prevent tests that rely on such drivers when building for
hw_odoid_xu. Furthermore, make previous Arndale regulator/consts.h,
uart_defs.h, and some Board_base enums available to all Exynos5 builds to
enable at least building the drivers.
Fixes#1419
For the USB-Armory, we use a newer version of Linux (3.18) as for the
i.MX53-QSB. The main difference is, that the newer Linux uses a DTB instead of
ATAGs.
Fixes#1422
The USB Armory is almost the same as the i.MX53-QSB but it uses only
one of the two RAM banks available in i.MX53. Furthermore we use the USB
Armory only with Trustzone enabled.
Ref #1422
With the new run tool, there is no more is_qemu_available function. However,
some scripts still try to use it because only frequently used scripts were
updated by now. The commit replaces the function calls with the new
'have_include power_on/qemu' check.
Ref #1419
The wifi_drv now provides two reports. The first one contains all
accesspoints that were found while scanning the supported frequencies.
The second one reports the state of the driver, i.e., if it is
conntected to an accesspoint or not. In addition to that, the driver
now gets its configuration via a ROM session.
More detailed information are available in 'repos/dde_linux/README'.
Issue #1415.
* enables world-switch using ARM virtualization extensions
* split TrustZone and virtualization extensions hardly from platforms,
where it is not used
* extend 'Vm_session' interface to enable configuration of guest-physical memory
* introduce VM destruction syscall
* add virtual machine monitor for hw_arndale that emulates a simplified version
of ARM's Versatile Express Cortex A15 board for a Linux guest OS
Fixes#1405
To enable support of hardware virtualization for ARM on the Arndale board,
the cpu needs to be prepared to enter the non-secure mode, as long as it does
not already run in it. Therefore, especially the interrupt controller and
some TrustZone specific system registers need to be prepared. Moreover,
the exception vector for the hypervisor needs to be set up properly, before
booting normally in the supervisor mode of the non-secure world.
Ref #1405
To enable the usage of virtualization extension related instructions
there is the need to enable the '-mcpu=cortex_a15' compiler flag on
those cpus. To not conflict with other compiler flags (Ref #810) we've
to disable the '-march=arm_v7a' flag.
Ref #1405
The generalization of interrupt objects in the kernel and the use of
C++ polymorphism instead of explicitely checking for special interrupts
within generic code (Cpu_job::_interrupt) enables the registration of
additional interrupts used by the kernel, which are needed for specific
aspects added to the kernel, like ARM hardware virtualization interrupts.
* Introduce generic base class for interrupt objects handled by the kernel
* Derive an interrupt class for those handled by the user-land
* Implement IPI-specific interrupt class
* Implement timer interrupts using the new generic base class
Ref #1405
Until now, one distinct software generated IRQ per cpu was used to
send signals between cpus. As ARM's GIC has 16 software generated
IRQs only, and they need to be partitioned between secure/non-secure
TrustZone world as well as virtual and non-virtual worlds, we should
save them.
Ref #1405
* name irq controller memory mapped I/O regions consistently
in board descriptions
* move irq controller and timer memory mapped I/O region descriptions
from cpu class to board class
* eliminate artificial distinction between flavors of ARM's GIC
* factor cpu local initialization out of ARM's GIC interface description,
which is needed if the GIC is initialized differently e.g. for TrustZone
Ref #1405
The 'dest' target is renamed in the updated rump version to 'dest.stage'. This
triggered some building steps, even when the targets already existed.
Issue #1409
The handling of MMIO regions now supports more pathological cases with
weird cross references. Also, MMIO regions are releases after the
parsing is done.
Fixes#998
While booting up, some devices send garbage over the serial connection.
This can result in an unexpected EOF event within expect(1). A filter
program may be specified with '--log-serial-filter' to circumvent this
problem. Then, the output of the serial program is piped through
the filter, which may sanitize the character stream.
Fixes#1395.
Setting the ACTLR.SMP bit also without SMP support fastens RAM access
significantly. A proper solution would implement SMP support which must enable
the bit anyway.
Fixes#1353
and move it close to run_genode_until implementation.
Somehow the "match_max -d" gets ignored if it is to far away and some
our run scripts fails because the buffer contains not all information
(seen for affinity.run on a 8 core machine)
This is needed at least by rump_ext2.run as it uses the perf-counter
in the jitterentropy-lib. On other platforms the perf-counter gets enabled
by the kernel by default. However, on HW, we keep the specifier to allow users
to disable it easily (e.g. for security reasons).
Ref #1393
When returning early on directory operations, file systems that might
be able to handle the request but come after the current one are not
tried.
Fixes#1400.
Up to now Noux used the libc sleep functions, which actually is not
possible because the _nanosleep() function implemented by our libc
creates a new thread to handle the timeout. Noux childs may have
only one thread, e.g., the main thread, though. To fix this issue
sleeping is now handled directly by Noux. It is implemented by calling
select(2) with a timeout. This fix is needed for mutt(1), which calls
sleep when it prints a notification for the user.
Fixes#1374.
Since rump now requires large buffers of random numbers (>= 512 bytes), use the
jitterentropy library instead of the slow timer pseudo random number generation.
Fixes#1393
To circumvent compilation errors with the older L4Android Linux kernel
version, the ballooning driver is included in the more recent L4Linux
kernel only. Moreover, to be able to maintain L4Android / L4Linux in a more
convenient way, e.g. to apply patches valid for both versions, we use
the same git clone that is used for L4Linux instead of using the upstream
L4Android version by applying patches.
Fixes#1390
Instead of returning an uint64_t value, return a structured time stamp.
This change is only visible to components using Rtc_session directly.
Fixes#1381.
Up until now 'schedule_timeout' did only wait for the next signal to occur.
However, we might run into situations where there won't occur signals for longer
periods of time. Therefore, we took care of the respective timeout handling.
This commit also adds Genode's tracing support
Issue #1310
This has been broken for a while now. Use correct (global) signal transmission,
do not use local signal transmission, as signals seems to get lost.
Issue #1310
This patch changes the Shared_object::lookup function to use a
reinterpret_cast instead of a static_cast to allow the conversion
from symbol addresses to arbitrary pointers.
By blocking on a timeout, we yield the CPU in order to give a
concurrently running sporadic process a chance to obtain ROM modules.
Otherwise, such requests would be deferred until the ROM prefetcher
completes its operation or in the unlikely event that the prefetcher
gets preempted.
Fixes#1378
The linker scripts use to fill alignment gaps within the text section
with the magic value 0x90909090, which correponds to the opcodes of four
nop instructions on x86. This patch removes this value because it
apparently solves no problem. If, for some reason (e.g., due to a dangling
pointer) a thread executes instructions within alignment paddings, NOP
instructions are not any better than any other instruction. The program
will eventually execute the instructions after the padding, which is
most likely fatal. It would be more reasonable to fill the padding with
the opcode of an illegal instruction so that such an error can be
immediately detected. That said, I cannot remember a single instance,
where the fill value has helped us during debugging.
Even if the mechanism served a purpose on x86, it is still better to
remove it because it does not equally work on the other architectures
where the linker scripts are used. I.e., on ARM, the opcode 0x90909090
is not a NOP instruction.
The patch supports both, a download-specific UNZIP_OPT(download) and a
general UNZIP_OPT that can be defined across downloads.
UNZIP_OPT(download) overrides UNZIP_OPT.
Note, the `--strip-components=1` argument is not required for unzip.
Issue #1357
If newlines are in the string send to the core log service, they don't get
the label properly appended before each output. The messages then look like
they are coming from core.
Fixes#1368
Be less verbose regards warnings caused by vmx_invalid exits - which triggers
on T400 more often because it has no Unrestricted Guest support. This leads
to lot of log messages so that the test does not succeed in time. Additionally,
the virtualbox_auto_disk.run script is adjusted to check for some output to
exit earlier if something went wrong.
Fixes#1367
Workaround for issue #1343. By disabling the 'vpid' feature of the nova
kernel several VMs can be used concurrently. Applies for Seoul and VirtualBox.
Issue #1343
tool/ports/shortcut
create symbolic link from 'contrib/<port-name>-<hash>' to
contrib/<port-name>
tool/ports/current
print current contrib directory of port
Fixes#1345.
Instead of fixing the missing dynamic facilities of the AHCI driver
backends for x86 and Exynos5, just avoid to create/destroy the backend
for every new connection, but always use one and the same object.
The AHCI drivers need to be re-written anyway, see issue #1352 for instance,
we can make it more robust for the dynamic case then.
Fixes#786Fixes#1133
This has to be used during shared object creation and destruction because global
lists are manipulated. We cannot use the 'Elf_object::lock' here because there
may be jump-slot relocations during object initialization.
Fixes#1350
When building Genode for VEA9X4 as micro-hypervisor protected by the ARM
TrustZone hardware we ran into limitations regarding our basic daily
testing routines. The most significant is that, when speaking about RAM
partitioning, the only available options are to configure the whole SRAM
to be secure and the whole DDR-RAM to be non-secure or vice versa. The
SRAM however provides only 32 MB which isn't enough for both a
representative non-secure guest OS or a secure Genode that is still
capable of passing our basic tests. This initiated our decision to
remove the VEA9X4 TrustZone-support.
Fixes#1351
On VEA9X4-TZ, the context-area overlaps with the virtual area of the
text, data and bss. However, we can't simply change the link address as
the core image (used physically respectively 1:1 mapped) needs to be in
this particular RAM-region as it is the only one that can be protected
against a VM. Thus I've moved the context area to a place where it
shouldn't disturb any HW-platform.
Fixes#1337
Declaring the SP804 0/1 module and its interrupt to be non-secure prevents the
secure Genode from receiving the interrupt and hence the timer driver in the
secure Genode doesn't work.
Fixes#1340
Some downloads are available via HTTPS only, but wget < 3.14 does not
support server-name identification, which is used by some sites. So, we
disable certificate checking in wget and check the validity of the
download via SIG or SHA.
Fixes#1334.
The commit uses a fixed kernel branch (r8), which fixes a caching bug
observable in the Genode host. The quirk detecting the circumstance in the
timer service is obsolete now and is removed.
Fixes#1338
The commit
- fixes the syscall bindings for using portal permissions
- revokes PT_CTRL permission after pager in core set local badge name
- revokes PT_CTRL permission after server entrypoint code set local badge name
Fixes#1335
This fix configures TTBRs and translation-table descriptors as if we would use
SMP although we don't to circumvent problems with UP-configurations.
This fix should be superseded later by full SMP support for the VEA9X4.
ref #1312
The HW-kernel, in contrast to other kernels, provides a direct reference
to the pager object with the fault signal that is send to the pager
activation. When accessing this reference directly we may fall into the
time span where the root parent-entrypoint of the faulter has alredy
dissolved the pager object from the pager entrypoint, but not yet
silenced the according signal context. To avoid this we issue an
additional 'lookup_and_lock' with the received pager object. This isn't
optimal as we don't need the potentially cost-intensive lookup but only the
synchronization.
Fixes#1311.
Fixes#1332.
- essential support for 7260 chipset and DMA fixes
- assign mvm->pm_ops at beginning of function iwl_op_mode_mvm_start.
iwl_mvm_mac_setup_register() uses mvm->pm_ops, but it is called
before this field is set to a valid value.
- disable call to function iwl_mvm_prepare_multicast.
This function leads to a pagefault, as it aspects a list of multicast
addresses, but the list is empty as it is not generated by this port.
On base-hw, each thread owns exactly one scheduling context for its
whole lifetime. However, introducing helping on IPC, a thread might get
executed on scheduling contexts that it doesn't own. Figuratively
spoken, the IPC-helping relation spans trees between threads. These
trees are identical to those of the IPC relation between threads. The
root of such a tree is executed on all scheduling contexts in the tree.
All other threads in the tree are not executed on any scheduling context
as long as they remain in this position. Consequently, the ready-state
of all scheduling contexts in an IPC-helping tree always equals the
state of the root context.
fix#1102
As soon as helping is used, a thread may also be in a blocking state when its
scheduling context is ready. Hence, the state designation SCHEDULED for an active
thread would be pretty misleading.
ref #1102
If the debug branch of the nova kernel is used, following messages are printed
by the kernel during vCPU setup phase:
[0] overmap attempt OBJ - tree - ...
Fixes#1324
The context of timer are now inserted correctly and the actual timer
triggering the exection of each context is always programmed if the
head of the timer list changes.
Fixes#1326.
The jiffies are only updated on each round of scheduling the runnable
tasks. We have to schedule the current task that executes the sleep
call to update the jiffies count and thereby preventing the task from
entering an endless loop when using a statement like
'while (!time_after(jiffies, now + timeout)) { msleep(1); }'.
Related to #1326.
Instead of probing all device on the PCI bus just look for devices
matching PCI_CLASS_NETWORK_OTHER. This fixes issues with other devices
on the PCI bus, e.g. the GPU, when access their extended config space.
Related to #1326.
Due to commit "run: relax IP power plug recognition + serial EOF",
when piping the serial command through 'tr', some characters might
get buffered, thereby preventing some run scripts to finish correctly.
This commit removes the 'tr' hack. Instead, to circumvent the 'expect'
problem, which kills under special conditions spawned childs used to
obtain serial line content, whenever EOF of the serial command is
recognized during the boot phase, the child process gets re-spawned.
Setting explicit routes for Nitpicker's 'Framebuffer' and 'Input' sessionsi
avoids ambiguities if a Qt application provides these services, too.
Fixes#1316
With this patch, when calling 'setFocus()' on a QNitpickerViewWidget, the
Nitpicker view gets the input focus (provided that the parent Qt window
already had it).
Fixes#1314
Until now, the successful termination of the boot process was recognized
when 'expect' saw the first L4 bootstrapper output on serial line. On sytems
with initially shaky serial connection like Versatile Express, where the serial
line baudrate changes with the bootstrapper initialization, the first expected
line might be missing. Therefore, change the expected line to the first
Fiasco.OC kernel output.
* To communicate with IP power plug devices from Koukaam, to remote
control power supply of test boards, don't parse minor versions, but
support different IP power plugs
* TCL's expect may report an EOF when reading from the spawned serial
terminal, especially when using 'socat' to stream serial over TCP/IP,
although the spawned child is still running and delivering content.
This problem is clearly not dependent on the characters send, but
possibly due to strange pipe signals. When piping the serial output
through 'tr' the problem vanishs.
This wasn't necessary before because we built an l4 library for
Pistachio and linked it against each application. With the new linker,
we compile the required files from within Genode and create a syscall
library that is only linked to ldso. If a program uses system calls
directly, for example, DDE kit's spinlock implementation, the required
symbols must be made globally accessible.
Fixes#1306
On the Versatile Express Cortex A9x4 platform the first memory region
0x0 - 0x4000000 is a hardware remapped memory area, containing flash
and DDR RAM copies and thus should not be added in addition to all
DDR RAM regions and the SRAM region.
In the init configuration one can configure the donation of CPU time via
'resource' tags that have the attribute 'name' set to "CPU" and the
attribute 'quantum' set to the percentage of CPU quota that init shall
donate. The pattern is the same as when donating RAM quota.
! <start name="test">
! <resource name="CPU" quantum="75"/>
! </start>
This would cause init to try donating 75% of its CPU quota to the child
"test". Init and core do not preserve CPU quota for their own
requirements by default as it is done with RAM quota.
The CPU quota that a process owns can be applied through the thread
constructor. The constructor has been enhanced by an argument that
indicates the percentage of the programs CPU quota that shall be granted
to the new thread. So 'Thread(33, "test")' would cause the backing CPU
session to try to grant 33% of the programs CPU quota to the thread
"test". By now, the CPU quota of a thread can't be altered after
construction. Constructing a thread with CPU quota 0 doesn't mean the
thread gets never scheduled but that the thread has no guaranty to receive
CPU time. Such threads have to live with excess CPU time.
Threads that already existed in the official repositories of Genode were
adapted in the way that they receive a quota of 0.
This commit also provides a run test 'cpu_quota' in base-hw (the only
kernel that applies the CPU-quota scheme currently). The test basically
runs three threads with different physical CPU quota. The threads simply
count for 30 seconds each and the test then checks wether the counter
values relate to the CPU-quota distribution.
fix#1275
Do not support the global construction from of objects from within a global
constructor of another object. This can happen if, for example, dlopen is called
from a global constructor. The construction will be post-boned until the current
constructor has finished.
On Arndale, the kernel timer resets to the initial value of the last
count-down and continues as soon as it reaches zero. We must check this
via the interrupt status when we read out the timer value and in case
return 0 instead of the real value.
fix#1299
The way this function is currently used in dde_linux expects this
function to return. Since there is dde_kit_panic it should better
be used in such a case the output should block.
Kernel::Processor was a confusing remnant from the old scheme where we had a
Processor_driver (now Genode::Cpu) and a Processor (now Kernel::Cpu).
This commit also updates the in-code documentation and the variable and
function naming accordingly.
fix#1274
The run test 'hw_info' prints the content of the basic ARMv7 identification and
feature registers in a pretty readable format. It is a kernel-internal test
because many of these registers are restricted to privilege level 1 or higher.
fix#1278
The new scheduler serves the orthogonal requirements of both
high-throughput-oriented scheduling contexts (shortly called fill in the
scheduler) and low-latency-oriented scheduling contexts (shortly called
claim in the scheduler). Thus it knows two scheduling modes. Every claim
owns a CPU-time-quota expressed as percentage of a super period
(currently 1 second) and a priority that is absolute as long as the
claim has quota left for the current super period. At the end of a super
period the quota of all claims gets refreshed. During a super period,
the claim mode is dominant as long as any active claim has quota left.
Every time this isn't the case, the scheduler switches to scheduling of
fills. Fills are scheduled in a simple round robin with identical time
slices. Order and time-slices of the fill scheduling are not affected by
the super period. Now on thread creation, two arguments, priority and
quota are needed. If quota is 0, the new thread participates in CPU
scheduling with a fill only. Otherwise he participates with both a
claim and a fill. This concept dovetails nicely with Genodes quota based
resource management as any process can grant subsets of its own
CPU-time and priorities to its child without knowing the global means of
CPU-time and priority.
The commit also adds a run script that enables an automated unit test of the
scheduler implementation.
fix#1225
To serve the needs of the coming CPU scheduler, the double list needs
additional methods such as 'to_tail' and 'insert_head'.
The commit also adds a run script that enables an automated unit test
of the list implementation.
ref #1225
Kernel tests are done by replacing the implementation of an otherwise
empty function 'Kernel::test' that gets called once at the primary CPU
as soon as all kernel initialization is done. To achieve this, the test
binary that implements 'Kernel::test' must be linked against the core
lib and must then replace the core binary when composing the boot image.
The latter can be done conveniently in a run script by setting the new
argument 'core_type' of the function 'build_boot_image' to the falue
'test'. If no kernel test is needed the argument does not have to be
given - it is set to 'core' by default which results in a "normal"
Genode image.
ref #1225
Previously, Idle_thread inherited from Thread which caused an extra
processor_pool.h and processor_pool.cc and also made class models for
processor and scheduling more complex. However, this inheritance makes
not much sense anyway as an idle context doesn't trigger most of the code
in Thread.
ref #1225
The memory barrier prevents the compiler from changing the program order
of memory accesses in such a way that accesses to the guarded resource
get outside the guarded stage. As cmpxchg() defines the start of the
guarded stage it also represents an effective memory barrier.
On x86, the architecture ensures to not reorder writes with older reads,
writes to memory with other writes (except in cases that are not
relevant for our locks), or read/write instructions with I/O
instructions, locked instructions, and serializing instructions.
However on ARM, the architectural memory model allows not only that
memory accesses take local effect in another order as their program
order but also that different observers (components that can access
memory like data-busses, TLBs and branch predictors) observe these
effects each in another order. Thus, a correct program order isn't
sufficient for a correct observation order. An additional architectural
preservation of the memory barrier is needed to achieve this.
Fixes#692
GCC 4.7.4 and newer seems to optimize the lock-variable accesses more
radically, which uncovered the missing volatile qualifier and resulted
in:
Assertion "(int)locked >= 0" failed in file '.../okl4_x86/kernel/include/kernel/read_write_lock.h', line 151 (fn=f0104771)
--- "KD# assert" ---
Invalidating all branch predictors before switching the PD
fixes instability problems on Panda and has not much effect
on the performance of other boards. However, we neither know why
this is a fix nor wether it fixes the real cause of the problem.
fix#1294
Previously, the timer was used to remember the state of the time slices.
This was sufficient before priorities entered the scene as a thread always
received a fresh time slice when he was scheduled away. However, with
priorities this isn't always the case. A thread can be preempted by another
thread due to a higher priority. In this case the low-priority thread must
remember how much time he has consumed from its current time slice because
the timer gets re-programmed. Otherwise, if we have high-priority threads
that block and unblock with high frequency, the head of the next lower
priority would start with a fresh time slice all the time and is never
superseded.
fix#1287
Some SDL applications expect the SDL_image headers in include/SDL to be
reachable without the SDL/ prefix. This patch adds the corresponding
search path. Furthermore it enables support for XPM images.
Ported drivers list and extract all needed source files. This decouples
ports according to contrib sources and also enables us to revert lxip to
Linux version 3.9, while staying with 3.14 for usb.
Fixes#1285
The manpage to errno tells the following story:
The <errno.h> header file defines the integer variable errno, which is
set by system calls and some library functions in the event of an error
to indicate what went wrong. Its value is significant only when the
return value of the call indicated an error (i.e., -1 from most system
calls; -1 or NULL from most library functions); a function that
succeeds is allowed to change errno.
Valid error numbers are all nonzero; errno is never set to zero by any
system call or library function.
When the 'Mtd::FPU' flag is set during the registration of a
virtualization event handler, it must also be set whenever the event
handler returns.
Fixes#1283
This patch ensures that priority values passed as session arguments
are within the valid range of priorities. Without the clamping, a child
could specify a priority of a lower priority band than the one assigned
to the subsystem. Thanks to Johannes Schlatow for reporting this issue.
Fixes#1279
This is just a quick fix to calm down the buildbot - a revised
implementation is needed according to issue #1277. Further, the reason
for the increased test duration on several platforms must be
investigated.
The alias is rather Linux-specific and also prevents particularly
tailored jiffies implementations. For the existing dde_linux ports (usb
and lxip) we just define jiffies to be dde_kit_timer_ticks with a
preprocessor macro.
The menu view generates a simple dialog of widgets and reports the
hovered element. It is meant to be embedded into applications that
require simple GUIs but don't want to deal with the pecularities of
a full-blown widget set.
The new 'session_control' function can be used to perform operations on
the global view stack that span one or multiple sessions, e.g., bringing
all views of specific sessions to the front, or hiding them.
If the Rom_session::update function returns false, the ROM dataspace may
have been physically destructed (and core has removed all mappings).
In this case, we have to omit the detach operation in the destructor
of 'Attached_dataspace' to avoid detaching the same region twice.
The headers 'texture_rgb565.h' and 'texture_rgb888' contain
template specializations needed for using the 'Texture::rgba' function
for the respective pixel formats. The specializations were formerly
contained in application-local code.
This patch add an optional alpha argument to the constructor, which may
be passed to a pixel type representing an alpha channel. Furthermore,
a new overload of the mix function has been added to accommodate use
cases where one texture is applied to both a pixel surface and an alpha
channel.
When X-ray mode is active, nitpicker filters motion events that are not
referring to the currently focused domain. However, domains configured
as xray="no" (such as a panel) need to obtain motion events regardless
of the xray mode. This patch relaxes the motion-event filtering to
accommodate such clients.
The buffer offset was wrongly accounted for. The miscalculation went
unnoticed until now because the buffer offset was apparently never used
in combination with alpha-channels.
If a domain is configured as xray="no", we want to let the views of the
domain respond to input events like in flat mode, even if xray mode is
active. Normally, the input mask of views with an alpha channel is
disregarded in X-ray mode. However, for non-ray views, the input mask
should always be considered.
The 'Signal_rpc_member' takes care about dissolving its signal context
from the receiver. So we don't need to manually perform this operation
in the session destructor.
With this patch, the VESA driver chooses the video mode with the highest
resolution from the list of available modes if no resolution is
explicitly configured.
Fixes#1263.
* use seoul branch containing vbios emulator
* report the memory model in the VBE mode info as otherwise the
Genode framebuffer driver will ignore this mode
Fixes#1261
It turned out that the controller configuration can change during the self
tests, so now it is read before running the tests and restored afterwards.
Fixes#1260.
This component merges the input events of multiple sources.
Example configuration:
<start name="input_merger">
<resource name="RAM" quantum="1M" />
<provides>
<service name="Input" />
</provides>
<config>
<input label="ps2" />
<input label="usb_hid" />
</config>
<route>
<service name="Input">
<if-arg key="label" value="ps2" /> <child name="ps2_drv" />
</service>
<service name="Input">
<if-arg key="label" value="usb_hid" /> <child name="usb_drv" />
</service>
<any-service> <parent /> <any-child /> </any-service>
</route>
</start>
For each 'input' config node, the component opens an 'Input' session with the
configured label. This label is then evaluated by 'init' to route the session
request to a specific input source component.
Fixes#1259.
* When flushing the data and unified cache on ARM, clean and invalidate
instead of just cleaning the corresponding cache lines
* After zero-ing a freshly constructed dataspace in core, invalidate
corresponding cache lines from the instruction cache
The backend allocator for the slab is a sliced heap, which hands out
allocations with page-size granularity (4096 bytes). Therefore, the
slab-block size should also be about a multiple of the page size minus
some bytes of overhead.
Additional adjustments:
- The slab-block size and the default quota-upgrade amount for SIGNAL
sessions depends on the platform bit width now.
- The signal test also stresses the case of many managed context in one
session including creation and destruction of the used signal receiver
in repeated rounds.
- correctly catch and report non-existing root directories
- remove *all* leading slashes from root-directory attributes and
sanitize empty declarations to current working directory
The older SOAP EOI protocol is not supported with AMT version 9+. By default
the wsman tool will be used if installed.
RUN_OPT examples to enforce amtool or wsman:
--target amt --amt-tool wsman
--target amt --amt-tool amttool
Fixes#1251
The weak implementation was added for quite special purposes years ago
and is no longer needed. On the other hand, the weak attribute does not
help if the implementation ends up in a shared library, which first
resolves symbols locally before asking ldso (that includes the acutal
thread library) *shiver*
The original git:// URL produced the following error:
Cloning into 'jbig2dec'...
fatal: remote error: access denied or repository not exported: /jbig2dec.git
Until now, the rumpkernel based tools were installed with all symbols
included. This accounts for about 200MiB used space on 64Bit system.
Stripping the binaries prior to installation brings the space
requirements down to 20MiB.
Fixes#1245.
The clean rule is used to delete already built binaries as well as to
clean-up any left-overs from previous build attempts. If there was
no previous attempt just return true to prevent make from complaining.
Fixes#1245.
Before the pointer handling was removed from the nitpicker server, the
pointer was always the first view, which was skipped in the find_view
function. However, since we support pointer-less operation by now, we
have to consider all views starting with the top-most one.
The port was succesfully tested a echo test and lighttpd. DHCP over
OpenVPN is not tested and probably will not work out of the box.
Therefore, the ip address etc. need to be specified manually.
For now, only ethernet bridging (using a TAP device) is supported.
Fixes#1235.
This commit adds a port the jitterentropy library to Genode. As
backend on x86_{32,64} 'rdtsc' is used and on ARMv{6,7} the
performance-counter.
Fixes#1239.
These file systems are provided on-demand by loading a shared library
when the fstab node is traversed. By convention this library is named
after the file system it provides. For example a file system that
provides a 'random' file system node is called 'vfs_random.lib.so'. It
is still possible to give the the node another name in the vfs. The
following code snippts illustrates this matter:
! [...]
! <config>
! <libc>
! <vfs>
! <dir name="dev"> <jitterentropy name="random"/> </dir>
! </vfs>
! </libc>
! </config>
! [...]
Here the jitterentropy file system, implemented in
'vfs_jitterentropy.lib.so' provides a file system node named 'random'
in the 'dev' directory. When traversing the vfs section the libc will
try to load 'vfs_jitterentropy.lib.so' but programs may access the
file system only via '/dev/random'.
Fixes#1240.
This patch fixes a potential race condition that could happen if a
client connects to nitpicker before the signal for the import of the
initial configuration was delivered. In this case, nitpicker would be
unable to assign a domain to the session (because this information comes
from the configuration), rendering subsequent calls to 'mode' invalid.
The patch solves this problem by manually calling the signal handler
for importing the configuration.
This provides bootable disk images for x86 platforms via
! RUN_OPT="--target disk"
The resulting disk image contains one ext2 partition with binaries from
the GRUB2 boot loader and the run scenario. The default disk size fits
all binaries, but is configurable via
! --disk-size <size in MiB>
in RUN_OPT.
The feature depends on an grub2-head.img, which is part of the commit,
but may also be generated by executing tool/create_grub2. The script
generates a disk image prepared for one partition, which contains files
for GRUB2. All image preparation steps that need superuser privileges
are conducted by this script.
The final step of writing the entire image to a disk must be executed
later by
sudo dd if=<image file> of=<device> bs=8M conv=fsync
Fixes#1203.
After modifying mode transition for branch prediction tz_vmm wasn't
working anymore on hw_imx53_tz but the modifications had nothing to do
with the VM code. However, the amount of instructions in the MT before the
VM exception-vector changed. So I tried stuffing the last working version with
NOPs and found that tz_vmm worked for some NOP amounts and for others not.
Thus, I increased the alignment of the VM exception-vector from 16 bytes to 32
bytes, é voila, its working with any amount of NOPs as well as with branch
prediction commits.
ref #474
Previously, we did the protection-domain switches without a transitional
translation table that contains only global mappings. This was fine as long
as the CPU did no speculative memory accesses. However, to enabling branch
prediction triggers such accesses. Thus, if we don't want to invalidate
predictors on every context switch, we need to switch more carefully.
ref #474
The console included nitpicker_view headers, which were not used. The
headers vanished with the recent nitpicker API change, which broke the
build of seoul.
This patch reimplements the nit_fb server using the server API and
thereby enables the dynamic resizing the of the framebuffer.
Note that the new implementation does not feature the ability to perform
a periodic refresh via the 'refresh_rate' configuration argument. This
feature was removed because the refresh policy can (and should) always
be implemented on the client side.
The QPluginWidget used to be a QNitpickerViewWidget but the new loader
interface does no longer hand out a view capability. So we need to
decouple both classes. This patch moves the view-geometry calculation to
a separate class to make it easier reusable, in particular for the
QPluginWidget.
The window manager provides a nitpicker session interface. In contrast
to the nitpicker server, which leaves the view layout up to the client,
the window manager organizes the views on screen according to a policy
provided by a window layouter. Furthermore, it equips views with window
decorations as provided by a window decorator. Both layouter and
decorator are independent programs.
This patch adds support for the consecutive re-dimensioning the virtual
framebuffer. When changing the buffer size, the session gets upgraded by
the missing portion of the quota instead of donating the whole size of
the new buffer each time.
This patch introduces a way to tweak the coordinate systems per
domain. The 'origin' attribute denotes the origin of the coordinate
system. Valid values are "top_left", "top_right", "bottom_left",
"bottom_right", and "pointer". Furthermore, the screen dimensions as
reported to the nitpicker client can be tweaked per domain using the
'width' and 'height' attributes. If the specified value is positive,
it is taken as literal boundary. If the value is negative, the size
if deducted by the specified amount from the physical screen area.
This patch introduces a mandatory layer attribute to domains. The layer
ordering is superimposed on the stacking order of the views. The
top-most layer can be assigned to a pointer-managing client. An example
for such a pointer is located at os/src/app/pointer. It replaces the
formerly built-in nitpicker mouse cursor.
The new layering mechanism replaces the former "stay-top" session
argument. So the Nitpicker::Connection no longer takes the stay-top flag
as the first argument.
A session can be explicitly configured to present its views in a
completely opaque way when the X-ray mode is active as opposed to the
default where each view gets tinted and surrounded by a frame. This
is useful for decorator views, which look overly busy otherwise.
This patch introduces the notion of a "domain" to the nitpicker
configuration concept. Session policies always refer to a domain where
multiple session policies can refer to the same domain. Thereby a domain
provides a way to express the grouping of sessions. This is useful for
applications that open multiple nitpicker sessions (such as Qt5 apps that
use one nitpicker session per window, menu, etc.). We want to assign all
those sessions to a single domain.
The configuration looks as follows:
<config>
...
<domain name="default" color="#ffffff"/>
<policy label="" domain="default"/>
...
</config>
This patch changes nitpicker's session interface to use session-local
view handles instead of view capabilities. This enables the batching
of multiple view operations into one atomic update.
This patch introduces a focus-management facility to the nitpicker
session interface. As a side effect of this change, we remove the notion
of a "focused view". There can only be a "focused session". This makes
sense because input is directed to sessions, not views.
Issue #1168
This patch changes nitpicker's way of redrawing. Originally, redraw
operations were triggered immediately by the RPC functions invoked by
clients. In the presence of clients that invoked a large number of those
functions, the server could become overloaded with processing redraw
operations. The new version performs redraw operations out of band with
the RPC functions. Similar to the design of the DOpE GUI server, redraw
operations are processed periodically. The RPC functions merely modify
meta data and track the dirty areas that need to be updated.
Consequently, nitpicker's RPC functions become light-weight operations.
As a nice collateral effect of this patch, nitpicker's internal
structure could be simplified because the drawing backend is no longer
needed by the code that dispatches the RPC interface.
So far, the lifetime-management utilities 'Weak_ptr' and 'Locked_ptr'
had been preserved for core-internal use only. However, the utilities
are handy for many use cases outside of core where object lifetimes
must be managed. So we promote them to the public API.
The new Rom_session::update function can be used to request the update of
an existing ROM dataspace. If the new data fits into the existing
dataspace, a subsequent call of 'dataspace' can be omitted. This way,
ROM dataspace updates don't suffer from page-fault-handling costs that
would occur when replacing the dataspace with each update.
When calling 'sub_node' on a node with no sub nodes, the Xml_node would
interpret the characters after the current node while searching for sub
nodes. The patch adds a sanity check that lets the 'sub_node' function
throw an exception when called on a node with no sub nodes.
This patch makes the handling of constructor arguments consistent among
the Volatile_object and Lazy_volatile_object classes. Arguments are
always forwarded. Otherwise, passing a reference as argument would result
in an unwanted copy of the passed object.
Some session interfaces use session-local handles for referring to
server-side objects, e.g., a file-system session hands out file handles
to the client. The new 'Handle_registry' class template can be used to
associate numeric handles with objects on the server side and thereby
simplifies the implementation of such servers.
This patch enables the debugging on services that rely on dynamic
session upgrades. For example, nitpicker expects its clients to donate
RAM quota that matches the size of the virtual framebuffer, which might
change during the lifetime of a nitpicker session.
* repos/ports/include/vmm
- add support to specify cpu location during vCPU construction
* seoul
- update to latest seoul branch supporting smp
- adjust to vmm interface changes
- vCPUs will be put in a round robin fashion on the available host CPUs,
beginning with the next CPU after the default (boot) CPU
- number of vCPUs can be specified in run script
* virtualbox
- adjust to vmm interface changes
- uses still one vCPU, placed on default (boot) CPU
Fixes#1212
This reverts commit edc03489b3.
Since commit
"timer: nova specific version of the service"
a nova specific timer is used and this quirk is not necessary anymore.
Issue #1211
When a page fault cannot be resolved, the GDB monitor can get a hint about
which thread faulted by evaluating the thread state object returned by
'Cpu_session::state()'. Unfortunately, with the current implementation,
the signal which informs GDB monitor about the page fault is sent before
the thread state object of the faulted thread has been updated, so it
can happen that the faulted thread cannot be determined immediately
after receiving the signal.
With this commit, the thread state gets updated before the signal is sent.
At least on base-nova it can also happen that the thread state is not
accessible yet after receiving the page fault notification. For this
reason, GDB monitor needs to retry its query until the state is
accessible.
Fixes#1206.
The build config for core is now provided through libraries to enable
implicit config composition through specifiers and thereby avoid
consideration of inappropriate targets.
fix#1199
The count value can be used to batch timeouts. I.e., if a periodic
timeout triggered multiple times before the timer had a chance to
process them, the count corresponds to the number of passed periods.
Until now, the HW platform support for the TrustZone features of the
i.MX53 boards could only be used, when adding a "trustzone" SPEC variable
manually. This commit adds a create_builddir target for HW i.MX53 with
TrustZone features enabled, fo convenience reasons.
- Log elapsed time per test in summary
- Command-line switch `--time-stamp` prefixes log output lines with
current time stamp (requires ts utility from Debian package _moreutils_)
Fixes#1156.
A subject that inherits from Processor_client not necessarily has the need for
doing a processor-global TLB flush (e.g. VMs). At the other hand the Thread
class (as representation of the only source of TLB flushes) is already one of
the largest classes in base-hw because it provides all the syscall backends
and should therefore not accumulate other aspects without a functional reason.
Hence, I decided to move the aspect of synchronizing a TLB flush over all
processors to a dedicated class named Processor_domain_update.
Additionally a singleton of Processor_domain_update_list is used to enable
each processor to see all update-domain requests that are currently pending.
fix#1174
and add xml configuration option to switch it on if required. Avoids trouble
on Windows 7 guest where IRQ injected by VMMDev PCI device is not delivered.
If ioapic is required and Windows guest addition "hangs", look in file
DevPCI.cpp, function pciSetIrqInternal, variable fIsApicEnabled. If
config[0xde] == 0xbe
config[0xad] == 0xef
it works. "Deadbeaf" seems to/should be set in ACPI file vbox.dsl. Happens for
unknown reason not on Genode/Nova.
Fixes#1188
By adding: "--target jtag \
--jtag-debugger <debugger configuration> \
--jtag-board <board configuration>" to the RUN_OPTs
this commits enables the run-tool to load and execute an ELF image
via JTAG to the target platform.
Fixes#1191
Commit 6a3368ee that refactored the mode transition assembler path, and
high-level entry point, fundamentally broke that part for the TrustZone VMs.
Instead of jumping to the appropriated address, the instruction value at that
point where used as target address.
Moreover, the TrustZone part of the mode transition page was not included into
the boundary check.
Ref #1182
On ARM it's relevant to not only distinguish between ordinary cached memory
and write-combined one, but also having non-cached memory too. To insert the
appropriated page table entries e.g.: in the base-hw kernel, we need to preserve
the information about the kind of memory from allocation until the pager
resolves a page fault. Therefore, this commit introduces a new Cache_attribute
type, and replaces the write_combined boolean with the new type where necessary.
Depending on 'src_w' and 'dst_w', different lines of a block to copy may be
32-bit aligned or not, so the alignment of each line needs to get checked.
Fixes#1111.
Don't define assembler constants inside macros, thereby calling the
corresponding macros isn't needed anymore. To prevent having to much
constants included in files where they aren't needed, split macros.s
file into a generic mode_transition.s part, and globally used macros.s.
Fix#1180
Previously this was not done before Thread_base::start(..) in
base-hw as it was not needed to have a valid cap that early. However,
when changing the affinity of a thread we need the cap to be valid
before Thread_base::start(..).
fix#1151
By now the scheduling timer was only refreshed for a new scheduling timeout
when the choosen scheduling context has changed. But we want it to be refreshed
also when the scheduled context yields without an effect to the schedulers
choice (this is the case e.g. when the idle thread gets a scheduling timeout
or a thread yields without any competitor in its priority band).
ref #1151
By using &&, we prevent the accidental copying of deallocator instances,
passed to the destroy function. We always want to take the deallocator
as reference or pointer.
For the correct integration of a QPluginWidget in a parent QWidget, with
this commit the parent QWidget's Nitpicker view is made the parent view of
the plugin's Nitpicker view.
Fixes#1173.
This commit adds a 'parent_view()' function to the loader session, which
allows to set the parent view of the subsystem's Nitpicker view.
If the function is to be used, this must get done before calling
'start()'.
Fixes#1172.
In file
src/VBox/Additions/WINNT/SharedFolders/driver/file.c
the function
static int vbsfTransferCommon(VBSFTRANSFERCTX *pCtx)
in the
VbglR0CanUsePhysPageList()
branch does not correctly evaluate the read or written bytes from
the VMM. It ever assumes that whole pages are read/written.
Workaround the bug in the Windows guest additions of Vbox until fixed
upstream by filling up the read/write buffer completely within the VMM code
of Vbox.
Fixes#1176
Genode::strncpy() enures the destination string is null terminated by
writing a null-byte. In this case, the null-bytes always overwrote the
last character of the output byte stream.
Ensures that the Exynos5 CPU is clocked equally no matter how the kernel
initialized it. This makes the result of this time critical test more
comparable.
fix#1162
Now that it is possible to resize the stack of the Genode main thread, it
is not necessary anymore to create a new Genode thread as Qt main thread.
Fixes#1134.
This patch changes both the Input::Session interface and the skeleton
for the server-side implementation of this interface
('input/component.h').
The Input::Session interface offers a new 'sigh' function, which can be
called be the client to register a signal handler. The signal handler
gets notified on the arrival of new input. This alleviates the need to
poll for input events at the client side.
The server-side skeleton for implementing input services underwent a
redesign to make it more modular and robust. I.e., there are no
global functions needed at the server side and the event-queue
enable/disable mechanism is implemented at a central place (in the root
component) rather than inside each driver.
Fixes#46
Fixes an alignment problem introduced by commit "hw: map core on demand"
where physical address alignment wasn't checked anymore, when inserting
a section within the first-level table of ARM's short translation table
format.
Many thanks to Christian Prochaska for helping to debug the problem.
In case the storage-entry point dispatches more then one packet, wait for the
previous command to finish before setting a new request. This has to be done
because the 'queuecommand' does actually *not* queue things, but can only handle
one request at the time.
Fix#1143
On ARM, when machine instructions get written into the data cache
(for example by a JIT compiler), one needs to make sure that the
instructions get written out to memory and read from memory into
the instruction cache before they get executed. This functionality
is usually provided by a kernel syscall and this patch adds a generic
interface for Genode applications to use it.
Fixes#1153.
Using 'upvar' instead of 'global' in the 'append_if' and 'lappend_if'
functions makes it possible to use these functions with local variables
of the calling function.
Fixes#1137.
The 'rump_cgd' server provides block level encryption for a block
session by employing the 'cgd(4)' device provided by the rumpkernel.
'rump_cgd' uses a Block_session to get access to an existing block
device and provides another Block_session to its clients. Each block
written or read by the client is transperently encrypted or decrypted
by the server.
For now 'rump_cgd' may only _configure_ a 'cgd' device but is unable
to generate a configuration. The used cipher is hardcoded to
_aes-cbc_ with a keysize of 256 bit. Furthermore the server is able to
serve one client only.
To ease the usage, its interface is modelled after the interface of
'cgdconfig(8)'. As implications thereof the key must have the same
format as used by 'cgdconfig'. That means the key is a base 64 encoded
string in which the first 4 bytes denote the actual length of the key
in bits (these 4 bytes are stored in big endian order).
Preparing a raw (e.g. without partition table) encrypted Ext2 disk
image is done by executing 'tool/rump':
! dd if=/dev/urandom of=/path/to/disk_image
! rump -c /path/to/disk_image # key is printed to stdout
! rump -c -k <key> -F ext2fs /path/to/disk_image
To use this disk image the following config snippet can be used:
! <start name="rump_cgd">
! <resource name="RAM" quantum="8M" />
! <provides><service name="Block"/></provides>
! <config action="configure">
! <params>
! <method>key</method>}
! <key>AAABAJhpB2Y2UvVjkFdlP4m44449Pi3A/uW211mkanSulJo8</key>
! </params>
! </config>
! <route>
! <service name="Block"> <child name="ahci"/> </service>
! <any-service> <parent/> <any-child/> </any-service>
! </route>
! </start>
the Block service provided by rump_cgd may be used by a file system
server in return:
! <start name="rump_fs">
! <resource name="RAM" quantum="16M"/>
! <provides><service name="File_system"/></provides>
! <config fs="ext2fs">
! <policy label="" root="/" writeable="yes"/>
! </config>
! <route>
! <service name="Block"> <child name="rump_cgd"/> </service>
! <any-service> <parent/> <any-child/> </any-service>
! </route>
! </start>
Since 'tool/rump' just utilizes the rumpkernel running on the host
system to do its duty there is a script called 'tool/cgdconf' that
extracts the key from a 'cgdconfig(8)' generated configuration file
and also is able to generade such a file from a given key. Thereby
the interoperabilty between 'rump_cgd' and the general rumpkernel
based tools is secured.
The rumpkernel based tools are intended to be used by executing
'tool/rump'. Since it covers the most common use cases for these
tools, this script is comparatively extensive, hence giving a short
tutorial seems reasonable:
* Format a disk image with Ext2:
To format a disk image with the Ext2 file system, first prepare the
actual image by executing dd:
! dd if=/dev/zero of=/path/to/disk_image bs=1M count=128
Second, use 'tool/rump' to format the disk image:
! rump -f -F ext2fs /path/to/disk_image
Afterwards the just created file system may be populated with the
content of another directory by executing
! rump -F ext2fs -p /path/to/another_dir /path/to/disk_image
The content of the file system image can be listed by executing
! rump -F ext2fs -l /path/to/disk_image
* Create a encrypted disk image:
Creating a cryptographic disk image based on cgd(4) is done by
executing the following command:
! rump -c /path/to/disk_image
This will generate a key that may be used to decrypt the image
later on. Since this command will _only_ generate a key and NOT
initialize the disk image, it is highly advised to prepare the disk
image by using '/dev/urandom' instead of '/dev/zero' (only new blocks
that will be written to the disk image are encrypted). In addition
while generating the key a temporary configuration file will be
created. Although this file has proper permissions, it may leak the
generated key if it is created on persistent storage. To specify a more
secure directory the '-t' option should be used:
! rump -c -t /path/to/secure/directory /path/to/disk_image
Decrypting the disk image requires the key generated in the previous
step:
! rump -c -k <key> /path/to/disk_image
For now this key has to specified as command line argument. This is
an issue if the shell, which is used, is maintaing a history of
executed commands.
For completness sake let us put all examples together by creating a
encrypted Ext2 image that will contain all files of Genode's _demo_
scenario:
! dd if=/dev/urandom of=/tmp/demo.img bs=1M count=16
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs /tmp/demo.img > \
! /ramfs/key # key is printed out to stdout
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> \
! -p $(BUILD_DIR)/var/run/demo /tmp/demo.img
To check if the image was populated succesfully, execute the
following:
! $(GENODE_DIR)/tool/rump -c -t /ramfs -F ext2fs -k <key> -l \
! /tmp/demo.img
The rumpkernel tools are used within the Genode OS Framework tool chain
for preparing and populating disk images as well as creating cgd(4)
based cryptographic disk devices.
Execute 'tool/tool_chain_rump build' to build the tools and afterwards
'tool/tool_chain_rump install' to install the binaries. The default
install location is _/usr/local/genode-rump_.
On ARM in one way or another 'string.h' prototypes will be used. Move
the definitions from rump_fs to the rump library because it is needed
by all rump based servers running on ARM.
Issue #1141.
Use _italic_ for path names rather than 'verbatim'. Because path names
tend to be quite long, the overly use of verbatim makes paragraphs hard
to read.
The new 'select_from_ports' function allows a target description file to
query the path to an installed port. All ports are stored in a central
location specified as CONTRIB_DIR. By default, CONTRIB_DIR is defined
as '<genode-dir>/contrib'. Ports of 3rd-party source code are managed
using the tools at '<genode-dir>/tool/ports/'.
Issue #1082
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.
Issue #1082
This patch avoids the construction of the Genode::Config object in Noux
processes. The construction of this object would populate the Noux
process with additional capabilities, which cannot be handled by
'fork()'.
The old implementation of sleep_forever() used a local Ipc_server
object, which is not announced (i.e., known) outside of the blocking
process/thread, to infinitely wait for incoming messages. In past and
present, this leads to problems (e.g., issues #538 and #1032).
Fixes#1135.
Fixes#538.
Fixes#1032.
Use the libc Mem_alloc implementation per MMTYP of virtualbox. With this the
invariant that all memory allocation of a MMTYP are dense located.
Fixes#1130
Instead of mapping all physical memory 1:1 into core/kernel's address space,
this commit limits the 1:1 mapping to the binary image, and I/O memory
regions used by the kernel only. All subsequent memory accesses of core
are done by mapping the corresponding memory on demand, and not necessarily
1:1.
This commit has several side effects:
The page table code had to be revisited completely. The kernel inserts no
longer anything into the page tables, apart from the initial translations
to have the core/kernel image available when enabling the MMU. The page
tables and higher level translation tables are no longer named Tlb, but
Translation_table instead. There is no indirection class required to define
the translation tables of a concrete SoC, the appropriated ARM specifier
is sufficient.
The ability to map core's memory the same way like it's done for all other
protection domains, makes a special treatment of core's threads (no context
area) obsolete.
Ref #567 (partly solves it)
Fix#723Fix#1068
Removes the generic processor broadcast function call. By now, that call
was used for cross processor TLB maintance operations only. When core/kernel
gets its memory mapped on demand, and unmapped again, the previous cross
processor flush routine doesn't work anymore, because of a hen-egg problem.
The previous cross processor broadcast is realized using a thread constructed
by core running on top of each processor core. When constructing threads in
core, a dataspace for its thread context is constructed. Each constructed
RAM dataspace gets attached, zeroed out, and detached again. The detach
routine requires a TLB flush operation executed on each processor core.
Instead of executing a thread on each processor core, now a thread waiting
for a global TLB flush is removed from the scheduler queue, and gets attached
to a TLB flush queue of each processor. The processor local queue gets checked
whenever the kernel is entered. The last processor, which executed the TLB
flush, re-attaches the blocked thread to its scheduler queue again.
To ease uo the above described mechanism, a platform thread is now directly
associated with a platform pd object, instead of just associate it with the
kernel pd's id.
Ref #723
It covers bugs which we should detect and fix, especially depending on
the result of pthread_myself locking implementation (ours and vbox) takes
decision to take a lock or just to assume it is a reentrant locking attempt.
Fixes#1128
The pointer-report facility used to report the screen-absolute position
of the mouse pointer. For nitpicker clients, however, this position is
meaningless because their coordinate is always constrained to the area
below the menu bar. This patch offsets the reported position
accordingly.
The rm_session quota of the context area is not sufficient to start more
then ~95 threads per address space. If one really needs so many threads per
address space one could increase the quota or dynamically respond to it using
the Expanding_rm_session class. Until now there is no need to support so much
threads per address space.
Issue #1122
By separating the VFS from Noux, we become able to reuse the
VFS for libc-using programs. The most substantial change is the
removal of Noux::Sysio data structures from the VFS. Instead, the
Noux::Sysio refers to the VFS types now.
The new VFS library is located at 'os/include/vfs/'.
Furthermore, the patch removes various code duplications related
to pseudo file systems that provide a single file (block, zero,
random, terminal, null). The new 'Single_file_system' holds the
common boilerplate code for those.
Issue #999
Until now, there was not exception type for the condition where a
symlink was created on a file system w/o supporting symlinks, e.g., FAT.
The corresponding file-system server (ffat_fs) used to return a negative
handle as a work around. I added 'Permission_denied' to the list of
exceptions thrown by 'File_system::Session::symlink' to handle this case
in a clean way.
Genode's file system interface returns the number of directories
multiplied by sizeof(Directory_entry) as size of a directory. The
tar_fs server used to return zero. The fix counts the sub nodes of
the given directory.
The test used to rely on a writable root directory. To reuse the test
for the new VFS, where '/' is never writable, I changed all absolute
paths to relative paths.
By introducing the new 'File_system_registry', we can remove the
knowledge about the actual file-system implementations from the
'Dir_file_system'. Thereby the code becomes more generic, which is
a precondition for using it as the basis for Genode's VFS library.
Issue #999
* Perform sanity check before calculating memory available to rump kernel
* Distinguish between 'Hard_context' and 'Hard_context_thread', so no dead
threads (that will not be started) are created
* Install signal-handler for memory-resource requests. This way the fs server
will not block forever when the quota is execeeded and a resource requests
fails, leaving the rump kernels to perform necessary actions
Fixes#1127
The version string was generated when core/main.cc was rebuilt, which
happens on changes in the file itself or in a header file it includes.
But, the version should reflect if the Genode repository was changed at
any place. Therefore, I moved the version string to its own version.cc
which is forcedly rebuilt any time core is examined by the build system.
@nfeske what do you think about it? Core is now relinked on any build.
Fixes#551.
Turn Genode user-level spinlock into a user-level "helpinglock". This requires
support by the kernel introduced with kernel branch r5.
The commit avoids live-locks when multiple threads with SCs on different
priority levels compete for the same user-level Genode "spinlock".
Issue #986
The commit switches the kernel branch to r5 and updates the syscall bindings
in base-nova accordingly. Beside some cleanups, r5 extents the ec_ctrl syscall
to support following features:
* An EC may yield its current timeslice. The timeslice gets enqueued at the end
of the run queue without refreshing the left budget of the quantum.
* An EC helps with the current SC another EC. Used in Genode to implement
helping over a user-level lock to avoid live-lock situation. (Think of
a limited priority-inheritance mechanism.)
* An EC requests a new scheduler decision. Used in Genode to transfer back the
potentially helping SC to the helper EC.
Issue #986
Set cpu_session default affinity space already during
construction of the thread, so that main thread is placed in the cpu affinity
space as defined by the parent. Otherwise the main thread is placed potentially
outside the affinity space, typically on the first/boot CPU.
Fixes#1107
Otherwise affinity space is set to 1x1 and in cpu_session_component.cc the cpu
session local affinity space defined by parent is not taken because
"Location::valid()" returns true.
Issue #1107
Kernel::resume_thread was restricted to core when the targeted thread was in
another domain. Now there are two kernel calls, resume_local_thread and
resume_thread, where the former is never restricted and is provided via
public kernel/interface.h and the latter is always restricted to core and
is provided via core-local kernel/core_interface.h.
ref #1101
Kernel::pause_current_thread can be implemented much simpler and is not
restricted to core threads, in contrast to Kernel::pause_thread which
also benefits from the split and can be moved to core_interface.h.
ref #1101
If an RM fault ends up in any trouble, the faulter remains paused and
the pager activation continues with the next fault. Thus we can print
a warning instead of an error and safe execution time in release mode.
ref #1096
In most cases an error report is not necessary in the kernel as the problem
does not affect the kernel itself but the according user-land context. Thus
we can also do a warning that is not printed in release mode and hence safe
execution time.
ref #1096
As the message "replay: missing dataspace info for ..." occurs multiple times
on every fork, it slows down at least noux_tool_chain_auto with hw_arndale
about 10 seconds. To avoid this overhead in release mode I've turned it into a
warning rather than an error.
ref #1096
Previously for determining wether boot-up succeeded or not, we looked
for a message that is switched off in release mode. Now the kernel
provides a reliable message as soon as initialization is done.
ref #1096
We changed the test hardware and the new one does not support 1400x1050 anymore.
Choose some conservative resolution since this is anyway a auto test nobody
is really looking at the screen output.
The 'tinfo.cc' file needs to get built, because it implements
'std::type_info::operator==(std::type_info const&) const', which
is needed by the 'icu' library on ARM.
Fixes#1109.
If counter drops to 0, the wrap flag is set also. That means we have actually
no wrap around. The patch avoids to add too much time to the elapsed time
variable.
Issue #1106
The generalization of nitpicker's graphic backend changed the interface
of 'Mode::forget', which is a (non-pure) virtual function implemented
by 'User_state::forget'. Unfortunately, the signature change was not
applied to 'User_state::forget' so that the actual implementation was
no longer called. This inconsistency remained unnoticed because there
is a default implementation of the virtual function.
The effect of the omission of the 'User_state::forget' call was a
dangling pointer ('User_state::_pointed_view').
Lesson learned: Always annotate functions with the C++11 'override' when
implementing virtual functions.
The error message given to the 'errx()' function does not always contain a
'\n' character. Adding 'printf("\n")' ensures that the message appears on
the log console.
Fixes#1103.
Reserve first bit in bit allocator for main thread of context allocator and
remove special cases in context allocator. Without the reservation there is
is one context outside the context area allocated.
Fixes#1100
The do statement ensures the macros to generate just one expression that
is compatible with any programming construct. The concrete bug was
if (cond)
PDBG(...);
else
...
which was expanded to
if (cond)
if (DO_PDBG)
Genode::printf(...);
else
...
This is obviously wrong as the *else* branch is then connected to the
second *if*.
* Core_mem_allocator: implement Range_allocator interface
* Core_mem_allocator: allocate with page-granularity only
* Use slab allocators in core where meaningful (e.g. dataspace objects)
Fix a use-after-free bug concerning the use case where the config
of the init process changes dynamically. The childs' services were not
removed from the corresponding Service_registry properly.
Fixes#1094
When an object derived from Genode::Connection is copied we had
strange issues. An example is that the first RPC invocation works
correctly but the second one blocks or even delivers incorrect data.
We can avoid this issue if the object is always passed by reference.
Ensure this by deriving from Genode::Noncopyable.
The processor scheduler can determine without much overhead wether
the currently scheduled client becomes out-dated due to the insertion
of another client. This can be used to safe inter-processor interrupts
when a remote insertion doesn't imply an update of the currently
scheduled client.
fix#1088
At least with the ARM generic interrupt controller, inter-processor interrupts
are edge triggered and banked for all source processors. Thus it might be
possible that such an interrupt gets triggered redundantly until the targeted
processor is able to grab the kernel lock. As we're only interested in making
a processor recognize accumulative updates to its scheduler, we can omit
further interrupts if there is one pending already at the targeted processor.
ref #1088
This is needed as soon as we do inter-processor interrupts to
inform a processor about a remote modification in its scheduling plan.
In this case we can not explicitely decide wether to reset timer
or not. Instead we must decide it according to the choices of the
scheduler before and after the modification.
ref #1088
This patch removes the 'Framebuffer::Session::release()' function from
the interface to make the mode-change protocol consistent with the way
the Rom_session interface handles ROM-module changes. That is, the
client acknowledges the release of its current dataspace by requesting a
new dataspace via the 'Framebuffer::Session::dataspace()' function.
Fixes#1057
Previously this was not done before Thread_base::start(..) in
base-hw as it was not needed to have a valid cap that early. However,
when changing the affinity of a thread we need the cap to be valid
before Thread_base::start(..).
ref #1076
Express that the target binary files depend on the generated files not
the source files. The old expression seems to confuse Make, which then
logs a bogus error like the following
COMPILE Runtime/common/err/errmsg.o
genode-x86-g++: error: Runtime/common/err/errmsg.cpp: No such file or directory
genode-x86-g++: fatal error: no input files
compilation terminated.
make[2]: *** [Runtime/common/err/errmsg.o] Error 1
make[1]: *** [virtualbox-runtime.lib] Error 2
With this patch, functions which execute blocking syscalls on Fiasco.OC
are built with frame pointers to get a correct backtrace shown in GDB.
Also, the backtrace test for a thread currently executing a syscall now
traces the 'Genode::Thread_base::join()' function instead of
'Genode::sleep_forever()', because base-nova has a custom implementation
of 'Genode::sleep_forever()' with a different backtrace than on Fiasco.OC.
Fixes#1061.
Instead of using a special bitfield use a compound of boolean
values for the generic page attributes. To reduce copy overhead,
change the corresponding functions, where Page_flags are used as
arguments, to use references.
This is normally needed in LDSO and was previously done by the LDSO specific crt0.s.
I forgot to keep it during the unification of the different crt0s.
fix#1077
Substitute 'swpb' (swap byte) instruction with 'ldrexb/strexb', because 'swpb'
needs to be enabled explicitly by the kernel, which is done by neither HW or FOC.
When disabled, 'swpb' will cause an undefined instruction exception.
Issue #1048
If opening a report session fails (for example because of invalid
session arguments) and an exception is thrown during the session
construction, the report would wrongly keep the enabled state.
By moving the assignment of the state after the construction,
the report stays disabled as it should be.
This patch improves the focus handling by updating the menubar each time
the user clicks on a different view, even the old and new view belong
to the same session.
Check that in every round really all threads are alive on all CPUs. It
happened that only the first round was ok (all alive) and in the next rounds
some were dead. Unfortunately the test claimed to be successful.
The destructor of the Area object uses invalid caps which results in
a wanted abort of the process on nova. This is mainly the case in forked
process in noux.
Within the central security unit of the i.MX53 SoC, one can set protection
level of various DMA bus master requests, distinguishing them between normal,
and secure access. Although, the access level was meant to be set correctly,
the enumeration values that denoted the kind of access were incorrect. Thereby,
until now every DMA requests was set as being secure. This commit corrects
the enumeration values, and sets all DMA operations as being unsecure, accept
from the graphical subsystem which is controlled by the secure world only.
Thanks to Andrea Barisani and Andrej Rosano from Inverse Path for discovering
this bug, as well as the hardware limitation!
The timed semaphore supports a minimum timeout of 10 ms and logs a
warning if the timeout is lower than the minimum. To prevent the
warning, we limit timeouts to >= 10 ms.
Adding this function eases the implementation of realloc based on
'Libc::Mem_alloc'. Note that this allocator is not used by libc's
default malloc implementation but it is useful for customized C
runtimes, e.g., for the runtime of VirtualBox.
This function provides a way to request the size of an previously
allocated block. It is useful to to ease the implementation of realloc
functionality based on Allocator_avl.
This information is useful if 'libc-common.inc' is included from
another repository, i.e., for building stripped-down libc variants
tailored to an individual application.
Out of laziness we only provide two dummy functions for all FUSE
operations, which are used in case the FUSE file system does not
implement them itself.
Fixes#1058.
Omit the main rountine in fuse-ext2.c. Otherwise using fuse-ext2 with
fuse_fs is not possible because the server framework already defines
a main routine.
Fixes#1058.
* add sync method:
Since file systems tend to have a inbuild caching mechansim we need to
sync these caches at the end of session when using the fuse_fs server.
Therefore each FUSE file system port has to implement a Fuse::sync_fs()
function that executes the necessary actions if requested.
* add symlink check
* allow to check FUSE fs initialization
This changes the private API of the FUSE implementation. The init_fs
method now has to return true if the initialization was successful and
otherwise false. All current users of the API are also changed
accordingly.
Fixes#1058.
Noux generates 'argv[0]' for the initial child automatically (in contrast
to the 'config_args' library), so the first argument stated in the
configuration should not be the GDB program name.
Fixes#1062.
On Genode/Fiasco.OC, when an unresolved page fault occurs, only the IP and
SP registers are valid in the thread state read by GDB monitor. This was
not taken into account so far and the other (possibly outdated) register
values got reported to the client, too.
With this patch, only IP and SP get reported to the client in the page
fault case.
Fixes#1063.
For further information see: http://wiki.netbsd.org/rumpkernel/. In this version
I ported the central rump components to Genode in order to take advantage of
NetBSD file system implementation. The new 'dde_rump' repository contains the
Genode version of the rump libraries and a 'rump_fs' server that implements
Genode file-system-session interface. Currently ext2, iso9660, and fat
file-systems are supported.
Issue #1048
'check_installed' takes a command name as argument and tries to call 'which' in
order to find the command path. If that does not succeed, paths like '/sbin' are
'/usr/sbin' searched. On success the absolute path of the command is returned,
on failure 'exit' is called with an error message.
Issue #1048
Previously we used to many registers in syscalls with much arguments
to build with optimization level O0. Additionally this fix fastens the
userland backend of syscalls.
All the pre- and post-processing of the startup lib around the main
function of a dynamic program is now done by LDSO. Hence LDSO directly
calls the main function of the program.
Issue #1042
This is needed later when eliminating the need for a startup lib in
dynamic programs to enable LDSO to call ctors and dtors of the program.
Issue #1042
After some research we found that the stack pointer on ARM platforms must be
at least double word aligned (See: "Procedure Call Standard for the ARM
Architecture" - 5.2.1.1). Since a 'call' on ARM will not result in a stack pointer
change (like on x86), the current behavior resulted in a 4 Byte aligned stack
only.
Follow up to #1043
This commit generalizes the bit array in 'base/util/bit_array.h',
so that it can be used in a statically, when the array size is known
at compile time, or dynamically. It uses the dynamic approach of the
bit array for a more generalized version of the packet allocator,
formerly only used by NIC session clients. The more generic packet
allocator is used by the block cache to circumvent the allocation
deadlock described in issue #1059.
Fixes#1059
Base libraries are already contained within ldso.lib.so. Remove unnecessary
filtering from 'dep_lib.mk', make ldso depend on base libs.
Issue #1017
Issue #989
This patch make the handling of resizing the virtual framebuffer more
consistent. Liquid_fb keeps track of two sizes. The "next size" is the
size of the framebuffer handed out via the next call of 'dataspace'.
The "designated size" is the size as demanded by the user. The latter
size may be updated more often than the "next" size, depending on the
responsiveness of the framebuffer client to mode-change signals.
The patch also removes the synchronization with refresh calls because
the synchronization made the flickering artifacts worse when executing
nitpicker within liquid_fb. So it was not properly working anyway.
In the future, we might reimplement such a synchronization mechanism
when switching to the server API.
Issue #1056
As the initial main-thread stack is not used for the whole main-thread life
anymore but only for the initialization of the Genode environment it can be
downsized to 32Kb for all architectures.
ref #989
For a main thread a thread object is created by the CRT0 before _main gets
called so that _main can already run in a generic environment that, e.g.,
catches stack overflows as a page-fault instead of corrupting the BSS.
Additionally dynamic programs have only one CRT0 - the one of the LDSO -
which does the initialization for both LDSO and program.
ref #989
Normally for intptr_t the printf format PRIiPTR should be used. As Genode
printf doens't support this format we cast it to long int (intptr_t is int
for 32 bit and long int for 64 bit).
ref #989
This patch adds accessors to obtain the buffer of an attribute value,
which is useful to avoid the copying-out of such information by
maintaining pointers into the XML string as meta data.
There exist different default setups for a specific autoconf version:
* autoconf
* autoconf$(VERSION)
* autoconf-$(VERSION)
As of now, only the second option is recognized by the check in tool_chain.
This patch ensures that if one of those is present in the correct
version, it will be found and used in the build process.
Fixes#1053.
With this patch, the liquid_fb title bar height gets reserved at the top of the
screen, so if a Qt application wants to position a window at (0,0), there's
still enough space to show the title bar above.
Issue #1054.
This utility allows for the manual placement of objects without the need
to have a global placement new operation nor the need for type-specific
new operators.
Issue #989
The trace_fs server provides access to a Trace_session by using a
File_system_session as frontend.
Each trace subject is represented by a directory ('thread_name.subject')
that contains specific files ('active', 'cleanup', 'enable', 'events',
'buffer_size' and 'policy'), which are used to control the tracing
process of the thread as well as storing the content of its trace
buffer.
The tracing of a thread is only activated if there is a valid policy
installed and the intend to trace the subject was made clear by writing
'1' to the 'enable' file.
The tracing of a thread may be deactived by writing a '0' to the
'enable' file.
A policy may be changed by overwriting the currently used one. In this
case the old policy is replaced by the new policy and is automatically
utilize.
Writing a value to the 'buffer_size' file changes the appointed size of
the trace buffer. This value is only evaluted by reactivating the
tracing process.
The content of the trace buffer may be accessed by reading from the
'events' file. Throughout all tracing session new trace events are
appended to this file.
Nodes of UNTRACED subjects are kept as long as they do not change their
tracing state to DEAD. In this case all nodes are removed from the
file system. Subjects that were traced before and are now UNTRACED will
only be removed by writing '1' to the 'cleanup' file - even if they
are DEAD by now.
To use the trace_fs a config similar to the following may be used:
! <start name="trace_fs">
! <resource name="RAM" quantum="128M"/>
! <provides><service name="File_system"/></provides>
! <config>
! <policy label="noux -> trace" interval="1000" subject_limit="512" trace_quota="64M" />
! </config>
! </start>
'interval' sets the periode in which the Trace_session is polled. The
time is given in milliseconds.
'subject_limit' speficies how many trace subject should by acquired at
most when the Trace_session is polled.
'trace_quota' is the amount of quota the trace_fs should use for the
Trace_session connection. The remaing amount of RAM quota will be used
for the actual nodes of the file system and the 'policy' as well as the
'events' files.
In addiition there are 'buffer_size' and 'buffer_size_limit' that define
the initial and the upper limit of the size of a trace buffer.
Tracing of parent processes or rather threads may be enabled by setting
'parent_levels' to a value greater than '0' (though this attribute is
available, the trace session component within core still lacks support
for it).
A ready-to-use runscript can by found in 'ports/run/noux_trace_fs.run'.
Fixes#1049.
Until now, block drivers had to deal with a pointer to the client
session component, e.g.: to acknowledge block packets already processed.
When a session was closed, the driver object wasn't informed explicitly,
which leads to defensive programming, or lastly to a race-condition in
test-blk-srv. To prevent from this class of errors, the pointer is now
private to the generic block driver base class, and not accessible to
the concrete driver implementation. Moreover, the driver gets explicitly
informed when a session got invalidated.
Ref #113
This block cache component acts as a block device for a single client.
It uses fixed 4K blocks as caching granularity, thereby implicitly reads
ahead whenever a client requests lesser amount of blocks. Currently,
it only supports a least-recently-used replacement policy.
Fixes#113
When using the server framework, it might happen that the main thread
tries to forward a signal to the entrypoint, while the context of that
signal is already destroyed. In that case the main thread will get an
ipc error exception as result.
Related to #113
Instead of terminating tool/tool_chain when finding the first
missing tool, this patch runs all checks to completion before
bailing out. This eases finding missing programs, because the
user has to run the script only once to get a list of all missing
software.
Fixes#1046Fixes#1047
On 64-bit platforms Qt's JavaScript engine tries to reserve 1GiB of
virtual memory via 'mmap()', to be backed by physical memory on demand.
Genode's 'mmap()' implementation currently does not support on-demand
allocation of physical memory and tries to allocate the whole amount at
once, which is usually far more than needed.
With this patch, the amount to be reserved gets decreased to 32MiB.
Fixes#1041.
The x86_64 ABI requires the stack pointer to be 16-byte aligned before the
call of a function and decreased by 8 at the function entrypoint (after
the return address has been pushed to the stack).
Currently, when a new Genode thread gets created, the initial stack
pointer is aligned to 16 byte. On Genode/Linux, the thread entry function
is entered by a 'call' instruction, so the stack pointer alignment at the
function entrypoint is correct. On Fiasco.OC and NOVA, however, the thread
entry function gets executed without a return address being pushed to the
stack, so at the function entrypoint the stack pointer is still aligned to
16 byte, which can cause problems with compiler-generated SSE
instructions.
With this patch, the stack pointer given to a new thread gets aligned to
16 bytes and decreased by 8 by default, since most of the currently
supported base platforms execute the thread entry function without pushing
a return address to the stack. For base-linux, the stack pointer gets
realigned to 16 bytes before the thread entry function gets called.
Fixes#1043.
- 'kill()' syscall added
- 'wait()' gets unblocked when a signal occurs
- syscalls can get called from a signal handler without corrupting the 'sysio' object
- the child's exit status gets correctly reported to 'wait()'
- SIGCHLD gets ignored by default
- pending signals survive 'execve()'
Fixes#1035.
Delete operators with additional allocator reference/pointer parameters
are needed if the constructor of an 'new(allocator)' allocated object
throws an exception. Also, destroy now uses the operator to free memory
and provides variants with allocator reference and pointer.
The commit includes a simple test scripts 'run/new_delete', which
exercises the several 'delete' cases.
Related to #1030.
Use a bit allocator for the allocation management of thread contexts,
instead of holding allocation information within the Thread_base objects,
which lead to race conditions in the past.
Moreover, extend the Thread_base class interface with the ability to
to add additional stacks to a thread, and associate the context they're
located in with the corresponding Thread_base object. Additional stacks
can be used to do user-level scheduling with stack switching, without breaking
Genode's API.
Fixes#1024Fixes#1036
Change the template parameter for Bit_allocator, and Bit_array. Instead of
assigning words to be used by the bit array, you can now tell the count of
items that shall be used.
Moreover, some dead code, previously using the Bit_allocator, was removed.
Related to #1024
Splitting the new Genode::Deallocator interface from the former
Genode::Allocator interface enables us to restrict the accessible
operations for code that is only supposed to release memory, but not
perform any allocations.
Additionally, this patch introduces variants of the 'new' operator
that takes a reference (as opposed to a pointer) to a Genode::Allocator
as argument.
By assigning the file name as label, we may become able to remove the
filename argument in the future by just interpreting the last part of
the label as filename. By keeping only the label, we won't need to
consider conditional routing (via <if-arg>) based on session arguments
other than the label anymore.
The new Attached_dataspace complements the existing Attached_*
utilities with a simple version that can be used with any kind of
dataspaces. It may be even useful as a common base type for the other
variants. For example, this patch simplifies Attached_rom_dataspace
and removes the Terminal::Client::Io_buffer.
This patch integrate the scout widgets with Genode's new API headers
'util/geometry.h', 'os/surface.h' and 'os/texture.h'. Thereby, we get
almost rid of the platform-abstraction shim that was never used anyway.
Furthermore, it extracts the parts that are worth reusing from the
scout implementation to the public location 'demo/include/scout'.
This patch re-arranges nitpicker's graphics backend in a more modular
and expandable way. Generalized versions of the 'Canvas',
'Chunky_canvas', and 'Pixel_*' classes have been moved to
'os/include/util/' and 'os/include/os'. The only remaining parts that
are specific to nitpicker's needs are a few drawing functions, each
located in a distinct header at 'os/include/nitpicker_gfx/'.
This patch makes nitpicker's geometry utilities available for the use
by other programs. Thereby, the 'Point', 'Area', and 'Rect' classes
have become templates that take the coordinate type and distance type
as arguments.
Unless '-ignorestderr' is set on 'exec' in expect, any output on stderr
is interpreted as execution failure. In this case, 'create_iso' logs
some diagnostics but does not fail.
We repeatedly promote our ISOs to be bootable from USB storage.
Therefore, we have a hard dependency on 'isohybrid' and should fail in
the case that the tool is missing.
Access to a block session is provided by using the block file system.
By specifying the label, each block session request can be routed to
the proper block session provider:
! <fstab>
! ...
! <dir name="dev">
! <block name="blkdev0" label="block_session_0" />
! </dir>
! ...
! </fstab>
In addition to this file system, support for the DIOCGMEDIASIZE ioctl
request was added. This request is used by FreeBSD and therefore our
libc to query the size of the block device in bytes.
Fixes#1010.
All source codes of the glue code between Vancouver and Genode that were
based on existing GPL code had already stated that Genode Labs is not
the sole owner of the code. To make the distinction between the Genode
OS framework and the glue code more clear, this patch removes the text
"is part of the Genode OS framework" from the glue code.
Instead of, passing responsibility to manage and dissolve Signal_rpc_member
objects at a corresponding entrypoint to the user, hand over entrypoint's
reference to the constructor, and do it in the constructor resp. destructor
of the class.
Fixes#1022
Both base/src/test/thread and base-okl4/src/test/okl4_03_thread used the
same target name, which ultimately confused the build system when
building on OKL4.
File systems using the File_system_session interface can now be
synchronized by using this syscall. This is needed for file system
that maintain an internal cache, which should be flushed.
Fixes#1008.
Users of a File_system_session might want to force a file system
to flush or rather to synchronize its internal cache. A concret
default implementation is provided because not all file systems
maintain an internal cache and are not required to synchronize
caches.
Fixes#1007.
Fail hard if no large enough virtual memory area can be found where to map
the memory from the kernel to core.
Additionally clear dataspaces in junks if it can't be done in one large junk.
Fixes#1011
Make 'set_program_var' accessible outside of 'rtld.c'. Also, compile
dynamically linked programs with the '-fPIC' option. Doing not so,
yields to program-global symbols being put in the '.symtab' section
(which can be stripped) only. In order to get access to global
variables from the dynamic linker, the symbols need to reside within
the '.dynsym' section additionally. Hence the '-fPIC'.
ref #989fix#1002
If an RM client gets dissolved the RM server tries to first
dissolve and then destruct the according pager object. As pager objects
previously cancelled unresolved faults only in destructor the dissolve
operation blocked forever when an unresolved fault existed.
As every pager object should get dissolved before it gets destructed
(signal-context complains otherwise) no more unresolved-fault cancelling
is needed in the destructor.
ref #989
As synchronization of signal contexts is now the users business instead of
cores and the signal framework ensures that every context of a receiver gets
synchronously destructed before the destruction of the receiver itself
synchronization and thus blocking at the destruction of a kernel
receiver-object isn't necessary anymore.
ref #989
Kernel::signal_context_kill can be used by any program to halt the processing
of a signal context synchronously to prevent broken refs when core destructs
the according kernel object. In turn, Kernel::bin_signal_context doesn't block
anymore and destructs a signal context no matter if there are unacknowledged
signals. This way, cores entrypoint doesn't depend on signal acks of a
untrustworthy client anymore.
ref #989
In the future bin_* means the direct destruction of a kernel object
without any blocking. kill_* in contrast is used for bringing a
kernel object such as signal contexts synchronized into a sleeping
state from where they can be destructed without the risk of getting
broken refs in userland.
ref #989
To remap its UTCB to its context area later, a main thread needs
to know the according dataspace capability. This is done through
the start-info it receives from its creator at startup.
ref #989
I have no idea where the previous default alignment = 2 in the unsynchronized
singleton came from but as at least the Arndale IC-driver in base-hw needs an
alignment of 4 = address width, unmanaged singleton now uses sizeof(addr_t)
as default alignment.
ref #989
An unmanaged singleton is a singleton object that isn't
constructed or destructed implicitly through the C++ runtime
enviroment. The new header provides a helper to create such objects
and is located in src/base/include.
ref #989
* Increase entrypoint stack size for part_blk server,
since it crashes on 64 bit
* Consider packet alignment in bulk buffer size calculation of test-blk-cli
* allow to handle a maximum of packets in parallel
that fits free slots in the ack queue
* stop processing packets, when the driver can't handle
more requests in parallel, and resume packet handling,
when the driver is ready again
As hw_arndale is a bit slower than foc_arm and spawn_serial timing
calculation has changed in general, timeouts of noux_tool_chain_auto test
must be adjusted.
fix#996
The Genode-specific implementation of 'QWaitCondition' contains a race
condition which can make the 'qt5_samegame' application hang on Fiasco.OC.
Since most of the pthread synchronization functions needed by the
UNIX-specific implementation of 'QWaitCondition' and 'QMutex' are
available now, we can use these now instead of fixing and keeping
the Genode-specific implementation.
Fixes#993.
Instead of using an additional thread in each Session_component of a
block server, which uses the generic block component and driver classes,
replace it with signal dispatchers.
Ref #113
With 64K stack size, when doing 'make core' in noux on base-hw, the main thread
of /libexec/gcc/arm-elf-eabi/4.7.2/cc1plus runs into a stack overflow during
the compilation of core/main.o . Thus raise the stack size to 128K.
fix#964
The previously used RAM 0x0..0x10000000 was just an alias for
0x70000000..0x80000000. Qemu provides up to of 768 MB RAM with the
correct -m argument. This RAM is located at 0x70000000..0x90000000 and
0x20000000..0x30000000. At least the noux_tool_chain scripts are
happy to have that much RAM.
ref #964
For PBXA9 qemu adjusts provided RAM chips to the -m arg. Thus we
filter user values and force value that enables all chips that Genode
expects to be available. Not doing so leads to inexplicable errors.
ref #964
Makeinfo versions greater 5 treat an @itemx that isn't preceeded by an @item
not as warning anymore but as error. The GCC version 4.7.2 that is used by
noux currently triggers this error multiple times. This commit adds a patch
to 'make prepare PKG="gcc"' that avoids the use of @itemx without preceeding
@item. As GCC versions greater than 4.8 should fix this problem by themselves
this should be seen as temporary quick fix.
ref #964
At least with base-hw, the endless loop at the end of the fork
parent slows execution of the fork child dramatically. Using
libc function pause() is a cleaner solution anyways.
ref #964
When using the initial SP of a main thread for the UTCB
startup-argument, fork_trampoline in libc_noux gets broken.
The function expects the SP to be initialized already in contrast
to the _start function in crt0.s that is called for processes that
are not forked. As the main-thread UTCB is located at the same virtual
address for every PD anyways, we can circumvent this problem by
defining it statically.
ref #964
Struct Msg was introduced due to the handling of pagefaults
and interrupts via synchronous IPC. Its only purpose was to provide
the message type in front of the typed message. Now pagefaults and
interrupts are handled via signals and struct Msg is not necessary
anymore.
ref #958
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
