Apparently the iris driver does not make use of tiling by the kernel, so
we shortcut the 'SET_TILING' call to keep iris happy with this quickfix.
However, tiling information may get lost, if the iris driver ever calls
'MMAP_GTT' and no fence is configured for the buffer. A follow-up commit
should address this shortcoming in the future.
Issue #4284
- CPU-architecture annotations
- Change order of top-level menu, moving Mesa driver to the end
- Add black_hole, recall_fs, file_fault
- Add usb_webcam, test-capture
- Add audio driver and mixer
- Add vbox6, keeping vbox5-nova-sculpt as fallback
- Remove recall_fs launcher, which is obsolete with the recall_fs pkg
- Replace system_clock by system_clock-pc pkg
Issue #4281
This follow-up commit to "sculpt: avoid flickering of leitzentrale"
allows nitpicker to double-buffer pixels during resize operation on a
screen size of 1920x1200.
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.
Issue #4176
This patch extends the notion of having only one uniquely hovered client
in the presence of held keys.
If motion occurs once a key is pressed (e.g., while dragging), the
receiver of the key sequence observes the motion events. In this case,
we have to submit an artificial leave event to the originally hovered
client so that no more than one client observes itself as being hovered
at the same time. Once the key sequence is finished, the hovering is
updated again, eventually presenting a motion event to the originally
hovered client and a leave event to the receiver of the key sequence.
Issue #4176
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.
Issue #4176
To clearly identify the correct device use the unique device's name
not the type. Otherwise a driver cannot drive several devices of the
same type.
Fix#4297
This commit contains a backport of commit [1] that deals with updating
the event ring dequeue pointer more often to prevent unnecessary
'Event Ring Full' errors.
[1] 'usb: host: xhci: update event ring dequeue pointer on purpose'
(dc0ffbea5729a3abafa577ebfce87f18b79e294b)
Fixes#4296.
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.
Fixes#4295
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:
[init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0
Issue #4281
Use 'StateChange' event to check for machine's 'PowerOff' state, close
Gui connections and submit exit signal to EP which in turns calls exit.
Fixes#4291
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.
By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.
Issue #3767
This commit removes the report service from the usb_webcam pkg, which
was used to enable or disable the webcam driver. The on/off state is
instead controlled by the presence of a capture client. That is, once a
capture client appears, the webcam driver is started. Vice versa, once
no capture client exists, the webcam driver is removed automatically.
Internally, the detection of presence of a capture client is based on
nitpicker's 'displays' report, which is consumed as input of the
rom_filter, which in turn generates the configuration of a dynamic sub
init.
Fixes#4287
There are some subtle incompatibilities in VirtualBox 6 with settings we
used in version 5. Therefore, the vbox6 package uses machine.vbox6 as
configuration file. An example configuration is provided by the
raw/vbox6 package.
Issue #4281
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.
This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.
Fixes#4284.
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.
On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.
Issue #4284.
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.
Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.
This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.
Issue #4284.
By using the cached_fs_rom instead of fs_rom, each client obtains the
same (read-only) copy of the shared library, avoiding a RAM resource
request when running mulitple GPU applications at the same time.
With this patch, Sculpt is able to host at least 3 Mesa applications.
Issue #4263
Issue #4281
This new version of the system_clock pkg does no longer depend on the
presence of an external 'Rtc' service as previously provided by the
Sculpt base system. Instead, it hosts the rtc_drv inside the subsystem.
Because rtc_drv is board-dependent, the system_clock pkg is named
system_clock-pc now.
Issue #4281
Some guests don't handle remote wake up correctly causing devices to
stop functioning. Therefore, we disable the remote wake up bit (5) in
`bmAttributes` of the device configuration descriptor.
Thanks to Peter for the initial fix.
Fixes#4278
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.
Issue #4274
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.
genodelabs/genode#4267
Warning!
The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!
The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.
Fixes#4032
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.
Ref #4032
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.
Ref #4032
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.
Ref #4032
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.
Ref #4032
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key
Ref #4032.
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.
Ref #4032
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.
Ref #4032
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.
Ref #4032
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.
Ref #4032
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".
Ref #4032
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.
Ref #4032
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.
Ref #4032
Despite being readable, the files control/extend and control/rekey proclaimed
that they were not when asked. This caused the fs_query tool to not report the
content of the files although it could have.
Ref #4032
Stat calls on the control/extend and control/rekey files returned a bogus file
size that led to an error in the VFS File_content tool. The tool complained
that the size of the file determined while reading the content differs from the
one reported by the stat operation. Now, the stat call will always determine
the actual size of what would be read. However, it isn't guaranteed that this
size doesn't change in the time after the stat operation and before the read
operation.
Ref #4032
The service is loaded dynamically VBoxSharedClipboard.so at runtime. The
VFS configuration mounts the shared object at /VBoxSharedClipboard.so as
the file is checked by contrib code before loading. An init
configuration in pkg/vbox6/runtime illustrates this and how to re-label
the VBoxSharedClipboard.so ROM to its real name
virtualbox6-sharedclipboard.lib.so.
During Windows 10 boot with sequential block requests, the AHCI request
worker finished earlier than the EMT thread signals hEvtProcess and
begins waiting for hEvtProcessAck indefinitely. The timeouts helps to
survive this short phase.
A better solution would use conditional variables, which are not
provided in VirtualBox's runtime.
This patch introduces a C API to be used by input drivers to generate
Genode events. The initial version is limited to multitouch events only.
Fixes#4273
* Use the architecture-dependent minimal alignment for all allocations,
e.g. on ARM it is necessary to have cacheline aligned allocations for DMA
* Remove the allocation functions without alignment from generic API
* Fix a warning
Fix#4268
After a DMA transaction do only invalidate cachelines from the
corresponding DMA buffers if data got transfered from device to
CPU, and not vice versa. Otherwise it might result in data corruption.
Ref #4268
The former implementation did not internally track ROM changes notified
vs. delivered to the client. We adapt the versioning implementation
implemented in dynamic_rom_session.h and enable explicit notification of
the current version.
The feature is used by the clipboard to notify permitted readers of the
clipboard ROM service on focus change via the newly created private
Rom::Module::_notify_permitted_readers() function.
Fixes#4274
The includes for the address-space-ID allocator and the translation table are
usually specific to the CPU in use. Therefore these includes can be moved from
their current location in the board header to the CPU headers. This reduces the
number of decisions a board maintainer has to make if the CPU model he's aiming
for is already available.
This can probably also be applied for other includes in the board headers but I
intentionally leave it for a future commit as I don't have the time to do it
all now.
Ref #4217
For base-hw Core, we used to add quite some hardware-specific include paths
to 'INC_DIR'. Generic code used to include, for instance, '<cpu.h>' and
'<translation_table.h>' using these implicit path resolutions. This commit
removes hardware-specific include paths except for
1) the '<board.h>' include paths (e.g., 'src/core/board/pbxa9'),
2) most architecture-specific include paths (e.g., 'src/core/spec/arm_v7'),
3) include paths that reflect usage of virtualization or ARM Trustzone
(e.g., 'src/core/spec/arm/virtualization').
The first category is kept because, in contrast to the former "spec"-mechanism,
the board variable used for this type of resolution is not deprecated and the
board headers are meant to be the front end of hardware-specific headers
towards generic code which is why they must be available generically via
'<board.h>'.
The second category is kept because it was suggested by other maintainers that
simple arch-dependent headers (like for the declaration of a CPU state) should
not imply the inclusion of the whole '<board.h>' and because the architecture
is given also without the former "spec"-mechanism through the type of the build
directory. I think this is questionable but am fine with it.
The third category is kept because the whole way of saying whether
virtualization resp. ARM Trustzone is used is done in an out-dated manner and
changing it now would blow up this commit a lot and exceed the time that I'm
willing to spend. This category should be subject to a future issue.
Ref #4217
The 'src/core/board/<board>/board.h' header is thought as front end of
hardware-specific headers of a given board towards the generic base-hw Core
code. Therefore it leads to problems (circular includes) if the board.h header
is included from within another hardware-specific header.
If hardware-specific headers access declarations from namespace Board in a
definition, the definition should be moved to a compilation unit that may
include board.h. If hardware-specific headers access declarations from board.h
in a declaration, they should either use the primary declaration from the
original header or, if the declaration must be selected according to the board,
another board-specific header should be introduced to reflect this abstraction.
This is applied by this commit for the current state of base-hw.
Ref #4217
It is not necessary to have a class, an object, and a generic header for the
perfomance counter. The kernel merely enables the counter using cpu registers
('msr' instructions, no MMIO) on arm_v6 and arm_v7 only. Therefore this commit
makes the header arm-specific and replaces class and global static object with
a function for enabling the counter.
Fixes#4217
Let the kernel's driver for the global IRQ controller be a member of the one
Kernel::Main object instead of having it as static variables in the drivers for
the local IRQ controllers. Note that this commit spares out renaming 'Pic' to
'Local_interrupt_controller' which would be more sensible now with the new
'Global_interrupt_controller' class. Furthermore, on ARM boards the commit
doesn't move 'Distributer' stuff to the new global IRQ controller class as they
don't have real data members (only MMIO) and can be instanciated for each CPU
anew. However, the right way would be to instanciate them only once in Main as
well.
Ref #4217
The unmanaged-singleton approach was used in this context only because of the
alignment requirement of the Core main-UTCB. This, however can also be achieved
with the new 'Aligned' utility, allowing the UTCB to be a member of the Core
main-thread object.
Ref #4217
It's sufficient to access the boot info only on kernel initialization time.
Therfore, it can remain completely hidden to the rest of the kernel inside
kernel/main.cc in the initialization function.
Ref #4217
This commit introduces the Kernel::Main class that replaces the former way of
initializing the kernel (former 'kernel_init' function) and calling the C++
kernel entry handler (former 'kernel' function). These two are now
'Main::initialize_and_handle_kernel_entry' and 'Main::handle_kernel_entry'.
Also reading the execution time of the idle threads was already moved to
'Main'. The one static Main instance is meant to successivly replace all the
global static objects of the base-hw kernel with data members of the Main
instance making the data model of the kernel much more comprehensible. The
instance and most of its interface are hidden in kernel/main.cc. There are only
rare cases where parts of the Main interface must be accessible from the
outside. This should be done in the most specific way possible (see main.h)
and, if possible, without handing out references to Main data members or the
Main instance itself.
Ref #4217
Normally, the board header can be found for each supported board under
'src/core/board/<BOARD>/board.h'. This was not the case for the board 'pc'
that was located under 'src/core/spec/x86_64/board.h'. The commit fixes this.
Ref #4217
The class name Core_thread in Kernel for the object of the first thread of
core is too generic as there can be an arbitrary number of threads in core
besides this one. Furthermore, creating a core thread has its own syscall
'new_core_thread' that isn't related in any way to Core_thread. Therefore
this commit introduces the more specific name Core_main_thread as replacement
for Core_thread.
Ref #4217
The function was only still used for reading the execution time of idle threads
of CPUs. Certainly, it is technically fine and more performant to read these
values directly from the kernel objects without doing a syscall. However,
calling cpu_pool() for it provides read and write access to a lot more than
only the execution time values. The interface via which Core directly reads
state of the kernel should be as narrow and specific as possible.
Perspectively, we want to get rid of the cpu_pool() accessor anyway. Therefore
this commit introduces Kernel::read_idle_thread_execution_time(cpu_idx) as
replacement. The function is implemented in kernel code and called by Core in
platform.cc.
Ref #4217
Apparently, there is no need for exposing the data members of Trace_source, so,
we sould better make them private before someone gets the impression that they
are meant to be accessed directly.
Ref #4217
Core used to read the kernel-reserved IRQs from the timer objects in the
kernel's CPU objects and the PIC class (inter-processor IRQ). Besides not
being "good style" to access a kernel object in Core, this becomes a problem
when trying to prevent CPU pool from being accessed via global functions.
As a solution, this commit extends the boot info to also carry an array of all
kernel-reserved IRQs.
Ref #4217
For the constructor of Kernel_object<T> there are two variants. One for the
case that it is called from Core where the kernel object (type T) must be
created via a syscall and one when it is called from within the kernel and the
kernel object can be created directly. Selecting one of these variants was done
using a bool argument to the constructor. However, this implies that the
constructor of Kernel_object<T> and that of T have the same signature in the
variadic arguments, even in the syscall case, although technically it would
then not be necessary.
This becomes a problem as soon as kernel objects created by Core shall receive
additional arguments from the kernel, for instance a reference to the global
CPU pool, and therefore stands in the way when wanting to get rid of global
statics in the kernel. Therefore, this commit introduces two constructors that
are selected through enum arguments:
! Kernel_object(Called_from_kernel, ...);
! Kernel_object(Called_from_core, ...);
Ref #4217
The various mapping methods are modelled after the requirements of
the Intel GPUs or rather the Mesa driver back end.
With upcoming support for other driver back ends, we need to
sequeeze their requirements in as well. For now hijack 'map_buffer'
to provide for specifying the kind of attributes the client needs.
For now all buffers mapped in the GGTT for Intel GPUs are treated
as RW.
Issue #4265.
This call allows for checking if the given execution buffer has been
completed and complements the completion signal. Initially the GPU
multiplexer always sent such a signal when the currently scheduled
execution buffer has been completed. During enablement of the 'iris'
driver it became necessary to properly check of sequence number.
In case of the Intel GPU multiplexer the sequence numbers are
continous, which prompted the greater-than-or-equal check in the
DRM back end. By hidding this implementation detail behind the
interface, GPU drivers are free to deal with sequence numbers any
way they like and allows for polling in the client, where the
completion signal is now more of a progress signal.
Issue #4265.
The current info implementation (as RPC) is limited in a few ways:
* The amount of data that may be transferred is constrained by the
underlying base platform
* Most information never changes during run time but is copied
nonetheless
* The information differs depending on the used GPU device and
in its current implementation only contains Intel GPU specific
details
With this commit the 'info' RPC call is replaced with the
'info_dataspace' call that transfers the capability for the dataspace
containing the information only. This is complemented by a client
local 'attached_info' call that allows for getting typed access to
the information. The layout of the information is moved to its own
and GPU-specific header file, e.g., 'gpu/info_intel.h'
Issue #4265.
Rather than using the dataspace capability directly, let the client
choose its own local identifier that is linked to the underlying
capability.
Fixes#4265.
Right now the warning about failure to forward packet from driver to
uplink RX connection reads:
"exception while trying to forward packet from driverto Uplink
connection TX"
Add missing space between "driver" and "to".
Issue #4264
32KB is a rather small value. The driver can cope with it now, but
it does not perform as well as it should. This visible especially
in scenarions like nic_router_flood where we still often hit
synchronous wait path. Bump the size to 256kB.
Issue #4264
The problem can be seen when running nic_router_flood scenarion on arm
qemu_virt boards. With the amount of data this scenario tries to send
the driver quickly complains it has failed to push data into TX VirtIO
queue. After this warning message is printed nothing really happens and
after a while the test scenario fails.
The fact that we can't write all available data to the device is not
unexpected. VirtIO queue size is slected at initialization time and we
don't change it during driver lifetime. It can be tweaked via driver
config, but this does not change the fact that we'll always be able to
produce more data packets than we have free space in the VirtIO queue.
IMO the expected behavior of the driver in such case should be to:
1. Notify the device there is data to process.
2. Wait for the device to process at least part of it.
3. Retry sending queued packets.
One could expect returning Transmit_result::RETRY from _drv_transmit_pkt
would produce such result. Unfortunately it seems that Uplink_client_base
treats RETRY return value as indication of link being down. It'll retry
sending the packet only after the device notifies it the link is once
again up. This is the reason why nothing happens when running
nic_router_flood on top of virtio_nic driver. The link never goes down
in this case so once we fill the TX VirtIO queue and tell the base class
to retry the send, we'll be stuck waiting for link up change event
which will never arrive.
To fix this problem, when sending a packet to the device fails, do a
synchrnonus TX VirtIO queue flush (tell device there is data to process
and wait until its done with it).
With this fix in place nic_router_flood test scenario passes on both arm
qemu_virt boards.
Issue #4264
The contents of those descriptor rings can be modified by the device.
Mark them as volatile so the compiler does not make any assumptions
about them.
Issue #4264
The former encoding was UTF-8, which works quite well if LC_CTYPE is
ensured to be an UTF-8 codeset (e.g., en_US.UTF-8 or C.UTF-8 . But, if
LC_CTYPE is set to C or latin1 for example, the Tcl regex library enters
an infinite loop because of unexpected characters used as markers
n the strings (e.g., SECTION SIGN U+00A7).
Therefore, the extract tool was converted to latin1 with the following
commands and now works for LC_CTYPE C and UTF-8 codesets.
iconv -f utf-8 -t latin1 tool/dts/extract > /tmp/e
cp /tmp/e tool/dts/extract
This commit contains features and buf fixes:
* Catch errors during resource allocation
* Because Mesa tries to allocate fence (hardware) registers for each
batch buffer execution, do not allocate new fences for buffer objects
that are already fenced
* Add support for global hardware status page. Each context additionally
has a per-process hardware status page, which we used to set the
global hardware status page during Vgpu switch. This was obviously
wrong. There is only one global hardware status page (set once during
initialization) and a distinct per-process page for contexts.
* Write the sequence number of the currently executing batch buffer to
dword 52 of the per-process hardware status page. We use the pipe line
command with QW_WRITE (quad word write), GLOBAL_GTT_IVB disabled
(address space is per-process address space), and STORE_DATA_INDEX
enabled (write goes to offset of hardware status page). This command
used to write to the scratch page. But Linux now uses the first
reserved word of the per-process hardware status page.
* Add Gen9+ WaEnableGapsTsvCreditFix workaround. This sets the "GAPS TSV
Credit fix Enable" bit of the Arbiter control register (GARBCNTLREG)
as described by the documentation this bit should be set by the BIOS
but is not on most Gen9/9.5 platforms. Not setting this bit leads to
random GPU hangs.
* Increase the context size from 20 to 22 pages for Gen9. On Gen8 the
hardware context is 20 pages (1 hardware status page + 19 ring context
register pages). On Gen9 the size of the ring context registers has
increased by two pages to 21 pages or 81.3125 KBytes as the IGD
documentation states.
* The logical ring size in the ring buffer control of the execlist
context has to be programmed with number of pages - 1. So 0 is 1 page.
We programmed the actual number of pages before, leading to ring
buffer execution of NOOPs if page behind our ring buffer was empty or
GPU hangs if there was data on the page.
issue #4260
* Wait for for completion before return from 'execbuffer2'. This makes
buffer execution synchronous.
* Because the Iris driver manages the virtual address space of the GPU
and creates one GEM context for each batch buffer we have to map/unmap
all buffer objects before and after batch buffer execution.
issue #4260
The lx_emul_virt_to_pages implementation initialized the page ref
counter only for the first page, leaving the remaining elements in
uninitialized state. This, in turn, rendered the Linux page_pool (as
used by the emac network driver) ineffective, ultimately leading the a
memory leak. The fix changes the call of 'init_page_count' to take the
loop variable as argument.
Issue #4225
Increased number of trace subjects since the test sporadically fails on
some platforms.
Also added a sanity check to print an error message in case we run into
the same issue again.
Fixesgenodelabs/genode#4261
This patch adds a switch to internal poll function in libssh that
allows to force this function to immediately return without actually
polling for data and in consequence processing this data. This switch
is used to avoid calling callback functions when flushing output
streams which caused locks due to recursive access to internal
ssh_terminal sessions registry.
Issue #4258
This patch allows to replace sftp packet read and write with
completely asynchronous versions needed to properly hook in existing
ssh_terminal implementation.
Issue #4258
Using 'alignas' in declarations might cause GCC to request for an
implementation of 'operator delete(void*, unsigned long, std::align_val_t)'
although it might actually never be called. This commit adds a dummy
implementation to 'cxx/new_delete.cc' that does nothing more than printing an
error to the log that a proper implementation is missing. This approach is
coherent with our treatment of other global delete operators.
Ref #4217
If one has an object X that has a minimum alignment requirement specified
through 'alignas' this requirement is normally inherited by objects that have
object X as member, and by those that have objects as member that have X as
member, and so on... . However, this chain used to get silently interrupted
(dropping the minimum alignment requirement to 8 again) at objects that are
managed with Genode::Reconstructible or Genode::Constructible. In order to fix
this, the commit ensures that Genode::Reconstructible (and therefore also
Genode::Constructible) has at least the minimum alignment requirement (using
'alignas') as the object it manages.
Ref #4217
The NIC router parses, stores and forwards DNS domain names from DHCP replies.
Yet the routers DHCP client used to not request DNS domain-name information on
DHCP requests. This caused DHCP servers to skip this information on their
replies although it was available. This commit fixes the issue by adding the
DNS domain name code to the request parameter list of requests from the routers
DHCP client.
The 'black_hole' component provides dummy implementations of common
session interfaces.
At this time, only the 'Audio_out' session is provided if enabled
in the configuration of the component:
<config>
<audio_out/>
</config>
Issue #3653
* Switch mesa support from DRI to gallium
Supported drivers are
- softpipe (Sebstian Sumpf)
- iris for Intel GPUs (Alexander Boetcher)
- etnaviv for Vivante GPUs (Josef Söntgen)
* Mesa's generated files are placed into 'contrib/mesa-<hash>/generated'
and are cloned per default from a separate Git repo in order to avoid
hash updates upon package build. In case you need to generate files
yourself use
! prepare_port mesa GENERATE_FILES=1
issue #4254
Support for iris and etnvaviv
* entaviv:
- libdrm on FreeBSD is not prepared for !PCI (and libc our is missing
<sys/pciio.h>
- missing <sys/types.h> include in xf86drmMode.c
- etnaviv relies on linux header files - dummy in $(INC_DIR)
- IOCTL FreeBSD ↔ Linux have swapped IO/OUT bit
- O_CLOEXEC differs between FreeBSD ↔ Linux
issue #4254
According to spec the tail pointer points to the next qword instructions
which will be used by the software.
p 1354, Doc Ref # IHD-OS-BDW-Vol 2c-11.15
issue #4254
Superpages (2M, 1G) are not supported by now, but partially copied over code
from base-hw was around. Remove unused register definitions and remove
non-working super page code do avoid confusion.
issue #4254
Size argument of ggtt free range check is ignored, which leads to
overlapping allocations inside, which leads to unavailable IO-MEM exceptions
thrown by core.
issue #4254
Both, trace_logger and vfs_trace had their own trace_buffer.h. This
commit consolidates the existing implementations and provides the
resulting trace_buffer.h at 'include/trace/'. It thereby becomes part of
the trace api archive.
genodelabs/genode#4244
Driver code such as mfd-core.c may pass 0 as argument n to kcalloc,
which eventually results in an allocation size 0.
res = kcalloc(cell->num_resources, sizeof(*res), GFP_KERNEL);
Since 'res' is checked against NULL for success, kmalloc must not return
a NULL pointer in this case. The patch works around this issue by
forcing an allocation size of 1 byte in this case.
Issue #4253
Clock providers such as drivers/clk/sunxi-ng/ccu-sun8i-r.c don't use
regular init calls but declare their init functions via CLK_OF_DECLARE,
which fill the __clk_of_table. Linux populates the table statically by
using special sections declared in the linker script. In contrast, we
populate the table by expanding the macro to global constructor
functions.
The __clk_of_table is then processed by the call of of_clk_init(NULL).
Issue #4253
* Disable trace source and release ownership on subject destruction.
* Note, since the policy module is also destroyed on descruction of the
session component, the traced component must not access the policy
module when acknowledging the disabled state (else: page fault).
Fixesgenodelabs/genode#4247
If the trace subjects are not properly destructed when the TRACE client
disappears, enabled sources will be owned by a non-existing client.
In other words, when a TRACE client disappears all sources owned by the
client must be disabled.
genodelabs/genode#4247
test-trace always passed, although tracing was never enabled because the
trace subject was not within the first 32 subjects.
* increase number of queried subjects
* output error if trace subject was not found
genodelabs/genode#4247
With this commit, the NIC router DHCP client reads out the first DNS domain
name (DHCP option 15) if any from a DHCP reply that generates an IPv4 config
for a domain and stores the name together with the IPv4 config for that domain.
DNS domain names are reported via the new report tag '<dns-domain>' if the
'config' attribute in the config tag '<report>' is set.
Furthermore, the NIC router DHCP server becomes able to obtain a DNS domain
name from another domain that has a DHCP client dynamically (given the config
attribute 'dns_config_from' is set and no static DNS config is given) or
statically from its configuration (new config tag '<dns-domain>') and propagate
this name with DHCP replies (DHCP option 15).
The 'nic_router_dhcp_*' tests are adapted to test the new feautures.
The commit also gets rid of some mirrored files in
'test/nic_router_dhcp/manager'.
Fixes#4246
WARNING: BREAKS CONFIG COMPATIBILITY!
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
How to adjust:
At each occurrence of the 'dns_server_from' attribute in a NIC router
configuration replace the attribute name with 'dns_config_from'. The attribute
value remains unaltered.
DETAILED DESCRIPTION
The new attribute name 'dns_config_from' reflects that also other aspects of
the DNS configuration of the denominated domain are used by the DHCP server
that holds the attribute. This commit is a preparation for forwarding also the
domain name (DHCP option 15) with the mechanism behind the attribute.
Ref #4246
The fact that the IPv4 config was a struct with all data members public was a
mere leftover of an early state of the NIC router. Today, the router
implementation style is to avoid structs and public data members wherever
possible.
This commit slightly changes the behavior of the router regarding log output.
The router used to print malformed IPv4 configurations to the log only if
the 'verbose' config flag was set using this style:
! [my_domain] malformed dynamic IP config: interface 10.0.2.1/24 ...
Now, malformed IPv4 configurations are only printed if the
'verbose_domain_state' config flag is set (like with any IP4v configuration
states) using this style:
! [my_domain] dynamic IP config: malformed (interface 10.0.2.1/24 ...)
Fixes#4242
The NIC router DHCP server used to add an extra option 6 field to DHCP replies
for each DNS server address. This conflicts with RFC #2132 section 3.8 which
states that the addresses should be listed within one option 6 field without
delimiter. The discrepancy is fixed by this commit.
Ref #4242
File size must be the same as the number of bytes that can be read from
the file. Otherwise, this will trigger a `Truncated_during_read`
exception.
Fixesgenodelabs/genode#4240
Via a new configuration attribute, the user can decide whether the router
should answer dropped fragmented IPv4 with an ICMP "destination unreachable"
packet and, if so, which value the ICMP code field of this packet should have.
The default is that the router doesn't send such responses (silently dropping
fragmented IPv4). The behavior is tested by the 'nic_router_ipv4_fragm' test.
Fixes#4236
If the new attribute 'dropped_fragm_ipv4' of the <report> tag in the NIC router
config is set "yes", the router will report the number of packets that were
dropped per interface respectively domain because fragmented IPv4 is not
supported. The default is not to report the counter. The behavior is tested by
the 'nic_router_ipv4_fragm' test.
Ref #4236
The NIC router used to ignore the IPv4 header fields "More fragments" and
"Fragment offset" completely. Therefore higher-level protocols of fragmented
IPv4 were interpreted wrong because each fragment was considered a self-
standing packet, expecting, for instance UDP/TCP headers somewhere inside of
the UDP/TCP data field. Normally, such packets were dropped as soon as the
UDP/TCP checksum check failed because of the misinterpretation. However,
it was also possible for fragmented IPv4 to pass the router although normally
only partially.
IPv4 fragmentation support in the router would introduce some potential
security risks and is presumably not an easy endeavor. So, for now, we settled
on not supporting IPv4 fragmentation. With this commit, the router simply drops
all fragmented IPv4. This is reflected to the log for each fragment as "drop
packet (fragmented IPv4 not supported)" when 'verbose_packet_drop="yes"' is
configured.
The new test 'run/nic_router_ipv4_fragm' is an automated test for this
behavior. The test is added to the autopilot list.
Ref #4236
- remove redundant file system factory
- remove dead code block
The code was guarded by preprocessor directives checking whether the
contrib code define "_USE_MKFS" is 1. As "_USE_MKFS" is not set one
for our port of FAT, the code was never executed and can be removed.
- remove uneffective config attributes
Apparently, the former XML attributes to the plugin 'drive' and
'codepage' had no effect. I tested them in a scenario with the VFS
block server on a disk-image boot-module as back end. Regardless of
the 'drive' value, the block session label was always "0". Regardless
of the 'codepage' value, the FAT on the disk image succeeded to mount
when not using '--codepage' for 'mkfs.fat' and failed to mount when
using '--codepage' to specify a supported but foreign codepage for
'mkfs.fat' (e.g. "720").
Ref #4220
There was one global static constructor:
! namespace Fatfs { static Constructible<Platform> _platform; }
This caused applications that used the lib or the <fatfs> VFS plugin to end up
in an uncaught exception due to Genode::Component complaining that method
'construct' returned without executing pending static constructors if they
didn't call Genode::Env::exec_static_constructors().
As the use of Genode::Env::exec_static_constructors() is discouraged in Genode,
this commit rather moves the '_platform' object to the scope of the
initializing function and introduces a global static pointer to the object that
gets set by the initializing function. Although this prevents the exception, it
is, technically speaking even worse than the former solution as the new pointer
isn't checked for validity in contrast to the 'Constructible' object.
However, so far, I don't see a clean solution to this problem without the need
for Genode::Env::exec_static_constructors().
Fixes#4220
* the GPU multiplexer now offers the platform service to the Intel
framebuffer driver (driver_manager)
* ajdusted drivers_managed-pc to hand out resources to the GPU driver
* adjust quotas
issue #4233
The platform services is intented to be used by dde_linux's intel_fb_drv
in order to initlialize displays.
* implement and announce platform session
* limit accessible GTT and aperture of client to 64 MB
* forward display engine IRQs to platform client
* move all PCI resources to 'Igd::Resources' class in order to make them
accessible by the platform service and the GPU driver
* fix fence register allocation for id zero (return true)
issue #4233
For mesa-21 the client takes care and manages
the virtual address space of the vGPU by itself and the intel/gpu driver
can't add silently a guard page anymore. Move the patch to the drm/ioctl
of the former mesa version.
Issue #4148#4233
_unmap_dataspace_ggtt requires the cap of Ggtt::Mapping (ring_map, ctx_map)
in order to find the right metadata and to free up the ggtt entries. Also the
pte range is removed already if the metadata was found.
Issue #4148#4233
BREAKS CONFIG COMPATIBILITY:
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
HOW TO ADJUST:
At each occurrence of the '<uplink ...>' tag in a NIC router configuration
replace the tag name 'uplink' with 'nic-client'. The rest of the tag stays the
same.
The term "uplink" for network interfaces in the router that have a NIC session
client as back end was introduced in a time when Uplink sessions didn't yet
exist. Now, they do and, although both an uplink and an Uplink session
normally describe a network session between router and network device driver,
they are based on two different service types (NIC and Uplink). This can easily
cause confusion when integrating the router (the <uplink> is not related to
Uplink sessions) or trying to understand its functioning (an 'Uplink' object
has nothing to do with the Uplink service).
Therefore, this commit introduces the more specific term "NIC client" for an
interface that is based on a NIC session requested by the router. This doesn't
imply any semantic changes at the NIC router. However, the commit also brings a
broader update of the router's README and removes the term "downlink" that was
used only in documentation to refer to interfaces backed by a NIC session
provided by the router. The term was only associated with this meaning because
it is the natural counterpart to an uplink. This isn't appropriate anymore as
the terms for interface types have moved to a more technical level.
The commit adjusts all scenarios in the basic Genode repositories properly.
Fixes#4238
An interface that received a signal for a link-state change accessed its
domain reference without assuming that it could not be attached to a domain
at that moment. This caused the NIC router to crash with an uncaught exception
of type 'Net::Pointer<Net::Domain>::Invalid'. The commit adds a catch
directive for this exception resulting in the handler doing nothing if not
attached to any domain.
Fixes#4222
The test script failed during preparation of the on-target execution for
USB Armory with the following error:
! can't read "tz_vmm_block_irq": no such variable
Presumably, the script wasn't run anymore since the introduction of the
'tz_vmm_block_irq' variable for i.MX53 QSB. As we do not have infrastructure
for automated testing of the USB Armory and there seems to be not much
interest in using Genode on this platform, this commit simply removes the
support from the script.
Filtering boards in a run script by specs isn't the right way anymore (the
specs do not exist anymore). Nowadays, we have to use [have_board] instead.
Ref #4229
For unknown reasons, the former 'wget genode.org' call, that was meant to test
network in the Trustzone guest on imx53_qsb_tz, didn't succeed anymore although
the same call succeeded on my Sculpt VM Linux. However, 'ping 1.1.1.1' still
works, so, the script now uses this as test for networking instead.
Fixes#4229
So far, in order to create an ARP reply, the NIC router merely created a copy
of the corresponding ARP request and modified only those values that differ.
This approach has the disadvantage of re-using bad parameters from a broken
request. The specific use-case that made this visible was an early version of
the Pine board network driver that used to forward ARP requests with a greater
size than required. The ARP replies of the router re-used this size and
confused other network nodes with that. In general, the NIC router should
rely on the data of incoming packets the least possible. Therefore, with this
commit, the router creates a new ARP reply from scratch and uses only those
values required from the corresponding ARP request.
Fixes#4235
The former declaration of the IPv4 packet did not only use the questionable
tool of implementation-defined C++ bitsets but also lacked access to flags
"don't fragment" (DF) and "more fragments" (MF). This commit replaces the
C++ bitsets by using the register framework and introduces accessors for the
missing flags.
Ref #4236
This patch lifts the limitation for 32-bit ARM platforms and makes the
parameter --load-fastboot-device optional. If only one device is
present, it can be omitted.
Fixes#4232
This commit introduces a C-API to the Uplink session, as well as to
serve as a Block service. It can be used by drivers ported from
C-only projects, like the Linux kernel, or BSD kernels for instance.
Fix#4226
The re-newed approach currently supports ARM 64-bit only.
It depends on the Platform API of the ARM architecture.
It tries to meet the original semantic of the Linux kernel
functions as far as possible. To achieve this, device drivers
using this library should reference the original Linux kernel
headers at foremost. Only the headers in `src/include/lx_emul/shadow`
have to shadow clone the original ones.
Fix#4225
skb_push() already increases the skb->len by ETH_HLEN, hence adding
ETH_HLEN to the packet_size is redundant.
A too large packet size becomes a problem for large MTUs. With a maximum
MTU of 1500, adding ETH_HLEN twice will lead to a packet size of 1528.
Since this is larger than what we expect for good-old Ethernet (max. 1522),
some clients (e.g. the e1000 model in vbox5) may drop these packets.
Fixesgenodelabs/genode#4228
I discovered thinkbroadband.com requires the User-Agent header field and
rejects requests missing it with HTTP response code 403 "access to the
requested resource is forbidden". Now, fetchurl always adds the
User-Agent header fetchurl/LIBCURL_VERSION.
Also the error message now contains the HTTP response code.
This patch replaces the enumeration of boards in the drivers_nic_pkg and
drivers_interactive_pkg functions by inferring the package names from
the [board] name. This eases the addition of driver packages in external
repositories.
Fixes#4221
The symlink implementation wrongly constructed a 'Sync' object within
the context of a monitor call. The 'Sync' constructor indirectly
depended on libc I/O for obtaining the current time, ultimately
resulting in a nested attempt of a monitor call. This could be
reproduced via the base.run script:
$ cd /home
$ ln -s a b
The 'ln' command resulted in the following log message:
[init -> /bin/bash -> 7] Error: deadlock ahead, mutex=0x10ff8c70, return ip=0x500583a7
The patch fixes the problem by splitting the single monitor call into
two monitor calls and moving the construction of the 'Sync' object
in-between both monitor calls, thereby executing the constructor at the
libc application level.
Fixes#4219
Building the elfloader in kernel-sel4.inc has a problem with Genodes CCACHE
make variable. When issuing ...
! ./tool/depot/create mstein/bin/*/base-sel4-* CCACHE=yes
..., building the elfloader used to consume all memory of the host system and
then run into a segmentation fault:
! make[6]: *** [elfloader/elfloader.o] Segmentation fault (core dumped)
This is because the other build system invokes the CCACHE variable as a command
in front of the compiler command. If CCACHE is set to 'yes', the 'yes' command
is called and produces an endless output into some output file. The problem
can be fixed by locally re-setting the CCACHE variable for the
'make ... elfloader' command to 'ccache' (Genode CCACHE==yes) or '' (Genode
CCACHE!=yes).
Fixes#4212
The depot tool 'build_bin_archive' used to ask only whether CCACHE is empty or
not and, if it wasn't empty, the tool added 'CCACHE := yes' to the build.conf
of the temporary build dir. This caused the sub-build processes to use ccache
even when the top-level CCACHE variable was set to a bogus value.
Also adds documentation of the CCACHE variable to the help message of the
'build' and 'build_bin_archive' tool.
Ref #4212
Adds try-catch-statement with diagnostic errors in Dhcp_server::free_ip in
order to guard against exceptions from the underlying bit allocator. These
exceptions should never happen given that the router is programmed correctly
and always feeds Dhcp_server::free_ip with sane arguments (which it should).
However, should this not be the case, we can assume that the failed IP freeing
indicates that the IP isn't allocated anyway and it's fine to continue using
the router. Furthermore, IP allocations are a mere client service and not
relevant for the integrity or safety of the router.
Ref #4200
When Interface::handle_config_3 (third step of applying a new configuration to
interfaces) tried to detach the interface from the current IP config because
the old and new IP config differed, it did so using the new domain. The former
steps of the reconfiguration already installed the new domain reference at the
interface. Therefore, also the DHCP server of the new domain was used. This,
however caused uncaught exceptions because detaching from an IP config
includes dissolving all DHCP allocations. This dissolving of DHCP allocations
now operated on a DHCP server (the one of the new domain) that wasn't related
to the allocations and, in the worst case, caused an uncaught exception
because the IPs were out of its range.
That said, this commit ensures that detaching an interface from an IP config
is always done on the domain from which the IP config originated. Normally,
this is the domain the interface is attached to. But in the case of
Interface::handle_config_3, it is another - the former domain the interface
was attached to.
The commit also adapts the nic_router_dhcp_* tests in a way that they
reconfigure the router in a way that would trigger the uncaught exception
without the fix.
Fixes#4200
Introduce two new cache maintainance functions:
* cache_clean_invalidate_data
* cache_invalidate_data
used to flush or invalidate data-cache lines.
Both functions are typically empty, accept for the ARM architecture.
The commit provides implementations for the base-hw kernel, and Fiasco.OC.
Fixes#4207
The implementation conflicted with the implicit declaration of bzero:
.../repos/dde_bsd/src/lib/audio/mem.cc: In function ‘void bzero(void*, size_t)’:
.../repos/dde_bsd/src/lib/audio/mem.cc:377:2: warning: ‘nonnull’ argument ‘b’ compared to NULL [-Wnonnull-compare]
Adapts Dir_file_system::open_composite_dirs in a way that it returns "success"
when the leaf node of the path is an empty directory but "lookup failed", as
usual, if one of the other directories on the way to the leaf node is empty.
I couldn't find a technical reason why we used to return "lookup failed" when
only the leaf node was empty.
The commit also adds a test for en empty root directory and empty
sub-directories to the fs_query run script.
Fixes#4198
The fs_query component used to exit with an uncaught exception if a queried
directory didn't exist. Now, fs_query will catch this event and simply skip the
affected query, thereby indicating to the user the inexistence of the
queried directory.
Ref #4032
This patch adjusts the 'extract_initcall_order' utility to the changed
initcall symbol syntax introduced in Linux by the following commit:
https://github.com/torvalds/linux/commit/a8cccdd9
It uses an additional sed step to strip away the kmod prefix,
__COUNTER__, and __LINE__ information so that the symbol names match
those of earlier kernel versions.
Issue #4188
This patch enables the tool/dde_linux/create_dummies tool to operate on
a out-of-tree build directory. The Linux source tree is determined by
examining the build directory's Makefile.
Issue #4188
- Patch the XHCI model in order to handle frame wrapping correctly. For
this adjust 'mfindex_kick' to the correct period (same, before, or after
'mfindex').
- Flush EP when it is stopped, this causes all pending packets for the EP
to be acked. Correct counting of packets in flight.
- Add BEI patch by Josef.
issue #4196
- API packages for: libusb, libuvc, and libyuv
- Source packages for: API packages + USB webcam app
- Meta package for USB webcam
- Raw package for USB webcam configuration
issue #4196
Unfortunately, our current implementation of 'wmb()' doesn't seem to do what we
want it to do. On base-hw + imx6q_sabrelite, the write of bdp->cbd_sc seems to
get re-ordered after the write to txq->bd.reg_desc_active in the transmission
path of the contrib code. Due to this, the transmission of the packet is only
triggered the next time a packet is sent. However, we only quick-fix it by
enforcing the execution of the write with a volatile global read as we will
soon update the FEC NIC port with a new DDE approach anyway.
Fixes#4010
In ROM mode the global CapsLock state is controlled by the capslock ROM
by virtual KEY_CAPSLOCK events.
Guests are easily confused by spurious KEY_CAPSLOCK input events in
caps="rom" mode. These spurious events may reach the VMM if KEY_CAPSLOCK
is not pressed as first key in a combination and, therefore, is not
filtered as global key. We filter KEY_CAPSLOCK in ROM mode in the VMM
explicitly, but let it pass in non-ROM mode.
Per default RAW mode is used and CapsLock key events are sent unfiltered
to the guest.
Enable watching files via the inotify interface of the Linux Kernel.
Delivery of watches to components is staggered in order to prevent an
overflow of the ACK queue in cases when a lot of changes are made to the
file system from the Linux side.
Fixes#4070
Guests are easily confused by spurious KEY_CAPSLOCK input events in
caps="rom" mode. These spurious events may reach the VMM if KEY_CAPSLOCK
is not pressed as first key in a combination and, therefore, is not
filtered as global key. Now, we filter KEY_CAPSLOCK in ROM mode in the
VMM explicitly, but let it pass in non-ROM mode.
Fixes#4087
Because qemu-usb allocated host devices after 'USB_HOST_DEVICE' in the
object array and 'USB_WEBCAM' is loacated after 'USB_HOST_DEVICE' the
webcam model can overwrite an already allocated pass-through device. As
a solution add the 'USB_FIRST_FREE' to make it clear from where host
devices can be allocated. Also increase the number of supported host
devices to eight.
fixes#4182
If no window has ever been focused, next() always returns an invalid
window id. As a consequence, there is no way to cycle through the focus
history without an explicit focus event (e.g. mouse hover).
Instead, next() should return the first window from the focus history if the
currently focused window is not present.
Fixesgenodelabs/genode#4164
The wpa_supplicant refuses to set the BSSID in case it is quoted.
Removing the quotes allows for specifying the BSSID in the
configuration.
Fixes#4175.
The new tool `extract_initcall_order` generates a header file out of a
Linux kernel build, which provides a sorted array with the initcall function
names of the kernel build. The order states the order in which the initcall
have to be called. It gets extrated out of the Linux kernel System.map.
Fixes#4172
A reset domain can consist of one or several reset-pins
denoted by name that are assigned to a device.
When the device gets acquired via the Platform RPC API,
the pins are de-asserted, and asserted again when the
device gets released.
A configuration looks like the following:
<device name="mipi_dsi>
<reset-domain name="mipi_dsi_pclk"/>
...
</device>
Fixes#4171
Introduces the notion of a transaction that consists of one or more
messages. Whereby a message has a read or write direction and consists
of one or more bytes.
Issue #4170Fixes#4169
Report via platform_info the capabilities of the kernel, e.g. ACPI and MSI.
With the commit the try-catch pattern on IRQ session creation by the platform
driver is avoided.
Issue #4016
- Do not perform desctruction on report updatea in EP because
'unregister_device' may block on Led state 'update' (synchronous
control message) leading to the driver being stuck because no more
signals are received
- Check if device is present in 'submit_urb' calls
fixes#4166
- Signal device ready depending on state (ready or not) immediately or
when "actconfig" is set
- Report new devices when ready
- Drain packet stream in case there is no device present (needed for
synchronous operations at client side)
- Do not use 'session_device' on device destruction, check pointer
directly instead
issue #4149
Adds the <new-file> operation to the fs_tool. When configured, the
<new-file path="...">...</new-file> tag will cause creation or overwriting of
the file given through the 'path' attribute. The file will contain the text
content of the tag.
Ref #4032
This patch moves the utility from the app/text_area to os/vfs.h to make
it easier to use by other components. By hosting the 'New_file' as a
friend alongside the 'Directory', we can now pass a 'Directory' as
constructor argument, which is consistent with other utilities such as
'File_content'.
As a further improvement, the new version supports the implicit creation
of the directory hierarchy leading to the new file.
Issue #4032
Mapping normal memory bufferable restores support for unaligned reads on
DMA memory and prevents the following errors on imx6q_sabrelite.
KERNEL0: alignment error at 18003061 (PC: 0102e3f8, SP: 401ffb18, FSR: 90000001, PSR: 20000110)
Issue #4094
Issue #4157
By adding an attribute 'size="yes"' to a query, one instructs fs_query to
report also the size of each queried file as attribute 'size' of the
corresponding 'file' node.
Ref #4032
The fs_query component used to try watching all files it found resulting in
errors on files that are not watchable. For some files, however, the watch-
feature doesn't make sense as they are not readable (no content, no size).
Now, fs_query will check first whether a file is readable and skip watching
if it isn't.
Ref #4032
When configuring fs_query to print the content of files it used to try so for
all files it found resulting in errors on files that are not readable. Now,
fs_query will check first whether a file is readable and skip printing the
content of those that are not.
Ref #4032
Managing ssh event file descriptors was performed from two different
threads which could cause reallocation of structure used in other thread
in a call to 'poll' function.
Splitted initialization to parts and moved ssh event part into ssh loop.
Issue #4095
Moved creating ssh loop thread after initialization of wake up server
file descriptors to make sure that they will be properly handled even in
first loop run.
Issue #4095
The new tool `create_dummies` easily lists missing references,
while porting subsystems of the Linux kernel to Genode, e.g., device drivers.
Moreover it can automatically generate dummy implementations for functions
and global variables.
Fixes#4156
After update of stdcxx, either hardware (CPU) random sources are taken
or, if not available/insufficient, /dev/urandom is used.
Issue #3967
Issue #4094
For fs_file_systems, reads are limited to the size of the packets from the
File_system session. Hence, we cannot read the large files in one go.
This fix is particularly helpful for fonts_fs, as it enables including font
files from a File_system.
genodelabs/genode#4135
Comment in Linux sources:
Since an ethernet header is 14 bytes network drivers often end up with
the IP header at an unaligned offset. The IP header can be aligned by
shifting the start of the packet by 2 bytes. Drivers should do this
with:
skb_reserve(skb, NET_IP_ALIGN);
This is ensured when using netdev_alloc_skb_ip_align().
Issue #4094
This patch takes advantage of block transfer interrupts on Intel XHCI
controllers which is used during isochronous transfers. Because of a bug
in hardware (see usb_host_isoc_bei.patch header), this feature has been
disabled for Intel leading to up to 8000 interrupts/s for isochronous
transfer causing severe CPU consumption on Genode. With this commit we
lower host driver consumption to normal levels.
issue #4149
A Lx::Task is now associated to a USB device not the session any more.
This implies that a task lives as long as the device making it possible
to gracefully handle outstanding requests (i.e., synchronous) in case
the session has been closed.
issue #4149
The old port version contained '*.ali' files that were build with an older GCC
which led to problems when compiling packages that use the port with the new
GCC 10. The '*.ali' files of the new port version were generated with GCC 10.
Fixes#4145
When loading shared libraries via the 'Shared_object' interface display
all additionaly loaded libraries in case 'ld_verbose' is configured. Up
until now, only the loaded library was displayed. In order to determine
if a dependend library had arlready been loaded prior to loading the
'Shared_object' the reference counter is used.
fixes#4147
We used to export 'LC_COLLATE=C' for the environment of Genode tools. This was
meant to ensure that sorting is always done C-style and not dependent on the
users locale settings. This is required, for instance, to ensure that the same
archive always yields the same hash.
However, 'export LC_COLLATE=C' is not sufficient. It can be outruled by an
'LC_ALL' setting in the users environment. The manual of 'sort' recommends to
set 'LC_ALL=C' locally if you want reliable results and this is what this
commit does. Furthermore it removes the former 'export LC_COLLATE=C'
directives.
Note that I couldn't find a way to set 'LC_ALL' local to 'exec ... sort' in
TCL. This is why I set it global instead using TCLs 'env' array.
Note that the Make directive '$(sort ...)' and the TCL directive 'lsort',
unlike the Shell directive 'sort', are not affected by the users locale
settings.
Fixes#4144
The default size is on most kernels 512M. On OKL4 we have to use 800M,
because of the statically configured memory ranges in the OKL4 kernel.
By avoiding a specific amount of memory, the default Qemu memory sizes are
used.
Issue #4095
Revert GNU ld to the old behavior where sections with the same name in multiple
ld scripts are merged. Binutils 2.36.1 creates two sections with the same name.
Fixes#4126
Download gmp, mpc and mpfr with the download script provided by the
gcc source tree and let the gcc build system handle the build of these
libraries with the correct compile options. This fixes build issues on
armhf Linux and removes the need to maintain mpc and mpfr ports in
the Genode tree.
Issue #4094
The 'gprbuild' version which is provided by Ubuntu 18.04 has a bug
which prevents it from building 'ali2dep' with gcc/gnat 10. With
this commit, a newer 'gprbuild' version is built from source.
Issue #4094
This patch fixes a GCC-10 compile error. Even though the optimization
was quite effective - I measured a speedup of factor 2 - it is not all
that important for the overall application performance. In the nano3d
case, we are talking about 1 vs. 2 percent of CPU time.
Fixes#4140
The kernel-agnostic 'Trace::timestamp' function for arm_64 executes the
'mrs %0, pmccntr_el0' instruction, which is not permitted for user-level
programs on Linux. This patch shadows the generic timestamp.h header
with dummy that returns zero. This return value prompts the timeout
framework to disable the interpolation of time based on timestamps. This
avoid the illegal-instruction abort but comes with two llimitations:
First, time measurements are effectlively limited to a granulariry of 1
millisecond (deliberately constrained by the timer driver).
The quirk is applied when using the base-linux API. Should a generic
application (that uses the base API only) call 'Trace::timestamp'
directly, the illegal instruction is executed.
Issue #4136
This patch adds support for running Genode/Linux on the AARCH64
architecture.
- The kernel-agnostic startup code (crt0) had to be extended to
capture the initial stack pointer, which the Linux kernel uses
to pass the process environment. This is in line with the
existing startup code for x86_32 and x86_64.
- The link order of the host libraries linked to lx_hybrid
programs had to be adjusted such that libgcc appears at last
because the other libraries depend on symbols provided by
libgcc.
- When using AARCH64 Linux as host, one can execute run scripts
via 'make run/<script> KERNEL=linux BOARD=linux' now.
Issue #4136
When a DHCP packet is printed out, it first tries to determine the most
specific message type from the DHCP options and print its human-readable name
right after the protocol name. If finding the message type fails, the less
specific opcode is printed instead, but also in a human-readable way.
Fixes#4131
By moving core's build-description to a library - a pattern already
employed for the other base platforms - we become able to cleanly split
x86-specific code (I/O-port access) from generic code. This is a
prerequisite for enabling non-x86 architectures such as AARCH64.
Issue #4136
This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
This commit introduces a fix for lx_fs to propagate errno EEXIST error.
This prevents vfs <import overwrite="false"> to overwrite an imported
file, if it already exists, without the overwrite flag set to true.
Issue genodelabs#4104
The former implementation called 'TRACE_AND_STOP' which led to the
'usb_host_drv' to stop whenever such a function was called. Rather
than stopping return '0' and let the contrib code deal with this
situation.
Issue #4116.
This commit backports the Linux upstream commit (d4a6106) [*]
that introduces a check to prevent the sglist from being used
unconditionally.
[*] 'xhci: fix bounce buffer usage for non-sg list case'
Fixes#4116.
Unconditionally setting MAKEFLAGS to just 's' is not nice because other
flags cannot be passed through the run script. What the script desires
is to disable the automatically enabled '--print-directory' for sub-make
instances when calling tool/port/current by declaring
'--no-print-directory'.
Until now, Genode's Linux system call bindings were based on original
Unix system calls that were later superseded by more flexibile variants.
E.g., 'openat' is a modern version of 'open'. Even though Linux upholds
the compatiblity with the original versions for existing architectures
like x86, the legacy syscalls are absent for the recently added AARCH64
architecture. A good overview of the system calls accross the prominent
architectures can be found at
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
This patch updates Genode's syscall bindings to avoid legacy versions,
thereby easing the support for AARCH64. The used "modern" versions
were introduced back in Linux version 2 days. So we are fine to rely
on them.
The patch slightly changes the signature for lx_stat because this system
call is merely used to check for the existance of a file and its size.
The new name 'lx_stat_size' draws a closer connection to its use case.
That said, the stat syscall has not been updated to the modern statx
since statx is still a fairly recent addition.
Issue #4136
This patch simplifies the use of the clone system call for creating
processes and threads. Until now, the binding used an opaque pointer
argument to pass context information to the newly created process or
thread. However, upon close inspection, this is not a strict
requirement.
A newly created thread accesses its contextual information by
using its stack pointer as key. The pointer argument is not used.
The creation of processes is strictly serialized because the
intermediate stack used in-between clone and execve is a global
variable. Since we rely on the serialization anyway, we can pass the
context information of a new process via a global variable as well.
This change simplifies the syscall binding for the upcoming AARCH64
support, which would otherwise require us to deal with the notion
of TLS on Linux.
Issue #4136
With the update to GCC 10, the compiler stopped with an error when compiling
places where a MAC address is copied from outside into a packed object using
the Net::Netaddress::copy method (e.g. in
Net::Arp_packet::dst_mac(Mac_address)):
! error: writing 6 bytes into a region of size 4 [-Werror=stringop-overflow=]
While trying to find a clean solution for this error, I found posts on
gcc.gnu.org and github that stated that the size calculations that cause these
errors are incorrect. Indeed, I could verify that the actual size of the two
regions was static and exactly the same in places were the error occured.
Furthermore, I couldn't find a way of making it more clear to the compiler
that the sizes are the same. By accident, we found that using the address of
the first element of the array that forms the second region instead of the
array address itself, somehow circumvents the error.
Fixes#4109
With the update to GCC 10 the compiler used to warn when using the internet
checksum functions on packet classes (like in
Net::Ipv4_packet::update_checksum):
warning: converting a packed ‘Net::[PACKET_CLASS]’ pointer
(alignment 1) to a ‘const uint16_t’ {aka ‘const short
unsigned int’} pointer (alignment 2) may result in an
unaligned pointer value
Apparently, the 'packed' attribute normally used on packet classes sets the
alignment of the packet class to 1. However, for the purpose of the
internet-checksum functions, we can assume that the packet data has no
alignment. This is expressed by casting the packet-object pointer to a pointer
of the new packed helper struct 'Packed_uint16' that contains only a single
uint16_t member before handing it over to the checksum function (instead of
casting it to a uint16_t pointer).
Ref #4109
The NAT feature of the NIC router used to prefer re-using source ports that
have been freed recently. From an external server's perspective, if a client
dies and restarts, chances are high that the new connect arrives with the same
source-IP/source-port as the old connection. The server has to forcefully reset
the connection. If that happens a lot, the server may even start to ignore
further connections from this IP/port combination for a while as a mitigation.
This patch adds a continuous counter feature that makes sure that every new
port allocation will increment and result in a port that hasn't been used for a
long time.
The NAT feature of the nic_router is now more in line with RFC 6056 chapter 4.
Ref #4086
pthread.0 acquires a write buffer mutex and calls potentially
blocking fs operations. The EP thread handles session requests and tries to
acquire the same write buffer lock. IO progress events for pthread.0 are
handled by the EP thread, which however is blocking on the write buffer mutex.
The commit uses two write buffers, one which is filled by the EP and a second
which is used by pthread.0. The two buffers are swapped protected by a mutex
without invoking blocking fs operations.
Issue #4095
The exec_terminal generates a config report which is used as input ROM for
sandbox/init, which does not support an "<empty>" node.
An empty config node is empty, without an node.
Issue #4095
Was still using the event_filter.config from drivers_interactive-pc
although a dedicated file is present in the raw archive.
The fix is just for consistency reasons, as sculpt manager is generating the
event_filter.config anyway.
KEY_UNKNOWN is a collective symbols for all unknown keycodes.
Remapping thus requires iterating through all corresponding codes
instead of only applying the policy to the first match.
Issue genodelabs#4069
This patch increases the RAM quota of the top-level nitpicker instance
to 12 MiB so that resize operations can be buffered for resolutions up
to 2560x1080. It mutes diagnostic messages of the form "Warning: Gui
(...) not enough RAM to preserve buffer content during resize" and
improves the window-resize experience.
With this patch, the user is able to re-gain access to the inspect view
by toggling the inspect button of a file system unrelated to the failed
USB storage device.
Fixes#4090
Issue #3967
triggers using -O0 with test-libc_integration:
libc_integration/main.cc:146: undefined reference to `std::istream::operator>>(unsigned long&)'
contrib/stdcxx-80f380143250d4f951433876698b54fdac32b95f/include/stdcxx/std/thread:67: undefined reference to `vtable for std:🧵:_State'
Introduce a new _overflowed state variable to indicate whether the
horizontal boundary was reached already and to omit subsequent character
output.
This state is necessary to maintain a valid cursor position at all
times. The _overflowed attribute is reset once the cursor is moved into
a valid position again.
To harmonise the bounds checking for _cursor_pos modifications, the
`constrain()` method was added.
Fixesgenodelabs/genode#4093
Also fixes a bug in `vpa()` and `vpb()` which moved the cursor
horizontally instead of vertically.
The direct execution of application-level code by a watch handler is
troublesome because those handlers are executed at the I/O signal level.
In the concrete case, the watch handler got recursively called because
the handler called _handle_config (application-code), which called the
VFS, which in turn performed a wait_and_dispatch_one_io_signal, which
again invoked the watch handler.
The patch works around the problem by letting the watch notification
trigger the application-level signal for the _config_handler.
Fixes#4091
I created a test program which stresses the interplay between libc,
pthreads and vfs_pipe and may detect regressions.
The program starts a thread that spawns a bunch of workers, sends and
receives data to them through a pipe. When all data of a worker is
collected, the worker is finished (join()) and a new worker is started.
Both the number of bytes sent to the worker and the size of its
answer are random.
Issue #3967
* The device XML information dataspace is only provided,
when the client's policy states `info="yes"`
* The device XM information gets changed to include the
physical resource names (I/O memory and IRQ addresses)
instead of virtual ids and page offset
Fix#4077
As linux drivers may distinguish device configuration by pci subdevice id in
addition to the pci device id, the former must also be used for finding the
matching entry. Otherwise, e.g., the iwlwifi driver might load the wrong
firmware.
Side note: Add break statement to save superfluous iterations after
match was identified.
Fixes genodelabs#4076
This is a follow-up fix for "Streamline platform-device API on ARM".
There is an ambiguity of the 'local_addr' method between the inherited
'Attached_dataspace' and the local declaration, which results in the
double application of the sub-page Range::start.
Issue #4075
This compilation unit contains a global constructor, which violates our
assumption that the libc is free of global constructors on ARMv7.
Specifically, the graphical terminal fails with the following message:
[init -> terminal] Error: Component::construct() returned without executing
pending static constructors (fix by calling
Genode::Env::exec_static_constructors())
[init -> terminal] Error: Uncaught exception of type 'Linker::Fatal'
In this case, the libc-less terminal uses the VFS. The VFS mounts the
ttf VFS plugin. The ttf VFS plugin depends on the libc.
The compilation unit 'arm_initfini.c' can safely be excluded because it
merely initializes the global '_libc_arm_fpu_present' variable, which
is not used by the current version of our libc/libm.
Fixes#4080
This API rework eases the access to memory-mapped I/O registers and
interrupts when using the platform driver. It introduces the notions of
- Platform::Device - one device obtained from a platform session
- Platform::Device::Mmio - locally-mapped MMIO registers of a device
- Platform::Device::Irq - interface for receiving device interrupts
The patch touches several drivers. Some drivers would require a
significant structural change to adopt the new API (e.g., net/virtio,
dde_linux drivers, imx gpio). In these cases, the patch adds
compatibility shims meant to be temporary. In other cases (e.g., imx
i2c), the adaptation was simple enough to carry through.
Fixes#4075
This patch adjusts the matching of the IP address such that the external
IP address is used as opposed the the NAT-local address. It is follow-up
fix of the conversion to the uplink session interface.
Issue #3961
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.
issue #4071
This patch unifies the core-internal 'Mapping' type across all base
platforms.
As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.
Issue #2243
These messages pollute the boot log of Sculpt OS when ROM modules are
requested for files of the config fs before the sculpt manager has
created their first version.
When the own cap quota of a client does not suffice for a cap upgrade of
an existing session to a server, the client must issue a cap-resource
request to the parent. This logic was already in place for RAM quota but
was missing for cap quota.
Issue #4072
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.
fixes#4071
Apparently the skewed motion timings came from the issue fixed by
"timer: restore semantics of periodic timeout 0". With the current
version of the timer, the original motion parameters work just fine.
This patch extends the 'Platform_session::alloc_dma_buffer' interface
with a 'Cache' argument that corresponds to the argument accepted by
'Ram_allocator::alloc', which is used by the platform driver under the
hood.
Since the x86 platform driver used to be hardwired to allocate DMA
buffers as UNCACHED, I adjusted all drivers by specifying the UNCACHED
argument. Right now, this is needed as a hint for core to steer the
allocation of I/O page tables. Once we eliminate the need for such hints
(by introducing an explicit 'Region_map::attach_dma' operation), we can
revisit the drivers individually because cached DMA buffers should
generally be fine on the x86 architecture.
Issue #2243
This change avoids many repetetive Genode:: prefixes, making the code
easier to read. The patch also includes a few consistency fixes
regarding include guards and file headers. It also renames
Platform_device::String to Platform_device::Device:name.
Issue #2243
This patch adds the designated alternative to Dataspace::phys_addr to
the platform-session interface. Under the hood, the platform driver
still calls Dataspace::phys_addr but it should eventuelly become the
only caller before we can abolish this function.
Issue #2243
This commit optimizes the 'Child::resolve_session_request'
implementation by introducing an internal 'Route_model' for quickly
traversing routing rules instead of parsing XML on each session request.
Fixes#4068
This commit replaces the hand-crafted config processing by the use of
the 'List_model' utility. This has the following advantages:
- The parsing follows a common formalism that makes the code
easier to maintain and to understand. Several parts of the code
had to be changed (for the better) to make it fit the list model
approach. E.g., the child states have become more expressive
and logical.
- In the common case, the XML data is traversed only once, which
increases the parsing speed in dynamic scenarios.
- The code becomes easier to optimize. In particular, the patch skips
the re-evaluation of the session routing if no service is affected
by the config change.
The patch also revisits the init test by removing overly long sleep
phases and extending a few sleep phases that were too short when
executing the test on Qemu.
Issue #4068
This patch changes the 'alloc_aligned' interface as follows:
- The former 'from' and 'to' arguments are replaced by a single
'range' argument.
- The distinction of the use cases of regular allocations vs.
address-constrained allocations is now overed by a dedicated
overload instead of relying on a default argument.
- The 'align' argument has been changed from 'int' to 'unsigned'
to be better compatible with 'addr_t' and 'size_t'.
Fixes#4067
This patch avoids the RTC driver's aggressive polling during the
(CPU-bounded) boot of Sculpt OS. As the RTC is not needed during bootup,
this patch reduces the boot time (on Qemu) by 2-4 seconds.
Fixes#4065
GDB monitor re-uses internal parts of the sandbox library. It thereby
relies on the internal detail of how local headers are included (using
"" instead of the now usual practice <>). A seemingly unrelated change
"init/sandbox: avoid repetitive state reports" eventually broke the
build of the GDB monitor.
This patch makes the GDB monitor less reliant on the way of how the
sandbox includes headers internally.
It also fixes a few warnings caused by the double definition of
__GENODE__ (adding an missing include guard and making the #define
conditional).
Related to issue #4064
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.
This patch restores the original timer semantics by
- Documenting it in timer_session.h,
- Handling the case explicitly in the timer implementation, and
- Replacing the silent clamping of the unexpected value 0 passed
to the timeout framework by a diagnostic error message.
Issue #3884
This patch restores the ability to launch nitpicker within a gui_fb
window. It is a follow-up fix for "nitpicker: make framebuffer and input
optional".
Issue #3812
This patch enables sculpt to utilize the CPU reset mechanism via the
PS/2 controller as well as the information provided via the ACPI FADT
information. Whenever the /config/system file is changed to <system
state="reset"/>, both mechanisms are triggered.
Supporting both mechanisms is useful because the PS/2-based reset does
not work reliably on modern machines. The PS/2-based reset is useful in
the case when the FADT reset information refers to the PS/2 command
port. In this case, the platform driver is unable to access this port
because it is already handed out to the PS/2 driver. In this case, the
PS/2 driver kicks in.
Issue #2726
If 'system="yes"' is specified in the <config>, the platform driver now
monitors the content of the system ROM. Should the value become "reset",
a reset is triggered using information obtained from the ACPI driver.
Related to issue #2726
The change of the platform driver is needed to avoid a parsing error of
the ACPI ROM when encountering an unexpected <reset> node.
Thanks to Alexander Boettcher for the preventing the regression of #3829
and improving the adherence to the ACPI spec when parsing the reset type.
Related to issue #2726
This patch adds the handling neccessary for clients to upgrade the cap
quota of their GUI session. Until now, the upgrade mechanism supported
only RAM quota.
The limitation became visible once a client - in the particular case the
motif_decorator - attempted the cap upgrade of its GUI session. The cap
quota would arrive at the wm, but the wm would keep it instead of
forwarding the quota to nitpicker. This resulted in an infinite retry
loop at the motif_decorator, ultimatedly depleting all its cap quota.
The window manager infers the overall state from the intercepted input
events for the decorator and all GUI clients. However, each of those
parties have an independent input-event stream. Whereas the order of
events within one GUI session is strict, the order of events between GUI
sessions is arbitrary. The window manager wrongly relied on a global
event ordering to track the pointed-at GUI session.
The patch removes the assumption of a global event order by tracking the
relevant pointer state for each GUI session independently and evaluating
these states when propagating the pointer position to the decorator.
Fixes#4059
This commit modified bash's builtin mapping of character sequences to
readline-functionality to detect the sequence of the delete symbol as
generated by the terminal.
Fixes#4058
The commits adds the same configuration values as supported up to now by
the monolithic usb driver. In contrast to the original, by default all drivers
are started. Disabling a controller type is used by Sculpt, e.g. for OHCI if
running Sculpt inside Virtualbox.
The addition of further keyboard layouts would otherwise pollute the
config/ directory too much.
Caution: When updating Sculpt OS, don't reuse your existing
config/event_filter file unmodified! You need to replace the chargen
includes, pointing to the new location, e.g.,
<include rom="en_us.chargen"/>
<include rom="special.chargen"/>
must be changed to
<include rom="keyboard/en_us"/>
<include rom="keyboard/special"/>
Issue #4055
This patch extends the settings dialog with the ability to select the
keyboard layout between the options that are included in the sculpt
image. The manual configuration is of course still possible by editing
the /config/event_filter directly.
If both the fonts configuration and the event-filter configuration are
managed manually, the settings button and window are not displayed.
Fixes#4055
By sorting the reported output, all consumers of the reports become able
to rely on a deterministic order. For example, the file browser of
Sculpt OS, the launcher menu items, and the depot-selection items will
appear in a predictable order.
Fixes#4054
This patch adds session-routing options to connect components to the
capture/event interfaces of the global nitpicker GUI server or the
leitzentrale GUI server. It thereby enables the implementation of screen
capturing components, remote management tools, or virtual keyboards.
Since those services are very powerful, they are subsumed under the
"hardware" category of the component graph as opposed to the GUI
category, which guarantees the separation of clients.
Fixes#4053
This patch adds 4 priority levels to the runtime subsystem. The highest
priority is used for components that are critical for the operation of
Sculpt, in particular the Leitzentrale GUI. All regularly deployed
components are assigned the lowest priority by default.
With priorities available in the runtime subsystem, this patch flattens
the priority levels at the top-level init to only two levels and
overlays the priority bands of the drivers, leitzentrale, and runtime
subsystems into one priority band. This has three benenfits:
- This change prevents the starvation of the Leitzentrale GUI from a
spinning high-priority driver (issue #3997).
- The change will also ease the hosting of latency-critical components
in the runtime subsystem that are prioritized higher than regular
components, the storage stack, and the network stack.
- The Leitzentrale GUI remains always perfectly responsive regardless
of the workloads deployed from packages. In the previous version,
the runtime graph was sometimes stuttering on high system load.
Issue #4045
This patch avoids the repeated warning "read blocked until lwIP
interface is ready" by printing the message only once. Otherwise,
the log is flooded with those warnings when falkon web browser
is started on Sculpt OS without network connectivity.
In case there is no valid configuration the component used to mute
output by default. This, however, might lead to the assumption that
audio is not working at all. Instead set the master output volume to
50% and the per application volume to 100%.
Fixes#4043.
This patch adds the missing destruction of session-state objects of
local services when closing a session. Because of the missing
destruction, those session-state object remained part of the server
ID space. This becomes a problem once the backing store of the session
state object vanishes, that is when the client child gets removed from
the sandbox. Hence, the removal of a child with an open session to a
local service would lead to the corruption of the server ID space.
This patch adds the missing session.destroy() call.
Fixes#4044
This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.
The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.
However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.
The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.
Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!
Fixes#4039
- Enable the "platform-level interrupt controller" PLIC on base-hw
- The RISC-V specification offers only a register description, but no
layout for the register set. This implies the layout is platform
dependent, and therefore, implemented separately for Qemu
issue #4042
- build debug version of core and bootstrap found under
_var/run/<runscript>.core_ (.bootstrap). This is a regression when
switching from object to archive library linkage of core.
fixes#4027
Instruct bender to enable Intel HWP on supported CPUs unconditionally
to gain more insight by using the feature most prominently in Sculpt.
Fixes#4040.
With this patch, the build directory's CCACHE configuration is applied
to the building of depot archives when using the --depot-auto-update
feature.
Note that this is effective only when resetting the hash files before
building so that each depot-auto-update results in the same-named
versions. Otherwise, the include paths (that include the version name as
part of the path) make cache hits impossible.
Issue #4004
This commit complements issue #4004 with support for the depot/create
tool. If CCACHE=1 is specified at the command line, the build directory
for building a binary archive is configured with 'CCACHE := yes'.
This patch triggers the immediate removal of part_block once the
discovery of a fresh inserted USB stick has completed. Without the
patch, part_block was retained until the runtime was reconfigured the
next time for other reasons (e.g., toggling an inspect view). Until the
next reconfituration, part_block tended to stand in the way of directly
assigning the USB device to a VM.
This patch increases the RAM quota of the nitpicker instance for the
leitzentrale to make it suffice for the buffering of content during
resize operations. This fixes a flickering artifact when having an
inspect view open while entering a WLAN passphrase. When the connect
button appears or disappears (depending on the number of written
characters), some parts of the inspect terminal would flicker sometimes.
* catch every possible path of the Bit_allocator_dynamic::Out_of_indices
exception
* add unconditional log output in the new "catch" directives, so, we will be
able to debug the problem a bit more in detail next time
Fixes#4036
This way, the redirected env sessions for the CPU burner are no longer
called directly by init. Init stays independent from the behavior of the
CPU balancer.
Issue #3837
Issue #4029
This shim component can be used in case where env sessions of child
(i.e., child's PD session) must be routed to another child of init.
Without the shim, init would directly need to interact with these
sessions and would thereby make itself dependent of the server's
behavior. RPC calls to a server hosted as a child lead to all kinds of
problems such as livelock situations, and putting the robustness of init
at the whim of its child.
With the shim, init merely needs to bootstrap the shim component by
routing the shim's env sessions to core as usual. The server is only
used for the sessions for the actual application hosted atop the shim.
Issue #3837
Issue #4029
This patch is an interim fix for using HID devices that offer a HID
interface as not the first interface. It also supplements the
interface classes as supplemental information to the USB-devices
report.
Fixes#4035
With this patch, the board/<name>/arch property file can have multiple
lines where each line denotes an instruction-set architecture supported
for the board.
Issue #4019Fixes#4034
Simplify calculation of Timer::_duration, the old implementation caused
the time running backwards sometimes. This makes
'nic_router_dhcp_*' and 'event_filter' run scripts succeed.
issue #4021
This prevents the log terminal from adjusting itself to the whole screen
size before the leitzentrale window layout is applied. This intermediate
size can otherwise exhaust the 8 MiB of RAM quota of the log terminal.
Issue #3970
Do not link base and core libraries into on large relocatable .o file,
which is linked later to core - causing long link times. Create an
independent library archive out of the base and core libraries that can
be linked faster.
issue #4027
This commit improves the performance of the pipe plugin by using local
signal handling and avoiding sending a signal during write when pipe
buffer is full.
Issue #3583
* Add new virtio device model
* Extend test run-script with vfat block test image
* Add vmm depot src recipe
* Use packages in test run-script
Fix#4025
* Introduce different index types for ring counters and descriptor arrays
within the Virtio split queue implementation
* Be more accurate in reporting the queue number supported, and raise it
to 512
* Introduce abstractions for mmio register access, where several values
are stored at the same place, and selector registers exist.
* Turn Virtio_device into a template to define the Virio queue type,
and its numbers per device model (needed for e.g., future block model)
Issue #4025
All pipe-ends were notified at the same time which leads to dead-locks.
This commit mitigates this by having a signal handler for each pipe and
each pipe-end respectively.
Issue #3583
The vfs pipe plugin can now be used as named pipe which anables data
transfer via file handles from one component to another. E.g. if one
would like to send data from component A to stdin of a libc component B,
one can do so by simply writing to that fifo file.
Issue #3583
With this commit libcrypto does not use ARM NEON extension as long as
SPECS includes "neon". arm_v7a does declare "neon" per default while
arm_v8a does.
Issue #3773
Note, OpenSSL now comes as one combined depot archive *openssl* that
replaces the former *libssl* and *libcrypto* archives. The libraries are
still separate binaries for compatibility with legacy software.
Issue #3773
It seems that with the nigthly autopilot the data port (that is choosen by the
client) may stay some time (minutes) allocated after the a test run. This
causes successive tests to fail when trying to reuse the port.
* Use a unique data port for each target platform in the range of 18000-18099.
* Add documentation on how to prepare for running the test on a Linux target.
* Remove Qemu-specific code paths as Qemu isn't supported anymore by the script
since the introduction of the Uplink session (running with a NIC router on
Qemu was never supported and now we always need a NIC router).
Ref #3961
This patch simplifies the packaging of the base-hw kernel for a given
board, in particular when the board support is hosted as an external
repository such as genode-world. Regardless of where the board-support
is hosted, the content.mk file becomes as simple as:
include $(GENODE_DIR)/repos/base-hw/recipes/src/base-hw_content.inc
The board name is automatically inferred from the path of the src
recipe. The architecture is determined from board/<name>/arch files,
following the pattern of the image_link_address. The attempt to build a
base-hw-<board> binary archive for the wrong architecture is now
gracefully handled by skipping all targets (using the REQUIRES
mechanism).
Besides the improved convenience, the patch results in depot archives
that are much closer tailored to the actual board by omitting files for
architectures that are not used by the board. E.g., the src/base-hw-pc
archive does not contain any ARM-related content.
The patch also restores the package builds for core/bootstrap object
files as a follow-up fix of "base: remove SPEC variables of boards",
which happened to left 'BOARD' undefined in the src archives.
Fixes#4019
Be more in line with the original host implementation in Qemu and
buffer transfers. Having transfers in-flight helps to smoothen playback
in case other components utilize the CPU.
Issue #4018.
Linux as well as Windows guests want queue to a varying number of
transfers, where each transfer only covers one transaction (iso frame).
The best results were obtained by following that behaviour rather
than queuing multiple iso frames per requests (like is done with OUT
transfers).
The number of requests queued is increased to 32 while the number of
packets per reques is decreased to 1.
Issue #4018.
The contrib code is updated from 2.4.1 to version 5.2.0 and the used
device-model is changed to QEMU xHCI. Due to this change older guests
OSes, namely Windows 7, that relied on the NEC xHCI device-model will
not work anymore.
The 'Qemu::Controller' interface was extended by an 'info' method, which
returns the vendor and product ID. This allows for removing the
hard-coded values in the VirtualBox glue code.
Issue #4018.
* Update the 'packet_size' information with the actual length for
each isoc frame to be able to handle short reads at the client side.
* Copy the whole transfer buffer because the host controller stores
the data at the original offsets, i.e., the buffer is not densely
packed.
Fixes#4018.
The former implemention assumed that the guest physical memory is
mapped continously. This, however, is not true. Writing larger
files to an USB stick with a Windows 10 guest would therefore lead
to data corruption.
The current implementation uses a bounce buffer to copy the data
to and from the guest physical memory and leaves dealing with the
memory mappings entirely up to the VMM.
Fixes#4017.
When the usb_net_drv was introduced in ports/run/netperf.inc, the
netperf_lxip_usb test on x86_64/hw/pc triggered the calling of the
netif_stop_queue dummy at
contrib/<DDE_LINUX>/src/drivers/usb_net/drivers/net/usb/usbnet.c:1464. As
netif_start_queue was also a dummy and allowed to be called, we tried allowing
calls to the netif_stop_queue dummy as well which fixed the
netperf_lxip_usb test on x86_64/hw/pc.
Ref #3961
The 'environ' pointer is a global variable that must be considered as
part of the application state. It must be copied from the parent to the
child process during fork. Otherwise, a child returning from fork is
unable to access environment variables before invoking execve. The
actual environment variables and their values are already captured
because they reside at the application heap, which is cloned from the
parent. So the copied 'environ' pointer refers to valid data.
Fixes#4015
- remove Spike/BBL support in favour of Qemu (>=4.2.1)
- add 'riscv_qemu' board, remove 'spike' board'
- update to privileged ISA v1.10 (from v1.9.1)
- use direct system calls for privileged core threads (they call into
the kernel and don't use mode changing system calls, i.e. 'ecall',
semantics)
- use 'OpenSBI' semtantics for SBI calls (to machine mode) instead of
BBL
issue #4012
By first removing unused ranges, implicitly meta data allocations are freed
up. This leads to more unused slab blocks and freed up meta data allocations
in the avl tree.
Issue #4014
The deadlock reported in #3236 could be reproduced via the wm.run script
and the modification of test/nitpicker in commit "nitpicker: fix destroy
with invalid handle" by clicking on the testnit entry of the launchpad.
This patch fixes the deadlock by releasing the locked pointer early in
the destruction path, which is legitimate as the wm is single-threaded.
Fixes#3236
This patch adds the missing invalidation of the _hovered pointer to
User_state::forget, which is required to cover the situation where the
owner of the hovered view vanishes.
Fixes#4011
Improve consistency with the other base repositories, in particular
- Indentation of class initializers
- Vertical whitespace around control-flow statements
- Preferably place control-flow statements (return, break, continue) at
beginning of a line
- Placing the opening brace of a namespace at the end of line
- Placing the opening brace of a class at a new line
- Removing superfluous braces around single statements
- Two empty lines between methods/functions in implementation files
This patch simplifies the use of ccache with the build system. Up until
now, each developer had to set up the ccache hooks manually, adjust the
PATH variable, and customize the etc/tools.conf in each build directory.
With the patch, ccache can be enabled by un-commenting a single line in
the etc/build.conf file.
Fixes#4004
The Usb session allows for submitting packets even when the interface
in question is not yet enabled. Enabling an interface will configure
the udev members properly and is normally done implicitly during
processing of an 'ALT_SETTING' packet.
In case the interface was not enabled this leads to a page-fault in
the USB host-controller driver as 'ep' is NULL.
Fixes#3999.
This patch moves the bootstrap-link-address information from the
tool/run/boot_dir/hw file to board-specific property files that can be
accessed by using the board as key. This eliminates the need to
customize boot_dir/hw when hosting board-support in an external
repository.
Fixes#3998
The Vmm::Gic::Gicd_banked::Redistributor is used with Constructible, but
does not have a virtual destructor even though it has virtual methods.
This prompts clang to issue the following warning:
reconstructible.h:122:4: warning: destructor called on non-final
'Vmm::Gic::Gicd_banked::Redistributor' that has virtual functions
but non-virtual destructor [-Wdelete-non-abstract-non-virtual-dtor]
Fix this by inheriting Genode::Interface.
Issue #3984
Even though the binary patching of ldso must be performed only once,
this postprocessing step was executed on each run because the
postprocess.tag rule is phony (the tag file is never created).
This patch removes this phony behavior by creating the tag file.
Issue #3974
The _crt0_start_stack label points to a memory location containing the
size of the bootstrap stack. On AArch64 this should be an 8 byte value,
but the code only only defines half of those using asm .long statement.
The other half is expected to be 0, which is true when using GNU as.
This is not the case when using clang's integrated as however. Since
_crt0_stack_size is defined inside .text section clang uses 0xd503201f
value (aarch64 nop instruction) to fill the extra 4 bytes.
Fix this minor incompatibility by explicitly defining both halfs of
this 8 byte quantity.
Fixes#3987
The _dispatch_pending_io_signals and _original_suspended_callback member
variables are not used anywhere in the code. This prompts clang to produce
a warning message about it. Remove both variables to fix it.
Issue #3985
The "unsigned Nitpicker::Gui_session::layer()" function returns
~0UL. This prompts clang to produce a warning about implicit unsigned
long to unsigned int conversion. Fix it by returning ~0U instead of
~0UL.
Issue #3985
GCC doesn't care, but clang complains if [[fallthrough]] is not followed
by a semicolon. Existing Genode code is also not consitent in this regard.
This patch adds the extra semicolons since it works in both GCC and
clang.
Issue #3985
No code in this class uses this private member variable. This prompts
clang to produce a warning message about it. Fix it by dropping the
variable.
Issue #3985
The class has final destructor, but is not itself final. This prompts
clang to produce the following warning message:
class with destructor marked 'final' cannot be inherited from [-Wfinal-dtor-non-final-class]
~Vfs_plugin() final { }
^
vfs_plugin.h:39:13: note: mark 'Libc::Vfs_plugin' as 'final' to silence this warning
Issue #3985
This static inline function is not used anywhere. GCC does not care,
but clang warns about this. Remove the function to allow the code to
compile cleanly with both clang and GCC.
Issue #3985
The code in Libc::Cloned_malloc_heap_range initializes its local_addr
member variable by calling Region_map::attach_at. This function can
throw Region_conflict exception. The handler for this exception uses the
local_addr to produce an error message. Such error log is IHMO
useless, or even incorrect since the value of local_addr is undefined
in such case.
Its also worth noting that clang 12 produces the following warning for
this code:
"cannot refer to a non-static member from the handler of a constructor
function try block"
Issue #3985
This private member variable is not used anywhere in the code. This
produces compilation warning when using clang instead of GCC. Drop the
unused variable.
Issue #3985
The State enum and _state private member variable are not used anywhere.
This produces an extra warning when building the code with clang instead
of GCC. Remove this dead code.
Issue #3985
When building the code with clang the following warning message is
prodiced:
"explicit instantiation of 'Scout::Browser_window' must occur in namespace 'Scout'
template class Browser_window<Genode::Pixel_rgb888>"
This happens for several different types. This patch fixes the problem
by instantiating all those templates using their explicit full name.
Issue #3985
The Scout::Spacer constructor requires two arguments. The initialization
of the type in Launchpad_window declaration does not specify them. The
variable is however initialized a second time in class constructor. This is
most likely why GCC accepts this code. Clang on the other hand
complains about it.
Fix this by properly initializing both _spacer and _docview only once at
declaration time.
Issue #3985
The code fails to build with clang due to the following warning/error:
error: '_INCLUDE__NANO3D__SQRT_H_' is used as a header guard here,
followed by #define of a different macro [-Werror,-Wheader-guard]
Fix this by removing the extra underscore from this header guard
definition.
Issue #3985
The _device_specific_features() implements part of the Virtio_device
interface. Decorate it with override keyword to make this clear and
also satisfy clang which produces warning regarding this.
Issue #3984
Clang 11 produces the following warning when building port_allocator.cc:
port_allocator.cc:27:21: error: result of comparison of constant 65536 with
expression of type 'const Genode::uint16_t' (aka 'const unsigned short') is
always true [-Werror,-Wtautological-constant-out-of-range-compare]
(port.value < (unsigned)(Port_allocator::FIRST +
Basically the code compares Port::value (uint16_t) against a constant
65536 which is larger than UINT16_MAX (65535). This comparison will always
be true.
Issue #3984
According to clang there are two symbols which File_system can refer to:
1. namespace File_system from ram_fs/chunk.h.
2. Vfs::File_system class from vfs/file_system.h.
Make it clear we refer to the File_system namespace in this case.
Issue #3984
Clang 12 complains that Interface can both refer to Genode::Interface
and Net::Interface in this case. Explicitly state the code refers to
the latter.
Issue #3984
According to GNU as manual the syntax of this directive is:
.cfi_undefined register
The manual does not mention the register should be in parentheses.
This works in GNU as even when those are present, but unfortunately
clang integrated-as does not parse this correctly. Both GNU and
clang's integrated assembler work fine when the extra parentheses
are omitted.
Fixes#3986
The code in base-hw/src/bootstrap/platform.cc uses segment flags for
identification purposes. Based on this information the code decides
what to do with each segment. Unfortunately the linker script does
not actually ensure the flags for a specific named segment match
expectations. The code relies on implicit linker behaviour.
This implicit behaviour can vary between linkers. This breaks
arm_v7a base-hw builds linked with LLVM's lld linker. The segment
named "ro" ends up having writeable flag set when using LLD.
This patch ensures that all ELF segments in genode.ld have their
required perimssion flags set explicitly.
Fixes#3988
Clang is generally fine with Genode::List and compiles code using it
without emitting any warnings. There is however one exception. Clang
fails hard when building base-hw/src/core/kernel/object.cc.
This is due to a call to Genode::List::remove made from
Object_identity::invalidate function. The error message clang
produces is:
list.h:96:33: error: 'Genode::List<Kernel::Object_identity_reference>::Element::_next'
is not a member of class 'const Kernel::Object_identity'
_first = le->List::Element::_next;
~~~~~~~~~~~~~~~^
When we look at the declaration of the Kernel::Object class on which
the remove method is called. as expected it does inherit Genode::List:
using Object_identity_list
= Genode::List<Kernel::Object_identity>;
class Kernel::Object : private Object_identity_list
{
...
}
Given the error message we see that List::Element should be resolved to
Genode::List<Kernel::Object_identity>::Element, and not
Genode::List<Kernel::Object_identity_reference>::Element. But how does
clang manage to figure out we're talking about Object_identity_refecence
list here? Well, I admit I don't know the exact steps it takes to arrive
at this conclusion, but it is not entirely wrong. If we take a look at
what Kernel::Object_identity is we'll see:
class Kernel::Object_identity
: public Object_identity_list::Element,
public Kernel::Object_identity_reference_list
{
...
}
Where as one can guess Object_identity_reference_list is defined as:
using Object_identity_reference_list
= Genode::List<Object_identity_reference>;
Long story short Kernel::Object has Genode::List of both Kernel::Object_identity
and Kernel::Object_identity_reference in its inheritance chain and clang
is not really sure to which of those the code refers to in
Genode::List::remove method by using List::Element::.
The fix for this is relatively simple, explicitly state the full type of
the base class the code intends to refer to. Replacing List::Element,
with List<LT>::Element makes the code buildable with both clang and GCC.
Fixes#3990
If a fd is opened in append mode and just is to be used (so never written by
the parent component) for the to be forked child, the seek state was not
pointing to the end of the file. The wrong seek value then was used in
File_descriptor_allocator::generate_info().
Issue #3991
The fds in O_APPEND state may have changed by the child. The local seek
state needs to be valid/current for the next to be forked child, which seek
state is set by File_descriptor_allocator::generate_info().
Issue #3991
This patch allows for supplementing the existing run-tool plugins with
additional plugins hosted inside a repository. E.g., it enables the run
tool to find world/tool/run/boot_dir/hw automatically.
Fixes#3993
Avoid use of REP_DIR in *.mk files to simplify the use of these files as
templates for a board hosted in a separate repository.
Use REP_INC_DIR for searching headers, thereby considering headers
hosted in an external repository.
Issue #3168
This trace policy can be used as a fault-injection mechanism.
Once installed, the next time the traced thread passes a trace point
(e.g., RPC call, RPC request, ...), the policy produces a divide-by-zero
exception.
* Remove SPEC declarations from mk/spec
* Remove all board-specific REQUIRE declaratiions left
* Replace [have_spec <board>] run-script declarations with have_board where necessary
* Remove addition of BOARD variable to SPECS in toplevel Makefile
* Move board-specific directories in base-hw out of specs
The new helper function returns a boolean value analoque to 'have_spec' if the
BOARD variable corresponds to the given value. It shall replace [have_spec <board>]
declarations in run-scripts.
Ref #3971
In order to perform a smooth transition from NIC drivers that act only as NIC
session clients to NIC drivers that act only as Uplink session clients, this
commit introduces an intermediate state in which all NIC drivers support both
modes. That said, a NIC drivers mode is now statically determined through a new
optional 'mode' attribute in the drivers <config> tag that can be set to either
'nic_server' (default value) or 'uplink_client'. Reconfiguring this attribute
at a driver doesn't have any effects. Whithout this attribute being set, all
NIC drivers will behave the same as they did before the commit. When set to
'uplink_client', however, instead of providing a Nic service, they request
an Uplink session whenever their network interface becomes "UP" and close the
session whenever their network interface becomes "DOWN".
Ref #3961
Let the NIC router provide an Uplink service besides the Nic service that it
already provided. Requests for an Uplink session towards the NIC router are
assigned to Domains using the same <policy> configuration tags that are used in
order to assign Nic session requests. The MAC addresses of Uplink session
components are _NOT_ considered during the allocation of MAC addresses for NIC
session components at the same Domain. The task of avoiding MAC address clashes
between Uplink session components and Nic session components is therefore left
to the integrator. Apart from that, Uplink session components are treated by
the NIC router like any other interface.
Ref #3961
Adds new Uplink session interface, the corresponding client side (Client,
Connection), and the corresponding API archives. An Uplink session is almost
the same as a NIC session with the difference that the roles of the end points
are swapped. An Uplink client is the one that provides a network interface
(for instance, a NIC driver) whereas an Uplink server is the one that uses
that network interface (for instance, a networking stack).
Therefore, in contrast to the NIC session, MAC address and link state come from
the Uplink client. The link state is reflected through the lifetime of an
Uplink session: The client requests the session only when the link state is
"UP" and closes it whenever the link state becomes "DOWN" again. The MAC
address is transmitted from the Uplink client to the Uplink server as an
argument of the session request.
Ref #3961
* Adds documentation how to prepare and finalize a Linux for running the
scenario ontop of it
* Adds consideration of env variable 'ON_LINUX_WITH_DST_IP' that, if set,
adapts the run script to running on Linux with the given ping destination IP
Ref #3961
This patch relaxes the need to specify the rom content of all pkg dependencies
in each runtime file. Whenever a dependency features a runtime file, the
contained <content> <rom/> ... </content> nodes are implicitely included.
Fixes#3981
- depending on available PCI power cap power off and on
- save and restore PCI bars if required
- reset PCI devices after power on if supported
Fixes#3963
using Register_set && Register. It is derived from Genode::Mmio, however uses
as backend the Config_access implementation which is still used widely in
the platform driver.
Issue #3963
Replace explicit usage of bus, device, function arguments to methods or
variables all over the code by a single data type. It eases the reading of and
shorten the code.
Issue #3963
The keys, mute, touchpad toggle (Fn-F4) and rfkill may be reported by some
Fujitsu machines via the ACPI FUJ02E3 ACPI device. With this commit limited
support to detect the 3 keys are added and will be reported as Genode report.
This patch complements the commit "nitpicker: defer hover changed while
dragging" with fixes of the window layouter and motif decorator.
- Handling of empty pointer model (after unhovering a decoration)
instead of not updating it.
- Re-applying the hover model to the window layout when leaving the
drag state. This addresses the corner case that the hover model
changed during the drag operation (which is rightfully not handled
while dragging).
- Letting the window layouter enter the drag state only if a dragged
window is defined.
Issue #3973
When holding at least one key or button, the hovering should never
change. In the previous version, this invariant was not enforced,
but the symptoms for eventual inconsistencies were masked by two
checkes: one when generating the hover report, and one when submitting
the leave event. This patch enforces the invariant by suppressing any
change of 'User_state::_hovered' while in dragged state.
Fixes#3973
When idle, the decorator still consumes a bit of CPU time when triggered
by the GUI session's sync signal. This patch installs the sync handler
each time the decorator goes idle.
During position scaling use the location width/height which is the permitted
dimension within the child space, instead of using the whole possible
child space. (Fixup for "init: scale affinity location" Issue #1412)
Thanks to the report by Peter.
* Introduce 'use_arp' configuration flag at the NIC router in order to disable
requesting IP-to-MAC address resolutions via ARP for domains.
* Add automated run/nic_router_disable_arp test to the autopilot that tests
the effect of the new flag
* Document the new flag and the new test in the NIC router README
Fixes#3935
Thise driver supports USB LTE modems for Huawais' ME906s through MBIM
and provides a traditional Nic session. The "control" interface is a
Terminal session, which can be used via libmbim/mbimcli.
issue #3822
This commit restores the diag feature for selecting diagnostic output of
services provided by core. This feature became unavailable with commit
"base: remove dependency from deprecated APIs", which hard-wired the
diag flag for core services to false.
To control this feature, three possible policies can be expressed in a
routing target of init's configuration:
* Forcing silence by specifying 'diag="no"'
* Enabling diagnostics by specifying 'diag="yes"'
* Forwarding the preference of the client by omitting the 'diag'
attribute
Fixes#3962
- Vendor devices add addtional data to the config descriptor, read and
added to the usb session
- allow '0' configuration within the usb session
issue #3822
The usb_hid driver does not need to distinguish between
normal memory and DMA capable memory, since all requests are routed via the
USB raw session to the usb host driver. The default Malloc implementation
implements this distinction, however exposes restrictions on the size of
allocations. As seen now by several USB HID devices, the size of device
driver allocations depend on read out hardware features and can be
larger than we support with our specialized default Malloc implementation.
Since we don't need this functionality, switching to an well
tested allocator (Heap) which can cope with varying sizes of allocation,
we can mitigate the size restriction.
Fixes#3953
* The NIC router now considers, memorizes, and, if configured, reports
multiple DHCP option 6 entries from DHCP replies that it received as DHCP
client
* A DHCP server at the NIC router can now be configured statically with
multiple DNS server addresses to propagate
* The 'dns_server_from' attribute of the DHCP server of the NIC router now
supports the forwarding of multiple DNS server addresses
* The automated run/nic_router_dhcp test tests all the above mentioned new
functionality and reconfiguring it at runtime. The test was added to the
autopilot.
* All run scripts were adapted to fit the new NIC router configuration
interface
Fixes#3952
When reconfiguring the NIC router modifies the information that DHCP clients
received through a DHCP server of the NIC router, the link state of the
correspodning interface has to do a "down-up" sequence. This provides a signal
to the DHCP clients to redo DHCP, receive the new information and update
accordingly.
Fixes#3931
* Introduce CPU quota for driver subsytem (needed by sd_card_drv)
* Introduce CPU quota for runtime subsytem and nic_drv (needed by fec_nic_drv)
* Increase CAP quota for inspect terminal slightly
* Add sculpt packages for imx8q_evk
Fix#3958
* Introduce sculpt-[board] specific package
* Move rtc driver into managed drivers sub-system
* Name nic_drv in a generic fashion in sculpt_manager
* Copy over pc-specific config files only when building for PC
Ref #3958
Originally the outgoing buffer was flush when the terminal was
detached. Since we cannot do that at this point, make the flushing
part of the common cleanup procedure.
Issue #3682.
Rather than calling 'ssh_disconnect' from within the Terminal session,
flag the detached terminal in the session and let the event loop do the
cleanup. Otherwise it might happen that the 'ep' (handling the Terminal
session) as well as the 'pthread.0' (executing the ssh event loop) end
up both triggering the cleanup concurrently.
Issue #3682.
In case of arm_v7a Kernel::call64 the syscall will use both r0 and r1 as
output registers. Unfortunately the inline asm does not reflect this and
only r0 is explicitly specified as output. GCC manages to produce output
which we'd like to see. Clang on the other hand takes adventage of the fact
r1 should not be touched by swi and produces fewer instructions which do
what the code describes, but not what we actually want.
Basically the code which we want and is generated by GCC is:
svc 0
mov r2, r0
mov r0, r1
mov r1, r2
bx lr
Clang on the other hand generates correct assembly given the code, but
incorrect given what the function is supposed to do:
svc 0
mov r1, r0
mov r0, #0
bx lr
Both GCC and clang generate the same, expected assembly output when r1
is marked as output register from the inline asm swi call.
Fixes#3951
Clang correctly asserts this private member variable is not used
anywhere in the code. I'm not sure what the intention of the code is,
might be this is a part of some unfinished feature. This patch just does
the minimum amount of work to allow the code to build with clang. If
required I can also drop the parent_levels constructor argument and
clean up the call sites.
Issue #3950
The msg argument in Genode::Rpc_dispatcher::_read_arg is not used. GCC
does not care about this, but clang does and prints a warning regaring
this. Silence it by removing unused argument name.
fixup! base: Silence unused arg warning in rpc_server.h
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.
The commit combines the following work steps:
* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'
Fixes#3937
The control area is constructed during session creation and the caller can
handle the Out_of_* exception by increasing the quota by the next attempt.
Fixes#3917
Log a warning when the lwIP VFS plugin queues a read while waiting
for an interface to become ready. By comparision the Lxip plugin
has the same behavior but a more verbose initialization process.
Fix#3920
Account for the situation where the driver is started while the HP
is already plugged in and configure the mixer accordingly.
Thanks to Peter for the patch.
Issue #3929.
Due to what seems like a copy-and-paste error, the wrong union member
was used to compare the label. Fortunately, as both structs have the
same memory layout that did not result in any issue.
Issue #3929.
Originally, the kernel code should have been executed within the
context of the main task like it is done in dde_linux. The initial
port of the HDA driver, however, did not required doing so and the
session called code directly.
When using USB device, that is no longer possible as we have to
suspend the execution during the execution of the kernel code. So
we pass in the audio data and schedule the kernel.
Fixes#3929.
This becomes necessary in case of the USB audio driver where we have
to wait for and query the function first.
That being said, alternatively we could also announce the session but
ignore any request until there is a device we can use.
Issue #3929.
With this commit the timer back-end uses the timeout framework to
schedule any occuring timeouts and for providing the current time.
For now there is only one timeout, the unsolicited azlia codec event
and therefore the timeout queue consists of solely one timeout object.
In addition a timer session is used for implementing 'delay()' where
we have to block until the delay is completed.
Issue #3929.
For historical reason the 'strlcpy' implemention was directly pull in
into the emulation environment. There is, however, no reason not to
use the contrib sources in the usual fashion.
Issue #3929.
Instead of the generic name, call the PCI driver 'pci_audio_drv'.
This is preliminary clean-up work before introducing the USB audio
driver.
Issue #3929.
The supported drivers so far exclusively used PCI and for practical
reasons the emulation environment was to tied to. To make future
addition of drivers that employ other transport busses easier, split
the bus handling into its own backend.
This is preliminary clean-up work before introducing the USB audio
driver.
Issue #3929.
* Updating the run script was missed in commit "dde_bsd: remove
configration attributes".
* Decrease output and input volume to "more sane" levels.
Issue #3929.
Updating the config and using its settings instead of only reporting
the new session allows to apply stored channel settings immediately.
In case of Sculpt this is useful when an existing launcher already
contains a valid config that sets the volume levels appropiately or
the 'recall_fs' is used.
Fixes#3930.
The _root, _gid and _uid private member variables are not used for
anything. GCC does not care, but clang likes to complain about things
like this.
Issue #3938
Right now the code marks specific instance of this function as noreturn.
It then tries to initialize it using a value that has the same type,
except for the noreturn part. GCC does not care, but clang complains this
technically assigns the value of entry from incompatible pointer type.
Fix this by defining Entry function as no return.
Issue #3938
The lambda function passed to Board::Vm_page_table_array does not
actually use "this" for anything. GCC does not warn about this, but
clang does. Remove the extra capture to make clang happy.
Issue #3938
GCC doesn't care, but clang complains if [[fallthrough]] is not followed
by a semicolon. Existing code is also not consitent in this regard. Lets
just fix it to make clang happy.
Issue #3938
When compiling this code, clang complains reference to 'Sandbox' is
ambiguous. It can either mean ::Sandbox namespace from
os/src/lib/sandbox/types.h, or Genode::Sandbox declared in
repos/os/include/os/sandbox.h. Since the code refers to ::Sandbox::Child
and its already in ::Sandbox namespace we can just drop "Sandbox" and
refer to just Child, which makes clang happy.
Issue #3938
This path fixes a void cast used to silence unused return value warning.
Its a common pattern to use void cast to do that. The code uses void *
cast instead. It works for GCC, but clang complains about this.
Issue #3938
Clang is rather picky about this and prints the following warning when
compiling new_delete.cc:
error: function previously declared with an explicit exception
specification redeclared with an implicit exception specification
[-Werror,-Wimplicit-exception-spec-mismatch]
Issue #3938
This was discovered when building the code with clang instead of GCC. In
this setup the run/ping on base-hw/arm_v8a/virt_qemu would crash
on shutdown due to uncaught Deref_unconstructed_object exception thrown
for Genode::Reconstructible<Genode::Account<Genode::Ram_quota>>. The
specific instance throwing this exception was
Pd_session_component::_ram_account. My investigation exposed the
following problem:
1. The Pd_session_component has a _sliced_heap member backed by
_constrained_ram_alloc which in turn uses Pd_session_component itself
as its Ram_allocator.
2. When ~Pd_session_component is called it first destroys _ram_account,
followed by _signal_broker.
3. The signal broker holds a reference to
Pd_session_component::_sliced_heap as Signal_broker::_md_alloc.
4. The base-hw implementation of ~Signal_broker destroys some contexts
and does this by calling Genode::destroy on some slabs using the
_md_alloc (ref to Pd_session_component::_sliced_heap).
5. The Genode::Slab calls the Ram_allocator::free which ends up calling
Pd_session_component::free.
6. The Pd_session_component::free can among other things call replenish
method on Pd_session_component::_ram_account which has already been
freed at this point.
From my POV calling replenish at this point is basically an undefined
behavior. The Genode::Constructible holding the Genode::Account was
already detroyed at this point. GCC builds happen to somehow manage to
go through the -> operator call without raising any alarms, while clang
builds trip on the _check_constructed() call.
This fix moves the _ram_account a bit higher in class declaration to
ensure its destroyed after _sliced_heap. This seems like the simpliest
solution for this problem.
Fixes#3941
This prevents later file-descriptor shortage when opening files on
demand, which can't be reflected to the application in a sane manner.
The real fix is to open socket files not on libc level but on VFS level
only effectively consume one libc file descriptor for one socket.
* Fix GIC model to support priority and cpu target settings correspondingly
* Fix semantic of SGIR register for GICv2
* Minor GIC model IRQ state fix
* Introduce synchronization for VirtIO and GIC models
* Enable multiple CPUs in test run-script for ARMv8
Fix#3926
* Introduce hypervisor-stack per CPU
* Introduce host world context per CPU
* Mark EL2 translation table memory as inner shareable
* The VMID is not bound to a single VCPU, but to the Vm_session as a whole
* Set affinity of the VCPU accordingly
* Add VMPIDR to VM state
Ref #3926
Instead of calling core to run/pause a VCPU, go directly to the kernel.
Apart from the performance win, it would otherwise involve a more complex
protocol, when a VCPU on another core has to be removed from the scheduler.
Core's entrypoint handling those request runs on the boot-cpu only.
Ref #3926
To enable the interaction of a VMM with the kernel directly,
a hidden RPC gets introduced. It allows a kernel-specific
base-library implementation of the Vm_session::Client to request
a kernel-specific capability to address a VCPU, e.g., to
run/stop it.
Ref #3926
Now, the USB connection is established on backend initialization and
terminated on backend exit triggered by high-level libusb code.
Thanks to Peter for the patch.
- unlink shared memory files
- lower maximum number of socket pool sockets to reduce chance of file
descriptor exhaustion
- fix a build dependency which caused sporadic parallel build errors
Fixes#3910
With this commit, the alignment of anonymous 'mmap()' allocations can be
configured like this:
<config>
<libc>
<mmap align_log2="21"/>
</libc>
</config>
Fixes#3907
This plugin gives access to the Audio_out session by roughly
implementing a OSS pseudo-device. It merely wrapps the session and does
not provide any resampling or re-coding.
Fixes#3891.
In the same vein as the terminal and block I/O controls, the sound
controls are implemented via poperty files and match the OSS
API ([1] features a nice overview while [2] is v3 and [3] gives
in-depth information on the current v4.x API we eventually might want
to implement).
[1] https://wiki.freebsd.org/RyanBeasley/ioctlref/
[2] http://www.opensound.com/pguide/oss.pdf
[3] http://manuals.opensound.com/developer/
The controls currently implemented are the ones used by the cmus OSS
output plugin, which was the driving factor behind the implementation.
It uses the obsolete (v3) API and does not check if the requested
parameter was actually set, which should be done according to the
official OSS documentation.
At the moment it is not possible to set or rather change any
parameters. In case the requested setting differs from the parameters
of the underlying Audio_out session - in contrast to the suggestion in
the OSS manual - we do not silently adjust the parameters returned
to the callee but outright fail the I/O control operation.
The following list contains all currently handled I/O controls.
* SNDCTL_DSP_CHANNELS sets the number of channels. We return the
available channels here and return ENOTSUP if it differs from
the requested number of channels.
* SNDCTL_DSP_GETOSPACE returns amount of playback data that can
be written without blocking. For now it amounts the space left
in the Audio_out packet-stream.
* SNDCTL_DSP_POST forces playback to start. We do nothing and return
success.
* SNDCTL_DSP_RESET is supposed to reset the device when it is
active before any parameters are changed. We do nothing and return
success.
* SNDCTL_DSP_SAMPLESIZE sets the sample size. We return the
sample size of the underlying Audio_out session and return ENOTSUP
if it differs from the requested number of channels.
* SNDCTL_DSP_SETFRAGMENT sets the buffer size hint. We ignore the
hint and return success.
* SNDCTL_DSP_SPEED sets the samplerate. For now, we always return
the rate of the underlying Audio_out session and return ENOTSUP
if it differs from the requested one.
This commit serves as a starting point for further implementing the
OSS API by exploring more users, e.g. as VirtualBox/Qt5/SDL2 audio
backend or a more sophisticated progam like sndiod.
Issue #3891.
At least on some PIT-based platforms (x86_32 + pistachio/okl4/sel4), we run
into trouble with the reworked timeout framework that now proccesses all
pending timeouts before calling their handlers. This order change leads to a
higher rate of handling of short periodic timeouts in the timer driver which
can cause lower prioritized components to starve. Especially, if submitting
signals (from timer to client) isn't cheap (as is the case on qemu + pistachio
for example).
Issue #3884
The driver is faily simple and does not support fancy features like
TCP checksum offloading or vlan filtering, but it is fully capable of
running every Genode network based scenario I've tried. Its currently
known to work on virt_qemu arm platforms and x86_64.
Fix#3825
To simplify writing native VirtIO drivers for Genode add helper classes
representing VirtIO device and queue. The queue implementation should
be platform independant. The device abstraction however is closely tied
to the VirtIO transport being used (PCI/MMIO). Both PCI and MMIO
implementations expose the same public API so the actual driver logic
should be the same regardless of which transport is used.
Its also important to note that the PCI version of Virtio::Device
currently does not support MSI-X interrupts. Unfortunately my kowledge
about PCI bus is very limited and my main area of interest was to get
VirtIO drivers working on virt_qemu ARM/Aarch64 platform. As such all
the VirtIO drivers I plan to submit will work with PCI bus, but might
not use some extended capabilities.
Ref #3825
The VirtIO device configuration on Qemu is dynamic. The
order and presence of different command line switches affects
base address and interrupt assignment of each device. One could
probably hard-code the necessary switches and resulting XML ARM
platform driver configuration in each run script, but this seems
like troublesome and hard to maintain solution.
This patch explores an alternative approach to the problem.
It implements a ROM driver which probes the address space region
Qemu virt machines assign to VirtIO MMIO devices and exposes the
result as XML via a ROM session. This XML output can be fed directly
as config to the generic ARM platform driver.
Ref #3825
Right now the same code dealing with nic setup on qemu is duplicated
in many different run scripts. It makes it unnecesarily complex to
change the existing config or add support for new nic types. Lets move
all this common code to qemu.inc.
Ref #3825
- make GPIO server more robust on imx by not throwing exceptions for
unknown pins, use '_with_gpio' instead
- use 'Gpio::Pin' data type instead of POD 'unsigned'
issue #3900
The patch handles the case, that the memory for the MSI-X table is part
of one of the Pci::Resource Memory BARs, which got allocated beforehand already.
With this commit, the platform driver will not fall back to use legacy IRQs or MSI, whereby MSI-X is available actually. Additionally, this patch avoids a lot of red
messages about non available IO-MEM printed by the roottask.
Fixes#3904
The deadlock occured with three concurrently running threads: two
waiters calling pthread_cond_timedwait() and one signaller calling
pthread_cond_signal().
If waiter W1 hits its timeout, the signaller may have called
pthread_cond_signal(), detected this waiter and posted the internal
'signal_sem' concurrently. Then, the signaller waits for 'handshake_sem'
to ensure the waiter got woken up.
Waiter W1 can't consume the 'signal_sem' post by
'sem_wait(&c->signal_sem)' because another waiter W2 may have consumed
the post already above in sem_wait/timedwait(). Waiting for a post on
'signal_sem' would block the waiter W1 in perfect deadlock with
signaller on 'handshake_sem'. As W1 also owns 'counter_mutex' in this
situation, waiter W2 would block when trying to aquire 'counter_mutex'
and can't resolve the situation.
So, W1 does nothing in this case and we accept the spurious wakeup on
next pthread_cond_wait/timedwait().
* get rid of alarm abstraction
* get rid of Timeout::Time type
* get rid of pointer arguments
* get rid of _discard_timeout indirection
* get rid of 65th bit in stored time values
* get rid of Timeout_scheduler interface
* get rid of uninitialized deadlines
* get rid of default arguments
* get rid of Timeout::_periodic
* get rid of Timeout::Raw
* use list abstraction
* only one interface for timeout handlers
* rework locking scheme to be smp safe
* move all method definitions to CC file
* name mutexes more accurate
* fix when & how to set time-source timeout
* fix deadlocks
Fixes#3884
In case of contexts blocked in select() the monitor updates the
file-descriptor status, but if the entrypoint is just blocked for the
select handler, the status must be updated explicitly on
dispatch_select().
This patch fixes the corner case where the keyboard focus is defined
independently from user interactivity, e.g., the activation of a
screensaver or lock screen.
In this case, nitpicker would update its internal focus state not before
the next input event is handled. Should this input event be a press
event, this event would wrongly be delivered to the prior focused
session. Another problematic situation is the initial state before the
very first input event occurs. Since the focus remains undefined until
the first input event is handled, an initial key press event would not
be delivered.
This is a regression caused be the transition to the event-session
interface and the removal of the nitpicker's periodic way of operation.
The patch fixes the problem by applying pending focus changes not only
at the input processing but also on the code path that responds to focus
changes (e.g., focus-rom update).
Issue #3812
Adjust the base-* platforms to acknowledge new thread location solely if
migration is supported and succeeded. Otherwise the wrong thread
locations are observed via the trace session and utilization time calculation
get wrong.
Issue #3842
Instead of using the old 'ioctl' Vfs::File_io_services API implement
the I/O control functionality in a buch of files. This is similar to
the terminal-VFS plugin.
Fixes#3889.
Like already done for terminal I/O controls use collect the information
by reading property files instead of using the old VFS ioctl interface.
Fixes#3888.
There is a type mismatch as in the FreeBSD contrib code the type of the
request is 'unsigned long'. So far, only I/O controls where the request
falls into the signed range where used and this was not a problem.
Some of the SNDCTL requests, however, have the bit set.
Fixes#3887.
This patch is a follow-up for the commit "libc: use monitor for fork".
It removes the use of the monitor mechanism from the
'Local_clone_service::close' RPC function because the fork_ep must stay
responsive for the destruction and creation of 'Child' objects.
Issue #3874
The current version of the driver leaves the screen in a black state
after a mode change, e.g., when connecting an external display.
With this patch, the framebuffer content is fetched for the entire
screen after a mode change. Thanks to Sebastian Sumpf for investigating.
Issue #3878
- Show "..." for resource-assignment menu entry because it leads
to a sub menu.
- Avoid dialog changes when clicking on "Add component" while a
routing or resource dialog is unfolded.
The initial implementation of the affinity configuration in
"depot_deploy: support affinity configuration" added the affinity
location attributes to the <start> node of the deploy config. This patch
moves the information into a dedicated <affinity> sub node as done by
the init configuration. So the context of the attributes 'xpos', 'ypos',
'width' and 'height' becomes clear.
It also fixes a usability issue in Sculpt that occurred during testing:
When configuring multiple components with custom affinities, the
resources dialog of later components would wrongly display the state of
earlier components instead of displaying the fresh (default) state. The
resulting configuration would then not match the displayed information.
This is fixed by resetting the dialog state.
As another minor cosmetic change, the patch adds a line break in front
of copied <config> or <heartbeat> nodes.
Issue #3597
The combination of Net::Mac_address and
Genode::ascii_to(Net::Mac_address) required shaky quirks in several
places because GCC is not able to resolve the ascii_to overload if
base/xml_node.h was included to early. The current solution moves the
several ascii_to overloads "closer" to the Net types by putting them
into the Net namespace, where GCC reliably picks them up.
Hence, co-locating the ascii_to() utility with the overload type in the
same scope/namespace is good practice.
This patch removes the now obsolete <nic/xml_node.h> header file.
With the move of the storage-management dialogs to the graph in Sculpt
version 20.02, the ability to unselect the buttons for destructive
storage operations such as format or expand disappeared. This patch
restores the original behavior.
* On this platform there is no need to zero out the framebuffer
dataspace, which is already blanked by core
* But it might happen that the GUI server is sending a capture
event before the zero out happens. Thereby screen content can get
lost
Fix#3878
* Fixes faulty algorithm in fractional pll rate calculation
* Enables clocks that are set as reference clock to prevent system freeze
* Enables/disables root clocks of gates implicitely
Fix#3876
By default, bash brings its own version of 'getenv', named exactly like
the libc function. This becomes a problem in fork/execve scenarios if
the dynamic linker resolves 'getenv' to the bash binary instead of the
libc.
This patch fixes the generate step of the genodians.org scenario.
Issue #3882
This patch enables the menu view's new ability to respond to font-size
changes in Sculpt so that the menu view instanced no longer need to be
restarted whenever the screen resolution or font size is changed.
Fixes#3875
This patch allows the use of the VFS watch mechanism for the glyph file
of the TTF VFS plugin so that clients become able to dynamically respond
to font reconfigurations.
Issue #3875
This is needed to enable VFS plugins to notify VFS clients about file
changes that depend on the plugin configuration, E.g., whenever the vfs_ttf
plugin responds to a font-size change, it generates a watch notification
for the glyphs file. Since the change is independent from I/O, we need
to manually call 'handle_io_progress'.
By default, Vim renames a written file to a backup file suffixed with
"~" before writing the current buffer to a new file. Consequently, there
exists an intermediate state when no file exists. Should a client watch
such a file to obtain dynamic configuration info, it observes the empty
state.
Some components have builtin heuristics for such a situation. In
particular, the window layouter falls back to a predefined default
'rules' if no rules are provided as a file. So when interactively
editing window-layouter rules using Vim, it can happen that the manually
maintained rules get overwritten by the default rules.
By setting 'set nowritebackup', we can sidestep this issue by preventing
Vim from producing the bad intermediate state.
With the change of nitpicker to the event session interface, the
formerly periodic hovering updates moved to the - now sporadic - input
processing. This has the unfortunate side effect that hovering changes
caused by non-user-input, in particular view-stack changes issued by the
GUI clients that change the view under the current pointer position,
would no longer be reported immediately but only after receiving the
next incoming input event.
This patch reworks the hover handling such that potential hovering
changes due to view-stack operations are evaluated immediately by
those operations, covering the update of the hover report and the
generation of artificial enter/motion events.
Issue #3812
This patch solves a corner case where one long-active job (e.g.,
read-ready request) stays at the beginning of the '_active_jobs' queue
without an ack. In this case, the '_try_acknowledge_jobs' method would
wrongly stop processing the subsequent acknowledgements. In practice,
this can lead to a delayed sending of acknowledgements until new I/O or
client requests occur. In particular, Vim in Sculpt's inspect window
sometimes did not immediately respond to key presses during tab
completion. Here, the read-ready request of the terminal prevented the
acknowledgement for read of directory entry from being delivered until
the next key was pressed.
Fixes#3873
The quota for the argument buffer is already accounted by using the
Attached_ram_dataspace _argument_buffer, which uses the Constraint_ram_allocator
_ram, which uses the Ram_quota_guard from the Session_object. Running on
Sculpt with more than 1000 Subject_info objects/trace IDs the memory
waste become noticeable.
Follow-up commit to fix the old usb_drv. Under rpi one and the
same irq can be requested several times. Therefore, we've to track
the Irq_connection objects.
Ref #3865
It seems Qemu 5.0.0 no longer supports gic_version parameter.
Apparently this only worked due to some compat feature that
was dropped in Qemu 5.0.0. The replacement which works on both
old and new Qemu versions is gic-version.
Fixes#3823
The Lx_kit::Irq abstraction of DDE Linux was always using the very first
interrupt of a Platform::Device stored in it. Instead of handing over the
platform device it is much more flexible and sane to hand over the actual
interrupt capability.
Ref #3865
By now, the enumeration of peripheral interrupts on Raspberry Pi 1 was
different in between base-hw kernel and Fiasco.OC. Therefore, hacks were
needed in every driver to request the correct interrupt number dependent
on the kernel. Before reproducing the same in the platform driver for rpi,
we can more easily use the same enumeration with base-hw.
Ref #3864
This is a temporary workaround to not harm drivers, which aren't
converted yet to request all device resources including power and
clocks from this new platform driver.
Ref #3863
To access the ARM Trusted Firmware from the platform driver
fill the new `managing_system` call of the PD session with life resp.
do a SMC call on behalf of the client.
Fix#3816
Introduce the managing_system privilege for components like the
platform_driver to allow it to call system management functionality
that is reserved by kernel or special firmware, e.g., ARM Trusted Firmware.
The former RAM resource configuration attribute `constrain_phys`,
which enabled to constrain the region of physical RAM to be used,
gets replaced by the new, broader managing_system configuration
attribute of a `start` node. It gets enforced by the sandbox library.
Ref #3816
Normally CLOCK_REALTIME is used. However libraries, like glib, want to
use CLOCK_MONOTONIC. To make those users happy add setting the clock.
Note, the pthread_cond implementation uses the POSIX semaphore API
internally that does not have means to set the clock. For this reason,
the private 'sem_set_clock' function is introduced.
Fixes#3846.
When the 'raw' attribute is set to 'yes' the terminal VFS plugin will
ignore control characters. This in necessary for terminal connections
that transport data that contain such characters as part of message.
Fixes#3860.
The driver wrongly rejected a block request for the very last block of
the device, which prevented part_block from successfully parsing the
partition table (when attempting to access the GPT backup).
Fixes#3861
With this patch, sculpt uses init's heartbeat-monitoring mechanism to
detect the failure of part_block instances during storage disovery.
If part_block gets stuck, the device is released and can thereby
be accessed at the whole-device level.
Issue #3861
The patches disable VBOX_IGNORE_FLUSH and a sanity check in the VMDK
backend. This enables passing an explicit flush request by the guest
down to the VFS.
Fixes#3743.
The check prevents the Ttf_font from violating the bounding box in the
presence of very small scale values. This can happen during the startup
of Sculpt. Before the framebuffer driver is up, Sculpt bases its dynamic
font-size setting on a screen resolution of 1x1.
Issue #3812
* add libsparkcrypto source-recipe
* provide ALI files through a new repository by mstein and add the repo
download to the libsparcrypto port-file
* remove dependencies to non-existent contrib ADB files from the library make
files
Fixes: #3852
The sculpt manager used to defer the initialization of the GUI until
nitpicker's first display report became ready. This way, Sculpt was able
to run headlessly even if the framebuffer driver failed to start up.
Thanks to #3827, nitpicker no longer depends on a working framebuffer
driver. So the sculpt manager is safe to rely on nitpicker in any case,
simplifying the code.
Issue #3827
This is a follow-up commit to "nitpicker: make framebuffer and input
optional". It restores the dynamic mode-change support when using
'request_framebuffer="yes"' as needed in scenarios where multiple
nitpicker instances are used in a cascaded way. E.g., Sculpt's
Leitzentrale. The previous version missed to reconstruct the
'_fb_screen' on mode changes.
Issue #3812
This patch untangles the dependency of VFS operations that need RTC
information from the 'clock_gettime' libc function that must never be
called from the libc kernel context.
- The 'Rtc' class uses the VFS directly for reading the rtc file instead
of relying on libc functions.
- The 'Rtc' instance has become part of the 'Kernel' instead of
being construced as a side effect of the first call of
'clock_gettime'.
- Changed 'Rtc::read' to return a timespec value, which has a higher
precision than the formerly used time_t value.
- The 'Rtc::read' returns a value with the relative 'current_time'
already applied. The former handling of subsequent rtc-value
updates has been rewritten to become more logical.
- The 'Vfs_plugin' no longer calls 'clock_gettime' but the new
kernel-level 'Current_real_time' interface.
Issue #2635
This patch untangles the interplay of the base library and the libc
during the exit handling.
- The CXA ABI for the atexit handling is now provided by the libc.
For plain Genode components without libc dependency, __cxa_atexit
is a no-op, which is consistent with Genode's notion of components.
- The 'abort' implementation of the base library no longer calls
'genode_exit' but merely 'sleep_forever'. This way, the cxx library
no longer depends on a 'genode_exit' implementation.
- The libc provides 'atexit' support by storing metadata on the
libc kernel's heap now, thereby eliminating the former bounded
maximum number of atexit handlers.
- Shared-library dtors are no longer called via the atexit mechanism
by explicitly by the dynamic linker. This slightly changes the
call order of destructors (adjustment of the ldso test). Functions
marked as destructors are called after the atexit handlers now.
- The libc executes atexit handlers in the application context,
which supports the I/O operations in those handles, in particular
the closing of file descriptors.
Fixes#3851
For the time being, we put all spec and body files into the recipe although
there might be a (so far to us unknown) way to have only the API relevant files
in it.
Fixes#3849
* switch to a libsparkcrypto fork of m-stein
* switch to a libsparkcrypto state that makes some units pure that are used by
the consistent block encrypter, in order that the latter can become
completely pure
Ref #3849
* switch to fork of the Ada runtime provided by m-stein
* switch to a Ada-runtime state that provides the Exp_Int package (exponential
function on integers)
* adapt spark lib, symbols, and recipes to incorporate the Exp_Int package
Fixes#3848
* enable all common warnings through default value of CC_ADA_WARN
* treat warnings like errors through default value of CC_ADA_WARN_STRICT
* enable almost all style checks through default value of CC_ADA_WARN_STRICT
* style fixes for aes_cbc_4k
* disable strict warnings and style checks for libsparkcrypto and spark lib
Ref #3848
This patch prevents nitpicker from requesting a framebuffer and input
session by default because the regular use of nitpicker relies on the
capture-session and event-session interfaces by now.
For supporting the nested use of nitpicker via the gui_fb component, it
is still possible to enable the traditional behavior by explicitely
setting the 'request_input' and 'request_framebuffer' config attributes
to "yes".
Issue #3812
This remove the call to Io_progress_handler::handle_io_progress() from
wait_and_dispatch_one_io_signal() to prevent unexpected nesting
I/O-progress handling in case of custom dispatch loops (e.g., in libc).
The original intention of Io_progress_handler was to inform the
entrypoint just before blocking in the entrypoint loop.
Issue #2635
This commit applies the transition from the "Input" session to the "Event"
session to the event-filtering mechansim. The functionality of the
input_filter is now provided by the event_filter. The event filter
requests only one "Event" session as destination for the filter result,
which is usually routed to the nitpicker GUI server. It provides an
"Event" service to which any number of event sources can connect.
The configuration of the filter chain remains almost the same. Only the
declaration of the <input> nodes is no longer needed. Instead, the
configuration must specify <policy> nodes, which define the mapping of
"Event" clients (event sources) to the inputs used in the filter chain.
The patch adjusts all uses of the nitpicker GUI server accordingly such
that the event filter reports events to nitpicker's event service
instead of having nitpicker request an "Input" session. This dissolves
the dependency of nitpicker from input drivers.
Issue #3827
This patch brings the input filter into a shape that is easier to
re-mold into an event filter, reversing the client/server roles of
the component.
* The 'Sink &destination' is no longer passed as constructor argument
to the individual filters but passed as argument to the 'generate'
method. This way, the final destination does not need to exist at
the construction time of the filter chain but can be created on
the fly (clearing the way for using 'Event::Client::with_batch').
* A new 'Source::Filter' interface with the 'apply' method aids the
cascading of filters during 'generate'. The modules now implement
the 'Source::Filter::filter_event' interface instead of the
'Source::Sink::submit_event' interface.
* Since the 'Sink &destination' is no longer a member of the filter
modules, character-repeat events can no longer be emitted in an
ad-hoc way. Instead, the character-repeat mechanism now invokes
a new 'Trigger::trigger_generate' hook that prompts the execution
of the regular 'generate' mechanism by the main program.
This patch is supposed to leave the semantics of the input filter
unchanged (validated by the input_filter.run script).
Issue #3827
This is an intermediate helper component for the transition of input
servers into event clients. It works analogously to the
input_event_bridge but it connects servers instead of clients.
In particular, it can act as glue between a traditional input driver
that provides an input service and the event filter that provides an
event service. Thanks to this component, each driver can be migrated to
the event-client interface individually.
Issue #3827
- base/cancelable_lock.h becomes base/lock.h
- all members become private within base/lock.h
- solely Mutex and Blockade are friends to use base/lock.h
Fixes#3819
This patch replaces the use of the "Framebuffer" session interface by
the new "Capture" session interface in all framebuffer drivers. Thanks
to this change, those drivers have become mere clients of the nitpicker
GUI server now, and are no longer critical for the liveliness of the GUI
server.
The patch touches the following areas:
- The actual driver components. The new versions of all drivers have
been tested on the respective hardware. Generally, the drivers
have become simpler.
- The drivers_interactive packages for various boards. The drivers
subsystem no longer provides a "Framebuffer" service but needs a
valid route to the "Capture" service provided by nitpicker.
- The driver manager of Sculpt OS.
- This patch changes the role of the test-framebuffer component from a
framebuffer client to a capture server so that drivers (capture clients)
can be directly connected to the test component without the nitpicker
server.
- Framebuffer driver no longer support the unbuffered mode.
- The fb_bench.run script is no longer very meaningful because it
interplays solely with nitpicker, not with the driver directly.
- All run scripts for graphical scenarios and the related depot
archives got adapted to the change.
Fixes#3813
This patch replaces meta-data allocation during the resize handling by a
new 'Resizeable_texture' type that has all meta data preallocated.
It also replaces the use of pointer return values with the
'Resizeable_texture::with_texture' method.
Issue #3812
Nitpicker used to unconditionally request a framebuffer and input
session. With the transition to the new capture/event session
interfaces, this built-in policy does no longer suffice.
This patch introduces the attributes 'request_framebuffer="yes"' and
'request_input="yes"' (with the default values shown) to nitpicker's
<config> node. If setting those attributes to "no", nitpicker won't
request a "Framebuffer" and "Input" session respectively.
Issue #3812
In the presence of potentially multiple output back ends, this
dirty_rect state must be maintained individually per back end. Instead
of storing the dirty_rect as view-stack member, the view stack now calls
a new 'Damage::mark_as_damaged' interface, which allows nitpicker to
propagate this information to multiple back ends. Unfortunately, the
patch must remove the per-view dirty_rect state.
Issue #3812
This patch simplifies the internal naming of the nitpicker GUI server as
a preparatory step for adding support for the capture session interface.
Issue #3812
_timestamp() returns CPU local values which may not be in sync with _ts
taken from another CPU. Be robust and don't produce wraparound/negative
timeout values.
Issue #3657
* Differentiate in between different architectures with assembler routines
for correct measures
* Automate first step measuring of 10G bogomips across different hardware
Fix#3785
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.
The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.
Fixes#3784
The 'vfs_block' component will give access to a VFS file through a
Block session. For more detailed information please look at its
README.
(On a technical note, the server currently only allows for one
active session and has only one pending back end request but can
easily be extended in the future.)
Fixes#3781.
Setting the 'size' attribute will restrict a reader to consume
0s up to the specified amount per VFS handle. The attribute is
parsed as 'Number_of_bytes', which will limit the amount to the
maximum of the addressable memory on the platform.
This addition comes in handy when needing to provide a synthetic
empty file with a fixed size.
Issue #3781.
So far the condition whether to spawn a new job or not depended on
the amount of data already processed. This could lead to spawning
more jobs than necessary if batching is used and in return could
result in creating invalid requests in case the tested block session
is not large enough.
In addition to checking the amount of data the test now stores the
number of the last block and checks if the current request is in
range. This properly limits the total amount of requests.
Issue #3781.
The seek offset has to be updated on partial writes according to the
current write position. Otherwise writes will override the content
at the initial offset.
Fixes#3780.
This commit fixes the 'Out_of_caps' handling. The previous version
mistakenly upgraded the RAM instead the caps as response. The problem
could be triggered by the 'decorator_stress.run' script.
The blit API archive missed the CPU-architecture-specific variants of
the blit library such that all depot binaries worked with the generic
(slow) fallback implementation. This patch adds the missing pieces to
the blit API archive.
Up to now all pthreads get placed on one CPU.
The patch adds support to evaluate a libc pthread configuration specifying
a placement strategy.
The default strategy is now to use all available CPUs as imposed by Genode's
affinity configuration for the pthread application.
The old behaviour, putting all pthreads on one single cpu can be still
configured by:
<libc>
<pthread placement="single-cpu"/>
...
</libc>
Fixes#3775
To enable logging of ROM session deliveries, set the "diag" on
session routes:
<route>
<service name="ROM" label_prefix="/bin/">
<child name="cached_fs_rom" diag="yes"/>
</service>
…
<route>
Fix#3772
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
