Nitpicker used to notify GUI clients about an updated GUI info only when
the total panorama size changed. However, in situations where two
capture clients are swapped, the total size may stay the same whereas
the relation of displays to different parts of the panorama is no longer the
same. Such changes are interesting to some clients like the window layouter,
which needs to update the assignement of screens to displays.
This patch changes nitpicker so that each panorama change is reflected
to GUI clients as a mode-info update.
Issue #5390
This patch fixes the following error message printed by the wm upon the
restart of a decorator.
Error: freeing non-empty slab block"
Error: ID space not empty at destruction time
Fortunately, the error is not critical as the backing store is released
along with the session.
The 'label_suffix=" -> decorator"' rule is weaker than the
more generic 'label_prefix="runtime -> wm"' rule, to the effect that the
decorator is assigned to the "desktop" domain instead of the "decorator"
domain. Replace the 'label_prefix' by the decorator's concrete label
to resolve this ambiguity.
The 'size_changed' handling remained without effect when the (last)
display re-appears (e.g., back from screen blank) because
'Capture_root::bounding_box()' delivered the '_fallback_bounding_box'
in the intermediate phase where no display was present. Unfortunately,
'Capture_root::visible()' failed to apply the same logic. This patch
makes 'visible()' consistent with 'bounding_box()'. It has the
welcome effect that nitpicker remembers the pointer position during
the dark phase.
Fixes#5397
GCC 12 tree-loop-distribute-patterns generates false warnings of
-Warray-bounds, -Wstringop-overflow, or -Wstringop-overread in memcpy()
and memcpy_cpu() in static/inline cases for code that obviously prevents
its execution by invariant checking. On -O3, even more warnings are
produced.
This patch fixes the corner case where a call of 'trigger_gui_sync'
unexpectedly did not result in the execution of '_handle_gui_sync'.
When sporadically called (w/o having installed a period sync handler)
in a time window shortly after a previous '_handle_gui_sync' that just
switched back to sporadic mode, the situation was considered as !idle.
So the 'local_submit' was skipped.
The patch fixes the issue by always issuing a 'local_submit' except when
operating in period mode. The '_gui_sync_enabled' state is now driven
only by '_handle_gui_sync' to make the intent more clear.
Fixes#5396
When constructing an Usb::Interface and implicitly corresponding
Usb::Endpoint instances only select endpoints relevant for the
given alternate setting.
The libusb has to be changed to delegate the correct alternate
setting to the constructor too.
Fixgenodelabs/genode#5394
On hotplug, the C++ side of the driver now gets just notified,
without any further detection.
On the C++ side, now specific actions are scheduled explicitly, which will be
executed step by step. New appearing actions will be queued and are
not eligible to run before the former actions of the list are processed.
Fixe #5392
config node gracefully. If no mirror is set, ever claim one entry
as the mirrored one. Without this change, the current effect is that
the UI does not allow to merge one of the discrete modes.
Issue #5392
Foster the Genode books as a single point of reference for Genode's
documentation. E.g., the Getting-Started section of the "Genode
Foundations" book has long obsoleted doc/getting_started.txt. This
patch also remove long orphaned texts like gsoc_2012.txt. The approach
described in the porting guide has now been replaced by the Goa SDK.
The Genode books can be downloaded at the genode.org website. Like
Genode, they are open source. All text is licensed as CC-BY-SA and
can be found at https://github.com/nfeske/genode-manualFixes#5393
Our new U-BOOT for the imx8mp_iot_gate complains about the size
of the device tree being zero bytes. This is because it no longer
provides the kernel boot arguments via ATAGS, but passes them via
by injecting them in the flattened device tree..
This commit adds a minimal dtb file to the FIT image to satisfy U-BOOT.
Issue #5354
Instead of directly process URBs whenever a USBPacket arrives from
the Qemu ported XHCI layer, send a local signal to the I/O handler,
which will process the requests after leaving certain sensible
code pathes like usb_packet_complete. Otherwise, it might happen
that a packet, which was still marked as being queued gets already
completed, which leads to an assertion and hang of the library.
Fixgenodelabs/genode#5389
This prevents the potential corner case where the terminal receives input
at a time when the window has no valid size and _text_screen_surface is
not constructed.
If one of core's threads is causing an MMU fault, dump the
register state and stack backtrace of the faulting stack to
aid debugging.
Fixgenodelabs/genode#5387
When building ELF binaries of core and bootstrap for a run scenario,
also create the *.core.debug file to be able to use the tool/backtrace
utility.
Ref genodelabs/genode#5387
- add a check to detect if a different thread has
initialized the internal object in the meantime
- remove ENOMEM error since the 'Libc::Allocator'
is not supposed to throw exceptions
- remove init mutex from 'pthread_condattr_init()'
since there is no implicit initialization which
could happen in parallel like with mutex/cond/rwlock
Issue #5386
The VFS server used to respond to any invalid config by exiting.
By disregarding such configurations instead, this patch makes the VFS
server robust against temporary malconfiguration.
Replace the unconditional sleep "until the board comes up" by the
detection of the fastboot-driver message. This shortens the total boot
time and reveals U-boots initial output, e.g., messages reporting
trouble with bringing up the fastboot driver.
The success messages of different versions of the fastboot tool
are printed in different upper/lower case. Tolerate both.
The patch also removes a few superfluous semicolons.
When trying to open a file in the Files view with font size set to
Large on 4k screens, the editor's / `text_area`'s `view` child fails to
bump its RAM quota when the editor's default quota is too small.
To mitigate the issue, bump the editor's default quota to 80MiB.
The long-term fix would be for the editor to request more RAM from the
runtime to satisfy the `view` RAM request.
Issue #5356
Issue #5383
When using the Files view with font size set to Large, the boosted
runtime_view limit of 64MiB is still not enough for 4k screens.
Double the RAM boost limit to 128MiB.
Issue #5356
With this commit the fb driver is started on the second CPU on the
MNT Pocket Reform to decouple it from the other components started
on the first CPU during the system's boot-up and mitigates bring-up
issues with this driver that result in an often non-working display.
Issue #5378.
As the initial output of picocom is hardly ever needed, disable it by
default to reduce the log noise. Whenever needed, the output can still
be enabled by specifying the run tool's --log-serial-cmd.
This patch removes the only residual C++ exception from the kernel part
of core, eliminating the risk of the kernel thread trying to enter the
kernel itself via the C++ exception-handling path. When throwing an
exception, __cxa_allocate_exception invokes the cxx_heap, which
synchronizes accesses via a Genode::Mutex. In the contention case,
the blocking of the mutex issues a syscall to pause the caller.
The patch fixes the problem by replacing the exception with a return
value.
Fixes#5382
Issue #5245
When using the depot/build tool with the 'REBUILD=' argument as done by
the run tool's --depot-auto-update feature, the depot/build tool now
checks that an existing bin archive was indeed created via the src and
api archives present in the depot for the given version. This addresses
consistency issues when switching between different git branches that
refer to the same depot versions but with different content.
Fixes#5379
This patch records the content hashes of the src and api ingredients
used for creating a bin archive. This information allows for the
detection of possible inconsistencies between a bin archive and its
corresponding src archive within the depot.
Issue #5379
When extracting depot archives from the source tree, retain the content
hash of the extracted information along the archive in <version>.hash
file. The .hash files of src and api archives become thereby usable for
checking the consistency of bin archives with their ingredients.
Issue #5379
With --depot-auto-update enabled, the run tool calls the depot/create
tool, which in principle may fail. In this case, print a diagnostic info
instead of a backtrace.
Issue #5379
This commit adapts the aperture splitting between the GPU multiplexer
and the display driver where the former now always tries to reserve
32 MiB of aperture space for itself instead of limiting the space
for the display driver. In case the aperture is not large enough
the display driver takes precedence and the GPU service has to make
do with remaining space. In the worst case that renders the GPU
service unusable.
Issue #5377.
Don't try to decide based on the hardware state, in which mode a
connector is used. If a previous configuration failed, e.g. -ENOSPC,
the detection whether the mirrored framebuffer is in use may fail
and the connectors are reported wrongly as discrete.
During modeset traversal take the appropriate lock to synchronize irq and
user task, which may be de-scheduled by Linux code when invoking contrib
code.
Issue #5377
The driver code may allocate framebuffers which do not fit in the aperture.
Trying to use such framebuffer may lead to only partial visible content
on the screen and the rest either black or garbage.
Instead check for this circumstance and deny to use such framebuffers and
release them, since the user would get an unusable/hard to interpret state.
Additionally, release the vma mappings earlier in order to reduce the likelihood
of such un-mappable framebuffers.
Issue #5377
When updating a dialog after a prolonged idle time with no active
animatons, the next _handle_gui_sync would wrongly fast-forward
animations for all the frames passed since the last _handle_gui_sync. On
the PinePhone, this effect is clearly visible when switching between the
main section. The GUI jumps from one state to another instead of
transitioning. This patch solves the issue be resetting '_previous_sync'
when waking up from idle.
Related to issue #5347
Large deployments (e.g., using the Falkon browser) can significantly
inflate the RAM quota of depot_rom. When switching the Sculpt storage
target (using the "Use" buttons), depot_rom is restarted. Right now,
however, it retains its (inflated) quota. It is better to reset the
quota to its initial value to free up RAM that thereby becomes usable
for a different deployment. Otherwise, the depot_rom's resources can be
deflated only by rebooting.
This patch fixes focus-follows-mouse problem reported for Sculpt 24.10
when using no (operational) backdrop.
In the absence of a background, nitpicker wrongly delivered absolute
motion events to the most recently hovered client even after leaving the
client's area to a area occupied by no client. These motion events, in
turn, confused the internal consistency of the window managers
enter/leave tracking.
Fixes#5375
When using the fonts_fs, the geometry of individual glyphs can change
potentially at any time, after having obtained font-global constraints
once. In particular, a glyph can exceed the bounding box of the font
cell. The VFS font utility must take safety precautions against such
violations.
Fixes#5374
Board-specific repositories must appear before generic repositories
(i.e., gems) in 'REPOSITORIES' to select board-specific sculpt/
configuration snippets over the defaults provided by gems. When listing
the board-specific repositories last, Sculpt images for the PinePhone or
MNT Reform may wrongly include launchers and presets of the PC version.
Swapping a 4k monitor between discrete and mirror mode will consume
temporarily at least 32M * 2 (3840 * 2160 * 4 Bytes), so that the
default value of 64M for the aperture is insufficient in addition to
interal display on a notebook. The commit mitigates that the
i915_gem_evict_for_node unimplemented error does not trigger immediately.
Issue #5356
In setups with 3 or more displays, allow the un-merging of connectors
only for the last mirrored connector. Otherwise, the operation would
implicitely change the order of connectors because the new discrete
connector needs appear after all merged connectors.
Issue #5286
The access-point-list hovered state prevents preseting the available
scan results, which currently can happen unintentionally. This commit
hot-wires the hover handling and thus will always show and update the
list. New scan results are received every few seconds and it could
happen that the list changes while the user selects a network (that's
what the original implementation guards against).
Issue #5369.
Since the panorama depends on the config, nitpicker needs to re-evaluate
the validity of the pointer position after each reconfiguration. If the
pointer position is no longer visible, pick a new visible one.
Issue #5352
This patch explicitly handles the unplugging of displays, avoiding the
use of stale connectors for defining the panorama. It also makes the
import of the connectors model robust against intermediate states
reported by the driver (a connector reported as connector but without
any mode), and discards the use of any information of non-present
connectors as merge info.
Issue #5286
The minimum width/height of a dialog is not specified in the dialog ROM
but in the menu_view configuration. So the regular dialog-ROM update
handling fails to captures dynamic changes of the minimum w/h. In
Sculpt, the panel would not always adjust immediately to a new screen
size.
This patch triggers a dialog update when detecting such configuration
changes (min w/h, opaqueness, background color).
Issue #5370
This patch places the leitzentrale GUI always at the pointer-at display
instead of filling the entire panorama. This ensures that the complete
leitzentrale GUI is always visible.
Fixes#5370
If the fb driver is configured to use discrete displays, sculpt now
automatically generates a panorama configuration for nitpicker that
shows all displays side by side. The effective nitpicker config is
now located at config/managed/nitpicker.
The automatism takes effect only when nitpicker's <capture> node
in config/nitpicker is empty. Hence, the managed panorama can be
overridden by a manually managed panorama.
Issue #5286
This patch handles the case where a mode change happens in-between
session creation and the registration of the mode-signal handler,
which can result in a sporadic loss of response to mode changes.
Noticed while working on issue #5286.
This patch add a configuration dialog in the intel_fb node of the
component graph. The dialog displays a list of present displays labeled
after their respecive connectors. A mode can be selected for each
connector when clicking on the connector entry.
In-between the entries there are two buttons. The connect button is
toggle that defines whether the two adjacent entries are mirrored.
It is enabled by default so that all new connectors participate in
the mirroring. By untoggling the last enabled connect button, the
entry below the button becomes a discrete (non-mirrored) display.
A swap button allows for changing the order of the list, which has
to effects. First, the resolution of the very first entry defines
the size for mirrored display. So be changing the order of mirrored
displays, one can pick the preferred screen size. Second, the order
of discrete displays defines the layout of the panorama from left to
right. (the panorama config is not part of this commit though)
Note that there is currently no safety net against locking oneself
out of all displays. E.g., one can make Sculpt unusable by manually
disabling each display, or by selecting modes not properly handled by
the connected monitor. In the future, we may add a confirm button with
a timeout to roll back such unfortunate settings.
Fixes#5286
In VirtualBox 7 and recent 6.1 versions, the VMMDev is used to report
all mouse events if guest additions are used. Therefore, the
implementation aggregates these events, notifies the guest. and passes
the state on guest request. Unfortunately, the protocol does not support
to report consecutive button press and release events that may happen
between two guest requests, which results in events getting lost.
This commit patches the contrib sources to track pending mouse-button
events and notifies the guest if further state changes are pending after
updates are delivered.
Also, mouse-wheel events (dw, dz) are now accumulated between two guest
updates.
Fixes#5333
With the change of "gui_session: provide mode info as XML", the
client-side window-close handling became dysfunct because the
window-close state got wrongly interpreted as initial window state, to
the effect that a client's initial-window size policy got applied
instead of closing the window.
This patch makes the inital state of running a windowed application
(when no window size is defined yet) clearly distiguishable from the
state after which the user closed the window. Prior this patch, both
conditions were reflected by an empty <capture/> node in the panorama.
Now, the latter condition is reported as <capture closed="yes"/>, which
alleviates the need to track the life cycle of a window at the client
size.
Issue #5353
Because the implemantations for Lima and Vivante are linked into a
single library we cannot have two Gpu::Vram classes in the same
namespace. In case this happens any methods using the same signature are
weak symbols and the first one found by ld will be used = undefined
behavior.
issue #5356
issue #5369
If a <domain> is constrained by 'width' or 'height' attributes, clip
the capture rects of the panorama info reported to the client. So the
client observes the constraint as window size.
Issue #5356
When shriking the terminal window, the view must be shrinked before
shriking the pixel buffer. Otherwise, when the buffer becomes smaller
than the view, nitpicker fills the excess view area with tiled content
of the buffer, which looks funny.
Related to issue #5350
Commit 75e1f1797d increased runtime_view's initial RAM quota from 4MiB
to 52MiB, but failed to adjust the boost limit. Therefore, when
addtional RAM was requested, the limit would actually be degreased to
32MiB.
Adjust the RAM boost limit to 64MiB to make the runtime_view work on 4k
screens.
Issue #5356
Since #5352, the 'screen_size' RPC function returns a rectangle clipped
against the client's bounding box, which unfortunately prevents
screen-capturing applications from determining the actual screen size.
This patch restores the original behavior by clipping the panorama
against client-specific constraints w/o clipping against the client's
buffer size.
Fixes#5365
A system shell that works in a small window stops working when maximized
on a 4k screen, because the terminal component runs out of RAM.
With the adjusted RAM quotas the system shell works on 4k displays.
Issue #5356
Following the rework of the graphics stack, the decorator inside
Leitzentrale needs more capabilities. This manifests in a log message:
```
[leitzentrale] child "decorator" requests resources: cap_quota=18
```
and the Leitzentrale contents execpt for the log window disappearing
from the display. The Leitzentrale layer can still be toggled using F12.
Increasing the decorator's capability quota appears to solve the issue.
Issue #5356
This patch resets the pixel buffer shared with the capture client
whenever the capture policy is modified and reports the whole buffer as
affected rectangle on the next client call of 'capture_at'. It also
clips the dirty rectangles tracked via 'mark_as_dirty' against the
bounding box of the capture session to avoid the interference of
out-of-view parts of the panorama with a capture client.
Fixes#5368
Increase the RAM quota of the top-level nitpicker instance to support
the flicker-free resizing of large buffers, e.g., when changing screen
resolutions. Otherwise, nitpicker warns as follows:
[init -> nitpicker] Warning: Gui (runtime -> wm -> wm -> decorator)
not enough RAM to preserve buffer content during resize
Issue #5356
Sometimes when removing the popup window in Sculpt's Leitzentrale, a few
residual pixels remained. This is caused by the too strict coupling of
drawing and sync handling, effectively executing the fb-sync handler
repeatedly via 'Main::mark_as_damaged' during 'refresh_view' calls.
This tight coupling has two unwelcome effects. First, the sync handling
is executed more often than needed. Second, the sync handling (and fb
flushing) happens at intermediate states when view-stack changes are
applied (like changing a view geometry).
This patch uses a local signal handler to defer the execution of the
sync code until all drawing has finished.
Issue #5347
Issue #5356
When nitpicker is used as nitpicker client as is the case for Sculpt's
Leitzentrale, the time to sleep was tracked wrongly. The fb sync stays
alive only if a refresh operation is actually issued.
Issue #5347
Issue #5356
This commit removes the initial dignostic message from the log. The
message is harmless because the sculpt manager upgrades the quota on
demand but its best to avoid the noise.
child "runtime_view" requests resources: cap_quota=4
Issue #5356
This commit alignes the implementation to the intention of dismissing
invalid '<network>' entries. We only accept entries when they contain
a valid SSID and additionally a valid PSK if the network is protected.
Issue #5356.
Instead of publishing the old audio mixer, refer to the recent
record_play_mixer providing the audio API that is used by almost
all components now.
Ref genodelabs/genode#5356
The changes "intel/display: report connectors w/o modes as off" still
need improvements to detect mode-less connectors in intermediate states.
Until then, don't report connector_status_unknown as connected with
modes.
On capture creation for discrete usage, use the connector values
if display mode does not provide values. For mirror capture ever
report no width_mm/height_mm.
Instead of forwarding the whole devices ROM of the platform driver to the
display driver, report only Intel devices and additionally adjust the
reported IOMEM size to the reduced aperture size.
Related #5207
Issue #5345
Issue #5356
Commit ac42ade introduced a regression that triggered an assertion in
`Dhcp_server::free_ip()` because the DHCP allocation was not properly
removed during a domain update. The underlying issue was that
`with_dhcp_server()` silently landed in the `no_dhcp_server_fn`.
Fixes#5364
Register Global_irq_controller as Device so interrupts get forwarded to
irqchip.c code. Otherwise, pin-controller interrupts will get lost.
Fixed#5363
Related #5356
This commit patches the DDE Linux contrib code to remove IRQ coalescing
from the R8169 driver that for reason not yet known leads to interrupts
occurring irregularly.
Issue #5356.
This commit does away with controlling the join-intent via an attribute
but couples it to the existence of a '<network>' node. With this change
all '<network>' nodes within the configuration are always
unconditionally considered for joining.
Issue #5356.
This commit splits the intent to scan for a hidden network and the
actual configuration of a network itself by introducing
'<explicit_scan>' nodes. Like the '<network>' node these also feature
a 'ssid' attribute and each node is incorporated into the SCAN request
if its SSID is valid.
For more information please consult 'repos/src/driver/wifi/README'.
Issue #5356.
With the recent Wifi::Manager changes setting an invalid SSID will
lead to a diagnostic warning. Since disconnecting is handled by
removing the existent '<network>' there is no reason to generate
an invalid node in the first place.
Issue #5356.
Inform all GUI clients of a new version of the mode information whenever
the nitpicker configuration is modified. This is needed because changed
capture policies influence the panorama observable by the GUI clients.
Issue #5352
Fixes the following misbehavior: If a global key is pressed (e.g., Caps
Lock in Sculpt) and the mouse is clicked before release, the global-keys
handler receives the global-key press but no further events of the
sequence, especially *no Caps-Lock release*.
A more reasonable fix may address the "else branch" that deletes the
_input_receiver in case of mouse events without a hovered client too,
which is beyond the narrow scope of this fix.
This patch implements the following policy for applications requesting
exclusive input (relative motion): The pointer is grabbed as soon as the
user clicks inside the application window. It is forcibly ungrabbed on
any window-focus change or when tapping the KEY_SCREEN. An application
can always enable (transient) exclusive input during a key sequence,
e.g., when dragging the mouse while holding the mouse button. Transient
exclusive input is revoked when releasing the last button/key.
Fixes#5355
While the focused client has enabled exclusive input, nitpicker does
not translate relative motion to absolute motion but routes relative
motion directly to the client. Additionally, the pointer origin is
forcibly moved to a position outside the screen boundaries, making the
pointer invisible.
Issue #5355
The recent changes of the GUI stack (proper accounting of cap and RAM
resources by the window manager and nitpicker, output buffered at the
server side) require quota adjustments at various GUI-related places.
Issue #5356
This interface allows a GUI client to express the intent to exclusively
observe relative motion events while locking the absolute pointer
position. This patch merely extends the interface without implementing
it.
As this change touches os/include/input/component.h, it moves the
manage/dissolve operations into the class, ensuring the call of
dissolve at destruction time.
Issue #5355
In multi-monitor scenarios, the mode is no longer a single rectangular
area but a panorama with potentially many captured rectangles. This
patch replaces the former 'mode' and 'mode_sigh' RPC by a new 'info'
ROM accessor.
Issue #5353
Capture clients used to always capture the view stack at the origin of
the coordinate system. So each capture client obtained a mirror of the
same picture. This patch allows for the placement of capture clients on
larger panorama using Genode's usual label-based policy-selection
approach. Thereby, each monitor in multi-monitor scenario can display a
different portion of the panorama.
The patch takes special care to always keep the pointer in a visible
position. The pointer cannot be moved to any area that is not captured.
Should the only capture client displaying the pointer disappear, the
pointer is warped to the center of (any) remaining capture client.
Fixes#5352
The operators == and != make the 'Rect' consistent with 'Point' and
'Area'. The patch also adds the 'Rect::clamp' method, which is generally
useful for sanitizing input.
Issue #5352
The new Framebuffer::Session::sync_source RPC function allows for the
selection of a specific source of sync signals in the presence of
multiple capture clients at the GUI server.
This patch contains only the extension of the interface. The information
is not evaluated by the GUI server yet.
Issue #5347
This patch adds central and safe utilities for accessing the distinct
parts of the virtual framebuffer to relieve clients from pointer
calculations.
Issue #5351
This patch eases the vertical organization of multiple surfaces within
one larger surface, which is the case when keeping front/back buffers
within one compounding GUI buffer.
Issue #5351
The new bytes() accessor returns a Byte_range_pointer as an alternative
to the 'local_addr' for accessing the content of the dataspace. This
facilitates the safe practice of passing (and validating) the buffer
bounds along with the pointer.
Issue #5351
Propagate the want of an alpha channel as attribute of Framebuffer::Mode
instead of passing this property as a separate bool argument.
This clears the way for adding useful accessors for pixel/alpha/input
surfaces to the Mode type as a subsequent step.
Issue #5351
This patch ensures that the displayed pixel buffer is always consistent
by applying intermediate drawing steps on an invisible back buffer,
which is blitted to the front buffer by the GUI server.
Note that the addition of the back buffer increases the decorator's RAM
demand by 4*w*h (4 bytes per pixel) whereas w and h are the screen size.
Issue #5350
By enhancing the Framebuffer::Session interface by the new RPC functions
'blit' and 'panning', GUI clients become able to attain tearing-free
output. Two modes of operations are supported.
1. Atomic back-to-front blitting
GUI clients that partially update their user interface like regular
application dialogs, can now implement double buffering by placing
both the back buffer and front buffer within the GUI session's
framebuffer and configuring a view that shows only the front buffer.
The 'blit' operation allows the client to atomically flush pixels
from the back buffer to the front buffer.
2. Atomic buffer flipping
GUI clients that always update all pixels like a media player or
a game can now use the 'panning' feature to atomically redirect the
displayed pixels to a different portion of the GUI session's virtual
frame buffer. The virtual framebuffer always contains two frames,
the displayed one and the next one. Once the next frame is complete,
the client changes the panning position to the portion containing
the next frame.
Issue #5350
Call lx_emul_setup arch after kmem_cache_init, because
unflatten_device_tree requires 'memblock_alloc' which does not work
when using native slub.c/memblock.c on ARM platforms.
issue #5264
Limit the use of Reg_list::for_each that caches a next pointer
of its items to allow destruction of items in its lambda body.
Instead provide an Reg_list::apply function in addition, which
takes a condition lambda to find the matching item, and a lambda
processed on it. In most use-cases where for_each was used, only
one item was searched for. Here we can use apply now., without
the need for a cached pointer, nor too many iterations.
Fixesgenodelabs/genode#5349
Unless nitpicker is used in 'request_framebuffer' mode, it no longer
depends on a periodic timer but merely acts as a broker between capture
clients and GUI clients. Sync signals as delivered to GUI clients are
now wired to Capture::Session::capture_at calls. So the display driver
defines the occurrence of those signals.
Note that sync signals are only delivered while a driver actively calls
'capture_at'. If a driver stops capturing, GUI clients no longer receive
any sync signal. This is a change from the previous situation where GUI
clients could depend on the periodicity of sync signals.
Issue #5347
This patch changes the precision of the configuration's motion attribute
to a multiple of 10 ms (centi-seconds). The previous version used steps
of 20 ms. Hence, one needs to adjust existing configurations by doubling
the motion attribute values of the themed decorator.
Issue #5347
This patch removes the use of sync signals as time source. The animation
phase is now timed using a timer connection as tick source while sync
signals are used for scheduling the redraws.
Issue #5347
- touch all memory before time measurements, to reduce lazy paging jitter
- diff of 100us between 2 memset runs are now considered a failure (before 10us)
- add refrence measurements of same region size which is not write-combined
- make the output easier parse able of write-combined test
Fixes#5342
With this change, a client (i.e., display driver) can register
a wakeup signal handler to be notified on the arrival of new data to
capture. The signal is delivered only when the client has stopped
capturing. The client propagates this condition to the server using
the new 'capture_stopped' RPC call.
This change in principle enables a display driver to suspend its
periodic mode of operation after a few frames without capturing any
new data. As the first driver, the fb_sdl driver has been adapted to
the new protocol. This change not only eliminates the driver's CPU
load when idle, it also reduces the latency of sporadic output
because the response to such GUI updates is no longer bound by a
fixed periodic interval.
Issue #5344
This patch is a preparatory step for relaxing the strictly periodic
operation of fb_sdl. With the new design, the SDL event loop can block
for events while Genode's main entrypoint stays receptive for I/O.
The main entrypoint can interact with the SDL thread by injecting
SDL user events.
The patch also replaces the full-screen clearing and update of the
SDL window by an update of the captured bounding box only. This reduces
the CPU load of fb_sdl when idle. When updating a small part of the
screen (e.g., when moving the mouse only), the load is still rather
heavy though.
Issue #5344
This patch enhances the Capture::Connection::Screen such that the
bounding box of the affected pixels can be tracked by the caller,
which can use this information to adjust its behavior to the
activity/inactivity of the capture server.
Issue #5344
This patch adds the physical screen size as argument to the
Capture::Session::buffer RPC function, which allows drivers to
propagate DPI information to the GUI server. While changing the
the interface, the patch replaces the former use of C++ exceptions
by a result type. The 'Buffer_result' is handled transparently by the
Capture::Connection. The client.h code is now integrated in
connection.h.
Issue #5344
This commit streamlines the interaction between the Wifi::Manager
and the wpa_supplicant's CTRL interface.
As user-facing changes it alters some default settings and introduces
new features:
* Every configured network now needs to explicitly have its
'auto_connect' (to be considered an option for joining) attribute
set to 'true' whereas this was previously the default value if the
attribute was not set at all.
* The 'log_level' attribute is added and configures the supplicant's
verbosity. Valid values correspond to levels used by the supplicant
and are as follows 'excessive', 'msgdump', 'debug', 'info', 'warning'
and 'error'. The default value is 'error' and configures the least
amount of verbosity.
* The 'bgscan' attribute may be used to configure the way the
supplicant performs background-scanning to steer or rather optimize
roaming decision within the same network. The default value is set
to 'simple:30:-70:600'. It can be disabled by specifying an empty
value, e.g. 'bgscan=""'.
* The 'verbose_state' attribute was removed alltogether and similar
functionality is now coverted by 'verbose' attribute.
Implementation-wise the internals changed significantly and are
outlined in the following paragraphs.
Formerly the interaction between the manager and the supplicant
was handled in an apparent way where the internal state of each
interaction was in plain sight. This made the flow cumbersome to
follow and therefor each interaction is now confined to its own
'Action' object that encapsulates the ping-pong of commands and
responses between the manager and the supplicant. All actions are
processed in an sequential way and thus there is no longer any
need to defer pending actions depending on the interal state of
the current interaction. Configuration changes as well as events
issued by the supplicant where new actions can be created are
handled in this fashion. Of note are both signal-handlers,
'_handle_cmds' and '_handle_events' respectively.
The state report, which provides the information about the current
state of connectivity to a given wireless network, was dealt with
in the same vein and its handling was spread across the manager
implementation. Again, to make it easier to follow, the generation
of the state report is now purely driven by the 'Join_state' object.
This object encapsulates the state of connectivity and is normally
updated by events issued from the supplicant (see '_handle_events').
It is also incorporated when handling command responses (see
'_handle_cmds').
Handling of timed-actions, like scan and signal quality
update requests, was done by setting a timeout at the Timer session
directly and thus only one timed-action could be pending at any time.
This excluded dealing with timed-actions like connected-scanning
and signal quality polling concurrently. This was changed and now
a One_shot_timeout is used to programm each concurrent timed-action.
For implementing the communication channel for the CTRL interface the
manager and supplicant use a shared memory buffer, the Msg_buffer.
Since the CTRL interface for Genode was implemented using C, some
shenanigans were performed to access the memory buffer. Now the
CTRL interface implementation uses C++ and only exports the functions
required by the supplicant as C. This simplifies the usage of the
Msg_buffer and allows for removing the global functions needed for
synchronizing the Msg_buffer access as those are now part of the
object itself via the 'Notify_interface'.
Fixes#5341.
The 'convert_errno_from_linux' function was already used internally to
convert the Linux errno values to the matching FreeBSD libc ones when
calling socket functions.
It will now also be used to convert the error values included in
netlink messages as those, naturally, also correspond to the Linux
ones.
Issue #5341.
When starting testnit with the wm, the child views briefly appear at a
position relative to the top-left corner of the screen until the
top-level view has been positioned by the layouter. This patch keeps
child views invisible until their respective parent views are
positioned.
When restacking a top-level view, execute the top-level restacking
before updating the child views. Otherwise, child views may wrongly
refer to the old stacking position of the top-level view.
Issue #5242
Use Genode namespace, indicate 'Main' members as being private,
use Session_object, remove unused '_focus_request_reporter',
use Id_space for Window_registry, replace lookup by with pattern.
This is a follow-up commit to "gui_session: manage view ID at the client
side", which missed to invalidate the neighbor view of a window but
instead wrongly assigned the (now always valid) view ID 0 as neighbor.
In situations where a window disappears and re-appears (e.g., repeatedly
launching testnit in the wm.run scenario), the new window could not
always be topped.
Issue #5242
- only mark framebuffer dirty if necessary
-> gives the hardware chance to save longer power
- remove extra timer connection on Genode component side
-> use Linux time primitives
Issue #5339
With this patch, the wm accounts RAM and caps consumed on behalf of its
clients to the respective client's session quota instead of paying out
of its own pocket. This should make the wm resilient against resource
exhaustion and lowers the quota requirements.
Issue #5340
The current default session RAM quota of 36 KiB reflects the needs of
the nitpicker GUI server. However, in most commonly used scenarios, a
GUI client connects to nitpicker indirectly via the wm. The low value
worked so far because the wm did not account RAM and cap usage per
client so far but paid out of its own pocket and faithfully forwarded
all resource upgrades to nitpicker.
When adding resource accounting to the wm, the old default value has the
effect that a new client has to repeatedly attempt the session creation -
each time offering sligthly more session quota - until both nitpicker and
the wm are satisfied.
By roughly doubling the default to 80 KiB, a wm client immediately
succeeds with opening a GUI session without repeated attempts.
By specifying a custom 'cap_quota' amount to the 'Genode::Connection',
the Gui::Connection now donates enough caps for both the wm and
nitpicker.
Issue #5340
By default, a 'Connection' donates an amount of caps as declared in
SESSION_TYPE::CAP_QUOTA to the server at session-creation time.
In some situations, however, a client may deliberately want to donate a
larger amount. For example, when opening a GUI session at the wm, the
total amount of needed caps is the sum of those consumed by the wm plus
those consumed by nitpicker. Using this knowledge, the Gui::Connection
may specify a sufficient amount to avoid iterative session-creation
retries. The new 'Connection' constructor accommodates this use case by
accepting an explicit 'cap_quota' argument.
Issue #5340
This patch deduces the caps needed for the framebuffer and input RPC
objects from the resources accounted locally within the session. It also
takes precautions for the situation where a client offers too little
resources, prompting the mid-way cancelling of the 'Session_component'
creation. With the patch, the 'ep.manage' operations are rolled back
by the corresponding 'ep.dissolve' operations.
Issue #5340
This patch moves the eager allocation of view capabilities from the
'view' and 'child_view' RPC functions to the 'view_capability' RPC
function, reducing the consumption of capabilities in all scenarios
where views don't need to be shared between GUI sessions.
Issue #5340
over rsdp v1. The multiboot2 provided rsdp_v1 version may not contain the
xsdt pointer, but may have the very same acpi revision as the acpi rsdp v2
version of multiboot2.
Fixes#5332
.../repos/libports/src/test/pthread/main.cc:539:76: warning: ‘++’ expression of ‘volatile’-qualified type is deprecated [-Wvolatile]
.../repos/libports/src/test/pthread/main.cc:1104:32: warning: ‘test’ may be used uninitialized [-Wmaybe-uninitialized]
The gui_fb client may have installed a custom sync_sigh and mode_sigh.
Reset those signal handlers at the GUI server should the client
disappear. Otherwise, the GUI server (nitpicker) continues to attempt
transmitting sync signals to the no-longer existing component, spamming
the log with "Warning: invalid signal-context capability" messages.
Don't use client-provided view IDs as IDs for the wrapped nitpicker
views. There is no 1:1 relation of IDs and physical views. So if a wm
client re-uses an ID, the physical view is expected to stay in tact.
If the corresponding view object within the wm is not destroyed, however,
its ID remains allocated, which may then conflict the ID of a new view
if the ID is reused by the client. This scenario resulted in the
following error:
Error: Uncaught exception of type 'Genode::Id_space<Gui::View_ref>::Conflicting_id'
This patch handles the situation by keeping the allocator of physical
views (_real_view) decoupled from the client's ID allocator.
Issue #5242
This patch enables basic use cases of the POSIX 'alarm' function, which
schedules the delivery of a SIGALRM signal after a specified amount of
seconds.
Issue #5337
This update uses a -current (that will become 7.6 later this year)
snapshot from 2024-08-16 that includes fixes for MSI support on
AMD systems.
Fixes#5331.
This commit replaces the current vbox5 based USB HID raw test, which
runs a Genode guest to test USB passthrough with a USB human interface
device, with one using vbox6.
Fixes#5330.
This commit adds support for TIOCSETA and TIOCFLUSH in a dummy fashion
that is enough to allow vbox6's serial-port implementation to print
lines to the log.
Issue #5330.
This commit allows for suppressing failed extract operations by
setting the 'ignore_failures' attribute in the 'config' node.
It is intended for operating the component in batch-mode where
multiple archives need to be extracted but failing to extract
some of them can by ignored. The default value of this option
is 'false'.
It also adds the 'stop_on_failure' attribute that instructs
the component to stop processing any following archives after
it already has failed to do so. The default value of this
option is 'true' to preserve the current behavior.
Issue #5326.
Now, we schedule before unblocking the rx_task. This is done in order to
execute a potentially ready ksoftirqd before unblocking the rx_task,
which in turn may execute soft-interrupt handlers through bottom half
code leading to double lock attempts of the socket spinlock.
Issue #5264
Since the preset contains mesa_gpu-intel, it is specific to the pc
platform. Other platform-specific repos (such as allwinner) may contain
their own preset with the same name. To prevent that Sculpt images use
the wrong preset due to the particular order in the build.conf, we move
the preset into the pc repo.
Fixes#5322
Avoid double allocation of alternative stack. Genode's sigaltstack variant
allocates the stack with alloc_secondary_stack. Disable the warning of
sigaltstack by using explicitly the nullptr in ss_sp.
Issue #5305
This interface change gives GUI servers the freedom to allocate view
capabilities at the time of request instead of the creation time of the
view. This is useful because view capabilities are rarely needed.
Issue #5242
This patch moves the management of view IDs from the server to the
client side. The former 'create_view' and 'create_child_view'
operations do no longer return a view ID but take a view ID as
argument. While changing those operations, this patch takes the
opportunity to allow for initial view attributes. Combined, those
changes simplify the window manager while accommodating typical
client use cases with less code.
To ease the client-side ID management, the Gui::Connection hosts
a 'view_ids' ID space for optional use. E.g., the new 'Top_level_view'
class uses this ID space for ID allocation. This class accommodates the
most typical use case of opening a single window.
The 'alloc_view_id' RPC function is no longer needed.
Issue #5242
This patch reworks the view-ID handling within the nitpicker GUI server
and the window manager. The namespace of view handles are now represented
as an Id_space. In constrast to the former "handles", which could be
invalid, IDs cannot be semantically overloaded with anything other than
an actual view reference. There is no notion of an invalid handle.
IDs are like C++ references (which cannot be a nullptr).
This change requires the code to be more explicit. E.g., the stacking of
a few at the front-most position can no longer be expressed by passing
an invalid handle as neighbor.
Issue #5242
Express the allocation of a new view handle by a dedicated RPC function
instead of passing an invalid view handle to the existing 'view_handle'
function.
This eliminates the notion of invalid view handles at the GUI session
interface, clearing the way for managing view handles via an Id_space.
Issue #5242
This patch eliminates the use of invalid view handles as special
Session::Command arguments. The TO_FRONT and TO_BACK operations
interpreted as invalid neighbor as top-most or back-most position.
Those corner cases are now expressed via dedicated commands. The
new stacking commands are FRONT, BACK, FRONT_OF, and BEHIND_OF.
While changing the command interface, the patch removes the OP_
prefix from the opcode values.
Issue #5242
- Rename framebuffer_session to framebuffer and
input_session to input as those RPC interfaces are no longer
meant to be used as stand-alone sessions.
- Host Connection::input and Connection::framebuffer as public
members, thereby removing the use of pointers. This simplifies
the client-sized code. E.g., '_gui.input()->pending()' becomes
'_gui.input.pending()'.
Issue #5242
To maintain ease of use at the client side, the OUT_OF_RAM and
OUT_OF_CAPS results are handled at the 'Gui::Connection' now.
Gui::Connection does not inherit the Gui::Session interface any longer,
which allows for the use of different result types.
Issue #5242
Issue #5245
This patch replaces the optional parent argument of the create_view
RPC function by a dedicated create_child_view RPC function. This
is a preparatory step of removing the notion of an invalid handle
as a special case.
Issue #5242
The fd event handling uses the fd to directly access the array slot and
expects the fds to be contiguous and capped.
Since the returned fds from our libc were much larger than expected,
because the libc itself consumes multiple fds when managing sockets,
using the fd in this manner leads to memory corruption.
This commit limits the maxfds to 63 and always allocates 1024 slots
in the fd-array.
Fixes#5320.
Add extended FPU state detection and handling (via xsave and friends) to the
kernel, which has to store/load more FPU state (~512 -> 2k++) during context
switching of threads. Additional the referenced nova branch contains various
optimization during VM destruction and cross core IPC resource caching.
This FPU work is based upon upstream NOVA kernel and Hedron commits.
Issue #5314Fixes#3914
some more adjustments are needed for xsave support, but this port is scheduled
to be removed. Just disable xsave for the time being to make nightly test
happy.
Issue #5314
The commit that added firmware loading via the VFS (see #4861)
introduces a double-free bug where the memory that contains the
image is freed twice, once from the callback and once from the
work function.
As alle examined drivers call 'release_firmware' from the callback
function themselves, remove the erroneous 'kfree' call from the
work function.
Issue #5264.
The 'update_quality_interval' instructs the wifi driver to update
the approximated link quality to the currently connected AP every
30 seconds.
Issue #5262.
This commit introduces support for querying and updating the signal
quality of the established connection to the current accesspoint.
By setting the 'update_quality_interval' to a non-zero value specified
in seconds the 'state' report will be updated to incorporate the
current signal quality. It uses the same approximation as is already
in use by the scan results.
Fixes#5262.
Now, USB audio class devices become available in Sculpt, e.g., for vbox
passthrough, and are not automatically grabbed by the usb_hid class=3
policy. In the future, interface/endpoint level policies will enable
driving the HID interface only from usb_hid while a usb_audio driver
controls the rest of the device.
This commit adds the firmware image for the AX200 device as found
in the Tuxedo Pulse 15 Gen1, the 9560 as found in the Starlite and
the for devices found in the T430/T530.
Fixes#5282.
Turn some of the current assertions into warnings/error messages and
continue boot. Print the messages as soon as core_log is initialized,
so that on live/release systems (Sculpt OS) it may be inspected later on.
Related to issue #5307
The code to group together SMT threads of one CPU and to move P-Core to
the beginning of Genode's affinity-space, did not consider to run on
SOCs with only E-Core CPUs.
Re-structure the code to support e-Core only SOCs.
Additionally, provide a fallback mapping in case of CPU id reordering problems.
Track faulty re-mapping and delay the reporting until core_log is initialized,
so that the warnings is visible to consumers, e.g. on Sculpt OS.
Related to discussion of #5304Fixes#5307
Unmasking of a pending interrupt did not lead to immediate IRQ handler
execution in all cases.
This commit also addresses some style concerns risen during the issue
discussion.
- Replace multi-boolean IRQ state by state enum
- EOI and ACK should be same in DDE context
- Unify x86 and ARM irqchip.c
- Remove Pending_irq type
- Remove dde_irq_set_wake()
Fixes#5164
The use of the Linux-internal SLUB allocator is supported by lx_emul and
drivers may now decide between the Linux implementation or our emulation
of kmem_cache. Drivers for pc and virt already use SLUB, while other
drivers still use the emulation and may be adapted step-by-step incl.
the testing on the devices.
Fixes#5236
Allocate a Genode known stack via alloc_secondary_stack and register it
as alternative stack via Signal:use_alternative_stack().
The original semantic of Posix, where the caller may choose arbitary stack
pointers is currently not possible. Warn about the fact.
Issue #5305
The Fn key on keyboards should never be reported as real scancode event,
as it is just a hardware switch that changes the reported scancodes of
other keys. The behavior of Linux hid-apple.c is wrong as it on one hand
reports different scancodes for the same hard key depending on the Fn
state but sends the Fn press and release events too. Thus from now on,
we just drop KEY_FN events for all drivers as otherwise, scancodes
generated generated by Fn+key combinations would never be single-key
events on upper layers, for example KEY_FN + KEY_F12 on the Matias Apple
keyboard clone in the fixed issue.
Fixes#5288
By calling run_genode_until twice, we take into account that the boot
time on some boards might long than on others, while still verifying
that the second "set_rtc" is reported within about 1min (+10s).
Fixes#5306
Since page tables might need to be allocated during
insert_translation(), Out_of_ram or Out_of_caps exceptions might occur.
Entries that have already been added by insert_translation() must thus be
removed once one of those exceptions occurred.
Fixes#5254
Add TAR_OPT to global.mk that defaults to user and group 1, while
setting mtime to 0 for tar archives. This can be used in components to
produce consistent (reproducible) tar archives.
issue #5255
This patch replaces the former Child::Process and
Child::Process::Loaded_executable classes by static functions that
return failure conditions as return values.
Issue #5245
By using GCC's --debug-prefix-map argument, we can make sure that debug
archives always refer to source files at /depot. With this change, GDB
can be pointed to the correct source-file location by using the `set
substitute-path /depot /path/to/local/depot`.
Fixes#5260
This patch tightens the coupling of the 'Platform_thread' objects
with their corresponding 'Platform_pd' objects by specifying the
'Platform_pd' as constructor argument, keeping the relationship
as a reference (instead of a pointer), and constraining the
lifetime of 'Platform_pd' objects to the lifetime of the PD.
It thereby clears the way to simplify the thread creation since all
PD-related information (like quota budgets) are now known at the
construction time of the 'Platform_thread'.
The return value of 'Platform_thread::start' has been removed because it
is not evaluated by 'Cpu_thread_component'.
Related to #5256
Fix the wrong assumption about isochronous packets being always send
with maximum EP's packet size. Instead the isochronous cache now contains
a sizes array to deal with arbitrary packet sizes.
Fixgenodelabs/genode#5257
For consistency reasons, remove the cortex_a8, cortex_a9, and cortex_a15
spec directories. Such SPEC variables do not exist since a while.
Also rename remaining translation_table.h header to page_table.h to
stay consistent with the class names inside.
Fixgenodelabs/genode#5253
- Remove exceptions
- Use 'Attr' struct for attach arguments
- Let 'attach' return 'Range' instead of 'Local_addr'
- Renamed 'Region_map::State' to 'Region_map::Fault'
Issue #5245Fixes#5070
The 'Thread_creation_failed' error is now reflected as
'Thread::Start_result' return value. This change also removes the
use of 'Invalid_thread' within core as this exception is an alias
of Cpu_session::Thread_creation_failed.
Issue #5245
For each packet that got stuck with an ARP-cache miss, the router used to send
one ARP request and create one ARP waiter. However, in situations where many
packets target the same IP at one destination domain and during a short period
of time, this causes unnecessary session-quota consumption and network traffic.
This issue becomes especially pressing when taking malicious source peers,
absent destination peers, and packet batching into account.
Therefore, with this commit, the router can accumulate multiple source packets
with the same destination IP at one ARP waiter. This means, that only the first
packet with an ARP-cache for a certain IP sends an ARP request and creates an
ARP waiter. For situations where the ARP request is not answered, this
essentially rate-limits ARP requests for one IP at one destination domain
according to the lifetime of ARP waiters (default: 10s)
Ref #4534
The router used to send an ARP request for a packet before allocating the
corresponding ARP waiter. If the ARP waiter could not be allocated due to
resource exhaustion plus emergency free failed, the packet got dropped and the
router had produced unnecessary network traffic. The commit fixes this by
sending only after successful allocation.
Ref #4534
The previous default packet-batch count of 150 (<config
max_packets_per_signal>) was choosen with the only goal of preventing
starvation by huge amounts of packets from one session.
However, there is something else to keep in mind. A packet that is found to
require ARP sends an ARP request and becomes blocked after having consumed
resources. This means, that, in the worst case, the router used to send 150 ARP
requests and consume resources 150 times before making it even possible for the
outer world to react and cause resources to be freed.
With this additional scenario in mind, the default batch size should be
significantly lower.
Ref #4534
poll(2) needs to handle invalid file descriptors in the pollfd struct,
specifically -1 as it may be used to disable entries in the fds[] array.
Fix a possible nullptr dereference by checking the File_descriptor
pointer returned by find_by_libc_fd() for validity and skip processing
of any unresolved FDs, effectively implementing standard POSIX
semantics.
Fixes#5249
This patch removes the exception formerly thrown by 'Cpu_thread::state'
and turns the 'Thread_state' structure into a plain compound type w/o a
constructor.
Issue #5245Fixes#5250
With libxml2 >= 2.13, the `-path` argument can no longer be used for
setting search paths for xsd files. Instead, we use an XML catalog to
replace genode:// URIs with absolute paths.
Fixes#5248
This patch replaces exceptions of the PD session RPC interface with
result types.
The change of the quota-transfer RPC functions required the adaptation
of base/quota_transfer.h and base/child.h.
The 'alloc_signal_source' method has been renamed to 'signal_source'
to avoid an exceedingly long name of the corresponding result type.
The Pd_session::map function takes a 'Virt_range' instead of basic-type
arguments.
The 'Signal_source_capability' alias for 'Capability<Signal_source>' has
been removed.
Issue #5245
So far, this test used dynamic_rom for the re-configuration of the nic router
and tested for the expected ping results by inspecting the log with the run
tool. However, this approach had two issues:
* Timing differs significantly on different targets and so the dynamic_rom had
the difficult task of compensating with heuristics without bloating the test
duration too much.
* In case of a failing test, it was difficult to determine the cause as the
test kept running and produced output for quite some time and there was also
no specific error message but only a generic timeout.
These two issues are now fixed by introducing a test component that listens to
the ping-result report and manages the nic router configuration. The new
component exits early on failure and provides information on the error
circumstances. Furthermore, the component advances to the next test step only
after having seen the expected result of the active test step and thereby
removes the need for heuristics about target timing.
Fixes#5192
This patch updates the signal API to avoid raw pointers, and
replaces the Context_already_in_use and Context_not_associated
exceptions by diagnostic messages.
Fixes#5247
The router used to ignore the value of the <report quota=".."/> attribute when
it came to determining whether an interface's report is empty or not.
Therefore, merely configuring <report quota="yes"/> didn't cause interfaces
(and their quota) to show up in the report. Instead, interface quota was
reported as side effect of <report stats="yes"/>. The commit fixes this
inconsistency with the README.
The only object that is dynamically allocated by a network interface and that
was not equipped with a self-destruct timeout was the ARP waiter. This commit
closes this gap by adding a timeout to each ARP waiter that is set to 10
seconds by default but can be configured via the new <config> attribute
'arp_request_timeout_sec'.
Ref #4729
RFCs recommend to keep TCP connections for a certain time even after they
finished a close handshake, AFAIK, in order to be able to recognize astray
packets when they arrive later. This seems overambitious especially when in
the context of the router where session quota is pretty limited. Therefore,
this commit drops this final timeout and drops closed connections immediately.
Ref #4729
The previous value of 60 seconds was never observed in real-time scenarios and
UDP, for instance always used a timeout of 30 seconds without causing issues.
Note that this applies only to TCP connections in a state other than
ESTABLISHED, i.e., while it is still safe to early-drop the connection.
Ref #4729
The TCP connection state "ESTABLISHED" (in the router "OPEN") is a privileged
one for peers because it lasts very long without any peer interaction (in the
NIC router it's only 10 minutes, but RFCs recommend not less than 2 hours and
4 minutes). Furthermore, TCP connections in this state are normally not
available for early-drop on resource exhaustion. This means that this state
binds resources to a connection potentially for a long time without the option
of regaining them under stress. Therefore, this state should be entered with
care.
Up to now, the router marked a TCP connection with this state as soon as it had
seen one matching packet in both directions, which is rather quick. However,
implementing a very precise tracking of the exact TCP states of both peers and
only marking the connection "ESTABLISHED" when both peers are "ESTABLISHED" is
a difficult task with lots of corner cases.
That said, this commit implements a compromise. The router now has two flags
for each peer of a TCP connection - FIN sent and FIN acked - and sets them
according to the observed TCP flags. The "ESTABLISHED" state is entered only
when FIN acked is set for both peers (without having observed an RST or FIN
flag meanwhile).
Ref #4729
The Reference and Const_reference utility were introduced in order to express
that something is a reference (no null value) but can be changed dynamically
(not possible with built-in C++ references). However, the idea of preventing
every possibility for null pointer faults, with which the router was built
initially, has not prevailed and using pointers instead of the utility saves
logic and makes the code more readable to other C++ developers.
Ref #4729
The deinitialization method of Domain used to rely on Domain::with_dhcp_server
in order to dissolve and destroy a present DHCP server. However, this method
skipped calling its functor argument also when there was a DHCP server but an
invalid one. This commt replaces the with_dhcp_server with a pointer null-check
in order to fix the leak.
Ref #4729
Re-implements an emergency freeing of resources on exhaustion of session quota.
In contrast to the past one, the new algorithm is executed directly where the
exhaustion occurs. Instead of interupting the packet handling and restart it
from the beginning after the freeing action, packet handling is now continued
at the point of exhaustion (if enough resources could be freed). Furthermore,
the new algorithm frees only 100 objects (instead of 1024) at a max as we found
this to better match real-life observations. And finally, the router now drops
ICMP first, then UDP, then TCP - as this better reflects priorities - and
refrains from dropping TCP connections in the ESTABLISHED state. If the router
cannot free a sufficient amount of resources, the packet that caused the
exhaustion is dropped with a warning (verbose_packet_drop="yes").
Ref #4729
Remove the use of C++ exception as much as possible from the router as C++
exception handling can be resource intensive and can make code hard to
understand.
This also removes the garbage collection that the router used to do when a
session ran out of quota. This is motivated by the fact that the garbage
collection was rather simple and removed connection states regardless of their
current state, thereby causing broken connections. The change is part of this
commit as the approach to integrating garbage collection relied strongly on
exception handling.
The user story behind removing garbage collection: The router emergency-dropped
an established TCP connection (with NAPT) and on the next matching packet
re-created it with a different NAPT port, thereby breaking the connection. With
this commit, existing connections are prioritized over new ones during resource
exhaustion and the packets that attempt to create a new connection in such a
state are dropped with a warning in the log (verbose_packet_drop="yes").
Note that the state resolves itself with time as existing connections time out
or are closed by peers.
Ref #4729
Reserved memory regions must be excluded from the corresponding DMA
allocators irrespective of whether the device is in use. Otherwise, an
early allocation of DMA buffers may use the reserved memory regions of a
late acquired device.
Fixes#5232
Add special handling for root bridge access for
12th Gen Framework laptop and Thinkpad X1 Nano Gen2
to avoid bogus MMIO memory accesses as seen in #5234 and #4643.
Fixes#5234
Based on not emulated and therby wrong values, acpica calculates a
physical address which points to somewhere. Remove this hack from core and
try to emulate accesses inside acpica where necessary.
Issue #4643
Issue #5234
This exception got introduced as a mere convenience for implementers of
'Child_policy' but required a special case in the base library.
Following the goal of eliminating exceptions from the base system,
this patch removes it by making a server_id_space mandatory.
Issue #5245
as setup by firmware after boot. The information will/can be used by the
platform driver to re-program bridges after a system suspend/resume cycle.
Issue #5241
This patch allows the use of the 'Id_space' utility without catching
'Unknown_id' exceptions. Instead, the new 'apply' overload takes a
second functor 'missing_fn' as argument, which is called whenever the
lookup fails.
Issue #5244
- Replace 'typedef' by 'using'
- Avoid plain pointers
- Import Genode namespace into Gui::
- Use enum class
- Use Attr struct for passing multiple attributes
- Turn testnit into proper Genode::Component
- Use distinct types for top-level and child views
- Remove dependency from timer
- Use util/geometry.h
- Move header to base/include to make it applicable for base types
like 'Affinity' down the road.
- Represent 'Rect' as typle of point and area, which is the most
common form of initialization, creates in valid 'Rect' by default.
- Turn Point, Area, and Rect into compound types, making x, y, w, h, at,
area accessible without a method call
- 'Rect::Compound' function for constructing a 'Rect' from two points,
replacing a former constructor
- Use result type 'Rect::Cut_remainder' instead of out parameters.
Fixes#5239
This patch turns 'Color' from a class to a POD type by replacing
the constructors by the named create functions 'rgb', 'clamped_rgb',
and 'clamped_rgba'. It thereby enables the initialization of Color
values using { .r = ... } syntax and makes the type usable in const
expressions.
It also narrows the type for color components and alpha values to
uint8_t. So possible integer overflows of computed values are detected
by -Wconversion.
As 'Color::rgb(0, 0, 0)' is repeatedly used as a default value, the
patch adds the 'Color::black()' function.
Fixes#5238
- Move C++ sources from lib/wireguard to app/wireguard, which require
Genode include paths (that conflict with linux)
- Rename lib/wireguard_lx_inc_dirs to lib/wireguard, which builds linux
sources with linux include paths
In '_generic_syncobj_wait' check if sync-objetcs exist, return error
otherwise. Do not wait because the execution model is synchroneous,
meaning no batch buffers are in execution when this function is called
(_drm_mutex).
issue #5224
Use pthread_mutex because the EP can block while the thread executing a
batch buffer and waiting for a completion signal in the VFS-GPU plugin
can still make progress.
Also return to coarser locking until we support Sync-Object Wait
semantics.
issue #5224
Freshly allocated BOs from libdrm have to be zeroed. Since the libdrm/iris
caches VRAM allocations, we don't want to attach/detach parts of dataspaces at
every allocation. Some objects are used long (through caching in the iris
Gallium driver). Therefore, zero object on release where the region might
already be mapped.
issue #5224
This commit adds a weak dummy implementation to a compilation unit
that is referenced by all DDE Linux based driver components to
prevent adding a dummy to every driver.
The upstream implementation is used to allocate order-0 pages in
a batch and users, e.g. page-pool allocator, may rely on that
behaviour and thus it is implemented with this commit.
This commit remedies the somewhat lazy attempt to address unique names
for drivers where the name is directly derived from KBUILD_MODNAME,
e.g. rtlwifi, and also modifies the name accordingly to the rules
of Linux' build-system. The last part becomes necessary as driver
matching tables may rely on that as has already happend with the
ti-sn65dsi86 driver.
This enables the combination of the nic_uplink component with any driver
pkg featuring a runtime file. This is already the case of the pc_nic
driver.
This is a preparatory step for issue #4420.
When having a maximized terminal window, a suspend was causing an
invalid mode change at nitpicker. This triggered a huge resource request
in nitpicker because the RAM-quota check was rendered ineffective by a
wrap-around during unsigned multiplication.
Issue genodelabs/genode#5180Fixesgenodelabs/genode#5201
On systems with the option `use-keyboxd` enabled in config, option
`--no-keyring` in gpg command line doesn't work. The result of the
pubkey_id function will be the first key in the keybox keyring instead
of the id of pubkey from the depot user.
Fixesgenodelabs/genode#5235genodelabs/goa#92
The test reverts the platform drivers' config at the end of the test
to an empty state. However, this state should still contain a default
policy (analogyously to the initial state). Otherwise, the platform
session of the test program will (sometimes) become invalid just before
successfully finishing the test.
The original use cases of the loader have long been covered by the
dynamic init. The only substantial client of the loader remained to be
the qpluginwidget. However, the qpluginwidget was supported only by the
Arora web browser. But the blending of plugins with websites ultimately
remained a tech demo, and Arora has been replaced by Falkon.
Fixes#5229
When more than one thread are accessing the DRM interface it is not wise
to use global locking, especially when a pthread is executing a batch
buffer and waits for a completion signal in the VFS-plugin. In case the
EP gets stuck in the global lock, no progress is made. Therefore:
* use _drm_mutex only where strictly necessary
* use special _exec_mutex to protect buffer execution (per context)
* print warning when two threads try to execute a buffer in the same
context
isse #5224
Default disabled initialization prevents follow-up errors if one
capability is already enabled on boot, but platform_drv decides to
enable the other one. The PCI spec explicitly states that "Behavior is
undefined if both MSI and MSI-X are enabled simultaneously".
Fixes#5228
A launched child only becomes present in the runtime when it has been
configured. This must be considered when checking for missing servers.
Fixesgenodelabs/genode#5226
Using a segment to reserve the AP (application processor) code page does not
work if the region overlaps with other non-memory types, e.g. bender checks
for the overlapping and denies to boot on such machines.
Without bender, the system boots up fine. So, partially remove the nova commit
"Add segment to reserve AP startup page" and instead apply the idea of
Cyberus's version. Place the AP boot code later during boot and save and
restore the memory before/after SMP bootstrap.
Prerequisites for Mesa 24.0.1
* generic:
* add patch to retrieve PCI/Platform information from Genode side of the DRM
interface (in drmGetDevice2)
* add generated 'fourcc' file
* iris:
* report back-end (currently 'i915', 'xe' is unsupported)
* add various I915_CONTEXT_PARAM* and I915_PARAM*
* allocate 'Buffer's starting with ID 1 (0 is invalid)
* enforce 48-bit-address limit on unmap also
* disable I915_EXEC_FENCE_ARRAY array check, because we do not support
sync objects right now and rendering in synchronous
* etnaviv:
* create 'Fenceobj' only *once* for each GPU context
issue #5224
The initial SVM implementation (correctly) just used another standard
x86_64 page table for nested paging. The EPT implementation is for Intel
VMX only. Since we don't know the underlying virtualization technology
at compile time, we need to pick the correct page table implementation
at runtime.
Add add a AMD-compatible HPT page table implementation using the same
base implementation and (more importantly) allocator as the EPT
implementation. Add a Vm_page_table implementation that determines the
used virtualization technology at runtime and internally defers insert
and remove operations to the correct page table implementation.
Issue #5218
To make the x86 page table base implementation compatible with the
function signatures used in hw, make the Intel IOMMU specific arguments
optional:
- Make the `flush` parameter default to false.
- Make the `supported_sizes` parameter default to 1GB + 2MB + 4k.
Issue #5217
The Intel IOMMU page table implementation in the pc platform driver uses
a page table allocator that is adapted from the implementation in the hw
kernel.
Move the allocator to base as a first step to consolidate
implementations, fix an Array constructor and re-add the Allocator
constructor working on addresses instead of tables.
Issue #5217
On hw, `Page_flags` is used throughout architectures. At the same time,
it is used by the Intel IOMMU page table implementation in the pc
platform driver.
Consolidate the definition in base so it is available for all users.
Issue #5217
separately. The "iommu" option is now split up into "iommu_intel" and
"iommu_amd" and thereby can be disabled easily if required for one of the CPU
vendors.
Fixes#5206
- no need to explicitly switch off vga anymore
- use vPID for VMs which improves TLB usage if multiple vCPUs on same
pCPU is used, which happens to happen on Sculpt.
- support for mwait by nova kernel, which is off by default
Issue #5206
Create a generic interface for x86 virtualization.
Split the VMCB data structure in `Vmcb_buf` to represent the physical
VMCB page and `VMCB` as a control interface.
Issue #5113
So far, the VMCB data structure was generated from it's parts (most
prominently VMCB Control Area and VMCB State Save Area) with the VMCB Control
Area accessed via the Mmio framework, while the VMCB State Save Area
struct used directly defined members.
Unify the VMCB structure and uniformly use the Mmio framework to access
the VMCB. Separate the controlling structure from the VMCB page.
Issue #5113
The SVM implementation did not lend itself to a runtime selection of the
x86 virtualization technology.
Encapsulate functionality in the VMCB class to facilitate adding support
for Intel's VMX.
Issue #5113
The initial algorithm ported to hw seems to be correct in principle,
however it does not work with nested virtualization.
Clean up the code to make the different methods of obtaining the TSC
frequencies more clear, and add warnings if a particular
method has failed although it should be available.
Fixes#5210
for other VMMs beside Virtualbox, e.g. Seoul or potentially arm/vmm. The
webcam model depends on libyuv, which uses stdcxx + full libc, which is not
desired or required for all VMM implementations.
Fixes#5208
We discovered this relocation, which does nothing, in pre-compiled
libraries. It is easy to implement because it has the same
relocation-type number (0) for all supported ABIs.
Also adjust error message from "Unsupported PLT relocation" to
"Unsupported translation table address format" to not confuse the
relocation type with the translation table type.
Fixes#5209
During resume the waiting for Cmd::St takes ~2s on a T460p with Intel
AHCI SSD attached. According to the Serial ATA AHCI Spec. wakeup can take
seconds, e.g. chapter 8.2 Power State Mappings of the Serial ATA AHCI spec
(1.3.1).
Issue #5203
Restore the reporting in situations where all capture sessions are gone.
This fixes the webcam package that disables the USB webcam driver when
nitpicker report no active displays.
Issue #5187
- Avoid geometry animation at boot time
- Assign CPU quantum to higher prioritized GUI components
- Defer touch_keyboard start to reduce boot time
Issue #5174
Instead of using one default policy when creating an mmc driver's
configuration, produce some more static policy items to support
boards with more than one card per driver (mnt_reform2).
Both keys are physically the same on available keyboards (with varying
labeling). Unfortunately, PS/2 scancode sets and USB HID spec seem to
differ slightly in their interpretation. Therefore, we keep the
driver-level reporting as is but report both as KEY_PRINT in Sculpt,
which allows to use the key(s) for screenshoter rules most prominently.
Also, unify sculpt/event_filter/pc with sculpt_manager.
The run tool overrides the 'exit'-procedure to make sure that a loaded
run_power_off procedure is always executed. However, a failing
run_power_off lead to false-positives: 'make run/...' exited with 0 even
tough the run script was not even executed because of a failed
power-on/off cycle. In this case, if the run_power_off is the exit code
producer, the new exit definition does not finish as intended. As a
result, the first exit code is re-written, and errors are not propagated
accordingly.
The solution is to catch possible errors from power-off within the exit
procedure.
Fixes genodelabs#5102
With the current RAM setting, opening the inspect window fails on a
display with 4K resolution.
Adjust the inspect window's RAM quota to make it work.
Issue #5174
When a new signal arrives, which means a formerly non-pending one,
we should ignore old signal numbers of that context, but only
evaluate newly received data by the last kernel-call.
Fix#5193
The ported i2c_hid driver contains driver code for the "Intel
Tigerlake/Alderlake PCH pinctrl/GPIO" device. Unfortunately, acpica
driver also accesses the same device on Lid open/close via ACPI AML code
of the DSDT table to read out the state of a GPIO pin connected to the
notebook lid. This would fail as I/O memory is handed out only once and
cannot be shared. The workaround disables the region check for the
specified GPIO I/O memory regions and provides both drivers shared
access to the regions.
This is a preliminary workaround. A general solution should separate the
GPIO driver into a component (e.g., platform driver) that regulates
accesses by i2c_hid and acpica.
Issue #5195
During audio and video playback at a high rate by a VMM, nitpicker on the
boot CPU may interfere with the mixer clients, letting them not finish the
schedule RPC at the mixer in time. Moving nitpicker to the same CPU as
leitzentral mitigates the effect at moment.
Issue genodelabs/genode#5174
At least on x86_64/x86_64/pc/hw|nova, the test used to fail because the net
setup sometimes required more than the 3 seconds that the test was giving each
step. This commit raises the step timeout to 5 seconds and the test timeout
from 70 to 90 seconds in order to be on the safe side.
Ref #5192
The default mixer launcher limits the volume to 50%, so raise the
driver's volume to the max to be audible on certain systems where
otherwise audio is barely recognizable.
While there, fix the wrong reporting attribute as well.
Issue #5174.
The version in ui_report and ui_config were merely used for making test output
more readable. However, there are other ways to achieve this goal.
Ref #5190
The File Vault used to sporadically fail to complete Extend or Rekey operations
when it was locked during the operation. The cause was an insufficient state
model that has been fixed with this commit.
Ref #5190
* adds rekeying and resizing controls to config+report api of file vault
* moves common types of file vault to file_vault/include/file_vault/types.h
to be included by other components
* fixes wrong type of nr_of_clients fields in file_vault
* introduces the file_vault_gui component that is a minimal graphical front end
for the file vault based on the dialog lib and that uses the
config+report api of the file vault as back end
Ref #5190
This patch addresses corner cases not considered so far. In particular,
it avoids placing the Add/Options tabs of an unscrollable popup under
the panel. This could happen in the presence of many options. The patch
includes the panel height into the calculation to rule out such
situations. It also tightens the scrolling boundaries to the visible
content.
Issue #5183
This patch handles intermediate situations where the screen mode may
become 1 x 1 (absence of any capture clients). In this case, the
decoration of a maximized window would legitimately exceed the screen
boundary.
Thanks Johannes for the investigation.
Issue #5187
Issue #5180
The blanking state is evaluated by the intel_fb driver, which will switch
off all connectors. When done, the intel_fb driver will exit and the
sculpt_manager will continue with the next step, stopping all drivers.
Issue #5180
This commit adds missing routes to I2c for the framebuffer driver of the
MNT Reform. If build for this concrete board the Board_info::Soc variable
within the sculpt_manager is initialized according to the properties of
this device. The `update_soc` routine is called in the initialization of
the sculpt_manager, otherwise it won't be called at all, if no PCI devices
changes are detected. Missing driver binaries and device-tree-binaries are
add to the run-script.
Issue #5174
A network card can be provided by PCI, and the SoC as well. Therefore,
add an additional state variable in the Board_info::Soc, and check it
appropriatedly.
Issue #5174
Commit "sculpt: safeguard the offering of suspend/resume" was too lax
about the detection of acpi support. In situations where acpi support
is selected but not yet installed, the menu would offer the features
already. This patch restricts the condition such that acpi support must
be running, not merely selected.
Issue #5174
This patch retains the buffer size of the last capture client as mode as
long as no capture client exists. This avoids intermediate mode changes
in situations like suspend/resume where the display driver is restarted.
Issue #5187
In contrast to platforms, like the PC, where the fb driver selection
is a dynamic decision depending on the available hardware, on current
ARM-based SoC machines this configuration is part of the static board
information.
Issue #5174.
This patch disables latency warnings by default. The warnings can be
enabled by setting the 'warning_rate_ms` value to the desired
maximum rate.
Fixes#5186
Issue #5174
The USB host controller gets restarted during the suspend-resume cycle.
Hence, don't offer suspend while any USB storage device is in use, in
particular when deploying Sculpt from a USB stick.
Suspend/resume is not supposed to work with any framebuffer driver other
than intel_fb. Therefore, offer the suspend feature only when using intel_fb.
Issue #5174
The automatic restart of intel_fb got lost during the transition from
the driver manager. This commit restores the heartbeat monitoring of
this driver.
Issue #5174
This patch enhances the sculpt manager to drive the system state
and manage the lifecycle of driver components during suspend-
resume cycles.
The new Power options can be found in the System menu. The suspend
and power-off controls are presented only when the acpi-support
option is activated.
Note that the USB controller is hard restarted when resuming from
suspend. Hence, all components that depend on USB are restarted
implicitely.
Issue #5180
Issue #5174
on display client close (intel_fb). The former code constructed a
temporary object on the stack, which sets up the scratch pages for the
closed client. However, the scratch page backing store (dma_buffer) gets
freed on destruction of the temporary stack object, which leads to DMA faults
with visual noise on the screen. Instead, use the already in use ggtt object
and add the scratch pages explicitly.
Issue #5180
This disambiguates the boot images installed for base-hw from those
installed for base-nova.
Note that the image.elf file for other kernels (i.e., NOVA) is not
named image-<kernel>.elf at this point because this would prevent the
update from a pre-24.04 Sculpt system to a later one as the grub.cfg
is not touched by the old update mechanism. So after a system update,
grub would keep loading the last installed image.elf.
Issue #5182
This commits updates the contrib sources to version 8.7.1.
This version requires more random entropy as it queries OpenSSL
about the current random state and will bail if it is not sufficient.
Doubling the content of the '<inline>' VFS plugin as used in static
configurations seems satisfactory.
Furthermore DNS resolving needs a configured '<pipe>' plugin to work
properly.
Fixes#5184.
Instead of returning an invalid capability whenever an interface is
requested that does not exist, create a disconnected interface component.
It is also possible that a client requests an interface that got removed
at the same time. When an invalid capability gets returned, a client
can stumble about invoking it.
Moreover, this commit marks either invalid interface or device components
as disconnected objects to optimize their handling.
Ref genodelabs/genode#5021
This is an intermediate solution for accommodating overly long
text lines that can appear in report/runtime/usb/devices in the
presence of long product strings.
Issue #5174
In the scheduler's implementation preserve the consumed slack-time
over periods of activation/deactivation, but instead of appending
activated jobs to the end of the slack queue, insert it as new head.
Thereby, the extreme discrimination of threads with short execution
times and frequent blocking behaviour against long running computations
gets avoided.
Fixgenodelabs/genode#4796
The check handles the case when the user clicks right of the
radio-button text, yielding an invalid "matching" id. This should not
result in any action.
Issue #5174
When the "system" ROM state turns to "suspend",
the S3 state information of the sleep_states ROM are determined and
are used to invoke the privileged Pd::system_control call.
Issue #5180
triggered by the "system" ROM change. With this information the consumers
of the sleep_states report can determine, when the operation is finished.
Issue #5180
This commit raise various quota to accommodate using a display
resolution of up to '3840x2160' in the static parts, e.g. the
leitzentrale, of Sculpt.
Issue #5174.
This commit introduces the means to configure the framebuffer memory
used by the driver for sizing its buffers.
Originally the avail memory was derived from the avail ram in the PD
session, which roughly corresponds to configured RAM quota.
However, since it is only used in a virtual capacity, we can decouple
it from the actual memory and set to a value that accommodates larger
framebuffer resolutions like 3840x2160. If the configured RAM quota
is not enough to satisfy an allocation request the client will issue
a resource request.
Issue #5174.
This patch complements "sculpt: make component graph scrollable" with
the ability to scroll the popup dialog, which is sometimes needed in the
presence of many services as routing options.
Fixes#5183
Commit 'wifi_drv: re-arm scan timer when enabled again' allowed for
re-arming the scan timer but still uses the old timer value the first
time around. If the timer was disabled, by setting the interval to 0,
it was not enabled again.
We now check if the interval has changed beforehand and potentially
arm the scan timer afterwards.
Fixes#5178.
To differentiate between the legacy and the current VFS OSS plugin both
plugins will feature a 'plugin_version' field in its info file. This
is used for enabling features provide by the current version that are
not supported in the legacy one.
Issue #5167.
The audio launcher configures the 'bsd_audio_drv' component for normal
use where the micrphone selection should work on most Thinkpads.
The mixer launcher configures the 'record_play_mixer' component for
use with the 'audio' launcher and provides also examplary rules for
vbox6 launchers.
This commit prefixes the Play sessions of the audio driver so that
these can be matched differently in the 'record_play_mixer' config.
The same could be archived with re-labling but naming the sessions
differently at the source prevents accidental mis-configuration.
Issue #5167.
The IHD500 is almost a gen9 (skylake) GPU with subtle differences. Linux
maintains a separate feature set `GEN9_LP_FEATURES` for this GPU.
However, foisting the GPU as skylake on the GPU drivers seems to work
quite fine.
genodelabs/genode#5177
Executing a clflush operation on MMIO memory freezes embedded
platforms such as the Celeron N3450 used on the ZimaBlade. Looking into
the current linux code confirms that clflush is only used for ppgtt
entries and not on MMIO memory.
Fixes#5176
Since "sculpt: adjust nitpicker priority", the nitpicker GUI server no
longer runs at the highest priority, yet the runtime_view of the
leitzentrale UI continued to operate at the highest priority.
On slower machines, this results in a visible interference of the CPU-
heavy rendering of the runtime_view with the (now) lower-prioritized
nitpicker, in particular laggy pointer movements.
This commit subordinates the leitzentrale components below the priority
of nitpicker to prevent this interference.
It also simplifies the priority scheme at the static system init: The
timer has the highest priority whereas all other components use the
priority band -1.
Issue #5174
The hard resource limit introduced by "sculpt: upper limit for automatic
quota upgrading" is too conservative for typical use cases of the RAM
fs. This commit makes the limit adjustable per managed component and
relaxes the limit for the RAM fs and depot_rom from 256 MiB to 2 GiB.
Issue #5174
Because all operations in lxip are non-blocking, return
WRITE_ERR_WOULD_BLOCK for data writes as done by read.
Note: This was not the case in the old plugin because 'write' was blocking
operation there.
issue #5165
These generated dummies slipped in when the commit
'pc_linux: enable gpio, audio' got merged and mainly concern old devices
from the 6xxx series.
The functions are normally guarded via 'CONFIG_IWLWIFI_LEDS' but due to
the olddefconfig step when generating our pc_linux config using
LX_DISABLE has no effect.
Issue #5066.
Allow tweaking the driver selection using the manager config:
- The new attribute 'ps2="no"' suppresses the selection of the PS/2 driver.
- The new attribute 'intel_gpu="no"'suppresses the selection of the
Intel GPU and fb drivers, letting Sculpt fall back to VESA or boot-fb.
Note that the dynamic change of those attributes is handled in principle
but not advisable. E.g., disabling the intel driver after startup leaves
the hardware in a state that the VESA driver cannot cope with. However,
when statically defining the attributes in sculpt/manager/default, it is
now possible to build an image that uses VESA on an intel machine.
Issue #5174
The nightly Qemu tests that don't use KVM require more time for completing the
unlock-and-access phase of the test. If the lock phase starts to early, the
file access is interrupted and the output isn't as expected.
Furthermore, on FOC, the cap quota was insufficient.
Ref #5148
The existing allocation scheme of window IDs has the unwelcome effect
that a re-appearing window would not always result in a visible change
of the window list. In such cases, the layouter and decorator would not
be prompted to do their job. This effect could be observered with the
multi-dialog version of menu view in Sculpt OS when manually enforcing
the restart of the runtime_view. Sometimes the panel would not re-appear
after the restart.
This patch changes the allocation of window ID such that new windows get
fresh IDs instead of reusing an ID of a recently disappeared window.
Issue #5170
Rarely. it might happen that events got received shortly before the complete
set of relevant USB devices got recognized. Filter more output in test metric
to stay robust.
This substantially slims down the test in order to reduce the number nightly
tests that fail due to timeouts. Now, the extended test steps (maximum trees
and benchmarks) are only run on Linux. The synchronous access, snapshot
management, rekeying, and resizing tests were removed.
Ref #5148
This patch replaces the former use of one menu-view component per dialog
by a single menu view presenting all dialogs. This change reduces the
runtime config by about 20%, improves the boot time, and lowers RAM and
CPU usage at runtime.
Issue #5170
The font pointers cached in labels can become dangling when the style
database is updated, as happens when changing the font size dynamically.
This patch orderly updates the cached pointers before removing
out-of-date font entries from the style database.
Related to issue #5170
This patch equips the menu-view component with the ability to present
more than one dialog at a time. The dialogs must be declared in the
<config> node as follows.
<config>
...
<dialog name="settings"/>
</config
For each dialog, menu view requests a dedicated ROM session labeled after
the dialog name. The corresponding GUI session is also labeled as such.
Note that only one hover report is generated responding to all dialogs.
The hover report can be correlated with the hovered dialog by inspecting
the the 'name' attribute of the hover report's <dialog> sub node.
The former global config attributes 'xpos', 'ypos', 'width', 'height',
'opaque', and 'background' have become attributes of the <dialog> node.
Fixes#5170
GPU drivers always reside in the runtime subsystem now.
This patch eliminates the risk of requesting a GPU session at the
drivers subsystem, which never gets established.
Issue #5150
The new VFS OSS plugin utilizes the Record and Play session. For the
time being it is a drop-in replacement for the old plugin and shares
its limitations.
In contrast to the old plugin it is possible to force a client to
use a configured fragment size. Some clients work best with larger
fragments, e.g. VBox, where raising the minimal fragment size is
beneficial.
Please look at the README file for more information.
Issue genodelabs/genode#5167.
On some platforms like qemu/x86_64/sel4, accessing the file system is so
slow that it used to hit the timeout of this phase in the run script.
Ref #5148
This patch lays the selection of the used storage target into the hands
of the config/manager file. By default, Sculpt selects the target by its
built-in heuristics, probing for a Sculpt partition. However, by
specifying a <target> node, one can explicitly select a storage target.
E.g., for using the 2nd partition of the SATA disk connected to port 1
of the AHCI controller, one can now specify:
<target driver="ahci" port="1" partition="2"/>
For selecting the ram_fs as target:
<target driver="ram_fs"/>
The latter case is particularly useful for custom Sculpt scenarios
deployed entirely from RAM. For such scenarios, add two lines to
your .sculpt file:
ram_fs: depot
manager: use_ram_fs
The first line configures the ram_fs such that the depot is mounted
as a tar archive. The second line configures the sculpt manager to
select the ram_fs as storage target. You can find this feature
exemplified in default-linux.sculpt scenario.
build/x86_64$ make run/sculpt_test KERNEL=linux BOARD=linux
It is worth noting that the configuration can be changed at runtime.
This allows for switching between different storage targets on the fly.
Issue #5166
The new 'manager' config allows for the passing of configuration data the
sculpt manager without the need to modify the config/leitzentrale subsystem.
Issue #5166
Unlike the previous return value of
`Genode::Packet_allocator::need_size_for_free()` indicated, it does need
the size of the object it has to free to work properly.
The plugin used to call open with the create flag set at rump without file
permissions for create leading to undefined behavior regarding the file
permissions.
Ref #5148
All errors (as in the legacy version) are now propagated as WRITE_ERR_IO
(see Lxip_vfs_file_handle::write), which ultimately will lead to EPIPE
in libc's socket_fs. This also counts for EAGAIN leading to the fact
that partial writes are not supported for blocking sockets in libc, also
libc will not try a second time in case not all data has been written.
issue #5165
The IP stack checks "user" pointer access, for example, for iov's using
'access_ok' which in turn calls '__access_ok'. The function checks if the
pointer is below TASK_SIZE_MAX, which is usually a big value on 64 bit
systems, but 3GB on 32 bit systems. Because the IP stack is mostly used with
Genode's libc, where pointers on some kernels (base-linux) can be >3GB and we
don't want to make an additional copy of each buffer/iov interacting with the
IP stack, we short circuit the function
issue #5165
This patch replaces the dynamic use of Attached_rom_dataspace by a
new Rom_handler utility, which implicitly covers the initial import of
content (safely using 'local_submit'), the registration of the signal
handler, passes the Xml_node to the handler function (no need to
manually call 'update'), and provides scoped access to the content via a
'with_xml' method. The latter reinforces a programming style that does
not need to copy Xml_node objects.
Issue #5150
This patch removes the remains of the original block-device discovery as
done by the former driver manager. Block sessions are now always
provided by components hosted in the runtime subsytem. The storage node
of the graph is no more.
Issue #5150
This patch harmonizes the driver management between the sculpt manager
and the phone manager by hosting the individual drivers in a new
'Drivers' class with a narrow interface towards 'Sculpt::Main'. The
patch also introduces a clean separation of the 'Board_info' between
features detected at runtime (on PC hardware), statically
known/managed features (phone hardware), and options that can be
toggled at runtime.
With common patterns for managing drivers in place now, this commit
also moves the former runtime/wifi_drv.cc and runtime/nic_drv.cc
code to driver/wifi.h and driver/nic.h. The _drv suffix of the wifi
and nic driver components have been dropped.
Issue #5150
The move of block, USB, and input drivers from the drivers subsystem to
the runtime alleviates the need for routing those sessions between the
subsystems.
Issue #5150
This patch moves SoC-specific framebuffer and touchscreen drivers
(PinePhone) to the runtime subsystem. They are enabled for the
phone_manager.
Issue #5150
As the NVMe driver was the last remaining driver controlled by the
driver manager, this patch removes the 'drivers -> dynamic' subsystem
along with the driver manager from sculpt/drivers/pc.
Issue #5150
This patch moves the AHCI driver from the 'drivers -> dynamic'
subsystem to the runtime, managed by the sculpt_manager. One
implication of this change is the new need to supplement a device
port number to the 'Storage_target', in addition to the existing
label and partition. Previously, each block device was addressed by
merely a label specified for a parent session. The meanings of the
'Storage_target' elements are now as follows.
- The label corresponds to the driver component providing the storage.
- The port is used as block-session label when opening the session
at the driver.
- The partition(s) denote the partition information contained in
the block session.
Components operating as clients of the AHCI driver (e.g., a file system)
refer to their storage target as <label>-<port>.<partition> when a port
is defined (for AHCI). For drivers w/o ports, like USB storage where
each USB-block driver correponds to only one device, the storage target
is denoted as <label>.<partition>. When no partition table is present,
the '.<partition>' part is omitted.
Issue #5150
This commit moves the USB and USB HID driver from the drivers subsystem
into the runtime. The former special USB node of the graph corresponds
now to the USB host-controller driver (named "usb"). The management
options for USB storage devices are available inside this component
node now.
Issue #5150
By moving the event_filter and the numlock_remap_rom from the drivers
subsystem to the static system, the filtering can be applied to drivers
hosted in the runtime and drivers hosted in the drivers subsystem.
This is a preparatory step for moving the USB host and HID drivers to
the runtime.
Issue #5150
Remove the "excellent" idea to re-open /dev/stdout etc. for redirection as
cmake uses open(O_TRUNC) and, thus, truncates log output of outer
redirections.
When the kernel does interrupt remapping, we cannot get a non-remapped MSI
for fault event interrupts. We therefore let the kernel do the fault
reporting in this case.
genodelabs/genode#5066
pci_channel_offline() checks if this member is set to
pci_channel_io_normal (which is 1). The former value of 0 is invalid.
This change fixes pc_nic_drv link down-up in cases that require an e1000
reset.
lx_emul_trace_msg() uses Genode::trace() as message function for
lightweight trace points, but also supports Linux format-string
attributes by using vsnprintf().
Only with high-resolution timers enabled timouts can fire between two
jiffies. The option is enabled on all relevant platforms but
unfortunately disabled by tinyconfig.
This option also permits the use of CONFIG_SND_HRTIMER.
* add testing of trees with minimal and maximal dimensions to tresor_tester.run
* replace tresor_init-local configuration type with simpler and more conformant
configuration type in tresor/types.h that does also XML-parsing and
XML-generation of configurations
* raise min degree to 2 because a degree of 1 is not practical und would
require additional logic
* fix overflow with num_blocks=0 in Superblock_control::Read|Write_vbas
* fix off-by-one bug regarding the number of levels in Vbd_initializer
* improve sanity checks in Tree_configuration constructors
* document level indices in tresor_init/README
* fix size of some arrays in order to be able to handle the maximum number of
tree levels
Ref #5077
* fixes two places, where the free tree module used to continue to process a
request after actually having determined that the request fails
* moves the functionality of checking the hash of a read block and decoding it
to a dedicated method in order to improve readability
Ref #5077
Adds a new command attribute "uninitialized_data" to the Tresor Tester
configuration. If a <request op="read"> command has this attribute set to "yes"
it assumes the read blocks to be uninitialized and therefore contain only 0's.
Note, that a command that has "uninitialized_data" set to "yes" cannot have the
attribute "salt".
Ref #5077
Snapshots must only be removed when securing the superblock. Otherwise, the
last secured superblock might get corrupted. The Free Tree allocation algorithm
would not consider the deleted snapshots anymore although they are still active
in the secured superblock and re-use their blocks. This would render the tresor
container unusable if the superblock with the deleted snapshots is not secured
in the end (driver crash, power down, ...).
Ref #5077
Superblock_control::Initialize used to decode a read superblock before checking
its hash. This is not necessary but may cause the operation to end up in a
decoding error on a superblock that is not the desired one anyway.
Ref #5077
Instead of iterating over all superblocks and checking each valid one,
check only the one whose hash matches the hash stored in the trust anchor.
I.e., the last one that was secured to the trust anchor. We must assume that
the other superblocks were corrupted in the meantime by operating the Tresor
container and, anyway, these Superblocks are not used anymore.
Ref #5077
The request of extending a tree used to halt when it found that
it could not add more levels to the tree because the maximum level index was
reached. Now, the library simply marks the request as failed, leaving it to
the user to handle the error condition.
Ref #5077
* differentiates request types that where merged formerly per module;
e.g. instead of type Superblock_control::Request, there are now types
* Superblock_control::Read_vbas
* Superblock_control::Write_vbas
* Superblock_control::Rekey
* Superblock_control::Initialize
* ...
each holding only the state and functionality that is required for exactly
that request
* removes all classes of the Tresor module framework and adapts all
Tresor- and File-Vault- related libs, apps, and tests accordingly
* the former "channel" state is merged into the new request types, meaning, a
request manages no longer only the "call" to a functionality but
also the execution of that functionality; every request has a lifetime
equal to the "call" and an execute method to be driven forward
* state that is used by a request but has a longer lifetime (e.g. VFS file
handles in Tresor::Crypto) is managed by the top level
of the user and handed over via the execute arguments; however, the
synchronization of multiple requests on this state is done by the module
(e.g. Tresor::Crypto)
* requests are now driven explicitly as first argument of the (overloaded)
execute method of their module; the module can, however, stall a request
by returning false without doing anything (used for synchronization on
resources)
* introduces Request_helper, Generated_request and Generatable_request in the
Tresor namespace in order to avoid the redundancy of sub-request generation
and execution
* moves access to Client-Data pointers up to Tresor::Virtual_block_device in
order to simplify Tresor::Block_io and Tresor::Crypto
* removes Tresor::Client_data and introduces pure interface
Client_data_interface in order to remove Tresor::Client_data and
move management of Client Data to the top level of a Tresor user
* introduces pure interface Crypto_files_interface in order to move management
of Crypto files to the top level of a Tresor user
* moves management of Block-IO and Trust-Anchor files to the top level of a
Tresor user
* adapts all execute methods, so, that they return the progress state
instead of modifying a reference argument
* removes Tresor::Request_and Tresor:Request and instead implements
scheduling at the top level of the Tresor user
* the Tresor Tester uses a list as schedule that holds Command objects; this
list ensures, that commands are started in the order of configuration
the Command type is a merge of the state of all possible commands that can
be configured at the Tresor Tester; the actual Tresor requests (if any) are
then allocated on-demand only
* the Tresor VFS plugin does not use a dynamic data structure for scheduling;
the plugin has 5 members that each reflect a distinct type of operation:
* initialize operation
* deinitialize operation
* data operation
* extend operation
* rekey operation
consequently, of each type, there can be only one operation in-flight at a
time; at the user front-end each operation (except "initialize") can be
controlled through a dedicated VFS file; for each of these files, the VFS
expects only one handle to be open at a time and only one file operation
(read, write, sync) active at a time; once an operation gets started it is
finished without preemtion (except of the interleaving at rekey and
extend); when multiple operations are waiting to be started the plugin
follows a static priority scheme:
init op > deinit op > data op > extend op > rekey op
there are some operation-specific details
* the initialize operation is started only by the plugin itself on startup
and will be driven as side effect by subsequent user calls to file
operations
* the data file is the only contiguous file in the front end and the file
operations work as on usual data files
* the other 3 files are transactional files and the user is expected to
follow this scheme when operating on them
1) stat (to determine file size)
2) seek to offset 0
3) read entire file once (this will be queued until there is no operation
of this type pending anymore and return the last result:
"none" | "failed" | "succeeded"; used primarily for synchronization)
4) write operation parameters (this returns immediately and marks the
operation as "requested")
5) read entire file once (the same as above but this time in order to
determine the operation result)
* the rekey op and deinitialize op are requested by writing "true"
* the extend op is requested by writing "tree=[TREE], blocks=[BLOCKS]"
where TREE is either "vbd" or "ft" and BLOCKS is the number of physical
4K blocks by which the physical range of the tresor container expands
(the physical range always starts at block address 0 and is always
expanded upwards)
* replaces the former <trust-anchor op="initialize"> command at the Tresor
Tester with <initialize-trust-achor> as there are no other trust anchor
operations that can be requested through the Tester config anyway
* removes the "sync" attribute from all commands at the Tresor Tester except
from <request op="rekey">, <request "extend_ft">, <request op="extend_vbd">;
as the Tester controls scheduling now, requests are generally synchronous;
at the rekeying and extension commands, the "sync" attribute determines
wether subsequent commands are interleaved with the execution of these
commands (if possible)
* removes "debug" config attribute from Tresor VFS plugin and reworks "verbose"
attribute to generate more sensible output
* removes NONCOPYABLE macro and instead uses Genode::Noncopyable and in-place
Constructors deletion
* introduces types Attr and Execute_attr where a constructor or execute method
have many arguments in order to raise readability
* renames the "hashsum" file that is provided by the Tresor Trust-Anchor VFS
plugin to "hash" in order to become conformant with the wording in the Tresor
lib
* makes the VFS Tresor test an automated test by merging in the functionality
of vfs_tresor_init.run and removing the interactive front end; removes
vfs_tresor_init.run as it is not needed anymore; adds consideration for
autopilot file structure in the Test and adds it to autopilot.list
* removes all snapshot controls and the progress files for rekeying and
extending from the Tresor VFS plugin; both functionalities were tested
only rudimentary by the VFS Tresor test and are not supported with the only
real user, the File Vault
* use /* .. */ instead of // ..
* use (..) instead of { .. } in init lists
Ref #5148
The virtual block device module used to hand over the wrong VBA as
parameter "rekeying VBA" to the Free Tree when allocating PBAs for data
access during rekeying. In certain constellations, this caused the Free
Tree to alloc PBAs that were still in use. The Free Tree PBA selection
algorithm, however, is just fine. When fixing the call parameter, it works
as desired. This re-enables the async rekeying test.
Ref #5075
The script tests the use of an encrypted file system that is created and
provided via the File Vault.
Furthermore the script can be used for test-driving existing File-Vault
containers (created with potentially older File-Vault versions) under the
current File-Vault version. This is done via the "LX_FS_DIR_TEMPLATE"
env variable.
Ref #5062
During one of the many re-factorization steps that were applied to the Tresor
library and its predecessor, the CBE library, one of the main features of the
project, the integrity check, accidentally received a grave regression. The
most recent version of the Tresor still used to check all hashes of meta-data
blocks but ignored the hashes of the actual data blocks.
With this commit, the hashes of all but yet uninitialized data blocks get
checked. The reason for ignoring uninitialized blocks is that they are not
actually read from disc but simply generated as an all-zeros block in the
driver in order to prevent having to initialize them all to zero in
Tresor-Init. That said, the integrity of these blocks cannot be compomised.
The according hashes in the meta data remain unset until the data block gets
written for the first time.
Ref #5062
The request classes Block_io::Read_client_data and Block_io::Write_client_data
used to receive a block reference for no reason. This commit removes these
args.
Ref #5062
The tresor_check tool became outdated back when the Tresor project was created
by re-writing its predecessor, the CBE, in C++. At this time, the check tool
was merely renamed but not updated. As there was also no autopilot test for the
tool, the tool remained outdated.
This commit rewrites the tool for the most recent Tresor version and adds an
autopilot test.
Ref #5062
* Make command pool a proper module
* The command pool used to be kind of a module but it was driven via custom
tresor-tester specific code. Now, it becomes a proper module that
is driven by the module framework instead.
* Move the code for creating and handling the module-execution progress flag
into Module_composition::execute_modules as the function is always used with
this code surrounding it.
* Reorganize files, remove deprecated files
* A new class Module_channel is introduced in the module framework and all
channel classes inherit from it. With that class in place, the formerly
module-specific implementations of the following methods are replaced by
new generic implementations in the Module framework:
* ready_to_submit_request
* submit_request
* _peek_completed_request
* _drop_completed_request
* _peek_generated_request
* _drop_generated_request
* generated_request_complete
* Module requests are now held for the duration of their lifetime at the
module they originate from and not, like before, at their target module. As
a result, modules can generate new requests inline (without having to wait
for the target module), making code much simpler to read, reducing the amount
of channel state, and allowing for non-copyable request types.
* Introduce a sub-state-machine for securing a superblock in the
superblock_control module in order to reduce redundancy.
* Some modules, like free_tree, were completely re-designed in order to make
them more readable.
* Replace all conditional exceptions by using the macros in
tresor/assertion.h .
* Move methods that are used in multiple modules but that were implemented
redundantly in each module to tresor/types.h.
* Remove verbosity node and all that was related to it from tresor tester
config as the targeted verbosity can be achieved with the
VERBOSE_MODULE_COMMUNICATION flag in tresor/verbosity.h .
* Extract the aspect of translating the byte-granular I/O-requests to
tresor-block requests from the tresor VFS-plugin and move it to a new module
called splitter.
* Rename the files and interface of the hashing back-end to not reflect the used
hashing algorithm/config anymore, while at the same time making the hashing
interface strict regarding the used types.
* Introduce the NONCOPYABLE macro that makes marking a class noncopyable short
and clear.
* Replace the former tresor/vfs_utilities.h/.cc with a new tresor/file.h
that contains the classes Read_write_file and Write_only_file. These classes
significantly simplify the modules crypto, block_io, and trust_anchor by
moving the details of file access to a sub-state machine.
* The former, rather trivial block allocator module is replaced by a normal
object of type Pba_allocator that must be provided by the client of the
Sb_initializer (reference in the Sb_initializer_request).
Ref #5062
tresor: read uninitialized vbas as all zeroes
Virtual addresses in a Tresor container that were not yet written by the user
should always return a data block that is all-zeroes. This was the concept
right from the beginning of the project. However, somehow this aspect either
never got implement or got lost along the way.
Some context for understanding the commit: The Tresor doesn't initialize the
payload data blocks of a container when creating a new container as this would
be rather expensive. Instead, it marks the leaf metadata nodes of the
virtual-block-device tree (those that reference the payload data blocks in
physical address space) with generation 0.
Now, this commit ensures that, whenever the virtual-block-device module reads
such a generation-0 leaf, instead of asking the block_io and crypto to deliver
data from disc, it directly provides the user with 4K of zeroes.
Ref #5062
The order of execution inside the Tresor lib slightly changed compared to the
previous CBE lib. AFAICT, this is nothing to worry about and related to the
now cleaner structuring. However, it can produce higher peak requirements
regarding the allocation pool in the Free Tree. Therefor, this commit extends
the dimensions of the Free Tree used in the test.
Ref #4971
* Implement requests "create snapshot" and "discard snapshot" in tresor lib.
* Adapt tresor tester in order to test the new feature.
* Remove temporary code from tresor tester that skipped such requests with
the hint that they were not supported yet.
* Add mandatory "id" attribute to <request op="create_snapshot"/> and
<request op="discard_snapshot"/> tag. A "discard snapshot" command always
refers to the snapshot created by the "create snapshot" command with the
same "id" value.
* Clean-up command pool a bit.
Fix#4971
The re-keying state machine in the VBD module would use block data of the wrong
block for the hash update of an inner node in a certain circumstance.
On re-keying, the VBD iterates for a given VBA over all snapshots, beginning
with the newest and re-keys the VBA in each of the snapshots. At each snapshot
it therefore loads the branch of the VBA top-down, and then updates the branch
bottom-up. However, if loading a certain level of the branch of a certain
snapshot runs into the same physical block as with the last snapshot on this
level, the algorithm turns around and updates the branch from this point
upwards instead of going further down the whole way to the leaf. This is
because everything below this point has already been re-keyed in the course of
a newer snapshot.
The case where this turning around is not right above the leaf (i.e., the first
shared physical block is a metadata block) that's were the bug was located. In
this situation, we have to re-encode the highest shared metadata block into a
buffer again before starting to update. The update code acts as if the
mentioned block was just written back (which is true when going down all the
way to the leaf before updating) and consequently is present in the encoded
buffer.
Ref #4971
Until now, it was possible to use bad Free-Tree/VBD configurations with the
<initialize/> command. The tresor tester didn't complaining about it but the
tresor lib crashed or, worse, corrupted the tresor container. Now, the tresor
tester checks things, like for instance, that "nr_of_children" must be a power
of 2.
Ref #4971
The Superblock Control module now issues a snapshot garbage collection on each
incoming request. In return for that, the commit removes all calls to the
garbage collection from other modules.
Ref #4971
The Virtual Block Device module used to create a local copy of the Snapshots
array respectively Snapshot root it received with an incoming request. After
finishing the VBD operation on the copy, the source module of the request
used to back-copy the resulting Snapshot array resp. Snapshot root. This is
not only less efficient than referencing but also allowed a bug to sneak into
the new C++ implementation.
In contrast to the old Ada/SPARK implementation (CBE), the new design doesn't
allow for global objects that can be accessed by any module without receiving a
reference in a module request. Therefore, the Free Tree module has to receive a
reference to a Snapshots array with each request in order to be able to use it.
In our case, these requests are allocations for a "Write" operation from the
VBD. However, the VBD itself receives only the one Snapshot required for
writing and therefore causes the Free Tree to make bad decisions on whether or
not a block can be re-allocated or not.
With this commit, the VBD always receive a reference to the whole Snapshots
array and also propagates it this way to the Free Tree.
Ref #4971
This is function gets called by some libssh applications using vms_lxip.
For the dummy implementation I looked at the old port.
Issue genodelabs#5161
Issue gapfruit#1976
- always assign apps/overlay to targets (visible=true/false) to
prevent 0x0 geometry, which is interpreted as close
- add QMenu as exampel to panel button
- use usb-tablet on Qemu
Per default, windows assigned to targets are visible, which can be
changed with the new boolean "visible" attribute. Thus, window can be
hidden without changing their geometry.
Before, the current back-most window was not restacked if it was part of
the already, which lead to partially inconsistent view of the window
stack between decorator and nitpicker.
The added hook 'OBJ_POSTPROC_SRC' gives us a way to post-process object
files for generating supplemental code. By using this hook, the
initcall_table.c generated by import-lx_emul_common.inc gets reliably
executed after all object files are built.
Fixes#5159
The option is used during the generation of initcall_table.c.
However, it happens to strip the first argument following the option.
The long option --defined-only works as expected.
Issue #5155
Due to a bug in the original implementation, the size of the MMIO
range covering the 'Request_sense_response' data was set too large
during the MMIO boundary change. This rendered devices that were not
yet ready and required an 'Request_sense' command unusable.
The commit also adapts all other commands where the MMIO size does
not match the expected one.
Fixes#5133.
The commit adds support to throttle the rate of the RX IRQs to a specified
value. The effect is, that no RX IRQs below the time threshold will fire and
therefore the CPU load gets reduced on the host. Trade-off gaming between
cpu load, throughput, overload.
Modular Sculpt 23.10 on S938 as testcase. In brackets the CPU affinity is
denoted.
ipxe (0,0) -> nic_router (1,0) -> Debian VM vbox6 (3,0) and (3,1)
VM: iperf -C X.X.X.X -t 60 -R
iperf server X.X.X.X is outside Sculpt and sends data due to '-R' to VM
Non representative measure points:
cpu load - ipxe - nic_router - iperf throughput
--------------------------------------------------
w/o patch - ~80% - ~50% - ~706 MBit/s - 0 -> throttling off by default on S938
patch 651 - ~20% - ~35% - ~763 MBit/s - 651 -> 0.166ms throttle RX IRQ
patch 5580 - ~15% - ~25% - ~650 MBit/s - 5580 -> 1.4ms throttle RX IRQ
Issue #5149
A bunch of transmit requests received by the Uplink server (nic_router)
are currently added one by one to the ring buffer and every time the hardware
is notified to process each single request.
Instead, add as many as possible transmit requests in the ring buffer of
the hardware and when done trigger the hardware to process the ring.
Additionally, don't receive an "processed" TX IRQ for each element in the
ring, which causes high CPU load.
With this commit the TX IRQs in the ipxe driver for a
iperf -c X.X.X.X -t 60
from within a VM to the outside iperf server is reduced from about
~2'600'000 IRQs to about ~200'000. The overall CPU load for the driver
(when executed alone on CPU 0) is reduced from ~85 percent load to ~45 percent
load.
Issue #5149
during receive the nic_ep may block as long as the guest does not provide
another receive network descriptor. In the meantime, all Genode signals
regarding the network interface, e.g. tx, will be postponed, which may
effect the throughput.
Instead use the nic_ep for rx packets unblocking. Add an notification mechanism
to the e1000 vbox network model, to notify us as soon as the guest added new
receive descriptors in the model.
Issue #5146
For pbxa9, Qemu is started with only 256 MiB for foc but with 768 MiB
for base-hw. By reducing the RAM quota for all start nodes within the
remote scenario, each component gets enough RAM quota to breathe.
When wrongly invoking the run script by specifying a skipped test
as its only TEST_PKGS argument, the run script fails due to a wrong
tar argument order. Let's better reflect this condition to the user
ahead of invoking tar.
With `MAP_FIXED` absent from the mmap(3p) flags, "the implementation uses
addr in an implementation-defined manner to arrive at pa", which may
lead to a mapping at an address diffent to the requested `addr`.
Add `MAP_FIXED` to the mmmap flags to force mapping to the specified
address.
Fixes#5147
Such messages can occur by chance when killing 'echo' while the program
blocks in an IPC call. It gets killed nevertheless. So the message does
not hint at a failure of the test.
In the context of #5138, the timer drivers for NOVA and base-hw had been
changed to support timeouts at a precision of 250 us (from formerly 1 ms).
Adjust the test to the new expected lower bound.
The dynamic buffer allocation increases the RAM demand slightly beyond
1M on seL4. Use 2M, as is already the default in pkg/terminal_crosslink.
Issue #5135
Replace the USB session API by one that provides a devices ROM only,
which contains information about all USB devices available for this client,
as well as methods to acquire and release a single device.
The acquisition of an USB device returns the capability to a device session
that includes a packet stream buffer to communicate control transfers
in between the client and the USB host controller driver. Moreover,
additional methods to acquire and release an USB interface can be used.
The acquisition of an USB interface returns the capability to an interface
session that includes a packet stream buffer to communicate either
bulk, interrupt, or isochronous transfers in between the client and the
USB host controller driver.
This commit implements the API changes in behalf of the Genode C API's
USB server and client side. Addtionally, it provides Usb::Device,
Usb::Interface, and Usb::Endpoint utilities that can be used by native
C++ clients to use the new API and hide the sophisticated packet stream API.
The adaptations necessary target the following areas:
* lx_emul layer for USB host and client side
* Linux USB host controller driver port for PC
* Linux USB client ports: usb_hid_drv and usb_net_drv, additionally
reduce the Linux tasks used inside these drivers
* Native usb_block_drv
* black_hole component
* Port of libusb, including smartcard and usb_webcam driver depending on it
* Port of Qemu XHCI model library, including vbox5 & vbox6 depending on it
* Adapt all run-scripts and drivers_interactive recipes to work
with the new policy rules of the USB host controller driver
Fixgenodelabs/genode#5021
For now this import file is solely there to satisfy the mechansim
in Goa that collects and incorporates import files for used APIs.
Issue genodelabs/goa#81.
The kernel timer used to truncated timeouts to the next lower
millisecond, which not only limits the wakeup accuracy but also results
in situations where a user-level timeout is triggered earlier than
expected. The latter effect results in the observation of a spurious
timeouts and the subsequent programming of another timeout.
The patch solves the problem by preserving the sub-milliseconds bits
in the 'us_to_ticks' implementation(s).
Issue #5142
This patch modifies the mixer's time window allocation by modelling the
drift of the period length over time. This yields a much better
stability of the detected sample rates in the presence of jitter.
Issue #5132
This patch caps the busyness of the rump kernel, which normally calls
sleep with timeouts between 0 and 10 ms even when idle. On Sculpt
running on a x250 laptop, this patch saves 0.4% CPU load, which is
almost the half of the idle load.
Issue #5140
This data structure uses an AVL tree to maintain a time-sorted set of
alarm objects. It supports the use of circular clocks of an bit width.
Issue #5138
The format library is required, otherwise the binary isn't build. This
regression was introduced in
acpica: provide verbose config (issue #5083)
Fixes genodelabs#5136
The package depends on two resources.
- A Nic session should be routed to the nic_router "http" domain make
the HTTP server available from the outside on forwarded port 80.
- A File_system session labeled "webroot" can be routed to any server
by relabeling the session, e.g., to "report" or "config" in parent.
Sculpt deploy exmaple exporting report_fs via HTTP.
<start name="lighttpd" pkg="lighttpd">
<route>
<service name="Nic">
<child name="nic_router" label="http"/>
</service>
<service name="File_system" label="webroot">
<parent label="report"/>
</service>
</route>
</start>
Newer Qemu variants quit with an error about already existing devices
if the same device-id is add and removed in a loop fast. To circumvent
this strange behaviour, simply use consecutive device id numbers.
Ref genodelabs/genode#5021
This patch was back ported from upstream Mesa and generalizes the memory
management of buffer objects used by the binder. Before this patch the
binder was treated as a special case where buffer objects were allocated
with a simple "next block or wrap" allocator. With this commit the
binder now uses the vm_heap allocators as done by all other buffer
allocations which leads to issues with reference counting and object
destruction being resolved.
Original commit message:
We're moving towards a path where all contexts share the same virtual
memory - because this will make implementing vm_bind much easier - ,
and to achieve that we need to rework the binder memzone. As it is,
different contexts will choose overlapping addresses. So in this patch
we adjust the Binder to be 1GB - per Ken's suggestion - and use a real
vma_heap for it. As a bonus the code gets simpler since it just reuses
the same pattern we already have for the other memzones.
This patch contains the mobile variant of Sculpt OS, which evolved
at the genode-allwinner repository until now. In consists of the
following parts:
- gems/src/app/phone_manager plays the role of the sculpt manager
- sculpt/phone-linux allows for test driving the mobile
variant on base-linux
- gems/src/app/dummy_modem mockup of a modem's behavior, used for
GUI development and testing
The parts targeting a specific device (PinePhone) remain local to
the genode-allwinner repository.
To give it a try:
make run/sculpt_test KERNEL=linux BOARD=linux \
SCULPT=phone LOG=core DEPOT=tar
Fixes#5125
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Fixes#5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start block job scheduling on resume
Issue #5101
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
Issue #5101
- monitor system ROM changes
- stop processing of new Jobs before suspend
- destruct platform device before suspend, but keep platform DMA buffers
- re-construct platform device and reinit resources (mmio, irq) on resume
- re-start GPU job scheduling on resume
Fixes#5081
This commit replaces the mapping of DMA buffers and gets rid of the
bounce-buffer handling, which was introduced to prevent data
corruption noticed when utilizing USB storage with Windows 10 guests,
with accessing the buffers directly.
Due to the way Windows 10 at times manages its DMA memory (many small
pieces instead of few larger ones) the unbounded registry becomes a
problem when containing stale entries.
Changing the 'qemu-usb' implementation allows for using 'read_dma'
and 'write_dma' directly.
Fixes#5121.
This patch enhances the audio driver with the option to operate as a
client of the record and play services instead of providing the audio-in
and audio-out services. The record/play mode can be enabled by setting
the 'record_play="yes"' config attribute.
The audio_in.run and audio_out.run scripts support the selection of the
mode via the 'use_record_play_sessions' hook function.
Issue #5097
A read with MSG_PEEK returns -1 and EGAIN/EWOULDBLOCK in case the socket
is connected. Zero is only returned if the socket is disconnected.
isuee #5104
In case the socket is non-blocking, a read with the MSG_PEEK flag set
has to return -1 and EWOULDBLOCK/EAGAIN in case no data is availble and
the socket is connected. Returning zero implies the socket is in
non-connected state. Therefore, check the connection state in this
situation and return accordingly.
issue #5104
With the following changes, the hypervisor binary from bin/ as well as
from depot archives is taken as is and not unnecessarily turned inside
out.
- Remove objcopy -O elf32-i386 as our grub boots 64-bit binaries
very well
- Remove strip as bin/hypervisor is already stripped
- New session interfaces:
- os/include/play_session (for audio playing / mic-input driver)
- os/include/record_session (for audio recording / audio-output driver)
- Mixer at os/src/record_play_mixer providing both play and record services
- Simple waveform player at os/src/app/waveform_player
- Simple audio-signal capturing component at os/src/app/record_rom
- Simple oscilloscpe at gems/src/app/rom_osci (using record_rom)
- Simple test-audio_play for playing raw stereo f32 data
The _gems/run/waveform_player.run_ script illustrates the use of the new
components and interfaces.
Issue #5097
* Move Kernel::Cpu_scheduler to Kernel::Scheduler
(we only have that one scheduler)
* Move Kernel::Cpu_share to Kernel::Scheduler::Context
* Move Kernel::Cpu_priority to Kernel::Scheduler::Priority
* Rename all functions and variables refereing to `claims` to
`prioritzed`, because claims is not that common
* Rename occurrences of `fill(s)` to `slack` to name the time portions
outside of the prioritized quantum
* Get rid of some two-liner sub-functions with only one occurrence
(like `_quota_introduction`, `_quota_revokation`,...)
Ref genodelabs/genode#5115
This private, internal function is used only in one scope,
and therefore not neccessary. But it has nasty side-effects as
it takes the parameter `duration` as reference and changes its
value. Just remove it completely.
Ref genodelabs/genode#5115
The name head is already extensively used in the context of the lists
managed by the scheduler. This terminology duplications does not simplify
reading the code. Instead we keep head for the first item in the list,
but use `current` in the variable name and API of the `Cpu_scheduler`
class to refer to the current scheduled share.
Moreover, the `_head_quota` is now `_current_time_left`, because it does
not denote quota but time left for the current schedule. The boolean
variable `_head_claims` gets removed at all. It duplicated the state of
whether a current share ist set, and whether it has so-called claim time
left.
Ref genodelabs/genode#5115
Give certain scheduler class wide variables and functions clear names:
* quota => super_period_length
* residual => super_period_left
Ref genodelabs/genode#5115
Replace double linked list by normal Genode::List with an additional
pointer to last list member to efficiently handle the scheduler share lists.
Moreover, move it into the private part of the Cpu_scheduler class,
the only scope where it is used anymore.
Ref genodelabs/genode#5115
Minor changes that should not change any semantics:
* Remove `_next_fill()` its short and only used in one context,
in which it is good to know what that code actually does
* Turn boolean values into actual boolean values
* Remove some brackets around one-liner pathes
Ref genodelabs/genode#5115
The `_head_was_removed` variable got introduced in solving #4710, but it
reflects only whether `_head` is a valid pointer or not, thereby it
duplicates state.
Ref genodelabs/genode#5115
Check if controllers port count matches number of ports found in the
port implemented register. In case counts don't match print a diagnostic
message for debugging purposes.
issue #4081
The key element of the improvement is differentiated processing of
events of the following device types.
Mouse: relative motion
Pointer: absolute motion (Qemu usb-tablet and IP-KVM devices)
Touchpad: relative motion via absolute touchpad coordinates
Touchtool: absolute motion (e.g., stylus)
Touchscreen: absolute motion and finger (multi-) touch
Processing is done in two stages for one "input packet". First, all
events of the packet are recorded into the current evdev state with
device-type specific operations. Then, appropriate Genode input events
are generated from the accumulated evdev state in the submission stage
(again by device-type specific functions).
A simple version of tap-to-click was added to the touchpad support.
Fixes#5105
The <transform> filter configurably transforms touch and absolute-motion event
coordinates by a sequence of translation (move), scaling, rotation, and flipping
primitives in sub-nodes.
Issue #5105
Per default, only key presses and releases are logged. The optional
'motion' attribute (boolean) enables logging of motion and touch events.
Issue #5105
This commit enables generic Linux multi-touch support as well as support
for the Wacom Intuos/Graphire tablets as found in the previous version
of the USB HID driver. Events are not properly propagated through
Genode's Event C-API, yet, which will be a follow up.
Issue #5105
When SMP is enabled multicore specific instructions (e.g., pldw) are
generated. These are not supported and lead to invalid instruction
faults on uni-processor systems (like Cortex-A8). Therefore, we disable
SMP for arm_v7 in Linux code. This requires also a switch from the RCU
tree implementation to RCU tiny, which we shadow and dummy implemented.
issue #5104
Until now, in case 'jent_entropy_init' failed an error has been produced
and the following jitterentropy functions (i.e.,
'jent_entropy_collector_alloc') where called nevertheless. In case we
received a bad time source error, for example because the performance
counters are not working on the platform, the entropy collector did not return (endless
loop).
Therefore, this commit treats the failed jitterentropy initialization
not as an error but prints a warning about poor randomness quality and
stops using the jitterentropy library from this point on. The
'Jitterentropy::gen_random_u64' will in this case return the address of
a stack variable * some counter.
This is only a interim solution to make platforms work where performance
counters or TSC values do not exist/work.
issue #5104
The IP for the connect timeout test should be in another nic_router
domain, so ARP request are only processed be the nic_router and no other
IP stacks.
issue #5104
Adjust the plugin to use the socket C-API found under
dde_linux/src/lib/lxip/include/genode_c_api/socket.h'.
This is the first minor step in generalizing the plugin.
isse #5104
The lxip_raw.run script will spawn a client/server scenario that tests
Genode C-API calls. The scenario can be used standalone, meaning no
actual network card is required.
issue #5104
This commit updates lxip from version 4.4.3 to 6.1.20. It uses the
current lx_kit approach and is a shared library again. The stack has
been tested for x86_32/x86_64/arm_v6/arm_v7/arm_8.
The C-interface of the IP stack can be found under
lxip/include/genode_c_api/socket.h.
issue #5104
CONFIG_X86_USE_PPRO_CHECKSUM is a 'def_bool y' and gets re-enabled by
'make olddefconfig'. The PPRO version contains text relocations which we cannot
have in binaries (e.g., 'lea 45f(%ebx ...).').
issue #5104
add bottom half enable/disable to functions with suffix "_bh" were
missing, because some functions release the bottom half separately
(__neigh_event_send).
issue #5104
Add the possibility to execute a module-init call by name using
'lx_emul_init_call', this is used, for example, by lxip to configure and
re-configure the IP address through 'ip_auto_config'.
issue #5104
The classes Genode::Mmio, Genode::Register_set, Genode::Attached_mmio, and
Platform::Device::Mmio now receive a template parameter 'size_t SIZE'. In each
type that derives from one of these classes, it is now statically checked that
the range of each Genode::Register::Register- and
Genode::Register_set::Register_array-deriving sub-type is within [0..SIZE).
That said, SIZE is the minimum size of the memory region provided to the above
mentioned Mmio classes in order to avoid page faults or memory corruption when
accessing the registers and register arrays declared inside.
Note, that the range end of a register array is not the end of the last item
but the end of integer access that is used for accessing the last bit in the
last item.
The constructors of Genode::Mmio, Genode::Attached_mmio, and
Platform::Device::Mmio now receive an argument 'Byte_range_ptr range' that is
expected to be the range of the backing memory region. In each type that derives
from on of these classes, it is now dynamically checked that 'range.num_bytes
>= SIZE', thereby implementing the above mention protection against page faults
and memory corruption.
The rest of the commit adapts the code throughout the Genode Labs repositories
regarding the changes. Note that for that code inside Core, the commits mostly
uses a simplified approach by constructing MMIO objects with range
[base..base+SIZE) and not with a mapping- or specification-related range size.
This should be fixed in the future.
Furthermore, there are types that derive from an MMIO class but don't declare
any registers or register arrays (especially with Platform::Device::Mmio). In
this case SIZE is set to 0. This way, the parameters must be actively corrected
by someone who later wants to add registers or register arrays, plus the places
can be easily found by grep'ing for Mmio<0>.
Fix#4081
I2C EEPROMs of the type at24xxx are really slow (ca. 10 kHZ).
This adds the `bus_speed_khz` attribute to the config of the driver and
adapts the i.MX8 driver to support the feature.
Issue gapfruit#1996
Fixes genodelabs#5090
The physical address of the memory used for the guest VMCB is already
present in Vcpu_data. Use the information there instead of storing the
physical address in the host data area, thereby freeing up 8 bytes for
a bigger Mmio class.
Issue #4081
Hitting a BOSD in a Windows guest in Virtualbox 6 leads to calling
`DBGFR3ReportBugCheck`, which leads to the following error since it is
unimplemented in our port:
```
Error: DBGFR3ReportBugCheck: DBGFR3ReportBugCheck called, not implemented, eip=0x1a5c4e4
```
Including the actual method from Virtualbox 6 enables logging
diagnostics for the Windows Blue Screen of Death (BSOD).
To see Blue Screen logging output, enable "dbgf" and "gim" logging
via the `VBOX_LOG` following environment variable in the vbox6 runtime
config.
When manually triggering a BSOD in the Windows guest, this should
produce the following logging diagnostics:
```
GIM: HyperV: Guest indicates a fatal condition! P0=0xe2 P1=0x0 P2=0x0 P3=0x0 P4=0x0
GIMHv: BugCheck e2 {0, 0, 0, 0}
MANUALLY_INITIATED_CRASH
```
Fixes#5099
The libc's internal calculation of the tv_sec and tv_nsec fields must be
based on the same ms value. Otherwise, tv_sec is not always immediately
incremented whenever tv_nsec wraps. For applications, this inconsistency
can result in observed jumps in time.
Fixes#5098
Functions registered with 'module_init' (i.e., '__define_initcalls'),
'OF_DECLARE', and 'DECLARE_PCI_FIXUP_CLASS_FINAL' used to be static
constructors and had be explicitly registered using
'exec_static_constructors' before executing any Linux code.
With this commit we remove the constructor attributes from these
functions and create a global function pointer in the form of
__initptr_<name>_<id>_<counter>_<line number of macro>
'import-lx_emul_common.inc' will collect these '__initptr' symbols after
the compile step and generate a 'lx_emul_register_initcalls' function
that executes the functions pointed to. This step is now automatically
performed in 'lx_emul_start_kernel'. This way a call to
'exec_static_constructors' can be omitted in case there are no other
constructors in place.
issue #5096
The former implementation relied on input drvdata always pointing to
struct hid_device, which is not true for Wacom touch devices (at least).
Now, we implement the input handler for devices providing LEDs
(evbit[EV_LED] set) only and use input_inject_event() to set the LED
states.
This commit brings the etnaviv back end implementation in line
with the one from lima. Since the etnaviv driver itself handles
different contexts implicitly rather explicitly like lima and
iris for the moment only a main-context is used for all operations.
Issue genodelabs/genode-imx#8.
Uploading large files via HTTP PUT failed when the file system was
accessed via a file system session because lighttpd opened the
destination file with O_NONBLOCK and the write operation stalled
at some point.
genodelabs/genode#5093
These domains allow for the hosting of plain http and telnet servers
reachable from the outside. The change is designated for the goa
testbed.
Issue #5092
The commit is a preparation commit for suspend/resume. It prepares the GPU
structures relying on gmadr.cap() (MMIO) to be re-constructible by applying
the with* pattern to context, ring_buffer and ggtt mmio map. It removes
the managed dataspace handling of gmadr subsets to make the with_* pattern
possible.
Issue #5081
This commit is a preparation commit for suspend/resume. The commit
refactors the code in order to consolidate all Platform resources into one
instance. All users within the GPU driver should access the resources with
with_* functions, which checks whether the device resource is usable. The
callers are not allowed to store any references to the provided resources.
With this change, it will be possible in follow up commits, to release
the platform device and to re-acquire it and its resources, e.g. mmio, irq,
gmadr.
Issue #5081
- add PS/2 input drivers
- add GPU client test case - glmark2
- remove display driver before suspend
- route log output via terminal on display to gather information, since in
most cases serial/AMT is not available after ACPI resume
Issue #5081
Clearing very large RAM dataspaces could fill up core's page table,
because the dataspaces are locally mapped to clear them.
This would manifest in a loop where exhausting the local page table
leads to its flushing (which does not work for core) and a retry that
again fills up the page table and so on.
To prevent this, flush RAM dataspaces in chunks of at most 128MiB.
Fixes#5086
If "verbose" is set to true in the config, AcpiOsPrintf etc. are enabled
to log to a dedicated LOG session using the Format:Console utility.
Issue #5083
Prevent errors if precision and left alignment are part of the string.
String precision is applied to limit access to the configured number of
characters but ignored for other types.
Issue #5083
The axis IDs correspond to 2x analog sticks with 2 axes and 2x triggers.
While being at it, the commit changes the Axis_id type to Axis::Id.
Fixes#3669
Failed allocations were still denoted with a successful return value
to the caller. This situation was triggered by artificial testing and
has not been observed yet in practice. In case the 'LIMA_GEM_CREATE'
I/O control fails Mesa will dereference invalid pointers anyway.
Issue genodelabs/genode-allwinner#27.
The frame-pointer-based backtrace does not work without enabling
-fno-omit-frame-pointer explicitly and in most cases leads to page
faults because non-pointer stack values are dereferenced during the
walk. The best we can do is to limit the backtrace walk to the stack of
the current thread to prevent page faults unrelated to the system state
without the use of the backtrace utility.
This commit introduces a printable Backtrace class usable in
Genode::log(), Genode::trace(), etc. The class is based on the new
function for_each_return_address(auto const &fn) that walks the stack in
its limits and calls fn() for each discovered return address on the
stack in the new os/include/os/backtrace.h. Archtecture-specific
stack-pointer retrieval and walk loops are implemented in dedicated
os/include/spec/<arch>/os/for_each_return_address.h files. Also, the
well-known Genode::backtrace() function (which logs the return-address
values) is provided for backwards compatibility.
Fixes#5078
The number of hash entries for TCP/UDP corresponds to the number of
sockets managed by the stack. In case there are more sockets than
entries available, buckets will be created to compensate for the lack of
space. The default values for TCP (524288) and UDP (65536) are meant for
the in kernel that manages all sockets of the user land and leads
to very large hash table allocations (>20MB) during initialization.
Since on Genode a component has its own instance of the IP stack or uses
the VFS server, we do not need these kind of large default settings.
issue #2181
This patch changes the unlink operation of the ram fs to defer the
destruction of a file until it is no longer referenced by any VFS handle.
When unlinked, the file no longer appears in the directory. But it can
still be opened and accessed.
With this change, a parent process of a Unix-like subsystem becomes able
to pass the content of an unlinked file to a forked child process. This
mechanism is required when using the 'exec' command in Tcl scripts.
Another use case is the 'tmpfile()' function.
Fixes#3577
The traced top instance was configured to be active every two seconds
whereas the trace test uses a grace time of only 1.5 seconds before
raising the FOREIGN state of a trace subject as an error.
The state of a trace subject can change only whenever the traced thread
passes a trace point. Hence, with the original configuration, the
release of top as trace subject can take up to two seconds. The patch
reduces the rate to 0.5 seconds to satisfy the expectation of
test-trace.
According to RFC 1812 ICMP Destination unreachable (Network unreachable)
does not quite our case of clients directly behind the router.
If a packet is to be forwarded to a host on a network that is directly
connected to the router (i.e., the router is the last-hop router) and
the router has ascertained that there is no path to the destination
host then the router MUST generate a Destination Unreachable, Code 1
(Host Unreachable) ICMP message.
Issue #4729
By using `mktime()`, which assumes local time, we render the `TZ`
environment variable ineffective. Instead, `timegm()` should be used to
set the real-time clock to UTC.
genodelabs/genode#5074
The management of Linux page structs is now tied to the life time of DMA
buffers. Thus, page structs are created when a buffer is allocated and
deallocated only when a buffer is freed - not on lx_emul_mem_free()
because DMA buffers are cached. Page struct refcounting was entirely
reworked in lx_emul/shadow/mm/page_alloc.c.
Fixes#4809
When multiple threads (EMT-0..X + nic_ep) enter the very same
critical section, the use of RTCritSectTryEnter may reflect the contention
case to the Network Model (E1000). Since no one notifies the model, when the
critical section is free again, solely the next packet/event triggered by the
guest will resume the former operation. This may lead to long delays until
packets are sent actually.
Instead of using the RTCritSectTryEnter use RTCritSecEnter to avoid the
situation. All of our network code is non blocking, so the network backend
will only be contented a short time.
Follow up commit to
Issue #5045
The devio API in the Linux kernel promised to be a stable layer for our
USB host controller drivers, but the additional bookkeeping and dynamic
allocations increase CPU overhead in a way that we do not accept further.
Therefore, we go a step back and process DMA transactions directly in and
out of the packet stream from the clients.
Fixgenodelabs/genode#5071
Per default Tslab checks that 8 slabs incl. overhead fit into one block.
If this is not desired the template parameter 'MIN_SLABS_PER_BLOCK' can
be used to control the minimum number of blocks.
Fixes#3834
The argument was originally designated to restrict the reach of the
trace monitor but the idea remained unimplemented. It is now superseded
by the use of the trace-session label as trace-subject filter.
Issue #847
This patch changes core's TRACE service to expose trace subjects only if
their PD label matches the label of the TRACE monitor. Hence, by default,
a trace monitor can only observe itself and its child components. Only
if the trace monitor's parent rewrites the trace-session's label, the
view of trace monitor can become broader. For example, when rewriting
the trace label to an empty string "", the trace monitor becomes able to
observe the sibling components hosted in the same init instance as the
trace monitor.
To grant a trace session the special privilege of obtaining a global
system view (including the kernel's trace subjects), the top-level init
has to rewrite the session's label to an empty string. At core, this
specific label "init -> " is handled as a special case that discharges
the filtering/namespacing of trace subjects.
Note that the trace-subject label as reported as subject info is now
given relative to the label of the trace session. As a nice side effect
of this change, the pkg/test-trace_logger works now when executed by the
depot_autopilot as well as via the test.run script.
Issue #847
This option is useful in cases where batching is configured and
failing to fetch a resource should not influence the over-all
result.
Issue genodelabs/genodians.org#32.
In the scope of alloc_dma_buffer(), Out_of_* exceptions might be thrown
at different stages. By adding a Guard object, we make sure to rollback
already created objects accordingly.
genodelabs/genode#5002
As a consequence of the adding IOMMU support to the platform driver,
additional RAM and CAPs are needed for setting up IO page-table
structures.
genodelabs/genode#5002
The platform driver needs additional 2MB of RAM for managing IO page
tables (root table and context tables) that are shared among sessions.
genodelabs/genode#5002
By adding the `irq_type` argument, one can explicitly specify whether to
use LEGACY, MSI or MSI-X interrupts. We formerly used the
`device_phys_config` to implicitly select MSI, however, with the
addition of IOMMU support to the platform driver there is at least one
instance where we need an MSI for a non-PCI device.
Yet, by adding another session argument to the Irq session, we exceed
the character limit for session args. Since not all arguments are
relevant for LEGACY interrupts resp. MSI, we can split the Irq_connection
constructor to handle the two cases separately and omit unneeded
arguments.
genodelabs/genode#5002
DMA buffer allocations are always performed as full pages. However, they
got mapped into the IOMMU domain using the requested size, which may not
be a multiple of the page size. This behaviour was introduced as a regression
by #4761 and is corrected by this commit.
genodelabs/genode#5002
The virtual add_range()-method must not be called from the base-class
constructor since the derived class is not be fully initialized at
this point.
genodelabs/genode#5002
The sculpt manager views only launchers in the + menu that are not present in
the runtime already. However, this check was missing when finding the right
launcher on a click event inside that menu. This could cause the manager to
try deploying an already deployed launcher a again (without any effect)
instead of deploying the launcher that was actually clicked.
Ref #5064
This is a follow-up commit to the adaptation of the run scripts to the
consistent use of [build_artifacts] (issue #4860).
The missing build of libm remained undetected until the recent removal
of implicit shared-library builds (issue #5061).
This patch removes the implicit build of all shared libraries a target
depends on. Targets only depend on the respective ABIs instead. This
alleviates the need to locally build complex shared libraries (think of
Qt) when developing applications. Instead, application developers can
use binary depot archives.
The implementation splits the mk/lib.mk file into three files:
- mk/a.mk for building one static library (.lib.a)
- mk/so.mk for building one shared object (.lib.so)
- mk/abi.mk for building one ABI stub (.abi.so)
Furthermore, the commit moves messages and the collection of build
artifacts to var/libdeps, triggers the build of kernel-specific
ld-<kernel>.lib.so, and prunes the lib-dependency tree at ABIs.
Fixes#5061
- finished tx ack queue should be checked before new allocations
- packets which got not sent must be released in packet stream,
otherwise the network packet stream gets filled up and starves after a while
- rRegister for ack avail packets and process them concurrently to EMT-* threads
by nic_ep thread (thanks @Peter for the findings) + add synchronization.
- add sigh_ready_to_submit to network adapter to improve latency by notifying
the network model explicitly in case we had a full packet stream error case
(_retry resp. VERR_TRY_LATER)
Fixes#5045
This patch mirrors the interface of Sculpt's distant_runtime to the
sandboxed_runtime variant, allowing the configuration of xpos, ypos,
min_width, min_height, opaque, and background color.
Issue #5008
This patch moves the text-editing facility of app/text_area to a
text-area widget as part of the dialog library. This has two benefits.
First, it simplifies app/text_area by using the dialog API. Second, the
editor can now easily be reused by other dialog-API-based applications.
Fixes#5058
The 'Dynamic_array' utility is used by the text_area as internal
representation of text. As a prerequisite step of making the text
editing features generally available as a text-area widget, the
utility must become public.
Issue #5008
This method allows for the inquiry of the current hovering state,
e.g., to suppress an update of the Wifi accesspoint list while
the list is hovered.
Issue #5008
Issue #5053
Several DMA pools of the EHCI/UHCI USB host controller driver declare
that buffers should not cross 4K boundaries. If this property is not met
fatal errors like NMIs may happen during USB operation.
Discussed in issue #5000
Certain USB devices do not react anymore after an endpoint reset
in the use case of USB devices passed through to a virtual machine.
When investigating the only USB session client that needs the
flush transfers request - namely the Qemu xhci model used in
VirtualBox - there seems to be no need to reset the endpoint in fact.
Fixgenodelabs/genode#5050
USB devio splits large transaction into 16 KiB buffers in scatter-gather
lists. Unfortunately, this mechanism seems unreliable most certainly because
of issue #4809 "DDE Linux struct page object aliasing".
Issue #5036
Currently, running ripgrep on Genode emits
"Warning: sysconf(71) not implemented".
Return -1 without setting errno, which is a valid return value according
to getpwnam(3) and silence the warning.
Fixes#5043
This patch replaces the original policy-based 'update_from_xml' by a new
method that takes three functors for creating, destroying, and updating
elements as arguments. XML nodes are associated with their corresponding
internal data models by annotating the element type with the
'type_matches' class function and the 'matches' method.
The patch also improves safety by enforcing that list-model elements can
never be copied.
Fixes#4317
This commit adds support to initialize the timekeeping for
the Linux subsystem with the value from the RTC.
Only the seconds part of timespec64 is supported.
Issue genodelabs/genode#4957
FreeBSD libc code uses only a single spinlock instance and, thus there
is no obvious reason why it would need to be implemented as an actual
spinlock. _spinlock() and _spinunlock() functions are implemented with a
static pthread mutex.
Issue #725
Changes needed after merging `uboot` and `uboot_fit` modules into a
single module.
Additionally `image.elf` file is removed when either `image.itb` or
`uImage` is created, so it cannot be processed when `image/uboot` module
is loaded. Therefore `image.elf` processing is done conditionally now.
Fixes#5037
This commit adds a new configuration option, `dst_addr` to the
'sntp_client' that accepts either an IP address or a DNS hostname. If a
DNS hostname is provided, the 'sntp_client' will resolve the IP address
before each SNTP request. The 'dst_ip' configuration option is
deprecated but kept for compatibility until 'dst_addr' is fully adopted.
xsd/net_types.xsd: add Net_address type
sntp_dummy_rtc: adjust configuration to use pool.ntp.org
Fixesgenodelabs/genode#5003
`Expandind_pd_session_client::try_alloc` is an overriden virtual method
of `Ram_allocator::try_alloc`. The latter specifies the default Cache
argument as CACHED. The overriden method should either do the same or
not even specify a default argument at all.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
On x86, DMA buffers are actually always mapped as cached. We should
therefore actually ask for a cached buffer in order to avoid confusion.
genodelabs/genode#5000
Feed the high-frequent fetchurl reports into a list model to speed up
the subsequent evaluation of the data.
Also limit the rate of state reporting during updates to visible changes
in percent such that most fetchurl reports do not cause any UI activity
(status updating) any longer.
This patch noticeably speeds up the installation of complex packages
(i.e., the morph browser) on the PinePhone.
Issue #5038
The execution of global-static constructors in Genode is optional for
native components or determined in the libc for libc components. By
convention, we avoid static constructors wherever possible but in rare
cases the component can tweak the point when constructors are executed
and initialize an environment beforehand. The wifi_drv applies this
pattern for the uplink initialization, but is a libc component on the
other hand, and, thus, statics in the Genode C API for uplink are
constructed later by the libc. So, the prior initialization is reverted,
i.e. the signal-handler capability becomes invalid.
This addresses a regression exposed by the following commit.
drivers/wifi: perform multi-staged construction
Related to #3509Fixes#5024
Component names can be larger than widget IDs, which are capped at 20
characters. To uniquely correlate the component depicted in the graph
with clicks, this patch uses a dedicated graph ID for each runtime
component instead.
Fixes#5034
This patch allows for the interactive assignment of the system-control role
to a new component via the resource dialog. This is useful for integrating
low-level components like the Intel frequency/power monitoring tool.
Fixes#5033
Commit "menu_view: ignore zero-sized widgets in box layout" introduces
zero-sized child widgets as a special case but defined zero-sized as
zero covered pixels (w*h == 0). However, for layouting, a widget with a
non-zero height and zero width is not zero-sized.
This patch refines the zero-size condition such that only widgets with
both zero width and zero height are considered as zero-sized.
It thereby solves the missing display of empty lines in the text_area
component.
The 'Xml_node::differs_from' method takes the constructor arguments
(addr, size) for a byte-wise comparison whereas 'with_raw_node'
restricts the byte range to the actual XML tags. In cases where
the XML start tag is preceeded by whitespace, both ranges can differ.
Since the 'differs_from' method is meant for comparing actual XML
nodes - not any whitespace around them - whitespace should be ignored
on both operands.
Issue #5029
This is a follow-up fix for commit "sculpt: apply Dialog API to diag,
panel, and graph", which happened to render the legacy dialogs (network
and settings) inaccessible.
The patch avoids the use of clack seq numbers for the 'popup_opened'
condition (which happens on click, not clack). It also overrides old
click information on the arrival of a new click, avoiding the evaluation
of stale click sequence numbers in distant_runtime.cc. Furthermore, it
reduces the rate of 'Distant_runtime::_try_handle_click_and_clack'.
Issue #5008
On WPA3 encrypted networks the AP picker does not indicate encryption
and does not prompt for a passphrase.
Also indicate an encrypted network when "protection=WPA3", remedying
both issues.
Fixes#5022
Up to now, when using force_*, all other configured modes of a connector
got overwritten and the force_* got enforced. With the commit,
the connector mode is considered (if below max_*) and the resulting
framebuffer may be larger then the dimension of force_*.
Without this change gpg aborted with
gpg: Sorry, no terminal at all requested - can't get input
and after adding --batch onlye with
gpg: signing failed: File exists
Differences in TAR archive member metadata results in unstable depot
hashes. The following properties have to be fixed: modification time
(incl. time zone), numeric owner and group, permission modes.
Releated to #2842
This change allows for the hosting of system-management components
in Sculpt's runtime. The special role must be declared either as
<launcher managing_system="yes"> attribute or in the deploy
configuration's <start managing_system="yes"> attribute.
Issue #5009
Rename locally extended VCPU state from State to Vcpu_state for clarity.
The local namespace only adds two accessor methods, which does not
justify a local generic name.
Ref #4968
Make naming across architectures coherent by renaming Vm_state to
Vcpu_state, to reflect that it contains the state of a Vcpu and not that
of an entire VM.
Ref #4968
Per Affinity::Location a system control cap can be requested. The capability
provides an RPC interface to request and set Cpu_state, as provided by the
former Pd::managing_system(Cpu_state) method. Invocation of those system
control capabilities then *can* (see below) be executed on the desired CPU
as described by Affinity::Location.
The system control cap will be invalid for kernels that don't support
system_control/managing_system functionality at all.
The system control cap will be ever by the same, e.g. ignoring the
Affinity::Location parameter, if the used kernel doesn't support or doesn't
require the feature to execute the system control per CPU.
The commit is a preparation step to add guarded and selective x86 MSR
access per CPU.
Fixes#5009
This patch partially converts the Sculpt manager to the dialog API.
At this stage, both the old utilities and the new dialog API are still
used simultaneously.
Issue #5008
The so-called 'Distant_runtime' implements GUI dialogs via menu_view
components hosted at a distant init instance as opposed to child
components (as implemented by the 'Sandboxed_runtime'). This is
particular the case in Sculpt OS where the sculpt manager is not the
parent of the menu_view instances.
Issue #5008
By renaming 'Dialog' to 'Deprecated_dialog', we become able to use the
name 'Dialog' for the new API while temporarily keeping the original
interface in tact.
Issue #5008
- Increase default timeout to one minute
- Ignore power-button events during display-driver startup to avoid
entering another forced blank when pressing the power button twice.
- Prevent wakeup from user activity except for the power button.
So the volume can be adjusted without leaving the screensaver.
Issue #4950
The new API at gems/include/dialog/ aids the creation of simple GUI
applications based on the menu-view widget renderer. Its use is
illustrated by the simple test application at src/test/dialog/
that is accompanied with the dialog.run script.
Issue #5008
Each hover change of the character position within a label results in a
new hover report, which needs to be evaluated by the application. For
the common cases where labels are used as button texts or for presenting
passive information, the level of detail is not needed while the
recurring hover reports induce overhead at the application side.
This patch mitigates this overhead by excluding labels from the hover
reporting by default.
For use cases that actually depend of precise hover reporting of labels,
for example an editable text area, the hover reporting can be enabled by
setting the 'hover="yes"' attribute of the label.
The 'Widget::_version' attribute was meant to allow the deliberate
replacement of a widget by a same-named widget by changing the version
while keeping the name, thereby suppressing any geomety animation.
However, the implementation missed to populate the attribute with the
value provided by the dialog ROM, prompting the unconditional
re-creation of the widget whenever a 'version' attribute was specified.
Even though this had the (desired) effect of preventing geometry
animations, it could cause feedback loops between hover reports and
dialog ROMs because the 'hover_changed' condition in 'Menu_view::Main'
would always stay true while a versioned widget is hovered.
To prevent exessive allocations the bounce buffers are allocated
once and afterwards re-used. The DMA buffers are provided by an
range allocator whose backing store increases in 4 MiB chunks.
The range allocator might not merge the ranges as those chunks
are not necessarily allocated continously. Allocations larger
than the static chunk size are therefor treated as error.
Internally libyuv uses malloc & free for short time dynamic memory
allocation during image transformation. The converted images are
such large, that the Libc allocator will create and destroy new Genode
dataspace per image. In time sensitive code paths, the overhead can be
noticeable by the caller of the image transformation.
The patch adds the option to register callbacks in the libyuv library to
implement the image allocation by users of the library. They may implement
caching strategies to avoid the overhead, e.g. as seen with qemu-usb and
the webcam model.
and not before. On Windows guest with more than 1 vCPU, the packets
seem to arrive and/or seem to be handled too late in the Webcam model.
An intermediate state, to due the late packet, has been used to decide to
close the Capture session too early.
In SDL2, support has been added for multiple windows.
As such, prior to this commit, invoking _sdl_screen.construct
would create a new window each time the original window was
resized.
To avoid this, refactor to only construct the window once, and
upon resize events, reconstruct the SDL_Surface and SDL_Texture
of Sdl_screen to the new window dimensions.
Issue identified by @chelmuth in https://github.com/genodelabs/genode/pull/4993#issuecomment-1729530634Fixes#4993
Following the official migration guide of SDL [1], the
fb_sdl framebuffer driver was update from SDL1 to SDL2.
The sdl2 port in world/src/lib/sdl2 is used.
Since SDL1 is in maintenance mode [2], support for other
display servers than X11 will never be implemented. In
particular, support for Wayland is missing from SDL1.
Fortunately, a port of sdl2 is maintained in genode-world.
As SDL2 is actively developed, it will provide support for
modern hardware architectures, and has mature support for
Wayland [3].
[1]: https://wiki.libsdl.org/SDL2/MigrationGuide
[2]: https://wiki.debian.org/Wayland#SDL1_.28unsupported.29
[3]: https://wiki.debian.org/Wayland#SDL2_.28supported_since_2.0.2.2B-.29
Issue #4993
The new API emphasizes control over the vCPU data by granting access
through the Vcpu::with_state() method, which makes sure that the vCPU is
stopped, invokes the supplied function with a reference to the VM state
and resumes the vCPU if the function returns true.
The old Vcpu::run(), Vcpu::pause() and Vcpu::state() methods are removed
in favor of the new API. Execution of the vCPU is now interrupted by
sending a native Genode Signal to its Vcpu_handler, which will run the
VMM's exit handling method. When this method retrieves the vCPU state by
calling Vcpu::with_state(), the outside interruption is detected and on
x86 a recall exit is injected into the state to signal the vCPU
interruption / pause request to the VMM's vCPU handler.
Ref #4968
instead via the hardware registers of the FPU. On Genode all components and
so VMMs are built such, that the compiler may generate optimized code by
using the FPU at any time. We had to make sure to save the
FPU state as early as possible before the VMM component touches the FPU,
to avoid corrupting & losing guest FPU state. This caused headache again
and again. To avoid the uncertainty, we remove this feature and explicitly
transfer the FPU state via the UTCB.
Depending on the client and use-case the current minimal timeout
value of 5 ms could be too high, lowering it to 1 ms stays within
the limit imposed by most timer drivers.
Issue #4990.
When the wait value is too small the HALT attempt turnes into
busy-polling in the VMM. To prevent that always wait a minimal
amount of time.
Issue #4990.
This patch removes the obsolete 'io_progress_elem', which was wrongly
enqueued to the 'read_ready_waiters' fifo and not dequeued at
destruction time.
Fixes#4987
GNU Make 4.4 will pass TARGET to the sub-make of UNDEF_REFS where it can
be later used as link TARGET by Genode's build system. Before 4.4 TARGET
was undefined in the sub-make leading to the correct result.
Remove 'usb_hid', 'usb_net', 'usb_modem' from dde_linux port. These
versions have been updated to Linux 6.1.20 which uses the 'linux.port'
file.
issue #4958
The driver is superseded by the USB network driver (usb_net) which also
contains MBIM support for LTE modems previously provided by this
driver.
issue #4958
The drivers uses the 'virt_linux' api and the current lx_kit
implementation. It is a drop-in replacement for the Linux 4.16.3 based
version.
issue #4958
NCM tries to batch TX packets using timeouts (500us) and does not send packets
before 3 packets are in the submit queue. Timeouts take milliseconds on
dde_linux which leads to delayed ACKs and poor performance for the RX case.
Therefore, we send small packets (<100 Bytes) immediately without batching (it
might be an ACK or last packet of a larger transfer).
issue #4958
The PinePhone Modems' CDC Ethernet Interface does not respond if RX/TX queue size
is greater 12 (experimentally determined), the default would be 60, meaning 60
RX Bulk URBs are sent at once to the device.
issue #4958
A WRITE_ERR_WOULD_BLOCK may occur when large reports are written to a file
system because this fills up the submit queue of the packet-stream interface.
Fixesgenodelabs/genode#4988
This commits introduces changes to test number 4, so it must keep
more than one PKG. Also, it introduces a 5th test to verify that the
<remove_all/> functionality does delete everything in the depot.
Issue genodelabs#4866
This commits introduces improvements to the test functions to avoid
code duplication, and renames these functions to reflect better what they
are used for.
Issue genodelabs#4866
The last character should only be skipped if a `\0` or `\n` is found. If
the string ends without such a character or the maximum line length is
hit, we do not skip the last character.
Fixesgenodelabs/genode#4985
Dynamically loading the `compat-libc` breaks `fork(2)` on Genode.
Switch `compat-libc` to a special api package that provides a source
file for statically linking the library, analogous to the `blit`
package. This also requires a quirk in Goa but should prevent breaking
`fork()` and removes the runtime and archive dependencies for Rust
packages using `compat-libc`.
Ref genodelabs/goa#61
Implement FBSD_1.0 versions of libc functions ('stat', 'fstat'). The
functions are versioned with @FBSD_1.0, and therefore, will not clash
with libc during linking. However, to be called by our dynamic linker,
the library must be before libc in the NEEDED section of the binary
using it. This requires the lib to be in front of libc in the LIBS
variable. The library currently will call libc 'stat' and 'fstat' by
looking up the symbols via 'dlsym'.
Ref genodelabs/goa#61
Some Ubuntu installations (e.g., 20.04) create installation disks with
strange C/H/S MBR partitions like 3988/255/2. Normally, VirtualBox reads
the MBR to guess disk geometry information for the virtual BIOS.
Unfortuantely, the strange values from Ubuntu lead to a heavy
virtual-disk activity on boot. Therefore, this commit forces the use of
calculated values based on the assumption that large disks use LBA
addressing anyway.
Fixes#4978
Adds Genode::Hex_dump class to the formatted_output.h header. This class can be
used to print a hexadecimal dump of a byte range. The data is printed in a
format similar to that used by Linux's 'xxd'. In addition to the 'xxd' format,
consecutive duplicate lines are replaced with a single "*\n" as done also by
Linux's 'hexdump'.
Ref #4966
The DHCP client implementations of Ping originally is a copy of the NIC router
implementation adapted for Ping. The two versions diverged further over the
years. This issue should be solved by should merging them into a centralized
implementation. However, this commit treats only a recent issue with the
nic_uplink.run test on pbxa9 qemu but does this by re-aligning the two
implementations partially. The final merge should be done in a separate commit.
Ref #4966
The Depot Autopilot used to filter out tabs and color sequences before
forwarding the test log to the own log. This commit prevents this and further
cleans up the string-filters code.
Ref #4922
The new 'log_prefix' attribute is effective when used in a tests runtime in
<succeed> or <fail> tags that have a non-empty content string. When matching
the log against the pattern given in the affected <succeed> or <fail> tag, the
Depot Autopilot will consider only those test-log lines that start with the
given prefix.
Ref #4922
* Removes the <event> tag from all test package runtime files and replaces the
contained <timeout> and <log> sub-tags with the new tags <succeed> and
<fail>. If a <succeed> or <fail> tag has a content, it defines a log pattern
that should be recognized and render the test failed or successful. If a
<succeed> or <fail> tag has an attribute after_seconds that is not set to 0,
it defines a timeout after which the test should be rendered failed or
successful.
* Adapts the Depot Autopilot to support the new syntax in the test-package
runtime files. However, for now, the Depot Autopilot is kept compatible to
the old syntax as well. If the <events> tag is present, it is prioritized
over the new syntax.
Fixes#4922
Several nightly network-related tests fail currently on sel4/pc because the
new e1000 NIC driver requires more capabilities. The "drivers nic" package
was already adapted to the new requirement but some tests fail to provide
enough caps to the corresponding sub system. This commit tries to fix all
remaining tests.
Ref #4923
* During a session-close, the device-specific usb task and driver data
gets freed. Part of it was the RPC data. To prevent use-after-free
turn it into a pointer and leave it on the stack of the caller thread
* During a device release, URBs discards, and reset operation the Linux task
might get blocked, and then a RPC caller task might return if the RPC
operation was marked as finished already, although it hasn't succeeded yet
* USB devio RESET has to be done before a device release to be effective
Fixgenodelabs/genode#4969
* Within flush_transfer of the USB session a given entrypoint gets
resetted, to be effective al related URBs need to be discarded first
* Discarding URBs shall be done in reverse order, like libusb is doing it,
where it warns about potential races otherwise
Ref genodelabs/genode#4969
* Adds a new component server/nic_uplink that forwards packets unmodified
between one Uplink session at one side and potentially multiple Nic sessions
at the other side.
* Adds a new run script nic_uplink.run that does a basic test with multiple
Nic clients on this component and adds it to the autopilot list.
* Adds a new depot recipe src/nic_uplink for this component.
* Adds a new depot recipe pkg/pc_nic for deploying the pc_nic_driver together
with a nic_uplink server. This allows for raw access to the network connected
to the Nic of the system in contrast to the commonly used routed and NAT'd
access via NIC router. That said, it enables the use of network protocols
not yet supported by the NIC router at the cost of less protection.
Ref #4966
Introduces a new class that does the clean-up if some exception is
thrown while creating the session. This reduces redundancy and overall
lines of code.
Ref #4966
by just test the migration feature, without relying on load measured on the
CPUs. On Qemu (and depending on other load in the Linux system), the migration
feature gets not triggered in time reliable.
* Allow support for kernel configurations without CONFIG_IRQ_DOMAIN_HIERARCHY
* Export `irq_domain` instantiated for driver-specific extensions of the irqchip
Fixgenodelabs/genode#4964
This change allows a monitored VBox instance to specify a distinct
(lower) priority to the VM session to ensure that the VMM is always
prioritized higher than the VCPUs. This is important because host
I/O at the VMM should always be able to preempt a busy guest.
Issue #4917
Decreasing the internal buffer size will implicitly limit the number
of blocks provisioned for recording and brings them in line with
the number of blocks used for playback (2).
Note that this patch also sets an upper-bound on the number of
samples in 'Audio_*::PERIOD'.
If all connectors are set to disabled by configuration, the connectors
stayed enabled since the new configuration reveals no preferred or minimal
resolution/mode. Instead, use the last set resolution in order to get to the
disabling code.
The memory barriers where introduced with commit "test-timeout: fix build
errors with -std=gnu++20" presumably in order to prevent GCC optimization from
removing the empty for loops the test is using because using a volatile index
variable was no longer an option.
However, the memory barriers seem to have a negative effect on the measurements
performed with the affected loops. The commit caused the timeout test to fail
at least on imx53_qsb.
This commit fixes the issue by using a simple empty for loop without volatiles
or memory barriers but protected inside a function that is compiled with
optimization disabled.
Ref #4959
This commit extends the Lx_kit initialization function by passing in
a signal handler that is used to perform the normally occurring
scheduler execution and is a follow-up change for the decoupling
scheduler execution commit.
Instead of burying the signal handler in the 'Lx_kit::Scheduler'
object it is provided by the main object where the driver is free
to perform any additional step before or after executing the scheduler.
Issue #4927Fixes#4952
Since the wireless LAN driver is actually a 'Libc::Component' due to
its incorporation of the 'wpa_spplicant' application, we have to
intercept its construction because we have to initialize the Lx_kit
environment before any static ctors are executed. Most Linux initcalls
are implemented as ctors that will be otherwise implicitly executed
before the controll is given to us in 'Libc::Component::construct'.
Issue #4927.
The timer used to read the counter first and then the IRQ status. This
could cause a non-wrapped counter value to be considered a wrapped
counter value, leading to bogus timeout durations.
This commit fixes the bug and documents the used timer mode in the
driver in order to make future debugging of the driver easier.
Ref #4959
Prevent missing new RPC calls handed over to a Linux task
of a corresponding usb-device, while that task blocked
during enqueuing of asynchronous URBs.
Fixedgenodelabs/genode#4955
* add a sensible priority setup into the test script in order to protect
drivers and stack components from the demanding net clients
* delay the starting of the net clients by 5 seconds in order to give the
drivers and stack components some time to startup in peace
* use only explicit service routing and caps values
Ref #4923
This patch replaces the exception-based error propagation by the use of
'Attempt' return values, which eliminates side effects of the exception
handling - cxx_heap allocations - from code paths that are used by the
the cxx_heap itself (when growing the cxx_heap).
It thereby fixes the failure of the sub_rm test at the "attach RAM ds to
any position at sub rm - this should fail" step.
Fixes#4953
This patch enhances Sculpt with the ability to detect user inactivity
for driving a screensaver by combining nitpicker's hover and focus
reports with a timer.
Issue #4950
Nitpicker's hover and focus reports contain an 'active' attribute, which
can be inspected for the detection of user activity, e.g., as trigger
for a screensaver or for dynamic clipboard policies.
When using the 'Event' session, the reporting code updated the reports
only on incoming events. This patch adds the periodic reporting as used
when using the old 'Input' session.
Issue #4950
Decoupling the scheduler execution can lead to missed interrupts
because the current implementation only handles one pending
interrupt and requires immediate processing.
This commit introduces a helper object that is used to capture
any occuring interrupts that are then handled consecutively.
Issue #4927.
Prior to this commit, whenever an external event occurred, for example
timer or interrupt, the corresponding I/O signal handler was triggered.
This handler unblocked the task waiting for the event and initiated the
immediate execution of all unblocked tasks. Since these tasks may hit
serialization points, e.g. synchronously waiting for packet stream
operations, that require handling of other I/O signals this leads to
nested execution. This, however, is not supported and mixes application
and I/O level signal handling.
The flagging of the scheduling intent is now decoupled from its
execution by using an application level signal handler that is run in
the context of the components main entrypoint. The I/O signal handler
now triggers the scheduling execution by sending a local signal to
the EP.
Since it might be necessary to execute a pending schedule from the EP
directly the scheduler is extended with the 'execute' member function
that performs the check that the scheduler is called from within the
EP and triggers the execution afterwards.
Issue #4927.
On disconnect of displays, e.g. seen with Type-C connectors, the encoder was
not properly disabled due to a missing drm_client_modeset_commit. In order that
the commit succeed, however a fb must be assigned to the modeset. Missing to
do so leads to an -EINVAL by the drm_client_modeset_commit.
Fixes#4948
Fixes alignment faults that occured in the AES256 implementations while
wrapping or unwrapping keys on imx53_qsb, imx6q_sabrelite, and imx7d_sabre.
The problem was that the unwrap_key/wrap_key functions did reinterpret casts
from unsigned char pointers to uint64_t pointers and then directly used the 64
bit values of referenced by the latter. Most probably this caused the compiler
to optimize operations in the assumption that the pointer is 8-byte aligned
which then created alignment faults.
As a solution, this commit changes the interface of the wrap_key/unwrap_key
functions to take uint64 pointers as arguments instead of unsigned char
pointers and then adapts the function users to ensure that they refer to
appropriately aligned memory regions.
Fixed#4932
The initial memory backend implementation was brought over from DDE
Linux and was geared towards use-cases where a high-performing
allocator is useful. In case of the audio driver this is overkill
and since no other driver that could benefit from such an
implementation was ported in the meantime rather use a simpler
implementation that keeps the overhead down.
Fixes#4946.
Since component.cc is no longer linked to core, we can also remove
entrypoint.cc, which was merely a dependency of component.cc.
Related to issue #4784
This patch replaces the global '_wait_for_exit_sem' object by a local
static variable, which does not rely on the global ctors. It thereby
fixes the fault_detection test after the removal of the global ctors
execution from core ("base: remove component.cc from core").
Issue #4784
With these options enabled comparative testing between pc_linux drivers
and bzImages becomes much easier on EFI-only machines. The impact on the
actual Genode drivers is minimal.
This patch removes the use of the Entrypoint::schedule_suspend mechanism
and the call of glibc's exit from the lx_hybrid tests, for two reasons.
First, the interplay of atexit handlers executed by the glibc and
Genode's lx_hybrid library is complicated while bringing no benefits in
practice as lx_hybrid applications are usually servers that don't exit
anyway.
Second, the Entrypoint::schedule_suspend mechanism in not used by any
other component. By removing its use from the lx_hybrid tests, we can
remove this mechanism from the base library.
Issue #4940
By supplying only the parts of the Env that are actually relevant for
initializing the cxx heap, we avoid the need for the 'Env' interface.
The patch also moves the call of 'init_ldso_phdr' to the outside
of the cxx library because it does not belong there.
Issue #4784
USB devices that are never associated to client sessions lack
usb_per_dev_data (and a kernel thread). Therefore, the devices should be
discontinued directly on unplug as no URBs can be pending.
Issue genodelabs/genode#4795
This commits enables the R8169 driver and was tested with two
RTL8168h/8111h (10ec:8168 rev 0x15 sub 1462:7a38 / 1d05:109f) and
two equal RTL8125B (10ec:8125 rev 0x5 sub 1458:e000) devices
running Sculpt.
Firmware loading is for now not implemented but specific Linux
commits suggest it could be necessary. However, doing so will be
post-poned until we have gathered more experience with the driver.
Restarting the driver might lead to the following IOMMU error
messages but the device seems to work anyway:
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2000004200002500 FI:0x000c21b0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x000c21a0 type:0x2 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004200002500 FI:0x00138000 type:0x2 BDF:25:00.0
[…]
[ 0] IOMMU:0xffffffff817ec040 FR:0x8a00000000002500 FI:0xfffffffdf8d30000 type:0x8 BDF:25:00.0
[ 0] IOMMU:0xffffffff817ec040 FR:0x2020004300002500 FI:0x00124000 type:0x2 BDF:25:00.0
Issue #4921.
While this approach still scans "holes" in the bus range, it stops
scanning at the maximum subordinate bus number reachable from the base
PCI bus at the host bridge. Startup under Qemu no longer takes about 12
seconds for scanning 256 buses.
By splitting the 'init_capability_slab()' implementation to a separate
compilation unit 'capability_slab.cc', base-hw no longer needs a
customized version of 'lib/base/platform.cc'.
Related to issue #4784
This patch replaces the internal use 'env_deprecated()' from the
implementation of the thread API in the base library. It also
replaces the global accessor 'main_thread_cap' by the explicit
propagation of the main-thread's capability to the single point of
use via a new 'init_thread_bootstap' function.
Issue #4784
This back end can be used in place of the existing jitterentropy based
on in case random is not strictly needed by the component but one
wants to use the available 'shadow/drivers/char/random.c'
implementation.
Issue genodelabs/genode-allwinner#21.
The implementation was already part of the Zynq's sd_card driver and
since other ARM drivers need it as well, promote it to the common
shadow library.
Issue genodelabs/genode-allwinner#21.
* Removes all previous structs that represented an on-disc block layout
and were therfore subject to a number of layout restrictions (packed,
padding members, enum representations, etc.).
* Adds a replacement struct without any layout restrictions for each of the
removed structs. The new structs are named similar to the old structs.
* Adds block encoding and decoding utilities for easily converting from the
new structs to on-disc blocks and vice-versa (Block_scanner, Block_generator,
T::decode_to_blk, T::encode_from_blk)
* Adapts all affected places in the library to encode and decode proberly
instead of simply casting pointers.
* Thereby cleans up the hashing utilities to use typed-reference args instead
of void pointers.
* Re-enables run/tresor_tester and test-file_vault_vonfig_report for platforms
rpi, imx53_qsb, imx53_qsb_tz, imx6q_sabrelite, imx7d_sabre.
Ref #4819
* Replaces bool access types with uint8_t access types
* Ensures, that the framework always uses the smalles possible uint type
for the return value wherever a bitfield is read and returned to the user.
Ref #4924
In some instances, the fetchurl progress determined by
depot_download_manager will be empty when the download fails (e.g. due
to a 404), this commit fixes a bug where this would be interpreted as
the download having completed which would subsequently start hash
verification of a package that has never actually been downloaded.
Fixes#4919
The depot_remove component can delete PKG archives with
automatically resolving dependencies and deleting archives that are not
required on the system anymore.
Issue genodelabs#4866
On some platforms (x86_32/pistachio, x86_64/sel4) system startup is slow
and the previously configured 30 seconds not sufficient. With this commit, the
timeout is raised to 60 seconds only when running on such a platform.
Ref #4923
This test was originally a copy of ping.run and therefore unnecessarily
inherited all its complexity for testing ping component behavior. Additionally,
ping.run was more actively maintained and evolved over time whereas
nic_dump.run didn't receive the same care. Now, the test fails on certain
platforms although NIC dump works just fine. Therefore, this commit reduces the
test behavior to what is really necessary for testing nic_dump and by doing so,
also fixes the failing targets.
Fixes#4926
On x86_32 okl4, the test timed out although the test timeout was already at
240 seconds for this platform. Instaed of raising it further, this commit
reduces the number of ping rounds for all platforms that are considered as
slower by the test.
Ref #4923
If this file is called from a Makefile via
! $(shell <path>/tool/ports/current qt5-host)
'shell' will return
"Entering directory '' <path-to-libc> Leaving directory '' Stop.",
and thus, producing multiple targets in the 'tool_chain_qt5' case.
issue #4725
This patch restricts 'Region_map::attach_executable' to create read-only
mappings, while offering the option to map the full rights using a new
'attach_rwx' method.
The 'attach_rwx' method is now used by the dynamic linker to explicitly
attach the linker area with full rwx rights. With the old page-fault
handling code, the execute flag was evaluated only for leaf dataspaces,
not for managed dataspaces while traversing region-map hierarchies.
With the new page-fault handling code, the execute bit is downgraded
to no-execute when passing a managed dataspace that is not attached
as executable.
Issue #4920
The change "core: allow offset-attached managed dataspaces" addressed a
corner case of the use of nested region maps. Apparently, this change
negatively affects other scenarios (tool_chain_auto).
In order to confidently cover all the differnt situations, this patch
reworks the page-fault resolution code for improved clarity and safety,
by introducing dedicated result types, reducing the use of basic types,
choosing expressive names, and fostering constness.
It also introduces a number of 'print' hooks that greatly ease manual
instrumentation and streamlines the error messages printed by core.
Those messages no longer appear when a user-level page-fault handler
is reistered for the faulted-at region map. So the monitor component
produces less noise on the attempt to dump non-existing memory.
Issue #4917Fixes#4920
The new monitor component at os/src/monitor is the designated successor
of the gdb_monitor. This initial version, however, implements only the
subset needed to inspect the memory of the monitored component(s).
In contrast to the gdb_monitor, the new component supports the monitoring
of multiple components, leveraging the sandbox API. It can therefore be
used as a drop-in replacement for the init component. Like the gdb_monitor,
the new monitor speaks the GDB protocol over Genode's terminal session.
But the protocol implementation does not re-use any gdbserver code,
sidestepping the complexities of POSIX.
There exist two run scripts illustrating the new component. The
os/run/monitor.run script exercises memory inspection via the 'm' command
by letting a test program monitor itself. The os/run/monitor_gdb.run
script allows for the interactive use of GDB to interact with monitored
components.
Issue #4917
Let the sandbox library disregard all unknown config sub nodes so that
supplemental information - like the monitor policy configuration - is
not interpreted as a misconfiguration ("unknown config element type ...").
Issue #4917
This patch moves the destruction of the child's PD session after the
closing of all other sessions because the PD session's role as resource
container might still be needed for orderly reverting the session quotas
when closing the other remaining sessions.
Issue #4917
By default, the sandbox uses the Env::pd() as reference PD session of
the sandbox children.
However, to accomodate use cases where the interplay of the reference
PD session and the child's address space needs to be intercepted, this
patch adds a constructor that takes an interface for the controlled
access of PD intrinsics as argument.
Issue #4917
This patch replaces the former 'address_space' accessor by a new
'with_address_space' interface that grants access to the region map of
the child's address space, but limits the interface lifetime to the
scope of the caller.
Issue #4917
This patch adds the missing application of the region offset to the
resolution of page faults inside managed dataspaces, which resulted in
an unexpected "invalid mapping" message after attaching a managed
dataspace with an offset.
This limitation could be observed during the implementation of the debug
monitor that locally maps a portion of the debugging target's address
space, e.g., a view port of 16 MiB. All traditional uses of managed
dataspaces (e.g., stack area, linker area) happened to attach the
managed dataspaces from their beginning.
Issue #4917
* add semaphore command to ring in order to be able to stop ring
execution before reset (Wa KabyLake)
* implement reset sequence as done by the Linux driver
* reset ring and cancel job of vgpu causing hang
* lower watchdog timeout 1000ms -> 200ms
* improve scheduling of vgpus so progress after reset is made
* improve the generation chaos a little
* tested on Skylake, Kaby Lake, Tiger Lake
issue #4916
* Use jitterentropy only if supported.
On certain targets like pbxa9 or zynq_qemu, the performance counter always
yields 0, which renders jitterentropy unusable. On these platforms, the
Tresor tests now use a static value as entropy source instead.
* Adds a new package test-file_vault_config_report_no_entropy that is used by
the Depot Autopilot on targets without jitterentropy support instead of
test-file_vault_config_report. The only difference between the two packages
is the value of the above described new config attribute of the File Vault.
* Circumvent alignment fault.
The Tresor lib for now has the deficiency of using on-disc data structures
directly in code instead of decoding them first to unpacked, naturally
aligned structures. This causes problems with memory-access alignment on
several platforms (rpi, imx6q_sabrelite, imx53_qsb, imx7d_sabre). As fixing
this properly is a bit of work, the commit disables the tresor_tester and
file_vault_config_report test on the affected platforms in autopilot mode for
now.
* Further adjustments
* Make benchmarks optional
* Use a smaller tresor for rekeying
* Clean up image parameters
* No use implicit routes/resources
* Reduce ram consumption
* Reduce test timeout
* Raise cap quota, required for sel4 x86_64.
Ref #4819
The debug mode turned out to be unnecessry because the plugin can be simply
replaced with an <inline> file VFS plugin that has a content size of 32 bytes.
Ref #4819
* relaxes the timing and reduces the test steps because pistachio is quite
slow and would otherwise trigger problems with our easy approach of using a
dynamic rom instead of a proper manager
* provide IO_PORT and IRQ session to timer driver
Ref #4819
With the update to sel4 and the gcc 12, assembly instructions are generated
and used, like POPCNT. The instruction is available on our native hardware,
but not emulated by the default cpu model necessarily, which leads to
undefined opcode exceptions (Qemu 4.2.1 && seL4). Additionally, the features
of the default Qemu cpu model may vary between Qemu releases and makes it
harder to correlate effects.
The attachment removal is triggered actually on _ds member destruction time,
but after the io_mem representation for the specific base-<platform> possibly
vanished already during _unmap_local in the ~Io_mem_dataspace. This creates
on base-sel4 several kernel warnings about invalid capabilities.
Issue #4913
Using $(shell find $(REP_DIR)/patches -name *.patch) fails if the
current working directory contains *.patch files due to shell wildcard
expansion before execution. Additionally, the patch list was unstable
because it was not sorted resulting in divergent hashes.
On platforms different than x86 the subsys initcall `pci_subsys_init`
is not available. Therefore, we choose an alternative one here.
Fixgenodelabs/genode#4907
In our binaries, the .note.GNU-stack section is missing, which is okay
as we do not interpret these sections anyway and map stack pages
non-executable per default.
Issue #4827
The main user of libsparkcrypto in the past was the CBE block encryption
ecosystem. However, the CBE was replaced with the Tresor block encryption that
uses libcrypto instead.
Ref #4819
This commit introduces preliminary support for joining networks secured
via WPA3-personal. So far it was only tested with the one OpenWRT AP
configured for WPA3 (see excerpt below) where it WPA3-only as well as
WPA2/WPA3 mixed worked fine.
Scan results excerpt:
00:11:22:33:44:55 5180 -45 [WPA2-SAE-CCMP][SAE-H2E][ESS][UTF-8] PewPew
00:11:22:33:44:55 2412 -67 [WPA2-PSK+SAE+PSK-SHA256-CCMP][SAE-H2E][ESS][UTF-8] PewPew2
Issue #4861.
It turns out solely relying on the name of the compilation-unit
is not enough. In at least one multi-device driver, e.g. rtlwifi,
an equally called compilation-unit is found in several different
directories. There KBUILD_MODNAME is used to name the driver,
which fails later on as the driver framework refuses to register
an equally named driver twice.
Instead of only considering the name of the compilation-unit also
include the last element of the path to generate differentiating
KBUILD_MODNAME value.
Issue #4861.
The supplicant is updated to the current release and is now downloaded
as archive rather than pulled from git. For the time being 'libnl' is
still kept at 3.2.25 as the current 3.7.0 release relies on more Linux
infrastructure that our integration does not provide.
Issue #4861.
This commit changes the firmware handling from requesting each
firmware file as a ROM module that is checked against a list of
known images (including their size) to requesting each file via
the local VFS of the 'wifi_drv'. This allows for using the original
probing mechanism that tries to select a matching firmware version.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to configure the driver.
Issue #4861.
This function is called when decrypting RX frames on the CPU on 32 bit
platforms. Since the frames are normally decrypted by the wireless LAN
device and this code path is triggered rather infrequently the byte-wise
implementation should not pose a performance risk.
So far it was only encounter with a 7260 device when running netperf.
Issue #4861.
The bulk of the driver code now lives in the 'dde_linux' repository,
which is available on all platforms, from where it can be referenced by
other repositories.
The 'wifi_drv' binary was delegated to a generic harness that includes
all configuration and management functionality shared by all wireless
device driver components, e.g., the wpa_supplicant. The code of the
device driver emulation environment is located in 'src/lib/wifi'. It
is referenced by the platform-specific driver library that resides in
the corresponding platform repository. The runtime configuration needs
to point the driver to proper driver library.
The platform-specific library is in charge of orchestrating the contrib
source utilized by the driver as well as providing the 'source.list'
and 'dep.list' files. It must include the generic library snippet
'repos/dde_linux/lib/wifi.inc' that deals with managing the emulation
environment code.
The 'repos/dde_linux/src/drivers/wifi/README' file contains more
detailed information on how to deploy the driver.
Issue #4861.
* ARM support and detaching from Ada/SPARK
* Remove all CBE-related code - especially the Ada/SPARK-based CBE library.
* We have no means or motivation of further maintaining big projects in
Ada/SPARK (the core Genode team is native to C++).
* The Genode Ada/SPARK toolchain and runtime don't support ARM so far - an
important architecture for Genode. This would mean extra commitment in
Ada/SPARK.
* We realize that block encryption more and more becomes a fundamental
feature of Genode systems.
* Implement a new block encryption library named Tresor that is inspired by
the design and feature set of the former CBE library and that is entirely
C++ and part of the Genode gems repository.
* The Tresor block encryption is backwards-compatible with the on-disk
data layout of the former CBE block encryption.
* Except from the snapshot management and the "dump" tool, the Tresor
block encryption provides the same feature set as the former CBE block
encryption and accepts the same user requests at the level of the
Tresor library API.
* So far, the Tresor block encryption does not support the creation of
user-defined snapshots.
* In contrast to the former CBE, the Tresor ecosystem has
no "dump" tool beause with the CBE library it turned out to be rarely of
use.
* In contrast to the Block back-end of the CBE "init" tool, the Tresor
"init" tool uses a File System back-end.
* The former CBE VFS-plugin is replaced with a new Tresor VFS-Plugin.
* The Tresor-VFS plugin in general is similar to the former CBE VFS but
has a slightly different API when it comes to re-keying and re-sizing.
Each of these operations now is controlled via two files. The first
file is named <operation> and the user writes the start command to it.
The user must then read this file once in order to drive the operation.
The read returns the result of the operation, once it is finished.
The second file is named <operation>_progress and can be watched and
read for obtaining the progress of the operation as percentage.
* The file vault is adapted to use the new Tresor ecosystem
instead of the former CBE ecosystem and thereby also gains ARM support.
* The former CBE tester and CBE VFS-tests are replaced by equivalent
Tresor variants and are now run on ARM as well (testing with a persistent
storage back-end is supported only when running on Linux).
* So far, the new Tresor block encryption has no internal cache for meta
data blocks like the former CBE.
* Add config/report user interface
* Add a second option for the administration front end to the file vault
named "config and report". With this front end the File Vault communicates
with the user via XML strings. A ROM session is requested for user input
and a Report session for user output. The front end type must be set at
startup via the component config and is a static setting. The graphical
front end that was used up to now is named "menu view" and remains the
default.
* The File Vault can now reflect its internal state and user input ("config
and report" mode only) at the LOG session via two new static config
attributes "verbose_state" and "verbose_ui_config" (both defaulting to
"no").
* The Shutdown button in "menu view" mode is replaced with a Lock button. The
new button doesn't terminate the File Vault but merely lock the encrypted
container and return to a cleared passphrase input. The same transition is
also provided in "config and report" mode.
* The file_vault.run script is replaced with file_vault_menu_view.run and
file_vault_cfg_report.run that address the two front end modes. In contrast
to the former script, which is interactive, the latter script is suitable
for automatic testing.
* There is a new recipe/pkg/test-file_vault_cfg_report that essentially does
the same as file_vault_cfg_report.run but uses the File Vault package and
can be executed with the Depot Autopilot. The new test package is added to
the default test list of depot_autopilot.run
* The File Vault README is updated to the new version of the component and
has gained a chapter "functional description".
* Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault.
* The new Tresor software Trust Anchor has an optional deterministic mode in
which it replaces the normally randomized symmetric keys with 0. This mode
comes in handy for debugging. However, it should never be activated in
productive systems. When activated, the user is warned extensively on the
LOG that this system mode is insecure.
Ref #4819
Changes to the platform driver triggered a map() error while mapping an
address block at 0x3000 of size 0x800. Since the mapped size was larger, the
loop continued and tried mapping address 0x4000 where no dataspace was
found.
genodelabs/genode#4761
By transforming the Device_pd into an Io_mmu::Domain, we implement an
IOMMU device that uses the kernel API for controlling the IOMMU. This
device gets special treatment and is used by default for every device
that has no <io_mmu/> child.
genodelabs/genode#4761
Every session component manages a registry of Io_mmu::Domain objects
that it creates on demand depending on the acquired devices (i.e. the
IOMMU devices referenced by the acquired devices). Via the domain
objects, a session component adds/removes the address ranges of the
allocated DMA buffers. Additionally, domain objects provide an interface
for enabling/disabling pci devices.
Domain objects get destroyed with the corresponding control device.
Moreover, on devices/policy ROM updates, domain objects of control
devices that are not referenced by any acquired device anymore get destroyed.
genodelabs/genode#4761
This allows referencing an arbitrary number of IOMMU devices within a
<devices> node, e.g.:
<device>
<io_mmu name="foobar"/>
</device>
The specified name is supposed to refer to an existing device in the
devices ROM. The platform driver automatically acquires known IOMMU
devices whenever they become available so that the device object can be
looked up from the platform-driver-owned devices.
genodelabs/genode#4761
With this change, platform-specific code is able to define factories that
acquire IOMMU devices to be used by the platform driver.
genodelabs/genode#4761
The method did not handle device changes properly. When a new policy
does not contain an owned device any more, we must consider this device
as changed and release it. Moreover, the warning messages were interchanged.
genodelabs/genode#4761
"-cpu phenom" does not support all CPU instructions necessary with
gcc 12 toolchain update issuing more SSSE3, e.g. pshufb.
Additionally, remove good/bad Qemu version check of outdated versions.
Issue genodelabs/genode-world#329
In 'SUPR3InitEx' (SUPLib.cpp) a 'SUPQUERYFUNCS' structure is allocated
with
! (PSUPQUERYFUNCS)RTMemAllocZ(SUP_IOCTL_QUERY_FUNCS_SIZE(CookieReq.u.Out.cFunctions));
where 'CookieReq.u.Out.cFunctions' is 0. To determine the size of the
allocation
! #define SUP_IOCTL_QUERY_FUNCS_SIZE(cFuncs) \
! RT_UOFFSETOF_DYN(SUPQUERYFUNCS, u.Out.aFunctions[(cFuncs)])
is used with cFuncs = 0 (SUPDrvIOC.h) leading to an allocation up to the
arrow below
! typedef struct SUPQUERYFUNCS
! {
! /** The header. */
! SUPREQHDR Hdr;
! union
! {
! struct
! {
! /** Number of functions returned. */
! uint32_t cFunctions;
! /** Array of functions. */
==> end of allocation
! SUPFUNC aFunctions[1];
! } Out;
! } u;
==> sizeof(SUPQUERYFUNCS)
! } SUPQUERYFUNCS, *PSUPQUERYFUNCS;
In sup.cc (Genode) 'ioctl(SUPQUERYFUNCS &request)' will lead to
'with_out_ioctl'
! auto &out = request.u.Out;
where auto is 'SUPQUERYFUNCS' and finally
! out = { };
will zero out 'SUPQUERYFUNCS' up to the second arrow above. Because
'RTMemAllocZ' will call 'calloc' to allocate the memory 'out = { };'
will corrupt the slab block after the allocation. Therefore, it is
reasonable to allocate at least 'sizeof(SUPQUERYFUNCS)'.
Note there might be other 'ioctl' cases like this. A better way might be
to use 'SUPQUERYFUNCS.Hdr.cbOut' to determine the 'out' size.
fixes#4675
In case the meta data (or more) got zeroed upon 'free', print error
message. The offset in the meta data can never be zero. This does not
help on other memory corruptions, but at least gives a hint in the too
much zeroed out case.
issue #4675
GPU device access is hard to achieve in run scripts and even harder to
implement generic.
Use the "Modularize Sculpt OS image creation"
(commit b723b11b30)
approach instead.
issue #4900
The XHCI model reserves 0x4000 of IO memory but uses only 0x530.
Implement read (0) and write (nop) for these regions as real hardware
does.
fixes#4902
Triggered by the toolchain update to GCC 12 certain pragmas lead to
a build error as those are now unknown. As quick-fix add '-gnatwG',
which suppresses warnings on unrecognized pragmas.
Issue #4880.
When a GPU session is destroyed, remove vgpu of session from scheduling
and as possible active vgpu. Otherwise, page faults might occur in case
already destroyed vgpu object is referenced during interrupt handling.
fixes#4881
Apparently we need to save the floating point arguments when entering
the linker in case "-fno-tree-vectorize" is at work. Otherwise this
registers get corrupted during jump slot relocation.
Fixes#4879
Either enable strict-alignment or disable FPU code generation by gcc
regarding bootstrap code, which cannot handle alignment faults during
initialization properly.
Ref genodelabs/genode#4827
/data/genode/repos/os/src/server/lx_fs/directory.h: In member function ‘virtual Genode::size_t Lx_fs::Directory::read(char*, Genode::size_t, File_system::seek_off_t)’:
/data/genode/repos/os/src/server/lx_fs/directory.h:224:53: error: ‘dent’ may be used uninitialized [-Werror=maybe-uninitialized]
224 | .type = type(dent->d_type),
| ~~~~~~^~~~~~
/data/genode/repos/os/src/server/lx_fs/directory.h:197:40: note: ‘dent’ was declared here
197 | struct dirent *dent;
| ^~~~
Issue genodelabs/genode#4827
Eliminate the creation of 'Genode::String's before the linker has been
self relocated, because 'Genode::String's will call 'Genode::strlen' on
construction from C-Strings, which has now become a GOT relative call,
while the GOT contains only zeros before relocation -> page fault at
IP 0.
fixes#4867
related to #4827
Downloading non-existent archives from 'depot.genode.org' leads to
files in the 'public' directory containing the 404 error website
delivered by the HTTP server. Specifying the '--fail' option results
in curl generating an exit-code that leads to the appropriate action
by the tool, e.g.:
Error: failed to download 'https://depot.genode.org/user/pkg/x/version.tar.xz'
Issue #4865.
error: 'void operator delete(void*, Genode::Deallocator&)' called on pointer returned from a mismatched allocation function [-Werror=mismatched-new-delete]
Issue #4827Fixes#4850
error: ‘void operator delete(void*, Genode::Deallocator&)’ called on pointer returned from a mismatched allocation function [-Werror=mismatched-new-delete]
Issue #4827Fixes#4848
An early version of nitpicker used a pointer as 'owner' with the null
pointer representing nitpicker's built-in views, which are nowadays
represented by 'Main::_global_view_ower'. The null-pointer check is a
left-over from the earlier days.
Fixes#4847
Since repos/base/board/pc/devices is empty, the run script no longer
works on PC. Nobody noticed because the use case of this run script -
as development test loop for the ps2 and fb_sdl - are better served by
other scenarios nowadays, e.g., using declaring 'build: ps2' for a
custom Sculpt OS build.
Removed in the context of issue #4860.
If GPG signing is aborted, e.g., by pressing CTRL-C, an empty .sig file
remained in PUBLIC_DIR because the file was created by the Bash
redirection. By using '--output $@', gpg maintains the .sig file.
Bit 0:3 indicate which of the (up to) 16 supported LBA formats is
used for this namespace. Instead of only looking at those bits the
driver looked at the complete 0:7 bits. Those, however, also include
information on how metadata may be transferred. That leads to using
the wrong index for reading the LBA format.
Fixes#4832.
This patch solves keyboard-focus issues with the wifi dialog that were
caused by making the focus update conditional. However, since the update
is not expensive, we can unconditionally re-evaluate the focus atfer
each user interaction.
Issue #4820Fixes#4856
This patch solves the false-negative error message "failed to open file"
referring to an ioctl info file during an ioctl call. The message is
now avoided by checking for the existence of the file before reading it.
However, the observed symptom uncovered an actual bug that was
introduced in commit "libc vfs: open OSS 'info' file only once" with
the attempt to cache the content of ioctl info files. When called
multiple time for different paths, 'Vfs_plugin::_with_info' would
wrongly return the info from the first call as cached in a local
static variable.
The patch fixes the problem by a new added 'Cached_ioctl_info'
implementation in the scope of the 'Vfs_plugin'.
Issue #4372Fixes#4852
This patch includes the system dialog in the global keyboard focus
handling, supports hovering of the "Edit" and "Add" buttons,
allows the use of the enter key to finish URL editing, and
triggers a re-scan of depot users after adding a new one.
Issue #4820
Should the selected depot user not be present in the depot - for example
after switching the sculpt partition to another - unfold the selection
of all present depot users so that the one can pick an existing one.
Issue #4820
If the DMA memory allocation alignment is unfortunate (not natural size
aligned), the IOMMU (AMD/INTEL) may not use larger(super) pages with effects
on the page table walk frequency and TLB caching.
Issue #4820
We repeatedly experience issues with XHCI handoff in the USB host driver
at runtime on modern systems. Mostly, these issues manifest as
initialization delays with very high CPU load. Investigations show that
during this time the handoff MMIO write does not return, which hints the
firmware driver enters some spinning loop. I suspect the enabled IOMMU
does not play well with the firmware due to insufficient RMRR
information.
Therefore, we disable USB handoff in Sculpt via the driver manager (as
we do for dedicated devices already in other contexts). Note, UHCI and
EHCI handoff is still done in the platform driver and succeeds on all
our test hardware.
Issue #4820
This split allows us to cross-compile all arm_v8a packages needed for
'goa build' by creating pkg/arm_v8a/goa.
The components featured on pkg/goa-linux are solely needed for 'goa
run'. As they contain a number of lx/hybrid components, pkg/goa-linux
must be complied on Linux running on the target architecture.
Fixes a regression with the cbe_init_trust_anchor component that prevented
reacting to a failed unlock attempt in the File Vault. The regression was
caused by new semantics in the vfs that did not allow for using the file
operation result as indicator for whether the unlock attempt failed or
succeeded. The correct and hereby applied approach is to check for the data
read from the file after having written the unlock command. The data reads
either "ok" or "failed".
Before scheduling we check if the execlist is empty. When many clients
are present, the bits might not be cleared by hardware yet. Before the
watchdog timer would trigger, because we scheduled nothing. Now we try
serval times, even if this fails, we still schedule because in the worst
case only a preemption would happen.
issue #4820
Commit "vbox: avoid uncaught nic Empty_ack_queue exception" introduced a
performance regression due to packet retransmission because of faulty
GSO segment handling. As fixing the GSO handling is fairly complex, we
disable GSO until a fix was developed.
Issue #4820
Issue #4821
This patch mitigates potential busy feedback effects when evaluating the
reports produced by 'depot_deploy' in a closed control loop. Reports
are now generated only if the deployment state has changed.
Issue #4818
This patch marks a child as incomplete if one of the ROM modules listed
in its blueprint is missing. This, in turn, triggers the update system
in Sculpt, which then tries to download the missing pieces.
Issue #4818
By managing downloads issued by the deploy subsystem via the
'Download_queue', failed downloads (e.g., due to HTTP error 404) are
properly tracked and don't cause infinite re-attempts.
Issue #4818
This patch promotes the event of an exiting child to become immediately
reported, reducing delays for management components that watch the exit
status of children.
Fixes#4814
This patch replaces the former 'nic_drv' and 'nic_drv_dtb' functions
by a more general 'nic_driver_routes' function that can return one or
multiple platform-specific ROM routes for NIC-driver binaries and dtb
files. This allows for supplying customizations for the wifi driver
as well. E.g., on the PinePhone, this hook can be used to handle the
renaming of the 'wifi_drv' to 'a64_wifi_drv'.
Related to issue #4813 and issue genodelabs/genode-allwinner#17.
The wifi VFS plugin is solely there to provide a hook for calling
'Lx_kit::initialize()' prior to the static ctors. As the corresponding
symbol can be resolved at run-time there is no need to add the
library as a build-time dependency.
Issue #4813
The device-tree binary is normally required on ARM-based platforms
where as on x86 it is omitted. The platform-specific DTB helper
provides a generic interface for accssing the DTB and needs to be
implemented on each platform.
Issue #4813
The SDIO connected wireless device on the PinePhone is not available
on start-up, which leads to the supplicant failing to initalize
'wlan0'. Normally the supplicant would be used in a way that handling
devices that appear at run-time happens gracefully.
Rather than supporting this behavior we defer the start-up of the
supplicant until the device could be openend successfully for now.
Issue #4813
The MAC address device report should be published once the device is
available. Since this may happen at a later time we have to check the
call.
Issue #4813
This commit introduces support for building the WLAN driver for ARM
platforms. It makes the WPA supplicant and its support libraries
available for all platforms. It also seperates the PCI parts to
accommodate platforms where other bus protocols are used.
Issue #4813
The driver was only tested with an "Atheros AR9462 Rev:2" [168c:0034]
device using the 'wifi.run' run script.
Note: for it to work MSI may not be used as otherwise interrupts do not
work. Using an IOMMU leads to the following fault:
[ 0] IOMMU:0xffffffff817eb0b0 FRR:0 FR:0x22 BDF:4:0:0 FI:0xb0000000000000 (0)
Issue #4813
The way the 'struct page' management is currently implemented it is
not safe to rely on it in case allocations share the same page. This
is in particular true where the virtual address is obtained by
querying the page object for maintaining the CPU caches.
Issue #4813
Optionally log scheduling-context execution time in addition to the
thread-context. This may be relevant on kernel platforms that do not
schedule threads on their own CPU share only but implement some kind of
donation scheme, for example, NOVA.
Usage
<config sc_time="yes" ...> ... </config>
Fixes#4805
This commit updates the used firmware images for the iwlwifi device
to latest available ones (supported by the current 6.1.x driver).
It also removes old firmware images that by now are not used anymore.
Fixes#4807.
If a content.mk file wrongly refers to a non-existing directory in a
call of the 'port_dir' function, the 'content_env_missing_ports.mk' gets
stuck while invoking 'cat' without argument, which makes such mistakes
difficult to diagnose. This patch adds a sanity check for the existence
of the port hash file at the specified location before attempting to
'cat' the hash-file content.
Unfortunately, the change of "depot: remove empty config from
pkg/nano3d" broke the manual deployment of the nano3d demo because no
<config> is provided in this case.
This patch splits pkg/nano3d into two variants. The regular nano3d pkg
comes with an empty <config/> node as before. The unconfigured_nano3d
pkg does not feature any <config/> node and can thereby be configured
via a ROM route to a dynamic-rom service.
This patch equips the depot_download subsystem with the option to
explicitly skip the signature verification for downloads by specifying
the attribute 'verify="no"' for an <installation> item. This is useful
in scenarios where the lack of integrity of downloaded content does not
pose a risk, e.g., for untrusted applications that are rigidly
sandboxed, or during development.
Note that this option does not entirely discarge the signature checking.
Whenever an download has dependencies that are verifyable - for
which the public key exists in the depot - the dependencies are still
verified. This allows untrusted content to depend of verifyable content
while protecting the integrity the verifyable content.
Issue #4804
This patch adds the 'Verify' argument to all download-related interfaces
in order to control the checking of signatures for downloads. Note that
it does not change the sculpt_manager's existing built-in policy of
always checking signatures.
Issue #4804
This patch moves the interfaces needed for the interactive addition of runtime
components from the 'Popup_dialog' to the 'model/component.h'. So those
interfaces are no longer tied to one specific view implementation.
This free-standing function is meant to gradually replace
'Dialog::match_sub_dialog' interface, which relies on the caching of
the hover state. The new function is more flexible because dialogs do no
longer need to inherit 'Dialog'.
The missing else statements resulted in the addition of a
superfluous <archive> node when installing an <index>, causing
warning messages by the depot-download subsytem.
This patch adds the ability to specify an optional 'as' attribute in a
<rom> module declarion of a runtime file.
<runtime ...>
...
<content>
<rom label="camera-pinephone.dtb" as="dtb"/>
...
</content>
</runtime>
If specified, The depot-deploy tool uses the provided attribute value to
hand out the ROM 'camera-pinephone.dtb' under the label 'dtb' to the
subsystem.
Recent devices are configured with 4096 RX pages that lead to an
increased memory usage. For the moment lower the amount to 2048
and treat in potientially lower throughput for more conservative
memory consumption.
Fixes#4801.
For Windows guests, it's crucial to configure the paravirtualization
provider in .vbox6 like follows. Otherwise, the TSC calibration fails
(issue #4726) and the CPU frequency (in task manager) is bogus.
<Paravirt provider="HyperV"/>
Fixes#4726
The get_cycles() call within the test doesn't apply to RDTSC
access when running on ARM but to arch_timer_read_counter, which
is an empty function pointer. By setting it to a function that
returns Genode::Trace::timestamp() we can enable the test for ARM.
Issue #4775
- move metadata specific to isochronous transfers from the descriptor
into the content of USB-session packets
- restore support for 32 in-flight packets in the USB C API
Fixes#4749
Now, block_devices are reported earliest right after the devices ROM was
parsed and neither AHCI nor NVMe were found. If one or both devices were
found, the report is deferred after all expected reports arrived.
Issue #4791
Previously the 'partitions' report was implicitly generated after
parsing the partition-table by accessing the referenced reporter
object.
Now the report is explicitly created by calling the 'generate_report'
member function. At this point we no longer have access to all
required information so the 'Partition' class was extended to
accommodate for the data needed by MBR as well as GPT reports.
Fixes#4786.
The 'File_content' utility throws an exception whenever a file happens
to get truncated during the reading process. But it silently truncates
the data against the specified limit. In practice, exceeding the limit
is usually an error case. This patch enhances the 'File_content' utility
by throwing 'Truncated_during_read' in the limit-exceeded case as well,
in order to ease the diagnosis of such cases.
Issue #4788
'cap()' will return invalid capability within session destructor, therefore Vram
objects that belong to the session will not be destroyed, leading to danling
references later on. Use '_owner.cap' of session instead.
The new 'init_platform' function performs the platform-specific
component-local low-level initialization. It allows for the
differentiation between core and regular components as well as
kernel-dependent peculiarities.
This patch introduces a consistent notion of a 'Platform'. Within core,
the 'Platform' contains the kernel-specific initialization. Outside
core, the platform sets up the interplay with the parent component. In
all cases, the platform is constructed while running on the initial
stack.
Issue #4784
VirtIO device models can assert interrupts to notify about
buffer and configuration changes. By now, we could only assert
buffer notification interrupts, but no configuration changes.
The latter is needed, e.g. to notify about GPU mode changes.
Ref genodelabs/genode#4783
Depending on the number of partitions the current fixed size of 4096
bytes might not be sufficient for the resulting partitions report.
The use of the expanding reporter allows for accomodating large reports
while still keeping the resource usage down for the common case of
few partitions (with potentially short names).
Fixes#4782.
The implementations of snprintf and vsnprintf are not needed for the
loading of png images by the demo applications. So we can avoid the
dependency from the format library hosted in the libports repository.
Issue #2064
This commit introduces support for the HMB feature and will setup the
buffer during start-up. The host-memory-buffer (HMB) feature is mostly
used on NVMe devices that do not make use of an DRAM cache to store its
translation tables amongst other operational data. Not using HMB can
impair the performance on such devices.
The memory is allocated in 2 MiB chunks of DMA-capable memory and its
total size in bytes is configurable via the 'hmb_size' config attribute.
The driver always checks the minimal and preferred size of the HMB and
issues a warning in case it is not enabled via the configuration.
Moreover, if the configured size is less than the minimal amount
required by the device the HMB is not configured at all and a warning
is issued also. If the configured size is more than the preferred size
it will be capped to that amount.
Fixes#4715.
This patch converts the loader implementation to the 'Session_object'
interface to implement the ability to upgrade the session caps and RAM
after after the session creation. This is needed to accommodate the
change of the Loader::Connection in commit "Remove format strings from
connection types".
Issue #2064
This patch ultimatedly removes format strings from Genode's base API.
Users of the former base/snprintf.h and base/console.h headers may
use the free-standing 'format' library hosted in the ports repository.
Fixes#2064Fixes#3869
This little library implements rudimentary format-string support. It is
useful for porting 3rd-party code that ought not depend on a full libc.
Issue #2064
The new 'Connection' constructor accepts the session label, affinity,
and args as constructor arguments. The session arguments are passed as a
'Genode::String'. This allows for side-stepping the need for rendering a
format string passed to 'Env::session'.
Issue #2064
The additional files provide Chacha implementation in case
may_use_simd() returns false because in_interrupt() returns true.
Related to issue #4778, commit "lx_emul: track irq state changes"
Implement udelay for all architectures within common lx_emul code,
remove driver-specific version.
Always do busy looping in udelay and use cpu_relax()
like the original Linux code. Thereby, we profit from architecture specific
instructions (cpu cool down), and jiffies are updated if irqs are on.
Ref genodelabs/genode#4778
There are rare use-cases where cpu_relax is used inside a busy loop
(i2c bus functions), which only will break when the jiffies counter
reaches a specific value.
Because of the cooperative scheduling done in lx_emul, no timer
interrupt will break such a loop. As a workaround, we check for
necessary jiffies updates inside cpu_relax if interrupts are enabled.
Ref genodelabs/genode#4778
To be able to check for interrupts being on or off,
the enabling and disabling is tracked in lx_emul.
When interrupts get received, they have to be turned off.
Ref genodelabs/genode#4778
Do not start and stop idle ticking within the timer interrupt
routine, but do it around the whole Lx_kit scheduling, which
is always called when Linux code gets active again, either
because of backend signals, interrupts, or timing signals.
This commit implicitly reverts the (incomplete) solution of
issue #4550
Ref genodelabs/genode#4778
Linux kernel static functions usb_string_sub() and usb_get_langid() were
made accessible to implement robust string rerieval.
Fixes#4756Fixes#4757Fixes#4772
The namespace draws a clear line between the base library and the core
component.
It is declared at the new core-local header <types.h>, which is expected
to be included by all code of the core component. It is thereby a
natural place for kernel-agnostic general types like commonly used C++
utilities.
Fixes#4777
Implicitely fixes problems with USB devices having more than 4G blocks.
Formerly the 16-Cmd LBA requests were silently casted to 32-bit.
Fixgenodelabs/genode#4771
In case the packet is erronous the value of 'actual_size' can be
invalid and using it may lead to a page-fault due to out-of-bounce
access.
With this commit access is only performed on successful packets.
Fixes#4763.
Workers are only summoned by the manager or when there are no workers on
a work queue. In case a work in front of a work queue depends on a work
behind it, a deadlock may occur. To solve this Linux spawns a rescue
worker using timers. Timing of Linux based drivers is currently reworked
and not reliable. Therefore, we increase the number of workers that are
spawned from 1 to 3 per work queue in order to resolve possible
deadlocks.
Fixes#4762
Set wakeup pointer in FADT/FACS tables and prepare/place ACPI resume code
at application processors (AP) 16-bit entry. Exclude memory used for AP resume
from RAM range to avoid usage by Genode core in allocators.
Issue #4669
The CPUs are woken all at once and up to now the IDs are assigned depending
on the arrival order, which is unfortunate for the resume case. Keep track
of once assigned IDs for CPUs, so that on resume the very same CPU id is given.
The APIC id is guaranteed to be fixed per CPU on suspend, but unfortunately
not dense packed.
Issue #4669
The ACPI table FACS and FADT are required to support ACPI suspend/resume. The
commits add the lookup of the ACPI table in bootstrap and the general usage
of the ACPI registers via the MMIO framework.
Issue #4669
Add explicit init() to Timer infrastructure to re-initialize the hardware
based on the parameters given during constructing time of the timer object.
Issue #4669
On resume the CPU state must be re-initialized, since all CPUs have been
potentially off (depending on sleep form) and lost state. Handle the halt
and suspend state explicitly by an extra Job implementation which can be
executed without holding the global kernel lock.
Issue #4669
Instead of re-using the register values found in HCR_EL2 and CPTR_EL2
and setting single bits within them, define the complete content to
prevent inconsistent hardware/hypervisor state.
Ref genodelabs/genode#4759
Several explicit casts could not be avoided yet, due to the missing
differentiation in between virtual and physical addresses that leads
to casting problems when using 32-bit ARM, and because the MMIO
register framework does not allow to return narrowed types of bitfields.
Apart from that, this commit fixes a switch-case fallthrough error in
Mmio_register::write.
Fixgenodelabs/genode#4770
The read_config and write_config functions in the generic virtio
headers used by all drivers lead to compiler warnings resp. errors
if effective-c++ switch is enabled. Moreover, the functions require
to define the access width as parameter. We can better turn them
into template functions using the value type to read resp. write to
derive the access width.
Ref genodelabs/genode#4344
The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.
Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.
This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.
Issue #4706
Prior to this change the libdrm Lima implementation supported the
creation of multiple contexts where each context, however, was
treated as the same client like it was done in the Lima driver
itself.
With this commit each context becomes its own client while the
main context always performs all buffer object related allocation
and the other context import each needed BO before submitting.
Fixes#4760.
Sync file-descriptors a purely virtual and are not known by the libc and
should be only accessed by 'drm_poll'. To prevent accidental access move
them to range never used by the libc fd allocator.
Issue #4760.
We determine the owner of a Vram object by the session cap of the
session that created the object. We should not copy this cap to other
places because this increases reference counting, that can become very
large with many objects. Therefore, we pass a wrapper 'Owner' object
containing the cap by reference.
issue #4713
* 'map_buffer', GTT mappings are currently not used by Iris
* 'set_tiling', tiling is currently not used by Iris because there are
no GTT mappings
issue #4713
Change the abstraction from buffers to video RAM (VRAM). The notion of
buffers can be provided at the client side (e.g., Mesa) and multiple
buffers can be there be associated to one VRAM area, thus saving
resources (meta data overhead) when allocating many buffers. A VRAM area
can also be mapped to one single buffer as before for clients or drivers
that do not take advantage of this feature.
issue #4713
by checking for it in core, submitting a signal (if registered) and not
replying instantly. Before this commit, an exception (a non page fault)
caused and endless "unknown exception" loop between originator and core.
This was handled before commit "core: kernel-agnostic 'Mapping' type" by
throwing an exception, which was with that commit not working anymore.
Fixes#4751
Segment assignment stays valid for all sections following .dynamic,
which implies that .got and co also end up in the PT_DYNAMIC segment.
This is not intended. Therefore, we move the .dynamic section before
bss and assign bss to the rw PT_LOAD segment only.
fixes#4750
By default, bender will not report any serial findings anymore, if not
explicitly asked for with the 'serial' option. Without this option, an
invalid ioport is reported, so that neither the kernel nor Genode core
will make serial output.
The screenshot trigger displays a little red dot at the upper-left
corner of the screen. When touched or clicked-on, it generates an
artificial key-press-release sequence for the print key and disappears
for one second. In this time, a separate screenshot component can handle
the print key by capturing the screen without the red dot appearing in
the saved picture.
The touch-keyboard config accepts the new attributes 'opaque="yes"
and 'background=#112233' to control the dialog background. The
attributes are passed unmodified to embedded the menu view.
This patch add the support needed for implementing on-target
system-update functionality. The new 'empty' method is required for the
two-step procedure of updating image-index files - removing the old
index, followed by downloading the most current one. It is used to the
detect the completion of the first step.
Issue #4744
This patch reflects more details such as the percentage value for
downloads maintained in the download queue. This makes this information
easier to display at the GUI.
Issue #4744
This patch replaces the generic "In progress..." message by slightly
more concrete information about the type of operation. This is useful to
distinguish the two steps during the expansion of a partition.
This patch enhances the depot_download subsystem with support for
downloading and querying system images.
The installation ROM support the following two now download types:
<image_index path="<user>/image/index"/>
<image path="<user>/image/<name>"/>
Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:
<images user="..."/>
<image_index user="..."/>
If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.
The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.
Issue #4744
The 'scan' query for depot users used to list the names of depot users.
However, the URL and existence of a pubkey is useful to know when
assembling a GUI menu from this list.
Issue #4744
This patch equips the publish tool to handle system images.
System images reside at <depot-user/image/. The directory contains an
index file that contains the meta information of the available images
in XML form, e.g.,
<index>
<image name="sculpt-pinephone-2023-01-19" board="pinephone">
<info text="initial version"/>
</image>
</index>
To publish a new version of the index:
./tool/depot/publish <depot-user>/image/index
Each system image comes in two forms, a bootable disk image and an
archive of the boot directory. The bootable disk image can be used to
install a new system from scratch by copying the image directly ot a
block device. It contains raw block data. The archive of the boot
directory contains the content needed for an on-target system update to
this version. Within the depot, this archive a directory - named after
the image - that contains the designated content of the boot directory
on target. Depending on the board, it may contain only a single file
loaded by the boot loader (e.g., uImage), or several boot modules, or
even the boot-loader configuration.
To publish both forms:
./tool/depot/publish <depot-user>/image/<image-name>
This results in the following - accompanied by their respective .sig
files - in the public directory:
<depot-user>/image/<image-name>.img.gz (disk image)
<depot-user>/image/<image-name>.tar.xz (boot archive)
<depot-user>/image/<image-name>.zip (disk image)
The .zip file contains the .img file. It is provided for users who
download the image on a system with no support for .gz.
Fixes#4735
Issue #4744
This patch improves the Readonly_file::read method such that the
capacity of the specified buffer is used as upper bound for the read
operation instead of VFS-internal I/O buffer sizes. This relieves the
caller from implementing a read loop in most cases.
As a step away from C-ish use of the API, the patch deprecates the old
'read' method that takes the buffer as char *, size_t arguments.
Fixes#4745
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.
This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.
Related to #4592
This patch adjusts the run/image/disk plugin to search for resize2fs in
/usr/sbin, which is not included in the PATH variable on Debian by
default.
Issue #4746
The new utility returns a key code for a passed name and is implemented
by linear search, which is slow but sufficient in situations like config
updates.
Issue #4748
The leading newline in the _capture function confused _filecontent,
which resulted in empty port hashes.
Fixes regression introduced in 437fd21ba0
(issue #4725).
lwip uses a sophisticated reference-counting scheme in chains of pbufs,
which the former manual implementation of read() for TCP data broke.
Using pbuf_free_header() keeps the chain intact and also relieves our
implementation from the burden of "offset" maintenance.
Fixes#4722
Due to lacking hardware access the driver was test with one RTL8188EE
based device, namely [10ec:8179] (rev 01), only. As the access to the
PCI config space is restricted the driver loads the non power-saving
FW and the driver port is therefor only tested with that. The
accesses are documented should we choose to support them one way or
another later on.
The 'wifi.run' run script as well as Sculpt served as testing ground
where the driver worked fine so far.
Fixes#4714.
Check if we are able to submit the Usb packet before attempting to
allocate it. In case the queue is already full we wait until another
pending packet is freed.
Fixes#4701.
Up to now it was only checked if an issued admin command was processed
in a timely fashion. Otherwise it has been treated as failed.
However, the completion-queue entry was not examined and the caller was
not able to access the entry itself. Depending on the command, checking
the completion-queue entry might be necessary, e.g. GET/SET_FEATURE.
Issue #4715.
Since the 'Platform::Device' constructor will defer the creation until
the content of the devices ROM is valid performing the PRP list helper
creation afterwards should be done with valid IOMMU information.
Issue #4715.
Some USB devices (e.g., webcams) fail to deliver their configuration
descriptor early after power-up. Testing revealed that retrying the
requests usually succeeds on second or third attempt.
Fixes#4739
Genode build system allows to easily enable 'ccache' for builds. This
change allows to enable using 'ccache' also for build of reference
Linux kernel used during porting device drivers.
To enable 'ccache' it is enough to pass value of 'CC' variable when
executing Linux build but this build by default depends on time when it
is built which causes 'ccache' misses. To solve this issue additional
flags are passed to make build independent from time, current user and
host on which build is performed.
Issue #4718
With the new 'presets:' tag, .sculpt files can now refer to deploy
configurations to be integrated in the presets/ subdirectory of the
config file system. Those files can thereby be used as preconfigured
system scenarios. Such a preconfigured scenario can be loaded at
runtime by copying the preset file to config/deploy.
Issue #4731
In case of very rapid config ROM change (<300ms), the linux driver may still
be in progress of applying the previous change (e.g. switching connector on/off).
During this progress all tasks may become not runnable (waiting for IRQ/timeouts
until hardware state settles), the newest config ROM change/signal gets
dispatched, which lead to continuing the previous change request, but not
to re-starting/re-applying the new config change. To avoid this situation,
explicitly track whether a previous config change was finished and track if an
interim config change request came in. If so, re-start the lx_user
task with the newest config change.
Fixes#4721
The argument is superfluous because only run/image/uboot evaluated it
anyway, and the argument is always boot/image.elf. With this change, the
official semantics of run_image become: "replace the boot/image.elf file
by platform-specific file(s) at boot/ that can actually be booted".
Issue #4730
* Update links from forward rules only with forward rules and links from
transport-routing rules only with transport-routing rules. Besides raising
the performance of the code, this also fixes a former bug that allowed
forward-rule links to falsely stay active because of a transport-routing
rule that matched the client destination ip and port.
* Don't use good-case exceptions for updating TCP/UDP links on re-configuration
of the router.
* Make conditions when to dismiss a forward rule easier to read.
* Introduces != operator to the public Port class in the net library.
* Fix unnecessary log message that a link was dismissed when only a potentially
matching forward rule turned out to be not matching.
* Apply Genode coding style to if statements with a single body statement.
Fix#4728
This fixes a bug that was introduced by this earlier commit:
"nic_router: find forward rules w/o exceptions"
The NIC router used to falsely dissolve TCP/UDP connection states when
reconfiguring although the connection states were still legal according to the
new config. The reason was that the above mention commit nested lambdas but
missed to return from the last nesting level when having found a configuration
that legitimates the connection state.
Ref #4728
The semantic of .NOPARALLEL has changed in GNU Make 4.4
Quote:
New feature: .NOTPARALLEL accepts prerequisites If the .NOTPARALLEL
special target has prerequisites then all prerequisites of those targets
will be run serially (as if .WAIT was specified between each
prerequisite).
This means that only prerequisites are made sequential. Before
everything within a Makefile would be done in sequential order.
Therefore, we had to add the *.hash target (appears multiple times) to
the .NOPARALLEL prerequisites.
issue #4725
Tests on qemu would fail when started with RAM sizes from 1025MiB to
2048MiB, because the the mapping hole in the page table from 1GiB to
2GiB would interfere with qemu's mapping addresses for ACPI.
Identity-map the complete first 4GiB of memory to catch all early
memory accesses during bootstrap.
Fixes#4724.
This patch simplifies the 'Deploy::update_managed_deploy_config'
interface by keeping an internal copy of the currently used deploy
template inside the 'Deploy' class. The template is updated whenever
the config/deploy file is modified.
This change weakens the coupling between the '_manual_deploy_rom' and
the '_deploy' subsystem, easing the upcoming implementation of the
switching between presets.
Adds befriended test-local wrappers for the classes Cpu_share and Cpu_scheduler
and adds a print method to the scheduler wrapper that prints the internal state
of the scheduler to the given output. Cpu_shares are referenced in the output
via a the IDs that the test uses to organize them. I.e., this corresponds to
how the CPU shares are named when calling the atomic steps the test is made of.
Ref #4151
Ref #4710
This adapts the test to the changes that were applied to the scheduling scheme
by the following commits:
* base-hw scheduler: optimize quota depletion events
* base-hw scheduler: fix bug on removing head
* base-hw scheduler: fix ready method
* base-hw: optimize & cleanup scheduler
Part of that is that the test used to check whether the act of setting a share
ready outdates the head or not. However, with the current version of the
scheduler, this check is not possible anymore. We can merely check whether the
head is outdated after setting the share ready. So, among other adaptions, this
commit adapts the expectations of the test to the new semantics of the check.
Ref #4151
Ref #4710
* Get rid of preprocessor macros.
* Introduce Main as class.
* Exit with -1 instead of endless loops on errors.
* Don't try to deal with error conditions, just print a message and exit
with -1.
* Only one operation per line.
Ref #4151
Ref #4710
This is an optimization for the case that a prioritized scheduling context
needs slightly more time during a round than granted via quota. If this is the
case, we move the scheduling context to the front of the unprioritized schedule
once its quota gets depleted and thereby at least ensure that it does not have
to wait for all unprioritized scheduling contexts as well before being
scheduled again.
Note that this introduces the possibility of undeserved starvation of
unprioritized scheduling contexts to the scheduling scheme. If there are
enough prioritized contexts that deplete their quota during a round,
they may cover up also the rest of the round with their unprioritized time
slices. If this happens every round, contexts without a priority/quota may
never get a turn. In the previous scheduling scheme, this could not occur as
the unprioritized schedule was completely independent from prioritized
schedules and rounds.
Ref #4151
Ref #4710
The scheduler did not consider the consumed quota during a call to "update"
if the head that consumed the quota was removed from the scheduler. When this
occured, the internal round time did not advance as expected but remained at
its previous value untile the next call to "update" (without a removed head)
This commit introduces a new flag that is set only when the head gets removed
in order to detect and handle the situation correctly on the next call to
"update".
Ref #4151
Ref #4710
Setting the _need_to_schedule member in the 'ready' method of the scheduler
was not done correctly. At least, the _need_to_schedule was set true in
situations were the head was not outdated by the 'ready' operation.
Ref #4151
* Remove *request* in context of: wait, reply, send to shorten it.
* Use ready_to_* instead of can_*, which is regularily used in Genode's APIs
* Replace helping_sink with helping_destination, as destination is more common
Ref genodelabs/genode#4704
The IPC protcol violations are:
* Sending to an unknown thread (cap)
* Waiting for messages if a reply hasn't happened yet
This silents threads that otherwise repeatedly cause kernel messages
about the violation.
Ref genodelabs/genode#4704
* Split the internal state into incoming and outgoing message relations
* Avoid fragmenting of one state like formerly '_state' and '_help'
* Remove pointer to caller, use incoming FIFO instead
This commit fixes at least two bugs that were triggered by tests that
destroy threads in many different states, like run/bomb:
* The '_help' data member was not reset reliable in each situation where a
helping relationship came to an end. However, when we fixed this bug alone
in the old state model, the issues remained. The new state model fixes
this bug as well.
* A thread sometimes referenced an already dead thread as receiver. This caused
the kernel IPC code to access the vtable of an object that didn't exist any
longer. Note that the two threads were not in direct IPC relationship while
the receiver was destroyed, so, there must have been an intermediate node
between them. Due to the complexity of this problem, we eventually gave up
pin-pointing the exact reason in the kernel IPC code. The issue disappeared
with the new state model.
Fixgenodelabs/genode#4704
When writing the GPT header, the tool always wrote the GPT entries
belonging to the primary header to LBA following the header. Normally
this is LBA 2 as the header is located in LBA 1. The GPT allows for
up to 128 entries that all in all cover 16 KiB of storage space.
However, on some systems, e.g. ARM-based machines, the bootloader can
be stored in this region. For this reason the GPT entries may be moved
to a different LBA.
This commit changes the tool to adhere to then given GPE LBA in header
when writing out the modified GPT data.
Fixes#4720.
The old 'Io_response_handler::io_progress_response' interface has been
replaced by the 'Vfs::Env::User::wakeup_vfs_user' (issue #4697). The
remaining 'read_ready_response' method is now hosted in the
appropriately named 'Read_ready_response_handler'.
Issue #4706
This patch keeps driving the internal state machines until no progress
can be made. This required fixing the return values of several execute
functions, which used to report progress while being in complete state.
Along the way, the patch removes default switch cases to ensure that all
states are covered.
Issue #4706
This commit supplements the various I/O signal handlers of the VFS
plugins with calls of the new 'Vfs::Env::User::wakeup_vfs_user'
interface, which will subsequently replace the old 'Io_progress_handler'
(issue #4697).
Issue #4706
The 'blocked_handles' queue was used to notify the VFS user via the
'io_progress_response' mechanism. This is now covered by the
'wakeup_vfs_user' interface introduced in issue #4697.
Issue #4706
Information about PS/2 and PIT where moved to app/pci_decode in the
following commit.
pci_decode: report devices from ACPI info
We still provide an empty <devices> node as the file itself is used by
platform agnostic run scripts.
When running on x86, and riscv never enter the kernel for cache maintainance,
but use the dummy implementation of the generic base library instead.
On ARMv8 it is not necessary to enter privileged mode for cache cleaning, and
unification of instruction/data cache, but only for invalidating cache lines
at all levels, which is necessary for the use cases, where this function it
needed (coherency of DMA memory).
Fixgenodelabs/genode#4339
This call is used to query the cache line size of the underlying CPU.
For now it is only implemented and used by 'arm_v8' platforms.
It does not distinguish between D-/I-cache sizes and always uses the
smallest size. Furthermore it does not account for any discrepancy
in 'big.little' CPUs.
Issue #4339.
To prevent the kernel to deadlock, or call itself with a syscall when
using a lock potentially hold by a core thread, the log console's
backend for core (hw) gets replaced by a specific variant that checks
whether it runs in the kernel context before using the mutex.
Fixgenodelabs/genode#3280
When a domain receives a new dynamic router IP address and that domain has
active connection states (TCP/UDP/ICMP) from another domain with NAT applied,
the connection states used to stay active while becoming obsolete. They
become obsolete because their identification and their packet processor
use the old routers IP address due to NAT.
One consequence was that connections became dysfunctional when the server
domain received a new dynamic router IP address. Request packets were still
routed from client to server, but when entering the server, their source IP
address was the outdated router address. Consequently, the server responses
used the outdated address as destination and the router dropped the responses
because it did not know this address anymore.
This commit fixes the problem by letting a domain destroy all its connection
states that were initiated from within other domains whenever it detaches from
its current IP configuration.
Strictly speaking, it is not necessary to destroy all connection states, only
those that the domain applies NAT to. However, the Genode AVL tree is not built
for removing a selection of nodes and trying to do it anyways is complicated.
So, for now, we simply destroy all connection states.
Note that the other way around was handled correctly already. When a domain
detaches from its IP config, all interfaces of that domain destroy all the
connection states they created (towards other domains).
Fixes#4696
If the IP config does not change on updates to the router IP config of a domain
change (a common case on DHCP RENEW), prevent detaching from the old config and
attaching to the new one. Because this would not only create unnecessary CPU
overhead but also force all clients at all interfaces that are listening to
this config (via config attribute 'dns_config_from') to restart their
networking (re-do DHCP).
Ref #4696
Check 'pv == nullptr' in 'ShClSvcImplWriteData' and return
VERR_INVALID_POINTER if invalid (as is done, for example, in the X11
implementation).
issue #4666
By adding a 'write_ready' interface following the lines of the existing
'read_ready', VFS plugins become able to propagate the (de-)saturation
of I/O buffers to the VFS user. This information is important when using
a non-blocking file descriptor for writing into a TCP socket. Once the
application observes EAGAIN, it expects a subsequent 'select' call to
return as soon as new I/O buffer space becomes available.
Before this patch, the select call would always return under this
condition, causing an unnecessarily busy write loop.
Issue #4697
The new interface is meant to replace the 'Vfs::Io_response_handler'.
In contrast to the 'Io_response_handler', which had to be called
on a 'Vfs_handle', the new interface does not require any specific
'Vfs_handle'. It is merely meant to prompt the VFS user (like the libc)
to re-attempt stalled I/O operations but it does not provide any
immediate hint, about which of the handles have become ready for
reading/writing.
Issue #4697
This patch removes the 'Insufficient_buffer' exception by returning the
WRITE_ERR_WOULD_BLOCK result value instead. It also eliminates the
superfluous WRITE_ERR_AGAIN and WRITE_ERR_INTERRUPT codes.
Issue #4697
The original size of 16K impedes the batched processing of network
packets. Changing the value to 256K reduces the number of context
switches when downloading large files and thereby improves the
throughput by more than 25% (base-hw on qemu_x86_64, using fetchurl
to download a file of 100 MiB via the NIC router from lighttpd).
Issue #4697
This patch fosters the batching of network packets transferred by the
lwIP stack over the NIC connection. It replaces the eager submission of
the packet-stream's data-flow signals by explicit wakeup notifications.
The commit also increases the NIC session's buffer size from 128 to 1024
packets.
Issue #4697
...and tighten constness in adjacent code parts.
The VFS-internal synchronization via mutexes is no longer needed because
the access to the VFS is serialized by the VFS client, i.e., the libc.
Issue #4697
Since the lwip library is used only by the vfs_lwip plugin, this patch
moves the Genode-specific support code local to the VFS plugin, easing
further simplification and allowing for a tighter integration with the
VFS plugin.
The recipes for api/lwip and src/vfs_lwip stay separate as both parts
use different licenses.
Issue #4697
This networking scenario is useful for analysing and optimizing the
interplay of the VFS, libc, TCP/IP, and the NIC router. It downloads a
file via fetchurl from lighttpd, both of which are hosted on a virtual
network.
Issue #4697
This patch facilitates the batching of I/O operations in the VFS library
by replacing the implicit wakeup of remote peer (via the traditional
packet-stream interface like 'submit_packet') by explicit wakeup
signalling.
The wakeup signalling is triggered not before the VFS user settles down.
E.g., for libc-based applications, this is the case if the libc goes
idle, waiting for external I/O.
In the case of a busy writer to a non-blocking file descriptor or socket
(e.g., lighttpd), the remote peers are woken up once a write operation
yields an out-count of 0.
The deferring of wakeup signals is accommodated by the new 'Remote_io'
mechanism (vfs/remote_io.h) that is designated to be used by all VFS
plugins that interact with asynchronous Genode services for I/O.
Issue #4697
This test reveals the patters of the batching of consecutive write
operations on a file-system session. It issues 100 writes of one byte
each, which should ideally result in large batches of operations
submitted to the file-system session at once.
The run script performs the write operations through a chain of two VFS
servers, thereby exercising the write batching of both the libc and the
intermediate VFS server.
Issue #4697
By replacing the calls of 'acknowledge_packet' and 'get_packet' with
'try_ack_packet' and 'try_get_packet', we avoid the implicit triggering
of data-flow signals. Instead, the VFS server now relies on explicit
calls of the packet stream's 'wakeup' interface.
Issue #4697
The change of the queue size from 16 to 32 has negligible costs (4 KiB
instead of 2 KiB for the packet-stream queues) while facilitating the
batching of many small consecutive write operations.
Issue #4697
Some signal-heavy scenarios (e.g., libc_integration) produced the
following warning that hinted a data race on signal data in the context
object.
Warning: returning signal with num == 0
The cause was the use of Signal_context::local_submit() in the libc
introduced in
424ed1b79a libc: remove Reconstructible / use local_submit in kernel
in combination with a missing context-mutex aquisition resulting in a
data race on Signal_context::_curr_signal.
Issue #3923
Both modules were quite similar except the the name of the FIT image
(image.itb) and the mkimage command line. FIT images are now produced by
the following RUN_OPT.
RUN_OPT += --include image/uboot --image-uboot-fit
Issue #4693
By making the use of gzip's '--best' option configurable and disabling it
by default, this patch noticably reduces the built-test cycle from 15 to
10 seconds when integrating the Sculpt system image for the PinePhone.
Fixes#4693
The commit "sculpt_manager: relax nic_drv policy label" introduced the use of
the "label_prefix" attribute instead of "label" for the uplink policy in the
NIC router. However, it missed an appropriate adaption of the lookup of that
attribute when the Sculpt manager has to decide which uplink is used in a
manually managed router config. This caused the uplink to disappear whenever a
user created a manually managed router config. This commit fixes the problem.
Issue #4660Fixes#4695
This prevents errors like the following during parallel builds.
MERGE ld-hw.abi.so
/usr/local/genode/tool/21.05/bin/genode-arm-ld:symbol.map:0: syntax error in VERSION script
Replace usb_kill_urb() by usb_unlink_urb() in the timeout handler for
control URBs, as usb_kill_urb() may block and is not allowed to be
called in IRQ/bottom half contexts.
Fixes#4681
Count more accurately how much packets are in flied, and whether
new packets can be handled. Moreover, catch potential exceptions
whenever acknowledging a packet, and warn about the lost acknowledgement.
Fixgenodelabs/genode#4678
There is at least one client that performs DRM calls from multiple
pthreads, which is not supported for now. We guard the concurrent
access by grabbing a pthread_mutex before each operation.
This commit circumvents faulty behaviour of base-pistachio, if
the PCI config space gets requested megabyte-wise. It occurs that
we get a mapping sequence in between sigma0, core and component,
like the following: 0xe1000000 => 0xbf001000 => 0x10b000,
with the consequence that the component stalls when accessing
the latter one. By requesting I/O memory aligned to the size,
the faulty behaviour vanishes.
Ref #4686
This is required for scenarios in which a device appears at a later
point in time. If the ROM is not updated, the device_by_type() method may
operate on an outdated dataspace and never find the device it is waiting for.
Although we do not have the full ACPI information parsed yet, to
announce non-PCI devices derived from the ACPI tables, the device
description of the assumed devices is now integral-part of pci_decode.
Formerly, the information was gained separatedly as boot-module, whereby
we lost synchronization in between ACPI/PCI parsing, BIOS handover, and
PS/2 emulation code already acting.
This recipe combines the dummy_rtc_drv, which consumes a given time,
and provides the "Rtc" service to its clients with the simple NTP client,
which provides the current time to the RTC driver in regular intervals.
Ref genodelabs/genode#4687
Test to trigger periodically ACPI suspend and resume and periodically
trying to restart graphic driver.
Tested successfully with X201 and T420.
Issue #4669
It looks like http://www.elm-chan.org is blocking certain IP ranges,
because downloading the source archive on certain machines fails with
"403 Forbidden".
Fixesgenodelabs/genode#4623
During interrupt handling the driver masked and cleared interrupts as
recommended in the spec to prevent spurious or unnecessary interrupts
from occurring.
Due to the way the current implementation operates new Block requests
got submitted while handling completions for already finished ones.
Since interrupts where masked at this point the controller did not
generate interrupts when the newly submitted requests got completed.
As the mask/clear optimization is apparently not strictly needed and
according to the spec undefined when using MSI-X it is removed.
Fixes#4684
200 TSC ticks for max measurement duration can get too small on platforms
with high TSC frequencies (e.g., >3GHz) and low CPU frequencies often
caused by HWP configurations. Therefore, we express the measurement
duration in NS (not ticks) and calculate max duration ticks using the
TSC frequency. This way the max duration becomes independent of the TSC
frequency.
fixes#4672
This commit enables users of the VMM to define CPU type and count, RAM size,
kernel and initrd ROM names, GIC version, and Virtio devices to be used.
Derived from the configuration values a flattened device-tree blob (DTB) is
generated and transfered to the VM.
Fixgenodelabs/genode#4670
Lack of MSI-X support in DDE Linux causes a timeout when the Intel AX211
tries to call back into the driver while loading the PNVM file while
interrupts are still disabled.
With the patch picked up from QubesOS the card works on an X1 Nano G2:
5fcfe0f19e
Issue #4663
Until now, requesting optional blobs such as 'iwl-debug-yoyo.bin' has
just failed silently. To support desired blobs such as PNVM firmware,
implement the loading of optional firmware while preserving the nowarn
characteristics of the function.
Issue #4663
Try to allocate within constraint area first. In case the area is exhausted,
try allocation at other memory locations.
The motivation for this is to limit DMA allocations to 4GB (since some
devices require addresses below 4GB). On some platforms there is little
physical RAM in this area (<1GB) and the constrainted area exhausts. In
case an IOMMU is present, RAM at higher locations can still be mapped
below 4GB, which is done in the platform drivers.
issue #4665
Consume '<iommu/>' tag from 'devices' report. In case an IOMMU is
present map physical memory to arbitrary locations within IO page table
range 1K-4G. This way every device PD has access to ~4GB of DMA space.
issue #4665
The platform driver configuration is missing the required 'info'
attribute that allows the 'vesa_fb_drv' to map the proper I/O
memory address of the framebuffer. In addition the driver requires
at least '2' more CAPs, so raise the quota to '110'.
Fixes#4668.
There is one binder with one memory zone per OpenGL context. The patch was
needed before because Genode didn't have proper context support (separate page
tables) leading to binders from one or more context being allocated to the same
GPU address with the same page tables. This was clearly an error and is fixed
with context support.
issue #4664
'_env_ram' allocations can lead to
'Expanding_pd_session_client::try_alloc' quota upgrades, which in turn
may lead to a resource request by the platform driver. Therefore, we
check the available quota within the platform driver before allocations.
This is not an optimal solution.
issue #4667
related issue #3767
This patch makes the component graph better reusable for the phone
version of Sculpt. In the phone version, the '+' menu does not exist.
So we need to omit the corresponding button. Furthermore, the storage
dialog is presented in a dedicate section of the GUI instead of
presenting it inside the 'storage' graph node. The phone version
also does not offer the inspect view. So we need to omit the
corresponding buttons.
To prevent caching side-effects of USB DMA memory taken from the packet stream
all allocations of USB packets need to be on separated cachelines at least.
Fixgenodelabs/genode#4655
To complement the GPIO support allow for setting and reading input
pins. So far this is needed by drivers that attempt to perform I2C
bit-banging via GPIO pins.
Fixes#4624.
In case the allocation fails for the largest possible connector mode,
try smaller modes. Additional add option to specify maximal resolution.
Issue #4659
Increase "assumed" internal kernel memory size based on available memory
to support allocation of framebuffer larger than 16M, which was before
hardcoded.
Issue #4659
When using the newer genode_c_api uplink library, an uplink connection uses
the device name as label, which enables integrators to use different policies
resp. routes for different devices driven by one driver. The nic_drv policy
of the nic_roouter configuration generated by the sculpt_manager however uses
an empty label like: "nic_drv -> ". This is the way how existent NIC drivers,
like ipxe_nic_drv requested their uplink session. To support both driver
variants this commit relaxes the policy by checking for a prefix only.
Ref genodelabs/genode#4660
This patch equips the pin-driver framework with support for the
time-multiplexed operation of a pin as output or input. This is needed
when implementing I2C communication via a bit-banging driver.
To operate pin in both directions, a driver obtains both a pin-state and
a pin-control session for the same pin. The pin-state session can be
used to sense the current pin state. The control session allows the
client to set the pin to high or low (using the 'state' method), or to
set it to high-impedance via the 'yield' method. Once switched to
high-impedance, the pin can be used as input.
Issue genodelabs/genode-allwinner#10
The tar.gz archive of version 2.4.9 vanished from sourceforge. As the
project moves to GitHub currently and the archive of 2.4.9 is still
available there, just update the download location.
Content and hashes did not change.
If a device should not be reset, powered off, and its clocks
shall stay untouched when it gets released, the leave_operational
attribute can be set to true in the device node of the related
device inside the devices ROM delivered to the platform driver.
This is useful for drivers, which only enable and initialize
their device, and can be closed afterwards.
Ref genodelabs/genode#4654
To enable other irqchip declarations beyond the lx_emul generic code base,
make the ARM specific initialization routine public.
Ref genodelabs/genode#4651
With "grub2: update to newer grub2 2.06 version" a regression slipped in
which makes the ISO not bootable on real hardware. The commit reverts to
the previous behaviour, to load the GRUB2 modules after boot later one by
one in the ISO format case.
Fixes#4647
Prevents errors like follows.
/bin/bash: arch/arm64/crypto/poly1305-core.S: No such file or directory
make[4]: *** [.../genode/repos/dde_linux/lib/mk/spec/arm_64/wireguard_lx_inc_dirs.mk:17: arch/arm64/crypto/poly1305-core.S] Error 1
Reintroduce:
USB Attached SCSI devices might expose a bulk-only interface
as fall-back at interface 0 and alternate setting 0. This commit
allows for probing all alternate settings of the active interface
to be able to use such devices.
The configuration was extended so that in case the device interface
is known beforehand the driver can be configured accordingly.
Additionally:
Perform configuration reset upon sessions close in order to bring USB
device to a well defined state.
fixes#4494
The NOVA kernel and Genode's roottask core are configured to be runnable
with up to 64 CPUs (MAX_SUPPORTED_CPUS in core resp. NUM_CPU in kernel).
On machines with more CPUs a reset occurred. The commit checks for this
case, bootstraps the first 64 CPUs only, and sends all other CPUs to
sleep.
Also, the platform_info ROM size is increased to host information about
more than 32 CPUs.
Issue #4640
If `select_from_ports` is evaluated lazily, we might miss a port during
the dependency check. A way to prevent this is to use the `:=` operator.
Fixesgenodelabs/genode#4618
Implement the guest code in dedicated assembler source file, assemble
and link the binary to vmm_x86. The resulting guest-code binary
populates one page that is mapped to host the reset vector of the guest.
This approach simplifies future guest code adaption resp. extension,
e.g., to test rdmsr/wrmsr exiting.
Fixes#4638
plain_decorator_theme.tar is not linked to the app but must be generated
as side effect. Therefore, use CUSTOM_TARGET_DEPS to trigger the
generation.
Fixes#4637
This reverts commit 9a37ccfe29 except for the
new declarations in public headers (in order to not change any APIs again).
We revert the commit as we found that there are corner cases in which it
produces a bad UDP checksum. The bad UDP checksum was observed via Wireshark at
a TFTP server in a Sculpt 22.10 Debian 11 VM on the first request of fetching a
file with the TFTP client of the uboot on our iMX8 test board.
Ref #4636
According to OpenBSD's azalia driver some AMD HDAudio devices do not
play nice with MSIs although the capability is set. At least the
0x1457 device was tested and worked using GSIs only.
genodelabs/genode#4578
During initialization _handle_link_state may be called concurrently from EMT and
"nic_ep" (signal handler). Therefore, sent signal to "nic_ep" instead of calling
_handle_link_state from EMT thread.
issue #4632
Some DHCP clients (Debian VM in Sculpt) persistently store the last lease they
obtained and try to directly DHCP REQUEST it on a new startup whithout doing
DHCP DISCOVER beforehand. In case the NIC router doesn't know about the lease
anymore (timeout, new router instance), the router used to just ignore the DHCP
REQUEST. This led to significant delays in the network startup of the client
(delayed retries until give-up and DHCP DISCOVER). With this commit, the router
answers such packets with a DHCP NAK instead, causing the client to directly
switch to DHCP DISCOVER.
Fixes#4634
This patch removes the intermediate querying of the depot while the
installation of packages is in progress. This avoids misleading warning
messages and reduces superfluous file-system load during the
installation of large packages.
Issue #4631
On-demand initialization prevents read-write operations on BARs of
invalid devices at construction time, which may result in surprising
behavior later on, for example, when resetting X260 notebooks via ACPI
information.
These utilities simplify the control of clocks, resets, and power
domains from within the platform driver.
This is needed when driving a low-level device directly from the
platform driver, for example for driving the mbox mechanism to access
the system-control processor of the PinePhone.
This patch reflects both the pci_decode results and the platform
driver's aggregated device information in Sculpt's /report/drivers/ in
the form of pci_devices and devices files respectively.
The configured 'st_blksize' influences the sizing of the FILE buffer,
see '__swhatbuf()'. Increasing the blksize hint can lead to larger
'fread()' requests and in return to fewer roundtrips.
This commit updates the driver from version 6.6 to 7.1. In contrast
to the old driver the new one will now probe all available HDA devices
and will drive the first usable one, e.g.:
```
[init -> audio_drv] azalia0 [8086:160c]
[init -> audio_drv] :
[init -> audio_drv] azalia0: no supported codecs
[init -> audio_drv] azalia1 [8086:9ca0]
[init -> audio_drv] :
[init -> audio_drv] azalia1: codecs: Realtek ALC292
[init -> audio_drv] audio0 at azalia1
```
Fixes#4629.
Implemented as depicted in the OpenBSD driver, register description
found in 'AMD SB700/710/750 Register Reference Guide'
(43009_sb7xx_rrg_pub_1.00.pdf).
Issue #4629.
Instead of using a global value to enumerate the MSIs, use a function argument
instead. Whenever the process of PCI device reporting gets started again,
due to an initially too small report buffer, the MSI enumeration value is reset
again. Formerly, we wasted MSI numbers.
Ref genodelabs/genode#4628
Don't skip IRQ reporting if legacy IRQ/GSIs are not supported as the
device may support MSI/MSI-X exclusively.
The commit also enables reserved_memory reporting of devices without
IRQs.
Ref genodelabs/genode#4578
Until now, the /config/system ROM was not handled by the sculpt manager
but solely managed by the user. Its main purpose was the ability to
reset or power-down the machine by manually modifying the 'state'
attribute. However, down the road, we'd like to enable the sculpt
manager to drive this state, e.g., to implement the multi-staged
loading of drivers, or to drive suspend-resume states.
The support such scenarios, the 'system' state has been moved from
/config/system to /config/managed/system.
* Add EHCI PCI quirk
* Add UHCI reset to UHCI quirk
* Apply all PCI quirks in order of the PCI bus numbering
otherwise the machine might stall
Ref genodelabs/genode#4578
Instead of allowing the client to set a caching attribute
in the io_mem() call of the device interface, which was
only used to decide in between of the memory being
write-combined or not, remove it from the API.
Instead use the information delivered by the devices ROM,
whether memory from a PCI BAR is prefetchable or not,
to decide whether it is mapped write-combined or not.
Ref genodelabs/genode#4578
Memory descriptors in PCI BARs have a prefetchable bit, which can
be used to optimize memory access when setting, e.g. write-combined
in page-table entries.
Ref genodelabs/genode#4578
The DHCP client used to always send packets with a size of 1024 regardless of
the size of the actual content, which was always significantly lower. 1024
bytes was simply a guess to provide enough space for all types of DHCP client
packets. As we know the exact size of each packet the DHCP client sends even
before packet creation, this commit makes use of the knowledge resulting in
much smaller packets sent by the DHCP client.
Fixes#4619
On some Cortex A9 platforms (Qemu 4.2.1 PBXA9), the IRQ status register is not
reliable. Sometimes, it indicates an IRQ too early, i.e., shortly before the
counter wraps. Therefore we have to accomplish wrap detection via counter
comparison only. We check whether the current counter value is higher than the
start counter value of the current timeout.
However, this implies that we have to take care to always read out the counter
before it hits the max timout value again. And, therefore, the max timeout
value has to be far away from the first value the counter has after wrapping.
Consequently, we propagate a max timeout value of half the max counter value.
Fixes#4209
An installed lighttpd HTTP server can now optionally be started to serve
the boot image with the follow run options.
--load-ipxe-lighttpd run lighttpd automatically (default: off)
--load-ipxe-lighttpd-port <port> TCP port to run lighttpd on (default: 8080)
* Remove wrapper for legacy x86 platform API
* Move PCI configuration space quirks to corresponding driver
(pc_usb_host_drv, pc_wifi_drv, pc_intel_fb_drv)
* Adapt driver test run-scripts to changed configuration
Ref genodelabs/genode#4578
Consumes the information about reserved memory region reports from
the devices ROM, and adds appropriated mappings to the corresponding
device PD.
Ref genodelabs/genode#4578
We need the information about reserved memory region reports
from the ACPI tables within the platform driver to pre-fill
IOMMU tables with the corresponding mappings. Therefore,
the pci_decode component now parses the information from the
ACPI ROM, and adds "reserved_memory" nodes to all related
devices in the devices report.
Ref genodelabs/genode#4578
In case of the GPU multiplexer, we need to delegate MMIO memory
to the framebuffer client in form of a managed dataspace. To be
able to attach a given Platform::Device::Mmio object to a region map
we need to access its capability.
Ref genodelabs/genode#4578
* Modernize routines, eliminate pointers, use constructibles, etc.
* Use absolute time instead of relative time consumption when
updating the scheduler
Ref genodelabs/genode#4151
This commit fixes two issues with the timeout lib and the base-hw src recipe:
* Add source files of timeout lib to recipe content.
The files weren't copied to the depot until now. However, the archive
nonetheless built successfully because of the second issue that is described
below.
* Get rid of the usage of the BASE_DIR variable in the timeout lib.
The BASE_DIR variable always resolves to the repos/base directory even when
building in a depot. That said, the use of BASE_DIR in make-files that are
not part of the build system itself must be avoided. Instead, REP_DIR,
REP_INC_DIR, and $(call select_from_repositories, ...) should be used.
Ref #4209
This commit gets rid of the router-local wrapper of Genode's AVL string tree
and replaces it with Genode's new Dictionary structure. The Dictionary is now
used for managing domains and NIC clients. Due to this change, the formerly
necessary helper classes Domain_base and Nic_client_base could be removed as
well.
Ref #4610
When creating an Irq connection to a component (not core), e.g. a pin
driver, we typically need a to provide a session label in order to apply
a session policy and to distinguish multiple sessions from the same
component.
genodelabs/genode#4606
This is a follow-up commit for "menu_view: configurable alpha channel
and bg color", which simplifies the code. The '_no_alpha' surface is not
needed because the 'Gui_buffer' provides a 0x0 alpha surface when using
the opaque mode.
The default file-system communication-buffer size of 128 KiB combined
with the clamping of requests to 1/4th the buffer size results in the
fragementation of read operations into 32 KiB chunks. This is overly
conservative and causes high context-switch overhead down the storage
stack (vfs server -> part_block -> block driver).
Related to #4613
With the increase of MAXPHYS, the rump kernel requests a contiguous
allocation of 2101248 bytes, which exceeds the allocator's block size of
2 MiB.
Error: backend allocator: Unable to allocate memory (size: 2101248 align: 12)
The patch avoids this corner case by increasing the allocator's block
size to 4 MiB.
Fixes#4613
The NIC router README claims that the 'dns_config_from' attribute in a DHCP
server configuration binds the propagated link state of all interfaces at the
domain of the server to the validity of the IP config of the domain that is
given through 'dns_config_from'.
However, this was not true. The router missed to implement this detail which
led to clients of such a DHCP server sending DHCP DISCOVER packets too early.
These early DHCP DISCOVER packets were dropped by the router potentially
causing a big delay until the client started a new attempt. Unnecessary long
network boot-up delays were observed with at least the lwip run script and
Sculpt on the PinePhone and could be tracked down to this former
inconsistency in the router.
This commit fixes the inconsistency.
Fixes#4612
This patch changes the access of pkg-archives files such that the file
read only once per pkg, not for each ROM module used by the package.
Issue #4611
By caching directory listings, the performance of depot_query is no
longer impeded by a massive amount of stat calls while searching for ROM
module locations.
Issue #4611
Upon closer inspection of real-world access patterns, it turns out that
the 'Stat_cache' and 'Cached_rom_query' are not as effective as hoped
for because cache hits are rare while querying pkg blueprints.
However, by increasing the initial size of the blueprint reporter from 4
KiB (default) to 64 KiB has a great effect. With the small default
report size, the querying of blueprints is repeated until the buffer
size suffices, incrementing the buffer size by 4 KiB in each iteration.
Issue #4611
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
This patch avoids repetitive depot queries at the start of the Sculpt
system.
We don't need to trigger a query unconditionally whenever the
managed/deploy changes because the call of 'handle_deploy' triggers a
query when needed.
We don't need to trigger a query once the prepare step is completed
because the depot_query component is spawned at this point. The initial
blueprint produced by the depot_query component, in turn, triggers the
'handle_deploy' mechanics in the sculpt manager.
The constructor of the Sculpt manager's 'Main' does not need to call
'depot_deploy' because the prepare step - which is a precondition for
the deployment - cannot be completed at this point anyway.
Do not advance ring buffer positions when playing silence, additionally
to not send progress signals when playing silence. Silence implies
underrun in the client side - not progress.
issue #4609
In case a driver is waiting for data, is should only investigate 'pos'.
It should not advance the ring in any way until there is data available.
issue #4609
This patch consolidates the repetitive error handling across the RPC
functions, which take node handles or directory handles as arguments.
During this change, I noticed that directory handles - which are values
provided by the client - were not checked for their type before being
used. A misbehaving client may open a file, manually construct a
directory handle using the number of the file handle, and invoke a
directory operation at lx_fs, which would then wrongly access a file
node as directory node.
This patch solves this issue by introducing two distinct methods
_with_open_node and _with_open_dir_node, which perform the respective
safety checks.
Fixes#4608
Creating and destructing an interface was not considered a change of its real
link state as defined in the description of the <report link_state_triggers="">
config attribute in the router's README. In case of Uplink sessions this is
obviously a problem as they communicate their real link state through session
lifetime. But also in case of NIC sessions it's a possible to create an
interface that is immediately "up" after creation or destruct an interface
without its link state going "down" beforehand.
Taking into account also the practical application of the
<report link_state_triggers=""> attribute, reporting only on destruction and
construction of interfaces that are "up" seems shorthanded. This is because a
report-receiver most likely needs to be able to synchronize the lifetime of
the objects that keep track of the link states with the lifetime of the
corresponding sessions.
That said, with this commit, the router triggers a report update on each
session construction/destruction when <report link_state_triggers=""> is
set.
Fixes#4462
The NIC router used to generate reports triggered by IP config changes or link
state changes synchonously, i.e., inline with the activation context that
caused the change. This has two disadvantages. First, it can lead to an
excessive number of report updates in situations with quick bursts of
triggering changes. In such situations it is preferable to collect the changes
and reflect them with only one final report update.
Second, synchronous reporting may happen while the router is in a state that
leads to an incorrect report (e.g. during reconfiguration). To prevent this
from happening, the router so far explicitely switched off reporting when
entering incoherent states and back on when leaving them. However, this
solution is error-prone as the exclusion windows must be maintained manually.
Both issues can be solved by not directly generating a report when necessary
but instead submitting a signal and letting the signal handler do the work in
a dedicated activation context.
Ref #4462
This patch splits the querying of the number of directory entries from
the directory's 'status' information. Subsuming the number of directory
entries as part of the status makes 'stat' calls too costly for some
file systems that need to read a directory for determining the number of
entries. So when stat'ing the entries of one directory that contains sub
directories, all entries of each sub directory are visited.
Thanks to Cedric Degea for pointing out this performance bottleneck!
With this change, the 'status' function returns a 'Status::size' value
of 0 when called for a directory handle.
Fixes#4603
This patch splits the former DEPOT=omit option into two variants.
The new 'list' option behaves like the former 'omit' option, skipping
the creation of the tar archive from the depot content referenced by the
deploy configuration but showing a list of depot archives that need to
be published for the deployment.
When specifying 'omit' in th new version, the local depot is not queried
for the packages referenced in the deploy configuration. So the
deployment can refer to packaged hosted only remotely.
Fixes#4605
Tracing must be inhibited in attach/detach as RPC trace points may
trigger attachment of trace dataspaces, which would result in nested
mutex acquisition.
This prevents errors in test-trace_logger like follows.
[init -> depot_autopilot] 0.140 [init -> dynamic_rom] Error: deadlock ahead, mutex=0x500e6f00, return ip=0x50053ed7
Fixes#4607
The DHCP client of the NIC router used to end up in an uncaught exception if
an IP address in the DNS server option of a DHCP ACK was invalid. This commit
makes the 'Dns_server' constructor (where the exception originated from)
private and instead introduces a public lambda method 'construct' that calls
one lambda argument on success and another on failure. This is also in line
with the most recent changes to the 'find_by_*' methods of other classes in
the NIC router and contributes to the goal of reducing expensive exception
handling.
Fixes#4465
The Interface class of the router is an abstraction for NIC client sessions,
NIC server sessions, and Uplink sessions. Nonetheless, Interface generally used
to use the packet stream types of the Nic namespace and it worked because the
Uplink packet stream types are factually the same (the are typedef'd from the
same base type templates with the same parameters).
The initial intention of this issue was to remove dependency on the diverse
packet stream stream types from Interface. However, this turned out to be more
tricky than thought. The Interface class calls function templates on the packet
stream types, making a generic virtual interface impossible. And moving the
calling code to the session classes as well would produce a lot of redundancy.
Therefore, this commit removes only the use of the Nic namespace in the
interface.* files by typedef'ing the packet stream types from the generic
Genode type templates with the same parameters as in Nic and Uplink.
Fixes#4385
The updated Bender version is configurable regarding the mode in which to run
the Intel HWP plugin. This can now be controlled via the new run option
'--bender-intel-hwp-mode' (only when running on NOVA). The option knows 4 valid
values 'off', 'performance', 'balanced', and 'power_saving'. When running on
NOVA, the default value applied by the run tool is 'performance'. when running
on any other kernel, the default value of Bender ('off') is used. Therefore,
when not setting the new '--bender-intel-hwp-mode' flag, the behavior is the
same as before this commit.
Fixes#4224
The libc kernel used to silently go on if one of the files given through
stdin/stdout/stderr or <fd path=""> was missing (with possibly vital
functionality for the component not working). A pointer to the presumably
simple configuration issue of the underlying scenario was not given to the
user.
With this commit, the libc kernel prints a descriptive warning before
proceeding with the invalid file descriptor
Fixes#4218
The libc kernel used to end up in an uncaught exception if one of the
directories in the paths given through stdin/stdout/stderr or <fd path=""> was
missing. The resulting error didn't point the user to the presumably simple
configuration issue of his scenario in any way and killed the affected
component.
With this commit, the libc kernel prints a descriptive warning instead and
simply continues to run the component with the corresponding file descriptor
missing. At least in case of stdin/stdout/stderr, the libc deals gracefully
with this approach.
Ref #4218
If provided with a config that does not include a `<static>` or
`<common_routes>` node, depot_deploy exits due to a `Nonexistent_sub_node`
exception. Instead, we should output a more useful warning.
Fixesgenodelabs/genode#4600
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
This patch refines the rules for generating a base-hw src archive
for a given board by enumerating the content of the lib/mk/spec/*
directories instead of including entire directories. This avoids
the inclusion of lib.mk files found in SoC-specific repositories
(like genode-allwinner) in the kernel source archives.
When building a binary archive from such a src archive with the changes
of issue #4599, the build system would otherwise try (and fail) to build
the libraries for the accidentally included lib.mk files.
The 'file' library makes the gems API depend on the libc, which is not
desireable because most users of the gems API have no direct libc
dependency.
With the changes of issue #4599, the build of each src archive that
depends on the gems API would attempt to build the 'file' library and
thereby demand the libc.
Note that the 'file' library is a relic that should better not be
promoted as part of the gems API. Hence, this patch removes the file
library from the gems API and adds it to the src archives of the few
remaining users.
Issue #4599
The 'base-linux' API is used by hybrid Genode/Linux programs for the
lx_hybrid library. This API archive happend to contain other libraries -
like seccomp - that are solely needed for building core. With the change
of the build system in issue #4599, the build system would attempt to
build all libraries instead of merely the library dependencies of the
available targets. Hence, it would trigger the build of, e.g., the
seccomp library for each user of the base-linux API.
This patch avoids these superfluous build steps by pruning the content
of lib/mk/ to the libraries actually needed for lx_hybrid users.
Issue #4599
This patch make the use of the result of the 'build_artifacts' function
as input for 'build_boot_image' more robust. Since 'build_artifacts'
obtains binary names from the progress.log, the names of core,
ld.lib.so, and the timer correspond to the kernel-specific names.
However, 'build_boot_image' expects the kernel-agnostic names as
arguments. Kernel-specific files need special treatment when integrated
in the boot image: the kernel-specific file is copied and renamed to the
kernel-agnostic name. Without this patch, the kernel-specific file is
copied as is (e.g., ld-nova.lib.so). So the name of the ROM module is
wrong. This patch resets the kernel-specific names to the generic names
so that the special-case handling comes into effect.
The ld.lib.so stub library generated by base/lib/mk/ld.mk has no
purpose at runtime. On the contrary, it must not be integrated into the
boot image because its name collides with the kernel-specific dynamic
linker.
The build system automatically announces the names of shared libraries
as build artifacts. However, in rare cases, it is required to manually
define them. In particular, the 'ld' stub library plays no role at runtime
and should not be integrated into the boot image.
This patch adds a customization hook following the same pattern as used
for target.mk files, namely the BUILD_ARTIFACTS variable. If defined,
its value is taken as the list of boot artifacts generated by the
library-description file.
Issue #4368
This patch adds special handling for lib/<libname> arguments to the
build system, which supersedes the former LIB=<libname> mechanism.
Whereas the old mechanism was limited to a single library, the new
convention allows multiple library arguments, similar to regular
targets. The change brings the two immediate benefits.
First, the streamlining of library and target arguments allows for the
building of libraries via the 'build' command of the run tool.
Second, it alleviates the need for pseudo target.mk files for building
shared libraries that have no direct dependencies, in particular VFS
plugins.
Since this change eases the explicit creation of shared libraries
from run scripts, we may reconsider the automatic implicit building
of shared libraries driven by targets. E.g., while developing a Qt
application, a run script could import the Qt libraries from the
depot and combine those with the developed (fresh built) target without
triggering the build of the Qt libraries in the build directory.
When issueing 'make' without arguments, all targets are built. This
patch applies this behavior to libraries as well, thereby removing the
need for the base/src/lib/target.mk pseudo target as used by the CI
tools to build all libraries.
Note that target.mk files located under src/lib/ are no longer
reachable. Therefore, all run scripts that used to trigger the
build of a shared library via a pseudo target must be adapted.
E.g., 'build lib/vfs/tap' must be replaced by 'build lib/vfs_tap'.
With this patch, the LIB=<libname> option is no longer supported.
Fixes#4599
changes. The alternative settings get reread on all interfaces as done before
"qemu-usb: fix device endpoint update" commit by introducing specific
reset_alt_settings function. The fallthrough case was intentionally before
the "qemu-usb: fix device endpoint update" case, which now is wrong.
Issue #4596
This style is used by the upcoming phone version of Sculpt for GUI
elements that are supposed to stand out a little bit more than the
regular frame style.
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.
The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.
The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.
Fixes#4592
This change increases the quota to allow the use of bigger fonts, and
tweaks the style such that the keyboard gets a decent appearance on the
PinePhone's 1440x720 display.
This patch adds principle support for using a USB-net modem as
mobile-data uplink. The change is motivated by the upcoming phone
manager for the PinePhone where the modem serves as the primary network
uplink. For the regular PC version of Sculpt, the feature is not needed
(hence remains disabled) because USB net can be deployed from a package
as described in:
https://genodians.org/jschlatow/2021-07-21-mobile-network
The patch also renames the "Local" network option to "Disconnected" to
be more intuitive.
By decoupling the network dialog's menu view from the 'Network' class,
we become able to host the network dialog in the same menu view instance
as other dialogs.
This patch allows the sculpt manager hosted in the leitzentrale
subsystem to observe the toggling between the runtime and the
administrative GUI. This enables alternatives to the use of the
gui_fader for switching between both views. In particular, the
upcoming phone_manager toggles the visibility of its own GUI
depending on the leitzentrale state.
In a Sculpt system based on the upcoming phone_manager, the event filter
obtains its static configuration from /config/managed/event_filter.
Without the requirement for changes at runtime, there is no need to
have the phone_manager in the loop after all.
Without this patch however, this file was always initialized with the
template gems/sculpt/event_filter/default, which was presumably used
only at boot time until the sculpt manager has produced the first
generated event-filter configuration.
This patch applies the choice of optional configs - i.e., a custom
event_filter config - to both the config/ and the initial content of
config/managed/. So in cases where the /config/managed/event_filter
remains entirely static, the latter properly reflects the choosen
variant.
By using the new functions provided by the base API, this patch removes
the dependency of several components from include/decorator/xml_utils.h.
Issue #4584
The NIC router used to send an ICMP "Destination Unreachable" packet as
response to every unroutable IPv4 packet. However, RFC 1812 section 4.3.2.7
defines certain properties that must be fullfilled by an incoming packet in
order to be answered with this type of ICMP. One requirement is that the packet
is no IPv4 multicast.
This commit prevents sending the mentioned ICMP response for unroutable IPv4
multicasts and instead drops them silently.
Fixes#4563
This patch allows the leitzentrale subsystem to control an audio driver
hosted in the drivers subsystem. An example use case is the toggling of
the speaker during phone calls.
Instead of having a generic "virt_qemu" board use "virt_qemu_<arch>" in
order to have a clean distinction between boards. Current supported
boards are "virt_qemu_arm_v7a", "virt_qemu_arm_v8a", and
"virt_qemu_riscv".
issue #4034
Define custom analyses that can be imported into TraceCompass (>= 7.3)
for evaluating the traced component interactions and checkpoints.
genodelabs/genode#4352
The NIC router used to add the DNS servers field to DHCP replies regardless of
whether there were DNS servers or not. As reported by a Genode user, the empty
DNS server field irritated at least Windows 10 guests (Vbox 6) that connected
to the NIC router. This resulted in Windows 10 ignoring DHCP offers from the
router with such characteristic.
With this commit adding the DNS server DHCP option is skipped if there are no
DNS servers at the corresponding DHCP server or the domain IP config the server
shall fetch its DNS servers from.
Fixes#4581
Skip SET_CONFIGURATION requests if the device already has the selected
config as active config. This workaround prevents issues with Linux
guests in VirtualBox and SDC-reader passthrough.
Thanks to Peter for the patch.
The commit introduces means to mark a task for destruction that is
removed on the next scheduling cycle. This fixes stack leakage from
dynamic kworker tasks.
Issue #4575.
Provide additional PCI register information inside the pci-config part
of the devices ROM for clients able to access an Intel graphic card,
namely the GMCH control register content, which contains for instance
the GTT size and stolen memory size.
Ref genodelabs/genode#4578
Implement BIOS handover and Intel resume register update
apart from device driver to circumvent export of PCI
config space to drivers.
Ref genodelabs/genode#4578
The pci_decode has to extract the additional fields from the PCI configuration
space. The platform driver again has to parse and forward the knowledge too.
The PCI BAR indices are exported when info="yes" is set in the policy node for
the corresponding session.
Fixgenodelabs/genode#4577
The base address of I/O ports has a different encoding than
those of I/O memory. This needs to be encountered in the PCI
config helper utilities.
Fixgenodelabs/genode#4576
Under high TX load, 'irq_handler()' is rarely executed but packets
are still received since 'netdev_poll()' is called for every TX packet.
'netdev_poll()' not only handles completed transmissions but also
puts the IO buffers of received packets into the RX queue and refills the RX
ring by allocating more IO buffers. However, the IO buffers can only be freed
after they have been dequeued and passed to the 'rx_callback()'. Since
this was only done by 'irq_handler()', we exhaust the slab allocator
under high TX load.
A fix for this is to process the RX queue not only in the IRQ handler
but also when transmitting packets.
genodelabs/genode#4555
m/udelay is called with closed interrupts. Linux contrib code expects no
other task to be run respectively to be re-scheduled. usleep_range leads to
executing other tasks, which causes assertions in "spinlock taken twice" or
"unexpected preempt count" errors, seen on runtime with wifi_drv and intel_fb.
The assertion triggered with the changes by #4562.
On okl4, pistachio, sel4 the test didn't come up fast enough in order to still
experience the first configuration of NIC router #1. This commit doubles the
lifetime of the first configuration of NIC router #1 to 4 seconds and raises
the overall test timeout accordingly.
Ref #4555
* Move common SMP and NO_HZ_IDLE variables and functions into
generic lx_emul shadow implementations, and integrate them
into the common lx_emul import rules
* Enable SMP and NO_HZ_IDLE within virt_linux kernel configuration
* Adapt pc drivers and wireguard accordingly
* Use original Linux softirq implementation in wireguard
* Remove erroneous softirq shadow implementation
Ref genodelabs/genode#4540
Ref genodelabs/genode#4562
In overload situations, i.e. when a sender fills up the entire buffer, we land
in situations where the sender receives an ack_avail signal, releases one
packet, allocates and sends a packet and fails to allocate a second packet.
This is especially relevant if the receiver does not batch ack_avail signals
(such as vfs_lwip). In those ping-pong scheduling scenarios, the overhead from
catching the Packet_alloc_failed exception becomes significant. In case of the
NIC router, we will land in an overload situation if the sender is faster than
the receiver. The packet buffer will be filled up at some point and the NIC
router starts to drop packets. For every dropped packet, we currently have to
catch the Packet_alloc_failed exception.
This commit adds a new method alloc_packet_attempt to Packet_stream_source that
has almost the same signature as the older alloc_packet method but returns
an Attempt<Packet_descriptor, Alloc_packet_error> object. As the method already
used the allocator back end exception-less, changes on lower levels were not
needed. Furthermore, the NIC router was modified to use the new exception-less
alloc_packet_attempt instead of alloc_packet.
Ref #4555
Replaces the former implementation of the 'find_by_ip' method at the data
structure for ARP cache entries. This method used to return a reference to the
found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4555
According to a benchmarking series on Zynq (base-hw) and x260 (base-nova) using
test-nic_perf_router, increasing the 'max_packets_per_signal' has a significant
effect on the packet throughput. By increasing the default value from 32
to 150, we could gain a few hundred Mbit/s. Increasing the value further
does not seem to have such a strong effect, though.
genodelabs/genode#4555
The checksums for forwarded/routed UDP, TCP and ICMP, used to be always
re-calculated from scratch in the NIC router although the router changes only
a few packet fields. This commit replaces the old approach whereever sensible
with an algorithm for incremental checksum updates suggested in RFC 1071.
The goal is to improve router performance.
Ref #4555
The checksums for forwarded/routed IPv4, used to be always re-calculated from
scratch in the NIC router although the router changes only a few packet fields.
This commit replaces the old approach whereever sensible with an algorithm for
incremental checksum updates suggested in RFC 1071. The goal is to improve
router performance.
Ref #4555
We used to use 'unsigned long' for the accumulating variable when calculating
internet checksums. However, 'signed long' is more in accordance with RFC 1071
and will allow us to share the same back end for folding, once we implement
incremental updating of internet checksums.
Ref #4555
Prevent public reflection of the only internally used 'init_sum' argument in
'uint16_t internet_checksum(...)' that, in addition, added a default value to
the function interface.
Ref #4555
When sending an ICMP ECHO reply, the router merely swaps SRC and DST of the
IPv4 header of the corresponding request and these changes cancel each other
out in checksum calculation. Therefore, with this commit, the router skips
updating the IPv4 checksum in this context.
Ref #4555
The router used to update IPv4 checksums when routing via an <ip> rule
despite the fact that it doesn't change any IPv4 header fields in this case.
Ref #4555
The NIC router used to update IPv4 and layer 4 checksums of a packet for each
interface it was sent to (say, all interfaces of the domain the packet was
routed to). However, there was and is no technical reason for not doing it
only once and then iterating over the interfaces with the already updated
packet. This is what this commit does in an intent to raise the router's
performance.
Ref #4555
The NIC router uses the timer for relatively coarse-grained timeouts.
It therefore suffices to update and store the current time when the NIC router
is signalled and use the cached time instead. This prevents frequent
syscalls or RPCs when acquiring the current time for every packet.
genodelabs/genode#4555
The link dissolve timeout is updated for every packet, which leads to
trigger_once() RPCs that only marginally change the scheduled timeout but
significantly slow down the packet throughput.
genodelabs/genode#4555
The wakeup call only emits a single signal as it assumed both are
handled by the same signal handler. However, the original implementation
did not reset the wakeup_needed variable properly.
genodelabs/genode#4555
When using signal batching, ack_avail and packet_avail should always
be emitted and preferred over ready_to_submit and ready_to_ack.
A signal receiver might decide to not register the ready_to_* signals when it
handles congestion by dropping packets. The Nic router is an example of
such a signal receiver.
genodelabs/genode#4555
Enables symetric-multi-processor support in the Linux kernel configuration
used as base for the driver ports for PC. This is done to be compliant with
common usage of x86 drivers today.
Moreover, this commit uses the original kernel source for softirq/tasklet
implementation to get rid of the insufficient shadow implementation
in the lx_emul sources.
Ref genodelabs/genode#4562
Prepare shadow implementations in spinlocks, pagetable defines,
and irq_stack assembler macros to be able to enable SMP on x86/PC.
Ref genodelabs/genode#4562
The test runs as lx_user task and uses several *delay and wait queue test
cases happened to be used in real ported linux drivers. The test shows
the time spent with several time sources, e.g. jiffies, rdtsc,
lx_time_counter_count etc.
Issue #4540
Use common implementation used by wifi and (not merged) audio driver.
Avoid usage of lib/delay.c since lpj and loop_for_jiffies are not calibrated
for the ported drivers as done on native Linux during boot and leads to wrong
delays for usb and intel_fb.
Issue #4540
Using the 'query_buffer_ppgtt()' function allows for retrieving the
virtual address of the buffer in the PPGTT.
This is for components that manage the GPU virtual addresses rather than
the client as is the case with the lima driver.
Issue #4559.
Adhere to include/linux/rcutiny.h behaviour, which sets the max timeout
for rcu_needs_cpu. Without the commit, in the most cases the timeout value
is zero (or random since the pointer is on stack uninitialized), which leads
to programming very short timeouts again and again, making the system never
idle.
Issue #4540
The box layout evenly distributes the child widgets according to the
number of children. This is not desired in the special case where a
child widget has a size of zero. The patch changes the layout algorithm
such that zero-sized widgets are not taken into account for distributing
residual space.
This patch replaces the former implicit "phonyness" of the rule by an
explicit .PHONY and installs a symlink from the target's build directory
to bin/ as is the usual practice for regular targets.
Related to issue #3972
The parent-provides model is destroyed if no <parent-provides> node is
found in the configuration, which resulted in
Warning: list model not empty at destruction time
and leaking memory for the allocated nodes. The commit now explicitly
empties the list model in the destructor of ~Parent_provides_model.
Note, the case is implicitly tested in pkg/test-init by step "denial of
forwarded session request" and <init_config version="empty">.
Thanks to Peter for reporting this issue.
Fixes#4547
Whenever a domain looses all its interfaces or the link state of all attached
interfaces is down at once, the domain potentially moves to another Ethernet
segment and should therefore consider its ARP cache to be outdated.
RFC 826 states that "... If a host moves, any connections initiated by that
host will work, assuming its own address resolution table is cleared when it
moves. ...".
Therefore, this commit introduces clearing the ARP cache and the initially
stated events.
This commit was motivated by an issue with the PinePhone Modem and USB NIC.
On the PinePhone, the Modem has its own OS and acts as direct gateway to the
outer world for the USB NIC that is driven by Genode. However, whenever the
Modem gets restarted, Modem and USB NIC receive a new MAC address. This used
to conflict with the NIC routers ARP entry for the Modem that didn't cease to
be valid.
With this commit, the integrator of such a scenario at least has a convenient
way of fixing this by ensuring that all interfaces at the USB NIC domain go
down when resetting (e.g. by ensuring that the USB NIC is the only interface at
that domain).
Fixes#4558
When creating a socket, fd flags can be specified by ORing them with the
socket type. Most importantly, the flag SOCK_NONBLOCK must be propagated
to the Socket_fs::Context in order to support non-blocking recv/send.
genodelabs/genode#4550
The 'iput()' function is called from '__sock_release()' when the sock
object has no valid file object. The release function on the other hand
is called when the supplicant closes a socket.
Fixes #xxx.
Replaces the former use of the 'find_by_name' method of the AVL string tree.
This method returned a reference to the found object and threw an exception if
no matching object was found.
The locally implemented replacement doesn't return anything and doesn't throw
exceptions. It takes two lambda arguments instead. One for handling the case
that a match was found with a reference to the matching object as argument and
another for handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Furthermore, this commit modifies the local wrapper for the insert method of
the AVL string tree, so, that it follows the above mentioned concept as well.
Ref #4536
Replaces the former implementation of the 'find_by_domain' method at the data
structure for NAT rules. This method used to return a reference to the found
object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of the 'find_by_port' method at the data
structure for permit rules. This method used to return a reference to the found
object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Furthermore, the commit introduces a convenience wrapper for finding the best
matching pair of transport rule and corresponding permit rule for a given
destination IP and port. This method as well follows the above mentioned
concept.
Ref #4536
Replaces the former implementation of the 'find_longest_prefix_match' method at
the data structure for direct rules. This method used to return a reference to
the found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of the 'find_longest_prefix_match' method at
the data structure for direct rules. This method used to return a reference to
the found object and threw an exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
Replaces the former implementation of find_by_id at the data structure for
links. This method used to return a reference to the found object and threw an
exception if no matching object was found.
The new implementation doesn't return anything and doesn't throw exceptions. It
takes two lambda arguments instead. One for handling the case that a match was
found with a reference to the matching object as argument and another for
handling the case that no object matches.
This way, expensive exception handling can be avoided and object references
stay in a local scope.
Ref #4536
The 'with_libc' call at this point is not necessary and could be
harmful as it forces the usage of the user stack for the driver.
All code depending on this distinction should only be executed
from within the pthread.
Issue #4537.
Querying the RFKILL state led to execution of the Lx_kit::scheduler by
the pthread running the wpa_supplicant. As this may not happen the
RFKILL state is now solely managed by the driver and only the cached
state is read by the supplicant.
Fixes#4537.
Just add riscv spec files. The riscv versions should use MMIO transport
as ARM versions do. They also should work fine for riscv_qemu machine
from genode-riscv repository.
To not integrate referenced depot packages when building a sculpt image,
just set the environment variable DEPOT= to be empty. This allows to produce
slim images to the price that you have to publish the packages yourself.
In that case the sculpt run-script reminds you, and prints the package
versions.
Fixgenodelabs/genode#4530
Make it configurable, whether on a hotplug event the current valid Genode
config for the driver will be re-evaluated. By default it will be re-evaluated.
Issue #4531
On connector unplug the overall resolution of all available active connectors
can shrink and must be considered to potentially re-create the Capture
connection with smaller resolution size. Additionally, update the documentation.
Issue #4531
acpica and the Intel display driver tries to use the Intel Opregion
simultaneously on Genode, which is not supported nor wanted for IO_MEM region as
which it is handled.
Attempts to remove the access to the region was not successful, since some
SSDT table contains ACPI AML code which is executed regularly and read/write
the Opregion.
The patch adds support to read in a copy of the Intel Opregion done by the
acpi_drv component. The copy was sufficient to make the Intel display driver
working to find and lookup the Intel VBT (video bios table) information to
setup all connectors on a Fujitsu U7411 docking station.
Fixes#4531
acpica and the Intel display driver tries to use the Intel Opregion
simultaneously on Genode, which is not supported nor wanted for IO_MEM region as
which it is handled.
Attempts to remove the access to the region was not successful, since some
SSDT table contains ACPI AML code which is executed regularly and read/write
the Opregion.
The patch adds support to make a copy of the Intel Opregion and report it as
is. The copy was sufficient to make the Intel display driver working to find
and lookup the Intel VBT (video bios table) information to setup all
connectors on a Fujitsu U7411 docking station.
Issue #4531
ACPICA needs access to the host bridge 0:0.0 on Intel, which is also
accessed by the Intel display driver. Since for the Intel display driver the
PCI device is specified in the policy explicitly, the PCI device is filtered
out for the ACPICA driver which uses the policy "ALL".
Issue #4532
This commit introduces a hypervisor calling interface. The host kernel can
use it to either switch to a guest VM, or to invalidate the TLB with
regard to a specified VM id.
The VM-specific TLB invalidation is called whenever a VM (Vcpu)
gets destroyed.
Fixgenodelabs/genode#4528
When a PD gets deleted check whether it is active on the current CPU resp. MMU.
If yes, switch to core/kernel's PD to prevent that invalid page-tables or
address-space IDs are still in use. Moreover, whenever we switch to an idle
thread, we switch to kernel/core's PD too. Thereby, we prevent that vanished
PDs are still active on CPUs different from the one, where the core entrypoint
is active, which does the PD deletion.
This whole scheme is only valid under the assumption that core has only one
entrypoint running on one CPU.
Fixgenodelabs/genode#4527
Do not only distinguish core and user threads, but the idle threads too.
Instead of a boolean value, introduce a new thread type.
Ref genodelabs/genode#4527
All access to PCI devices can be handled nowadays via the platform session.
The I/O port access seems also to work not properly on newer UEFI machines.
Fixes#4532
As accommodating the session component object is already taken care of
be the root component implementation, remove the remaining redundant
checks.
Fixes#4521.
Since unblocking the pthread directly may lead to corruption we need
to post-pone it. So we send a signal that should be handled by the EP
after the EP has finished its current line of work.
Fixes#4523.
Instead of allocating the stack via 'kmalloc' point it to the actual
stack used by the task. This addresses issues with the USB
host-controller driver where sometimes hub port enumeration is not
working.
Fixes#4522.
We locally disable 'address-of-packed-member' warnings because GCC complained
about possible alignment issues when returning a reference to a packed member
as naturally aligned pointer (for some reason only on arm_v8a). We know that
the member is aligned to NETDEV_ALIGN via __attribute__ and that the warning
is therefor unnecessary.
Ref #4519
We have to correct the CC_OPT_* variable for these files and used to do so via
phony pre-requisite for the corresponding object files because the correction
had to take place after the variable initialization in
import-lx_emul_common.inc and before the creation of the object files. However,
this caused the objects to always rebuild.
This commit fixes this issue by using Make's feature of target-specific
variables instead. The drawback of this solution is that we can no longer
override CC_OPT_* with a modification of its original value but instead have to
override with a completely new value. This is because otherwise, Make would
either complain about recursive assignment or produce an empty value.
Ref #4519
The strict conversion warnings were disabled during development when the
contrib code was still compiled with the wireguard lib. Now this isn't
necessary anymore as the contrib code is in the wireguard_lx_inc_dirs lib.
Ref #4520
With this commit, the WireGuard component exits with a descriptive uncaught
exception on invalid configurations or when the user attempts to re-configure
attributes that are not re-configurable (private_key, listen_port, interface).
This is particularly important when it comes to the not re-configurable private
key. If the component would just ignore the attempt to override the private
key, the user may come to believe that his old (potentially compromised)
private key is not in use anymore.
The fact that the component now exits instead shouldn't be a problem, as the
user would have to restart the component anyway in order to apply the new
attribute values.
The commit also extends the wg_reconfig run script to test that WireGuard
exits on the attempt to re-configure the private key.
Ref #4520
Support removing peers by removing them from the component configuration.
This commit also introduces the wg_reconfig run script that tests adding and
removing single peers.
Ref #4520
I used to set the peer flags to 2 when adding a peer but merely because I
observed that value in my reference Linux. I now found that the flag 1<<1 means
'WGPEER_F_REPLACE_ALLOWEDIPS' and is ignored whenever the peer is new. Anyway,
I keep setting the flag but with the clearer enum name because the wg tool is
doing it as well when adding new peers and we want to stay close to how the
original code interacts.
Ref #4520
Build description files that feature both an actual target and
CUSTOM_TARGET_DEPS happen to re-link the target each time whenever one
of the CUSTOM_TARGET_DEPS is phony, e.g., gems/src/app/menu_view/.
The re-linking of the actual target is of course not desired. By
triggering the creation of CUSTOM_TARGET_DEPS from 'all:' instead of
'$(TARGET)', the specified files do not implicitly become link
dependencies of the target.
Issue #3972
The extra definition introduced by commit:
"lx_emul & arm: define ZERO_PAGE" re-defined the macro included
by a header of the contrib sources. This commit removes the
contrib header and defines thereby missing macros.
Fixes wrong atomic_*(ptr) usage with u32 pointer introduced by
commit "lx_emul: eliminate wrong include pathes". Atomic read or
write is nt needed in our case, we always schedule cooperatively.
Since "Consolidate USB test run-scripts" usb_hid_raw.run depends on
depot archives. Therefore, '--depot-dir' and '--depot-user' must be
passed to the nested run tool to cover cases that customize the depot
(e.g., our nightly CI).
Issue #4511
Introduces the pkg/wireguard archive that depends on the new src/wireguard
archive and deploys one WireGuard component with an empty configuration (can
be configured by the user via a launcher, for instance).
Fixed#4519
Introduce an arch-specific wireguard lib that contains all code from the
former arch-specific target.mk files. This allows us to create a generic
target.mk that merely depends on the library and a dummy.cc file. The latter
ensures that building/linking of the target isn't skipped by the build system.
Ref #4519
The wireguard library's purpose is having a separate INC_DIR setting for the
files that need Linux include paths that would clash with Genode include paths.
Therefore, the name wireguard_lx_inc_dirs is more descriptive. Furthermore,
this allows us to create a new arch-specific wireguard lib in a future commit
in the course of preventing arch-specific target.mk's (a commonly used
approach in Genode).
Ref #4519
The driver wrongfully disabled all APs if it was configured with an
auto-connect list containing multiple APs when one of those was
disabled as a result of using wrong credentials.
This commit changes the way network enable- and disablement are
handled by only operating on the given access-point in question.
It also removes unused code touched by these changes.
Thanks to Peter for bringing this problem to our attention.
Fixes#4517.
There is a race between the trace subject doing the buffer
initialization and the monitor trying to iterate the buffer entries. If
the monitor tries to iterate entries of an uninitialized buffer, it will
read the very first entry twice. The monitor should therefore only start
iteration when the buffer has been initialised.
genodelabs/genode#4513
By declaring the generated menu_view_styles.tar archive as build
artifact, it is automatically picked up whenever menu_view appears as
build ingredient of sculpt.
build: app/menu_view
* Prevent page-faults when the active interface of a device got unset
during elimination of the device
* Resets devices, where a corresponding session got closed to
be re-useable when a new session gets opened
Ref #4512
* Instead of repeatedly spam the log with errors and
bring heavy load to the USB host controller driver
abort yourself when the device vanishs
Fixgenodelabs/genode#4515
With this commit, the Xoroshiro128+ PRNG in lx_emul/random.cc gets wrapped
by a new class that automatically re-seeds the PRNG with jitterentropy every
1024 * 1024 + random(0..4095) bytes of generated output.
Ref #4397
Both the Wifi driver and the WireGuard port used local implementations for
their source of randomness. Wifi used a Xoroshiro128+ PRNG for rapid generation
of random values but initialized this PRNG always with the same static seed
value. WireGuard, in contrast, requested each random byte directly from the
jitterentropy lib, which is considered to be very time intensive.
This commit removes the local variants of random.cc and introduces a new
centralized lx_emul/random.cc . The new variant combines the former approaches,
so, that jitterentropy is accessed only in order to generate a random seed for
a Xoroshiro128+ PRNG. Front-end requests for random values are then fulfilled
efficiently via the PRNG.
:Warning:
The output of the Xoroshiro128+ PRNG that is used in the new implementation of
the lx_emul randomness functions has known statistical problems (see
https://en.wikipedia.org/wiki/Xoroshiro128%2B#Statistical_Quality).
Furthermore, the integration of Xoroshir128+ with the lx_emul code was not
reviewed/audited for its security-related properties, so far, and has the
known deficiency of seeding the PRNG only once during initialization. Thus,
we strongly advise against the use of the lx_emul randomness functions for
security-critical purposes.
Ref #4397
This patch simplifies the use of the menu_view in scenarios where no
absolute motion events but only touch events occur. Previously, such
scenarios required the creation of artificial absolute motion events
via the event filter.
Issue #4514
The hover state is evaluated for the routing of input events. When
routing a touch event, the decision should be based on the most recently
observed touch position. Without this patch, however, the hover state kept
referring to the initial pointer position (screen center) in the absence
of any other motion events.
Issue #4514
A userland component that ports the Linux WireGuard kernel module (originally
from kernel version 5.14.21) and integrates it via a NIC session (public
network side) and an Uplink session (private network side). The
WireGuard-specific device configuration is done through the component
configuration. The port is done using lx_emul, lx_kit and the virt_linux
targets. The commit adds also 4 corresponding run scripts of which 3 are fully
automated of which 1 is added to the autopilot.
:Warning:
Although in principal functioning, the WireGuard port has not been exposed to a
sufficient amount of real-world testing, so far. Therefore, we strongly
recommend not to use it in any security-critical scenarios! There is no
guarantee that the port meets any of the security goals pursued by the
WireGuard protocol or other WireGuard implementations!
Ref #4397
The implementation was copied from the already existing LX-emul implementation
for x86 but the commit additionally page-aligns the array that serves as
backing store for the zero page as we assume this to be expected by the contrib
code. However, this commit doesn't apply the alignment also to the x86
implementation as we agreed, that this should be done in a separate commit.
Ref #4397
* Adds methods for copying raw data to the data field of Ethernet frames and
UDP packets. This is used in the port to wrap the higher-layer packet data
prepared by the contrib code with the additionally required headers before
sending it at a network session.
* Adds a method to cast raw data to an IPv4 packet. This is required in the
port in order to check values in stand-alone IP packets produced by the
contrib code before sending them at a network session.
* Adds methods for setting UDP ports given big endian port values without
having to convert to little endian in the app and then back to big endian in
the net lib.
Ref #4397
The driver did not allow for setting module parameters and so far
no one complained. Remove the option to prevent the misleading of
users.
Issue #4506.
Normally, the APIs listed in 'used_apis' files do not carry a version
but implictly refer to the current version. This patch allows for
specifiying an concrete version. This is a useful feature in the context
of the Goa tool.
By replacing the formerly hard-coded $(GENODE_DIR)/tool/depot/ by the
variable DEPOT_TOOL_DIR, the depot tools can be hosted outside the
Genode source tree, i.e., as part of the Goa tool.
Since Linux does not use the arch-independent spinlock structs for ARM,
we must use different members when accessing the lock value.
genodelabs/genode#4499
to work again. The drivers interactive package does not provide a Platform
service anymore, so remove the audio driver. A lot more mesa related libraries
are required now.
This commit de-duplicates the redundant dummy implementations and
to some degree also the 'lx_emul.c' implementations while also
decluttering the various 'dep.list' files.
The code is moved into 'src/lib/pc/lx_emul' where it becomes part
of the 'pc_lx_emul' library.
Fixes#4500.
Instead of each driver providing its own header file use a central
header as the initcall order header should cover _all_ provided
initcalls resulting from the used 'pc_linux' kernel config.
Note that the 'pc_linux' configuration was extended with the
'USB_USBNET' option because the module's initcall is needed for the
Genode C API for USB glue-code and the 'PACKET' option needed by
the wireless lan driver.
The lack of theses options was not noticed as each driver used its
own initcall header so far that stemmed from the initial porting
effort.
Issue #4500.
* Some fixups for the README
* Make config ROM const when used for the session policies
* Turn Reporter into Expanding_reporter
* Always first register ROM signal handler before parsing it the first time
Outsource parts of the Main object into a common compound object,
common parts of the Makefile description and depot source package.
Fixgenodelabs/genode#4503
* Parse PCI specific information from devices ROM
* Enable DMA, I/O memory and I/O port access dependent on BARs in config space
* Introduce device PD for Nova + IOMMU support
* Enable MSIs if available
* Add PCI specific policy rules
Fixesgenodelabs/genode#4502
Instead of returning an invalid device capability when a device
is (not yet) available, e.g. a PCI device is requested before the
PCI bus got parsed accordingly, we check the device capability
within the Platform::Connection utilities, and register temporarily
an Io_signal_handler to wait for changes of the devices ROM, and
try the device aquisition again. Thereby, simple drivers so not have
to take the burden to do so.
To enable this feature for all drivers, we always have to export a
devices ROM, but limit the information about physical resources
(I/O memory addresses, IRQ numbers, I/O port ranges) to clients with
'info=yes' in their policy description.
Fixgenodelabs/genode#4496
By adding a 'report' node to the platform driver's configuration
one can enable either devices or config reports. The devices
report contains all devices and their detailed state, as well as
whether it is already in use or not. The config report contains
one by one the current configuration of the platform driver.
Moreover, this commit adds a README file describing the facilities
of the platform driver.
Fixgenodelabs/genode#4386
If PCI devices happen to miss complete configuration after boot, the
platform driver supports <pci-fixup> nodes for concrete devices
(specified by bus-device-functions tuples). The
<bar> node instructs the platform driver to remap BAR id 0 to address
0x4017002000, which amends the BIOS configuration and is stringently
required for BARs with address 0.
! <pci-fixup bus="0" device="0x15" function="3">
! <bar id="0" address="0x4017002000"/>
! </pci-fixup>
The issue was discovered with Intel LPSS devices in Fujitsu notebooks.
Fixes#4501
This patch changes the libc to query the stack size from the
config attribute <libc> <stack size=""/> </libc> for regular
components, not only cloned processes.
To discharge the generic platform driver from certain PCI bus scanning,
and ACPI + kernel specifics, this commit introduces a new component,
which consumes the acpi drivers report and the platform_info from core
to prepare a devices ROM for the platform driver that contains all
PCI devices and its resources.
Fixgenodelabs/genode#4495
USB Attached SCSI devices might expose a bulk-only interface
as fall-back at interface 0 and alternate setting 0. This commit
allows for probing all alternate settings of the active interface
to be able to use such devices.
The configuration was extended so that in case the device interface
is known beforehand the driver can be configured accordingly.
Fixes#4494.
Deploying an overly large meta-pkg in Sculpt leads to an
'Xml_generator::Buffer_exceeded' exception. Using the expanding
reporter solves this problem.
Fixes#4493.
In case we are instructed to reauthenticate and were already
authenticated we ignore the request in the management layer
and let 'wpa_supplicant' deal with that.
Fixes#4488.
The vanilla NOVA kernel solely supports tracking and exporting of execution
times per SC kernel object, but not per thread (EC object). The commit extends
to track execution times per EC in the NOVA kernel, exporting it to Genode's
'core' roottask and populating Genode's Trace::Subject_info structure.
Fixes#4481
Remove handling of ACPI (SCI) interrupt from kernel and thereby let the
handling of the ACPI irq exclusively to an Genode driver. On Genode the ACPICA
library+app handles the ACPI irq, where we can now remove the contrib patches
related to the synchronization between NOVA kernel and ACPICA library.
Fixes#4479
When using the framebuffer driver on this machine the
'cpu_latency_qos_request_active' dummy is triggered. Removing the
trace-and-stop call makes the driver usable.
In addition, 'cpu_latency_qos_remove_request' is changed as well
although it is guarded by 'cpu_latency_qos_request_active'.
Fixes#4489.
This patch fixes rare freezes of menu view instances, which could happen boot
time whenever the leitzentale GUI happens to get initialized before the display
driver finished setting up a reasonable mode. In this case, the resolution-
dependent font size can temporarily get almost zero, tripping up the glyph
renderer.
Since the driver relies on all requests being Nvme::MPS_LOG2 aligned
as advertised in its Block::Info the added check will reject any
misaligned requests (using 'gpt_write' led to an IOMMU write fault).
Issue #4486.
2560x1440 resolutions require more RAM resources. Additionally, make
sure that the decorator 'init' receives enough CAPs to service the
decorator configuration.
fixes#4485
* Claim and release USB interfaces
* Collect URBs in flight in anchor list
* When releasing interfaces, wait until all
anchored URBs finally got killed successfully
Fixgenodelabs/genode#4483
In rare cases it is necessary to execute Linux contributed code
until certain work is finished, e.g. when in a synchronous RPC call,
a session construction or destruction a result is needed. Therefore,
we introduce a new lx_emul function called lx_emul_execute_kernel_until.
Ref genodelabs/genode#4483
To signal that a device gets used and released by a session
introduce claim, release, and release all callbacks in the
USB interface of the C-API.
Ref genodelabs/genode#4483
In case multiple devices shared the same memory-mapped I/O page
we have to take the offset into account. This commit fixes the
'pc_usb_host_drv' on the Thinkpad X201 where the two EHCI host
controller share the some I/O memory page.
Fixes#4477.
With the new usb driver #4399 and usage of the updated dde_linux lx_eml/lx_kit
approach a much higher rate of IRQ session construction/destruction and signal
handler assignment (irq->sigh) are caused. This trickles down to the kernel,
which causes an hang of the AMD IOMMUs due to not setting reserved bits
adequately. The commit fixes the root cause in the kernel and add a guard
into core's to limit such driver behaviour.
Fixes#4482
The file listed only enabled="false" in the audio adapter tag. However,
setting only this option to true isn't sufficient for guest audio to work.
One has to set also enabledIn respectively enabledOut in the same tag. The
new default vbox6 file reflects this.
Fixes#4476
This patch fixes a potential data corruption issue that could occur when
issuing large I/O requests to vfs/rump, which don't fit into the default
block I/O buffer of 128 KiB. Note that we haven't observed the problem
in practice (Sculpt hosts vfs/rump in a dedicated vfs server, which
fragments requests) but spotted the issue while reviewing the code. We
could trigger problem by explicitly changing the I/O buffer size to 32
KiB.
Issue #4474
This patch changes the meaning of the 'offset' parameter of the
'produce_write_content' and 'consume_read_result' hook functions.
The value used to reflect the absolute byte position but in practice,
a job-relative byte offset is desired.
Issue #4474
Before this commit, the block-request handler was implemented as
Io_signal_handler and, additionally, the USB driver called the
block-request handler on request completion directly on I/O level. This
is generally a bad idea because I/O handlers should avoid to have direct
global side effects. In contrast, application logic should be
implemented in way that it consumes atomic state changes after I/O
completed. Now USB I/O completion locally submits a signal to the
block-request Signal_handler.
This patch reduces the response time of supposedly stuck situations like
an unresponsive part_block component. First, it reduces the heartbeat
rate from 1 to 2 seconds to make it consistent with the frequency of
state reports. Second, it allows up to four skipped heartbeats until
regarding the situation as stuck. With those changes, the prolonged
initialization sequence of a USB ZIP drive succeeds with Sculpt.
The Uplink_test used to end in an uncaucht exception about a failed packet
allocation on several x86_32 platforms.
* Destruct and re-construct the corresponding TX packet allocator during a
link-down-up step in the Uplink test. Fixes the exceptions but results in a
never ending test.
* Decouple the link-down-up steps from the handling of packet stream signals
by simply triggering it with a local periodic timeout of 1 sec period.
This prevents that the Uplink_test never finishes because it destructs the
Uplink connection too often.
* The test finishes not before at least 3 link-down-up steps were executed.
* Replace the Allocator_avl's used for the TX packet allocators of the Nic
and Uplink Connection with the better suited Nic::Packet_allocator.
Ref #4419
The error message
"Command buffer creation failed" in intel_dsb.c repeatedly appears
during connector hotplug. Since the driver works also without this DMA offload
optimization, disable the functionality.
Issue #4450
The service is merely announced but trying to request a session always causes a
Service_denied exception. This helps in scenarios where the client is
won't open a session anyway but expects the service to be available. This is
considered a temporary solution.
Ref #4419
This patch handles the corner case of switching virtual desktops while
child views are visible. Examples of such child views are tool tips,
pull-down menus, or the graph of the top-view utility. The switch to
another virtual desktop would implicitely turn the child views into
top-level views of the root nitpicker GUI server until switching back
to the original virtual desktop.
The patch implements the expected behavior of hiding all child views
that belong to a disappearing top-level view.
As it stands, the implementation requires minimal reflection measures to
implement correct cleanup procedure. static_cast<> cannot be used as it
does not implement runtime type casting as dynamic_cast<> does.
This patch reverts the vfs-watch-handle creation whenever the subsequent
allocation of the VFS server's 'Watch' object fails. This can happen
when the session RAM or cap quota is depleted.
Fixes#4472
The issue came apparent with Windows Guests and USB passthrough of
smart-card readers. If the VM is powered off, PDMR3Term cleans up all
devices incl. (first) acpi and (later) devxhci. The latter used a
dangling reference to ACPI structs in a indirect call to
apicIsLogicalDest() from xhciR3Destruct().
VMMR3_INT_DECL(int) PDMR3Term(PVM pVM)
virtualbox6/src/VBox/VMM/VMMR3/PDM.cpp:817
"apic" (pDevIns->pReg->szName)
static void apicR3TermState(PVM pVM)
virtualbox6/src/VBox/VMM/VMMR3/APIC.cpp:1235
"qemu-xhci" (pDevIns->pReg->szName)
static DECLCALLBACK(int) xhciR3Destruct(PPDMDEVINS pDevIns)
repos/ports/src/virtualbox6/devxhci.cc:431
void usb_detach(USBPort *port)
<qemu-usb>/src/lib/qemu/hw/usb/core.c:70
static void xhci_port_notify(XHCIPort *port, uint32_t bits)
<qemu-usb>/src/lib/qemu/hw/usb/hcd-xhci.c:2592
static DECLCALLBACK(void) pciSetIrq(PPDMDEVINS pDevIns, PPDMPCIDEV pPciDev, int iIrq, int iLevel, uint32_t uTagSrc)
virtualbox6/src/VBox/Devices/Bus/DevPCI.cpp:398
static bool apicIsLogicalDest(PVMCPUCC pVCpu, uint32_t fDest)
virtualbox6/src/VBox/VMM/VMMAll/APICAll.cpp:797
The fix removes our Qemu library reset from xhciR3Destruct() and
registers xhciR3Reset() as PowerOff hook.
Thanks to Raphael for the thorough investigation.
The quota adjustments prevent the leitzentrale's decorator from running
out of RAM, and allow the nitpicker GUI server to preserve buffer
content during resize (reducing flickering artifacts) when using a
screen resolution up to 2560x1440.
This fixes the following warning when building the binary archive:
Library-description file vfs_capture.mk is missing
Library-description file vfs_tap.mk is missing
'Platform::Device_pd::attach_dma_mem' may lead to insufficient resources
for meta data, which is reflected to the client via 'Out_of_caps' or
'Out_of_ram'. In case the client upgrades its session the quotas need to
be passed to core as done by
'Platform::Device_pd::Expanding_region_map_client::attach'.
issue #4451
Use 'avail_caps' and 'avail_ram' for resource guards because 'used_caps'
and 'used_ram' do not account for resources given to the platform
driver. This lead to incorrect resource accounting by the GPU
multiplexer.
issue #4451
The calculations of packet_size and packet_count in the block_io() did
not consider rounding errors. This resulted in diverging values over
several bisecting operations (/= 2) and wrongly-size packet allocations
as well as memcpy operations.
Related to #2263 (comments about partial block accesses and
_block_io()).
Fixes#4471
The NIC router used to handle each type of packet-stream signal with a distinct
method in the Interface class. However, merging those methods has advantages.
It ensures that sent packets that were already acknowledged by the counter side
are always released before handling received packets. This frees packet stream
memory which facilitates the potential allocation of response packets while
handling received packets. Furthermore, it simplifies the code and reduces the
number of entry points into the router.
This commit also removes the installation of signal handlers at packet streams
for events that are of no interest for the router (TX-ready-to-ack /
RX-ready-to-submit at NIC sessions and RX-ready-to-ack / TX-ready-to-submit at
Uplink sessions).
Fixes#4470
The driver falls in line with the previous 'legacy_wifi_drv' component
where the ported wireless LAN stack and device driver is encapsulated
in a library. This library in return is used by the 'Libc::Component'
providing the necessary environment for the 'wpa_supplicant'.
In constrast to the old driver a 'wifi' VFS plugin is in charge of
initalizing the 'Lx_kit::Env' prior to executing any static
constructors.
Fixes#4455.
Move 'linux-firmware' portion from 'dde_linux' into its own port,
while it is used by the upcoming new WLAN driver keep it in place
for the legacy one.
Issue #4455.
Various libraries, like libnl and wpa_driver_nl80211, used hardcoded
values for the interface index (ifindex) and name (ifname).
To accomdate the legacy as well as the upcoming new driver we add
functions to query these information where at least the index differs.
Issue #4455.
The location of the used 'source.list' file is hard-coded and will not
work when the ported driver is implemented as a shared library. For
this use-case provide means to set the location differently.
Issue #4455.
In case where the ported driver or protocol stack is executed from
an already managed environment, e.g. the libc, the execution
of the static constructors will be performed at the appropriate
time.
Issue #4455.
Whenever the nic_router encounters ARP requests on an interface
that does not have a valid IP config it will ignore them. However,
When increasing the verbosity of the component for diagnostic
purposes the resulting 'Bad network protocol' message is misleading.
Issue #4455.
* Test DHCP RENEW by the test client in the unmanaged variant.
* Add event IDs to log output of test client in order to prevent false positive
result in the managed variant.
* Let managed and unmanaged variant have separate string patterns for
'run_genode_until' because they already had different output and it will
differ even more as we don't want to test DHCP RENEW with the managed
variant.
* Delay first test client DHCP in order to fix unexpected sporadic initial IP
config.
* Remove some unnecessary code from the run script
Fixes#4460
The NIC router did update the IP config of a domain on a completed DHCP
REQUEST but not on completed DHCP RENEW or DHCP REBIND. Thus, it didn't adapt
to "real" DHCP servers (not NIC router servers) that got restarted with a
changed configuration by the means of RENEW/REBIND. The commit fixes this.
Note, that testing this is complicated as we don't have the necessary
infrastructure (we cannot simply use the DHCP server of the NIC router as this
would apply a link down/up sequence in order to let the client restart DHCP)
Ref #4460
After reverting unused ranges during allocator destruction
'_meta_data.free_empty_blocks' may lead to more unused ranges because
meta data blocks maybe freed where the meta data for the blocks is
managed by other meta data blocks. This leads to dangling allocation
warnings which are caused by meta data. Therefore, we call
'_revert_unused_ranges' and 'free_empty_blocks' until no more ranges
can be freed.
issue #4466
by using the io_mem RPC of the platform session instead of parsing the
bar resources manually. This commits avoids and breakage on systems where
the Intel graphic cards just uses 64bits with addresses above 4G.
Issue #4450
Compared to the bytewise memset, a wordwise memset (or even multi-word)
achieves a speedup of ~6.
On Zynq-7000/Cortex-A9:
317 MiB/s -> 2040 MiB/s
On base-linux x86_64:
3580 MiB/s -> 23700 MiB/s
genodelabs/genode#4456
Preloading a few cache lines ahead brings a significant speedup in
memcpy throughput. Note, the particular (optimal) value was empirically
determined on a Cortex-A9 (Zynq-7000) SoC @ 666Mhz. It is best combined
with L2 prefetching enabled (including double linefills and prefetch
offset 7). Yet, even without L2 prefetching this seems to be the sweet
spot.
genodelabs/genode#4456
The implementation is not in use any more. Furthermore, on typical ARM
cores such as the Cortex-A9, the cached read appears to be the
bottleneck rather than instruction density. On a Zynq-7000 SoC, the vfp
implementation performed significantly worse than the standard load/store
multiple implementation with preloading.
genodelabs/genode#4456
When executed on Linux, the test was impaired by the copy-on-write
optimisation since the source buffer was never initialised. By default,
Linux only maps a zeroed page until the first write access to the page
occurs. Since the source buffer was never written, the corresponding
page was always present in the physically-indexed data cache. In
consequence, the test merely measured write performance (similar to memset).
genodelabs/genode#4454
Send usb ctrl transfers with one second timeout as some devices (e.g.,
smartcard readers) do not response to certain control transfers.
Thanks to Peter for the investigation.
The i2c code has a busy loop (see commit for the location), which expects that
the jiffies advances without a cooperative scheduling decision.
Issue #4450
Our usb_host driver supports UHCI, OHCI, EHCI, and XHCI host
controllers. The USB4 host interface / Thunderbolt is currently not
supported and must therefore not be passed to the USB host driver.
If any PCI device reports 0 as interrupt PIN, drivers may try to force
MSI setup (e.g., xhci). So, we clamp the interrupt PIN to 1 to let
drivers finish initialization and don't bother the platform driver.
Encountered on the Fuji5 where for reasons currently unknown the
first xHCI HC (0:0d.0) could not be initialize due to incomplete
interupt informations. The other HCs appear to work fine (tested
with a USB low-speed mouse).
This commit removes all physical notions from the information given
to the Linux kernel regarding PCI BARs.
With the exception for the host bridge that needs to be located at
'0:00.0' as required by the Intel FB driver, all other devices are
announced at the PCI BUS in an ascending order.
Additionally the MMIO regions start at 1 GiB and are capped at 32 bit
to prevent unnecessary access to 64 bit addresses.
With this fix, the driver no longer aborts on the Tigerlake notebook and
just skips the out-of-region ACPI table. Issue #4452 is not fixed by
this commit, but in this specific case the table is not used anyway.
Upgrade to the well known worst cases by the GPU multiplexer. Do not
keep track of resources locally, in case resources are exceeded the
remain so anyway.
issue #4451
Check if there are a least 4 caps + 2MB (heap) + possible buffer size
available before any resource allocation. Only account resources that are
actually used.
issue #4451
Some devices do not answer connection attempts timely, which leads
amtterm to time out (after 60s). Using multiple attempts in 500 ms
intervals results in timely connection and complete boot logs.
Issue #4429
The former implementation relied on the behaviour of how the old
intel fb driver requested the pci devices. The new lxkit however actually
really want to have all available pci devices.
Issue #4450
required by the upcoming update of the intel display driver. Make this addition
explicit, because it triggers adjustment also on the new pc_usb_host_drv.
Issue #4450
If size is zero, the platform goes out of service by:
[init -> platform_drv] Error: Uncaught exception of type 'Genode::Ram_allocator::Denied'
[init -> platform_drv] Warning: abort called - thread: e
Issue #4450
Also, the repository URL was adapted to the permanent redirect to github
to prevent the following warning.
dde_ipxe download http://git.ipxe.org/ipxe.git
dde_ipxe git Cloning into 'src/lib/dde_ipxe'...
dde_ipxe git warning: redirecting to https://github.com/ipxe/ipxe/
dde_ipxe update src/lib/dde_ipxe
This patch adds the trace-logger utility to the default set of packages
along with an optional launcher. With this change, only two steps are
needed to use Genode's tracing mechanism with Sculpt:
- Add 'trace_logger' to the 'launcher:' list of the .sculpt file
- Either manually select the 'trace_logger' from the '+' menu,
or add the following entry to the deploy configuration:
<start name="trace_logger"/>
By default, the trace logger is configured to trace all threads
executed in the runtime subsystem and to print a report every 10
seconds. This default policy can be refined in the launcher's <config>
node. Note that the trace logger does not respond to configuration
changes during runtime. Changes come into effect not before restarting
the component.
Issue #4448
This patch changes the output format of the trace logger to become
better suitable for human consumption. For example, when instrumenting
the VFS server in Sculpt using the GENODE_TRACE_TSC utility, the
trace logger now generates tabular output as follows.
Report 4
PD "init -> runtime -> arch_vbox6 -> vbox -> " ----------------
Thread "vCPU" at (0,0) total:12909024 recent:989229
Thread "vCPU" at (1,0) total:5643234 recent:786437
PD "init -> runtime -> ahci-0.fs" -----------------------------
Thread "ahci-0.fs" at (0,0) total:910497 recent:6335
Thread "ep" at (0,0) total:0 recent:0
71919692932: TSC process_packets: 8005M (4998 calls, last 4932K)
71921558516: TSC process_packets: 8006M (4999 calls, last 1596K)
71922760220: TSC process_packets: 8007M (5000 calls, last 1006K)
71929853586: TSC process_packets: 8009M (5001 calls, last 1840K)
71931315246: TSC process_packets: 8011M (5002 calls, last 1253K)
72127999920: TSC process_packets: 8016M (5003 calls, last 5606K)
72129568198: TSC process_packets: 8018M (5004 calls, last 1345K)
77161908178: TSC process_packets: 8029M (5005 calls, last 11349K)
77643225736: TSC process_packets: 8029M (5006 calls, last 217K)
89422100594: TSC process_packets: 8035M (5007 calls, last 5656K)
89422123632: TSC process_packets: 8035M (5008 calls, last 1342)
Thread "signal handler" at (0,0) total:36329 recent:3001
Thread "signal_proxy" at (0,0) total:51838 recent:13099
Thread "pdaemon" at (0,0) total:97184 recent:332
Thread "vdrain" at (0,0) total:1266 recent:286
Thread "vrele" at (0,0) total:1904 recent:516
PD "init -> runtime -> nic_drv" -------------------------------
Thread "nic_drv" at (0,0) total:34044 recent:897
Thread "signal handler" at (0,0) total:369 recent:142
...
Subjects that belong to the same PD are grouped together. The formerly
optional affinity and activity options have been removed. Those
information are now unconditionally displayed. The trace entries
belonging to a thread appear as slightly indented.
The patch also updates the coding style, avoiding excessively long
lines.
Issue #4448
This patch reduces repetitive log output by omitting inactive trace
subjects from the log output. The information about all subjects can
still be dumped by setting 'verbose="yes"'.
Issue #4448
This patch splits the creation and updating of monitor objects into two
stages. The creation of a monitor object changes the state of the
associated trace subject. The patch ensures that the new state is
captured by the update of the monitor object.
Issue #4448
This patch makes the trace-subject state as reflected to the trace
monitor more accurate.
Until now, a subject could be in UNTRACED or TRACED state. In reality,
however, there exists an intermediate state after the trace monitor
called 'trace' for the subject but before the subject locally activated
the tracing (done when passing a trace point). This intermediate state
was reflected as UNTRACED. Consequently, threads that never pass a trace
point (e.g., just waiting for I/O) would remain to appear as UNTRACED
even after enabling its tracing by the trace monitor. This is confusing.
This patch replaces the former UNTRACED and TRACED states by three
distinct states:
UNATTACHED prior any call of 'trace'
ATTACHED after a trace monitor called 'trace'
but before the tracing is active
TRACE tracing is active
Fixes#4447
The new macros GENODE_TRACE_TSC and GENODE_TRACE_TSC_NAMED complement
the existing GENODE_LOG_TSC and GENODE_LOG_TSC_NAMED macros to simplify
TSC measurements at a low overhead of the trace mechanism.
The utilities of the new util/formatted_output.h header complement the
existing base/output.h with the text-formatting support needed to
produce tabular output.
Fixes#4449
First, the endpoint update has to comply with the current alternate
settings of all interface, which are stored in USBDevice::altsetting[]
(one value per interface). Second, a SET_INTERFACE control request via
Packet_type::ALT_SETTING must update USBDevice::altsetting for the
interface.
Now, USB devices with multi-setting interface like the Joulescope JS110
with mixed bulk/isochronous endpoints are supported.
This commit adjusts the value such that USB sessions requested by
VirtualBox6 on Sculpt OS can get established on the first try without
invoking the session-retry mechanism. This reduces the number of
diagnostic log messages like:
Error: Insufficient 'ram_quota',got 6296372 need 6297928
The value of 50% as assigned by commit "sculpt: add basic support for
i.MX8 Quad EVK" leaves too little room for other components of the
runtime subsystem. With the adjustements of commit "sculpt: assign CPU
quotas" the sum exeedcs 100%. Hence this commit tunes down the value to
sensible 10%.
The existing assignment of CPU quotas did not anticipate the dynamic
reconfiguration of init. It merely tracked the available CPU quota by
deducing the consumed amount from a global variable but never
replenished the value. This worked for static scenarios but failed in
situations where components are dynamically re-started.
So far this deficiency remained detected because CPU quotas were not
used in highly dynamic systems like Sculpt OS. However, this has
recently changed by commit "sculpt: assign CPU quotas".
The patch improves the accounting by mirroring the existing handling of
RAM and cap quotas. Note that the CPU-quota accounting is still rather
limited. In particular the dynamic rebalancing is not yet supported.
Issue #4445
.SHELLFLAGS is extended by option pipefail to make pipes fail if any pipe
element fails. As .SHELLFLAGS is exported into sub-make instances it
must be unexported before calling third-party build systems recursively.
With the consolidation of the file-system session's signal handlers
implemented by commit "file_system_session: merge ack and submit sigh",
we can now change the VFS server to produce batches of acknowledgements
before explicitly waking up the client. (in contrast to the traditional
'acknowledge_packet', the new 'try_ack_packet' triggers no signal)
Issue #4388
Split the trace buffer into two partitions in order to prevent overwriting
of entries when the consumer is too slow. See file comment in buffer.h.
genodelabs/genode#4434
This commit simplifies the current implementation by overloading the
length field with a padding indicator in addition to the zero-length
head entry. This simplifies the iteration semantics as it eliminates
the need for determining whether a zero-length entries is the actual
head of the buffer or a padding at the buffer end.
genodelabs/genode#4434
To support device-less protocol-stacks only ports, we can use a
Virt I/O Linux kernel flavor, and export the lx_kit/lx_emul parts
not depending on platform API and devices.
Ref #4397
* Drivers have to use lx_kit/memory_dma.cc
* Protocol-stacks use lx_kit/memory_non_dma.cc
* Moreover the device-dependent lx_emul parts get removed
from the common lx_emul import rules
Fix#4443
* Unifies the declaration of callbacks which manage driver/client
shared dataspaces
* Move the Linux driver-specific callback implementation to the
lx_emul library from the PC's USB host driver
Fixgenodelabs/genode#4439
The logic got accidentally reversed during the transition from the
legacy USB driver.
Since the function drops error details, this patch adds a diagnostic
message with the error code as returned by the Linux driver.
This patch declares that the pseudo target virtualbox6/services/ does
not produce any build artifact. This allows the adding of virtualbox6
to Sculpt's 'build:' list.
The run script uses core, ld.lib.so, and init from depot packages, thus
these cannot be integrated in the image explicitly from the build
directory.
Also, removed special build of report_rom, which is not subject of the
test.
Fixes#4437
* The problem occured only on OKL4, seL4, and L4/Fiasco
* The test used to continue submitting packets regardless of how many were in
flight
* This commit limits the in-flight packets at the Uplink/Nic connections to 40
each
Ref #4419
This commit changes the touch-click filter to adhere the following
sequence:
touch (physical)
press (artifically generated)
release (artificially generated)
release_touch (physical)
This order is important because nitpicker's focus handling takes
press/release events into account. If the release-touch event appears
before the release event, nitpicker subsumes the release-touch event
to the sequence that started with the press event, instead of handling
it as a free-standing event.
Issue #4332
By assigning CPU budgets, base-hw's priorities come into effect.
Even though the chosen values are rather guessed than informed, they
yield a visibly improved responsiveness on the Pinephone.
When committing a new entry, the buffer wrapped if the last entry fit
perfectly into the buffer. Otherwise, the length field of the next entry
was set to 0 to mark the new head. Yet, if there was still some padding but not
enough to hold the length field of another entry, we ended up with a
headless buffer.
genodelabs/genode#4430
Since the head of the buffer is marked by a zero-length entry, we must
only write the length field if a new head was set. Otherwise, the
consumer might already read the new entry and not find the new head as a stop
condition.
genodelabs/genode#4430
When a device got already acquired by a platform session client, do not
return the same capability again, even if the same platform session
client requested it. Therefore, make doubtful behaviour of client components
visible, and do not have to struggle with Platform::Device instances
instantiated multiple times, which care of the lifetime of the device
capability internally.
Fixgenodelabs/genode#4379
Genode code already expects MMU to be disabled when starting the
kernel. It is enabled eventually in Bootstrap::Platform::enable_mmu,
after setting up translation tables. Unfortunately nothing ensures
this is actually the case. If MMU happens to be enabled when entering
the kernel things go downhill pretty fast after we start messing with
TTBR.
This patch ensures MMU is disabled for EL1, EL2, EL3 dependent on the
exception level of the CPU core, which is entering the kernel.
This should allow base-hw to start correctly on Quartz64 A board.
The `lookup_translation` function got introduced and is used only in the
context to proof whether a cache maintainance function can be executed
safely by the kernel. Unfortunately, it did not checked write permissions,
which can lead to permission faults. This commit restricts the lookup
function to only succeed when the target page is writeable. Consequently,
the lookup function gets renamed to `lookup_rw_translation`.
Fixgenodelabs/genode#4348
* Switch from the legacy usb_host driver to the new PC version
in recipes and automated tests
* Update documentation snippets
* Remove outdated, unused usb_rndis run-script
Fixgenodelabs/genode#4416
Do not only report devices, but the current configuration of the driver too,
as long as the `report` node in the configuration states it.
Ref genodelabs/genode#4416
To stay consistent with the configuration of the legacy usb_host_drv
and other components as well, do not report USB devices by default,
but when the following XML node is set within the component's
configuration:
<report devices="yes"/>
Ref genodelabs/genode#4416
The new usb_host driver for PC by default needs more RAM quota in contrast
to the old one. To minor warnings and repeated attempts to open a USB
session from a client, this commit increases the default RAM quota by one
page.
Ref genodelabs/genode#4416
Adds a function to the USB part of the Genode's C API, to enable
usb_host drivers to acknowledge USB request in client's packet buffer
although they are not assigned to an USB device. The requests are
marked with a "no device" error.
This commit fixes a regression originally solved in genodelabs/genode#4149
Ref genodelabs/genode#4416
XML allows attribute values like <node attr="\"/>. The XML parser
wrongly reflects this case as 'Invalid_syntax'. This behavior stems from
the implicit use of the 'end_of_quote' function, which considers the
sequence of '\"' as a quoted '"' rather than the end of a quoted string.
The patch solves this problem by making the 'end_of_quote' part of
the tokenizer's scanner policy.
The patch removes the 'end_of_quote' function from 'util/string.h'
because it is not universal, and to avoid the ambiguity with
'SCANNER_POLICY::end_of_quote'.
Fixes#4431
When a PD owns the right to ask for a RAM dataspace's `dma_addr` it is
concurrently constrained to use allocations of a specific physical RAM area.
This commit further limits this area by removing RAM page frame zero.
Otherwise the return value of `dma_addr` for such a dataspace would be
erroneously interpreted as a fault, because zero is currently the error
return value of `dma_addr`.
Fixgenodelabs/genode#4428
This is a follow-up fix for "mk/ld.mk: trigger kernel-dependent
ld.lib.so build", which alleviates the need to specify the KERNEL at the
build-system command line. Thanks to Piotr Tworek for reporting.
Issue #4320
This patch cuts the superfluous dependency of abi.so files from the
library dependencies of the corresponding lib.so file. ABIs depend
only on symbol files.
Prior this patch, the second step of the following sequence would
wrongly re-build the abi.so file.
arm_v6$ make init
arm_v6$ make init KERNEL=hw
As the KERNEL argument does not affect the ABI, the abi.so should
better not be created twice.
Issue #4408
The Single_file_system now forwards the
`File_io_service::notify_read_ready` method to the
handle as it already did for most of the other methods.
genodelabs/genode#4394
Do not set '_mode' per default to MANANGED. Check if a manual config ROM
is present during construction and set '_mode' to MANUAL in case it is.
issue #4369
This patch works around 'tar' erroring out when faced with an empty list
of files:
tar: Cowardly refusing to create an empty archive
This can happen when using sculpt.run for a scenario with only a runtime
but no deploy or launcher configuration.
Issue #4369
'generate(Xml_node node)', as used by the Sculpt manager, calls this
function instead of the lambda version. The 'report' function of the
'Genode::Reporter' does not throw an exception in case there is not
enough backing storage for the 'generate' request. Therefore, we have to
check this condition in a loop and call '_increase_report_buffer' in
case size limits are reached.
Patch by Norman Feske.
issue #4369
Genode linker does not support .gnu.hash tables so they will never be
used. Tell the linker not to bother producing them. This should reduce
the size of Genode ELF files a tiny bit without loosing anything
important in the process.
Fixes#4423
According to ARM Cortex-A55 Core Technical Reference Manual r1p0 the
lowest 8 bits (Aff0) of MPIDR register represent thread IDs within a
multi-threaded core. The actual core identification bits are in Aff1.
This layout can be identified by checking the MT bit of MPIDR register.
Basically, if MT=1 core id is in Aff1, if MT=0 core id is in Aff0.
Without this change Genode will identify all CPU cores on A55 as primary
(0) core.
Its worth to mention that Cortex-A55 by itself is not a multi-threaded
CPU. Aff0 values are always expected to be 0 for pure A55 cores. A55
cores can however be paired with cores that are multi-threaded. To
support such big.LITTLE CPUs in Genode we'd probably need to add a
different mechanism for mapping MPIDR values to logical, contignous
core IDs which Genode expects.
Ref:
https://developer.arm.com/documentation/100442/0100/register-descriptions/aarch64-system-registers/mpidr-el1--multiprocessor-affinity-register--el1?lang=en
* use netperf omnitest output selectors to acquire more metrics
* remove packet_size argument that was not interpreted by netperf
genodelabs/genode#4427
This does not affect default Genode builds as far as I can tell. There
is always at least one global static CTOR which seems to be coming from
one of the GCC runtime libs bundled in the toolchain. The problem became
visible for me only after I've replated GCC runtime with LLVM based
one. In such setup I often see binaries that do not have any static ctors.
Such binaries end up crashing Genode ld.lib.so.
Make sure the code does handle empty constructors array.
Fixes#4422
Switch the code to 0 lengh array instead. The code in
Lru_cache::element_size calls sizeof on this structure. This works in
gcc, but fails when using clang. Even for GCC however the documentation
states:
"Flexible array members have incomplete type, and so the sizeof operator
may not be applied. As a quirk of the original implementation of
zero-length arrays, sizeof evaluates to zero."
Basically its an implementation quirk that clang does not support. Both
GCC and clang do support zero sized arrays however so using them here
allows both compilers to process this code.
Ref: https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html
Issue #4421
This reference member is not used anywhere in the code. This prompts
clang to complain about it. Eliminate the member and all the plumbing
associated with it to silence the warning.
Issue #4421
Clang really doesn't like char subscripts. I can't say I blame it. Fix
the warning by an explicit cast to unsigned.
include/nitpicker_gfx/tff_font.h:230:53: error:
array subscript is of type 'char' [-Werror,-Wchar-subscripts]
Tff::Vertical_metrics const m = _vertical_metrics['m'];
^~~~
Issue #4421
Clang likes to complain when lambdas capture parameters without
actually using them. This patch fixes a couple of such problems in VFS
related os module code.
Issue #4421
The soft ABI implies purely software floating point implementation.
This is not the case for Genode however. For example core's
exception_vector.S uses vmsr instruction. This builds fine with with
GCC based toolchain, but clang with integrated-as complains:
src/core/spec/arm/exception_vector.S:122:2: error: instruction requires: VFP2
vmsr fpexc, r1
^
Fix this by passing softfp to mfloat-abi command on ARMv7. This allows
usage of FP HW, but implies soft-floating point ABI.
Issue #4421
According to C++11 reference:
"If the strictest (largest) alignas on a declaration is weaker than
the alignment it would have without any alignas specifiers (that is,
weaker than its natural alignment or weaker than alignas on another
declaration of the same object or type), the program is ill-formed:"
https://en.cppreference.com/w/cpp/language/alignas
The code requests 4 byte alignment for Genode::Arm_cpu::Context.
The Context structure inherits Genode::Arm_cpu::Fpu_context which
has minimum alignment requirement of 8 bytes, due to uint64_t d0_d31
member. This makes the 4 byte value in Context's alignas specifier
invalid (smaller than allowed minimum).
Similar situation takes place in Arm_64 case. The claimed minimum
alignment of Context is 8 bytes, but the fpu_state member imposes 16
bytes alignment (explicitly specified in Fpu_state declaration).
In both cases the code builds fine with GCC 8.3.0, but fails with
clang which claims that "requested alignment is less than minimum
alignment of X for type", where X is 8 on ARM and 16 on AArch64.
Ref: https://eel.is/c++draft/dcl.align#5
Issue #4421
This commit contains:
* Minimal Linux kernel target: pc_linux
* Library to generate a Linux build directory, config, generated headers
* API depot package
The actual work was provided by Josef Soentgen.
Ref genodelabs/genode#4416
The official way to obtain DMA addresses for RAM dataspaces is
the RPC function 'Pd_session::dma_addr' now. User-level device drivers
should not call this function directly but use the 'Platform_session'
interface of the platform driver instead.
Fixes#2243
* Creates sessions to all supported services of the black hole component
* Test-drives the Event and Capture session with dummy input
* Adds the test to the default list of depot_autopilot.run
* Test-driving the Audio_in and Audio_out sessions is still missing and should
be added via a dedicated commit
Ref #4419
To make room for the re-newed usb_host_drv basing on Linux 5.14 and
the re-newed lx_kit/lx_emul we have to move the depot recipe and
consistently name the old drivers with a legacy_ prefix.
Ref genodelabs/genode#4416
The x86 platform driver uses a different API than the one for ARM for
which the lx_kit glue code was designed. Since the x86 platform driver
will eventually adopt a similar interface we implement a wrapper that
encapsulates the old interface.
Ref genodelabs/genode#4411
Until now, the lx_emul layer addressed a 5.11 Linux Kernel port,
now that we add new architectures it is better to update the default version
first. There are especially changes in the task_struct code,
and the signature of some functions in the paging subsystem changed.
Ref genodelabs/genode#4411
We use the architecture-specific setjmp/longjmp implementation without
modification in the newer lx_kit implementation as well. There is no
need for a duplication.
Ref genodelabs/genode#4411
In the error case of socket_fs_accept() the Unconfirmed utility was
incompletely applied with the result of executing the cleanup routines
in the wrong order.
Fixes#4417
This patch removes the implicit build of ld-$(KERNEL) by the generic
ld.mk file because the kernel-specific dynamic linker is unreachable
when building a regular binary archive.
Issue #4320
With the kernel-specific build of the dynamic linker triggered
automatically at the build stage, the artificial build step at the
boot-dir stage can be skipped.
Issue #4320
When 'KERNEL' is specified, let the generic (pseudo) target of
lib/mk/ld.mk trigger the build of the actual dynamic linker named after
the used kernel. This way, we become able to remove the magic
linker-build step from the boot-image stage of the run tool.
Issue #4320
This patch applies the existing "privatization" of transitive
shared-library dependencies from static lib dependencies to shared lib
dependencies. It thereby improves the consistency of binaries created in
a regular build directory with binaries created in depot archives.
Issue #4408
This patch makes nitpicker's "clicked" report useful for the detection
of clicks outside of any client. This is needed in situations where the
dialog should close when clicking outside its screen area. In the new
version, a click outside any client results in a report without a
'label' attribute. Furthermore, the report is augmented by the sequence
number of the click, which allows for freshness checks by the consumer of
the report (i.e., sculpt_manager).
Issue #4398
If the buffer contains padding at the end, the iteration must continue
in order to restart iteration from the start of the buffer.
genodelabs/genode#4244
The archive contents are equivalent except the creation date of the
top-level directory.
-drwxr-xr-x guivol/users 0 2021-01-07 12:54 jpeg-9d/
+drwxr-xr-x guivol/users 0 2022-01-04 12:02 jpeg-9d/
Fixes#4406
The functionality of the test-block-client, test-block-server, and
test-block-bench components is now covered by the block_tester
application and the vfs_block server.
Issue #4405
This patch eliminates warnings that occurred as side effect of using the
'Session_policy' utility ("Warning: no policy defined for label...").
The new version uses the 'with_matching_policy' function instead, which
has the nice side effect of simplifying the error handling.
This patch makes the server-side policy-matching logic available outside
the 'Session_policy' class. Given that the new 'with_matching_policy'
function does not throw any exception, it gives server implementations
the freedom to avoid the C++ exception mechanism for the policy handling.
If the platform driver lacks the 'managing_system="yes"' attribute,
requests for DMA addresses return 0. This patch is meant to help
diagnosing such configuration issues.
Issue #2243
This patch enhances the PD-session interface with the support needed for
user-level device drivers performing DMA. Both RPC functions are
intended for the direct use by the platform driver only. If invoked for
PDs that lack the managing-system role, the operations have no effect.
The 'dma_addr()' RPC function allows the platform driver to request the
DMA address of a given RAM dataspace. It is meant to replace the
'Dataspace::phys_addr' RPC function.
The 'attach_dma' RPC function adds the given dataspace to the device
PD's I/O page table. It replaces the former heuristics of marking DMA
buffers as uncached RAM on x86.
With this patch, the UNCACHED attribute of RAM dataspaces is no longer
used to distinguish DMA buffers from regular RAM dataspaces.
Issue #2243
This patch makes Sculpt's leitzentrale GUI able to respond to touch events. It
formerly assumed that click/clack events are always preceded by hover reports
that identify the clicked-on widgets. For touch events, however, the most
up-to-date hover information referred to the previous click because there is no
motion without touching. So the GUI tended to identify the wrong widgets as
click targets.
The patch solved this problem by testing the freshness of the hover information
at the time of the click. If the hover information is older than the click, the
action is deferred until up-to-date hover information becomes available.
Fixes#4398
The new event type allows for the propagation of sequence numbers as a means to
validate the freshness of input handling. E.g., an menu-view-based application
can augment artificial sequence numbers to the stream of motion events supplied
to 'menu_view'. Menu view, in turn, can now report the latest received sequence
number in its hover reports, thereby enabling the application to robustly
correlate hover results with click positions.
Issue #4398
This patch replaces formerly blocking packet-stream operations by
the explicit use of 'wait_and_dispatch_io_signal' for blocking.
It also removes a misleading comment that promised a fire-and-forget
behavior whereas the implementation relied on blocking I/O anyway.
Issue #4390
Errors during IPC receive-and-wait can occur at the server side when
a client is killed. This condition is not an error from the server's
perspective. We used to print a message nevertheless, since the
condition is rather exceptional. However, when printed during the
test-sequence test, the messages interfere with the pattern matching of
the depot_autopilot, flagging the successful test as an error.
The VFS block plugin used to depend on the blocking semantics of the
packet stream's 'get_acked_packet'. This patch replaces this dependency
by the use of 'wait_and_dispatch_one_io_signal'. However, in order to
implement this change, the custom instance of a 'Signal_receiver' had to
be removed as well.
To keep this patch as little invasive as possible, it does not touch the
direct use of the block session's packet stream, which should better be
replaced by the 'Block::Connection::Job' API.
Issue #4390
The zynq_nic_drv follows a zero-copy approach and thus uses the packet
buffers as DMA memory. In order to know when the RX DMA memory can be used
for another packet, a custom ack_avail_handler is needed.
Similarly, packets received from the Uplink session are not copied to a
DMA buffer but to directly passed on as DMA memory. For this purpose,
a a custom packet_avail handler is needed.
genodelabs/genode#4384
The 'read' and 'write' utilities are from a time before the VFS API
as os/vfs.h was available. They rely on the (now removed) blocking
semantics of the packet-stream interface.
The only remaining legitimate use case of the direct interaction with
the file-system session without VFS is the back end of gcov, which needs
a way to exfiltrate the statistical data using a channel that is
independent from the libc or the VFS.
Issue #4390
This patch replaces the direct use of a file-system session via the
'file_system/util.h' helpers by the VFS using the os/vfs.h API. This
makes the component more flexible while removing the dependence from
read and write utilities of file_system/util.h, which happen to rely on
the (now removed) blocking packet-stream semantics.
Issue #4390
This patch replaces the direct interaction with the packet stream of
the block session by the use of the 'Block::Connection::Job' API,
removing the reliance on blocking packet-stream semantics.
Since I/O signals can now occur during 'Backend::submit', the patch
conditions the periodic calls of 'rump_sys_sync' by taking the backend
state into account.
Issue #4390
Since the change "block_tester: limit batching in sequential test", the
sequence test blocks infinitely when encountering a length value smaller
than the block size.
This patch takes precautions against the use of blocking packet-stream
operations like 'submit_packet'.
With the change of issue #4388, the ready-to-submit signals are no
longer implicitly handled. Hence, a call of submit_packet to a
saturated submit queue blocks infinitely.
Issue #4390
Even though the use of the C++ exception mechanism (and the implicit use
of the cxx heap) is not a problem at the server side, this patch
nevertheless replaces the exception-based return-value handling to make
the code consistent with the ipc_call path.
Issue #3612
* use 'Id_space::apply_any' instead of 'for_each' to destroy session local
buffer objects
* save session capability in session because 'cap()' is not valid in
'Session_component' destructor because it was dissolved before calling
'Root::_destruct_session', the cap is necessary to remove owned
buffers from the EP
issue #4380
Do not import a freshly allocated buffer to all contexts eagerly.
Instead check buffer list in context's 'exec_buffer' call and import
only buffers needed and not present before GPU execution. This leads to
improved performance for applications that use many OpenGL contexts
(e.g., VirtualBox 6).
issue #4380
* retrieve Genode::Env from plugin, this way no mesa applications need to
be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.
issue #4380
Implement GLX and X functionality through Mesa's EGL interface. This
requires multiple OpenGL contexts and in turn GEM context support in
libdrm/iris, as implemented in libdrm and intel_gpu_drv.
Update recipes and machine.vbox6 files accordingly,
issue #4380
Retrieve multiple GPU sessions from VFS plugin, take advantage of buffer
import/export functionallity in order to implement gem context support.
Multiple contexts share all GPU buffers, but use different GPU sessions
and thus, differnt page tables and hardware contexts.
issue #4380
Add 'export_buffer'/'import_buffer' calls in order to support buffer
sharing between GPU sessions.
Reduce CAP costs for Gpu::Connection from 256 to 32.
issue #4380
Synchronize GPU completion by calling 'read' of the vfs_gpu plugin. This
enables pthreads to wait for GPU completions instead of the main EP.
issue #4380
When a <gpu> node is present in the VFS, the plugin opens a
Gpu::Connection for each open call to the 'gpu' node and installs a
completion signal handler. A read only to the fd returned only comes
back if a completion signal has been received between two read
transctions to the fd.
For now the Gpu::Connections can be retrieved by calling the
'vfs_gpu_connection(unsigned long id)' function. The id can be obtained
using 'stat' on the 'gpu' device and is located in the inode (st_ino)
field of the stat buffer.
issue #4380
* let iris handle buffer management, this implies that BOs are mapped to
the PPGTT during buffer execution and unmapped by iris later, for this
to work buffers need to be unmapped when allocating cached BOs
(vma_free) which requires a patch
* support lseek (drm_lseek for now) for determining object size
issue #4380
Account RAM and CAP resources for GPU sessions and trigger client
upgrades before allocating resources at the multiplexer. This prevents
the multiplexer from running out of resources.
issue #4380
Imagine receiving the signal for an available TX ack or an available RX packet
at the Uplink connection but a later received signal for a link-state change
(to link state "down") at the same connection is handled first and destructs
the Uplink connection before the handling of the former signals. In this case,
the methods 'Uplink_client_base::_conn_tx_handle_ack_avail' and
'Uplink_client_base::_conn_rx_handle_packet_avail' must be guarded against an
unconstructed '_conn' member, but they weren't so far.
Fixes#4384
So far, the generic Uplink connection code considered NIC drivers to transmit
connection RX packets in three different manners. Most of the drivers follow
the "normal" way of transmission with only one driver callback from generic
code. The monolithic USB NIC-driver, however, used to send in a "burst" mode
that required a dedicated path with multiple driver callbacks in the generic
code. And then there were drivers that had a fully custom function for doing
transmissions.
Also for handling connection TX acks, there was a "normal" and a
"custom handler" way.
Today, all NIC drivers in the Genode repos and the Genode-World repo follow the
"normal" way. Therefor, the unused code can be removed.
Ref #4384
Only parse output of the test programs one-by-one and ignore log
messages from other components not starting with '[init -> test$number]'.
Fixes sporadic failures on KERNEL=sel4 due to the following warning from
core.
Warning: flush page table entries - mapping cache full - PD: init -> test1
To actually receive audio input in a particular VM, it also
needs to be enabled in the vbox file:
<AudioAdapter controller="HDA" driver="OSS" enabled="true"
enabledOut="true" enabledIn="true"/>
Fixes#4377
On some boards or emulators a CPU might be executing in hyp mode
when entering Genode's bootstrap code. In that mode the 'cps' instruction
is not defined. Therefore, we change the way the boot cpu is identified.
Ref #3415
* renamed rpi pic to Bcm2835_pic
* renamed rpi3 pic to Bcm2837_pic
* added bcm2837 control for setting prescaler value (to fix timer_accuracy)
* changed handling of all interrupts for rpi3 by cascading to bcm2835 pic
* rpi3 irq controller base address made consistent with rpi
* added usb controller memory region for pic on rpi3 (for SOF interrupts)
Ref #3415
The socket type (in the lower bits) maybe ORed with SOCK_CLOEXEC and
SOCK_NONBLOCK options (in the higher bits). Currently, supported values
are SOCK_STREAM (1) and SOCK_DGRAM (2), so just take the lower 2 bits.
This fixes treating `SOCK_STREAM` sockets as UDP if additional flags
were set.
Fixes#4370
This patch equips Sculpt with the ability to customize the system image
in very flexible ways.
All customizable aspects of the image have been relocated from the
former sculpt.run script and the accompanied gems/run/sculpt/ directory
to a new location - the sculpt/ directory - which can exist in any
repository. The directory at repos/gems/sculpt/ serves as reference.
The sculpt directory can host any number of <name>-<board>.sculpt files,
each containing a list of ingredients to be incorporated into the
Sculpt system image. The <name> can be specified to the sculpt.run
script. E.g., the following command refers to the 'default-pc.sculpt'
file:
make run/sculpt KERNEL=nova BOARD=pc SCULPT=default
If no 'SCULPT' argument is supplied, the value 'default' is used.
A .sculpt file refers to a selection of files found at various
subdirectries named after their respective purpose. In particular, There
exists a subdirectory for each file in Sculpt's config fs, like
nitpicker, drivers... The .sculpt file selects the alternative to use
by a simple tag-value notation.
drivers: pc
The supported tags are as follows.
*Optional* selection of /config files. If not specified, those files are
omitted, which prompts Sculpt to manage those configurations
automatically or via the Leitzentrale GUI:
fonts
nic_router
event_filter
wifi
runtime
gpu_drv
Selection of mandatory /config files. If not specified, the respective
'default' alternative will be used.
nitpicker
deploy
fb_drv
clipboard
drivers
numlock_remap
leitzentrale
usb
system
ram_fs
Furthermore, the .sculpt file supports the optional selection of
supplemental content such as a set of launchers.
launches: nano3d system_shell
Another type of content are the set of blessed pubkey/download files
used for installing and verifying software on target.
With the new version, it has become possible to supply a depot with the
the system image. The depot content is assembled according to the 'pkg'
attributes found in launcher files and the selected deploy config.
The resulting depot is incorporated into the system image as 'depot.tar'
archive. It can be supplied to the Sculpt system by mounting it into the
ram fs as done by the 'ram_fs/depot' configuration for the ram fs.
It is possible to add additional boot modules to the system image. There
are two options.
build: <list of targets>
This tag prompts the sculpt.run script to build the specified targets
directly using the Genode build system and add the created artifacts
into the system image as boot modules.
import: <list of depot src or pkg archives>
This tag instructs Sculpt to supply the specifid depot-archive content
as boot modules to the system image. This change eliminates the need for
board-specific pkg/sculpt-<board> archives. The board-specific
specializations can now be placed directly into the respective .sculpt
files by using 'import:'.
To make the use of Sculpt as testbed during development more convenient,
the log output of the drivers, leitzentrale, and runtime subsystems
can be redirected to core using the optional 'LOG=core' argument, e.g.,
make run/sculpt KERNEL=linux BOARD=linux LOG=core
The former pkg/sculpt-installation and pkg/sculpt-installation-pc
archives have been replaced by pkg/sculpt_distribution-pc, which
references the generic pkg/sculpt_distribution archive. Those pkgs are
solely used for publishing / distribution purposes.
Fixes#4369
The new function 'build_artifacts' returns a list of artifacts created
by the Genode build system. The list can be supplied as argument to
the 'build_boot_image' function.
Note that the list covers only program targets and shared libraries.
Other artifacts created as side effects of custom rules are not covered.
Fixes#4368
This patch prevents the run tool from issuing 'make' in the build
directory if no build targets are specified, which prompts the build
system to build everything.
If only versioned archives are supplied to a depot function like
'create_tar_from_depot_binaries', the depot/create tool is called
with zero arguments, resulting in a help message. The patch detects
this case and skips the call.
Since unifying the build directories accross architectures, the special
case of the 'linux' platform is no longer needed. Linux can be targeted
from regular CPU-architecture-specific build directories via:
KERNEL=linux BOARD=linux
Fixes#4366
When used by the 'Allocator_avl' the slab allocator's backing store is
dynamically disabled and re-enabled while adding/freeing ranges.
However, during those operations, slab entries can be freed. This,
in turn, can result in the release of a slab block (when the freed slab
entry happens to be the last entry of the block). In this corner case,
'Slab::_release_backing_store' operation has no effect because no
backing-store allocator is set. As a result, the block is no longer
referenced but not physically freed.
The patch fixes the problem by skipping '_free_curr_sb' whenever
no backing store is defined. So the completely empty block remains
in the working set.
Thanks to Peter for reporting and fixing this issue!
Fixes#4367
- Consider 'sdl' as source of input events in the event-filter
configuration as generated by the sculpt manager
- Supply an artificial 'platform_info' ROM as requested by the
sculpt manager to obtain the affinity-space information
- Substitute 'fs_rom' for 'cached_fs_rom' as a workaround for the
lack of support for managed dataspaces on Linux
Fixes#4362
This change keeps the version-controlled 'pubkey' and 'download' files
separate from files generated via depot/create or downloaded via
depot/download. So one can remove the entire depot/ directory without
interfering with git.
Furthermore, depot keys can now be hosted in supplemental repositories
independent from Genode's main repository.
Fixes#4364
Fix some trivial cases where the signedness of the constant value does
not match the signedness of type the code expects to see. GCC can be
asked to warn about those by passing Wsign-covnersion flag.
Issue #4354
This comes up when building the code with clang 13. It happens due to
recently enabled Wconversion warning, which in case of clang also
enables implicit-int-conversion warning. The warning reads:
fs_file_system.h:937:44: error: higher order bits are zeroes after
implicit conversion [-Werror,-Wimplicit-int-conversion]
::File_system::Watch_handle fs_handle { -1U };
~~~~~~~~~ ^~~
This can be fixed by properly specifying fs_handle value to be of
unsigned long type.
Issue #4354
As far as I can tell this is not raised by any released GCC versions.
Clang 13 on the other hand warns about it due to implicit-int-conversion
warning which is automatically enabled together with Wconversion. The
problem is relatively simple, shifting access_t value does not always
produce result which is also of access_t type. For example, if access_t
is uint16_t, shifting it will produce integer result. This can be
observed even with GCC. Building the following C++ example will fail:
#include <type_traits>
#include <stdint.h>
int test() {
uint16_t a = 0xabcd;
static_assert(std::is_same_v<decltype(a<<1), uint16_t>);
return 0;
}
Changing uint16_t in the static_assert to int, will allow the code to
build.
Make such int to access_t implicit conversion explicit to allow the code
to be compiled with both GCC and clang.
Issue #4354
The path for the `nameserver` file was fixed to `/socket/nameserver`.
So, if the socket directory was configured differing from `/socket`, DNS
did not work. Now the default path for the `nameserver` takes into
account the path configured in the `socket` libc config attribute.
Fixes#4318Fixes#4343
Remove '_expected_offset' check on round trip test from RX packet,
because allocators between RX/TX can have different allocation
strategies. Rely on 'pattern' check for RX packets only.
In loopback server alloc size must match actual packet size.
issue #4312
Override 'try_alloc/free' because ethernet frame headers are 14 bytes
(src/dst mac (12) + ethertype (2)) causing the IP header to be 2 byte
aligned, leading to problems on platforms that require load/store
operations to be naturally aligned when reading, for example, 4 byte IP
addresses. Therefore, we align the allocation to 2 bytes, so the IP
header is aligned to 4.
issue #4312
This patch improves the robustness of the CPU-affinity handling.
- The types in base/affinity.h received the accessors
'Location::within(space)' and 'Affinity::valid', which alleviates
the fiddling with coordinates when sanity checking the values,
in init or core.
- The 'Affinity::Location::valid' method got removed because its
meaning was too vague. For sanity checks of affinity configurations,
the new 'within' method is approriate. In cases where only the x,y
values are used for selecting a physical CPU (during thread creation),
the validity check (width*height > 0) was not meaningful anyway.
- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
as argument because a location always relates to the bounds of
a specific space. This function now implements the selection of
whole rows or columns, which has previously a feature of the
sandbox library only.
- Whenever the sandbox library (init) encounters an invalid affinity
configuration, it prints a warning message as a diagnostic aid.
- A new 'Affinity::unrestricted' function constructs an affinity that
covers the whole affinity space. The named functions clarifies
the meaning over the previous use of the default constructor.
- Core's CPU service denies session requests with an invalid
affinity parameter. Previously, it would fall back to an
unrestricted affinity.
Issue #4300
This patch discharges the dependency of Makefile.in from Makefile.am
files whenever both files are present in a downloaded archive.
Being based on make, the trigger of running automake is based on the
timestamps for the extracted archive content. However, since we reset
the timestamps (via 'tar -m') at extraction time, no assumptions about
the timestamp relations between the extracted files can be made. In the
event automake is triggered, we are faced with the tool dependency from
a specific automake version on the host.
The patch enforces the unconditional use the 'Makefile.in' version
supplied by the archive.
Fixes#4350
Instead of using a bitfield for storing rwx and skip boolean value,
take a boolean instead. This fixes a note giv]en by GCC 9.1 about
changes semantics of bitfields given as parameter by value on ARM.
Ref #4344
Similar to other devices allow for selecting a graphics device as
well. This is currently only useful on iMX8-based systems like
iMX8Q-EVK and MNT Reform2 where the driver is explicitly started
from a pkg.
Fixes#4342.
After VirtIO::Queue refactoring buffers no longer share the same
dataspace as VirtIO rings. This makes optimal buffer calculations a lot
easier. In this case 64 buffers 2kB each will need precisely 128kB of
RAM. Previous value of 2016 will just waste 768b.
Fixed#4347
The key changes in this patch are:
* Buffer allocation is moved into a separate Buffer_pool helper. The
implementation of the buffer allocation strategy does not change.
The helper allocates a single RAM dataspace and splits it in multiple,
equally sized chunks.
* Management of main descriptor ring is enacapsulated in Descriptor_ring
helper class.
* Use separate RAM dataspaces for descriptor rings and buffers.
Previously both of them were packed into a single dataspace. This
might have been more RAM efficient, but IMO it made the code uglier and
harder to understand.
* All of the VirtIO::Queue members are now initialized on the class member
initializer list. This is possible due to previously listed changes.
* Since all VirtIO::Queue members are initalized on member initalizer
list, some additional ones can be marked as const, ex _avail, _used ring
pointers.
* Move descriptor writing code into a common method used by both
write_data and write_data_read_reply members. This avoids some code
duplication between those methods.
* Get rid of request_irq argument that most public VirtIO::Queue methods
accept. None of the existing drivers use it and I doubt this will
change any time soon.
* Use Genode namespace by default in Virtio.
This patch also fixes at least one bug that I discovered while working
on VirtIO block device driver. Namely, when chaining descriptors only the
first descriptor in the chain should be exposed in the available ring.
Issue #4347
The const-variant of the data() method contained an erroneous
calculation of the tail size. This led to the size guard throwing
exceptions when trying to parse TCP packets that only contained the
TCP header.
Fixesgenodelabs/genode#4340
Thanks to Piotr Tworek for the fix and his explanation as follows:
The basic idea is to try to fit payload data into the descriptor used to
send the header. If there is no payload, or the payload fits exactly
into the remaining space in the header decriptor, len should be 0 and
only one descriptor should be used. In such case the "next" and "flags"
members of the descriptor structure should be set to 0.
In case there is some extra payload data to send, but its size is
bigger than the remaining free space in the descriptor used to send the
header, len should contain the remaining size of the payload that
can't be sent via the header descriptor. The code will then chain
additional descriptors to handle this remainder.
With the len variable shadowing, the code will never queue the remaining
data.
Issue #4327
Share datastructures for clock, power and reset related configurations
per device. In the generic platform driver component these structures
are kept empty. Driver derivates can fill the clocks settings, power and
reset switches with life. The former Driver::Env gets removed.
Fix#4338
This change of the inner working of the platform driver for ARM allows
clients to have permanent open sessions, as long as a policy node matches
the client. If devices disappear from the policy resp. from the set of
available devices (hotplug), the devices ROM of the session gets updated,
and a corresponding device session gets closed. If the device remains
untouched in the configuration but other devices appeared/disappeared, the
device session is not affected.
Ref #4330
The requested guest-physical memory range may comprise multiple attached
dataspace regions, which must all be detached. This is not required for
the current vbox5 implementation, but for vbox6 as the current API
suggests these semantics.
This commit can be seen as intermediate fix as a real fix should change
the API to prevent long-running detach loops in core that may lock out
requests by other components.
* Only give managing_system permission when all parent nodes of the
corresponding component agree in doing so.
* Move the physical memory constrains heuristic from sandbox library to core
Fix#4335
* Track all caps and ram quotas of the sub-sessions properly
* Release DMA buffers, it is not done implicitely when destroying
the Constrained_ram_allocator
* Do not replenish quota before really releasing memory from
the allocator
Issue #4330
The Session_component must be destroyed before updating the device
model because the Session_component must also release all previously
acquired devices. If the device model is updated before, the devices
might have been removed.
Issue #4330
Pre-allocate all possible type of policy objects as part of the thread meta
state to avoid increased memory consumption due to different policy object
sizes. The cpu_balancer accounts the memory per client and can't forward
potentially occurring out-of-ram exceptions during config-ROM update phases.
Fixes#4333
The commits avoids reading in and allocating memory for all potentially
threads, which are potentially currently not existent (but configured in the
policy beforehand). Instead the policy is read in and evaluated when a thread
is created and policy changes are solely applied to existing/running threads.
By this the commit avoids the increase of memory consumption during the
evaluation of policies during config ROM updates.
Issue #4333
This implements the necessary bits to provide 2D framebuffer support on
top of VirtIO GPU device as implemented in Qemu. I don't know if any
other implementation of this specific device exists.
Compared to the ramfb driver which already exists in Genode Virtio FB driver
has one major benefit. It allows Qemu window to be dynamically resized at
runtime. The driver will treat this as resolution change and act accordingly.
Ramfb driver can currently only use the hardcoded 1024x768 screen size. Changing
screen resolution might not sound like a big deal, but it is rather useful to
run Genode on Qemu in full screen mode.
Some more advanced devices like VirtIO GPU do expect they can receive
responses to VirtIO commands they issue via VirtIO queue. Such responses
are not sent via a separate device writeable queue. Instead the driver
is expected to queue some additional descriptors and buffers which the
device can then use to provide the reply.
This patch adds support for such write-data-read-response opeartion to
Genode VirtIO::Queue implementation. The implementation is pretty simple
and does not support any fancy features like receiving the response
asynchronously. Instead the operation will use caller provided callback
to wait for the device to process the command. Once this callback
returns the write-data-read-response VirtIO::Queue function will invoke
another callback passing received response as argument.
Mesa queries information about the underlying device and this header
denotes the layout of the information. It is also used by the driver
itself to populate the 'info_dataspace'.
Issue #4329.
Since the parts of the 'etnaviv' library are already part of the
'mesa.lib.so' that is normally loaded along-side remove the
duplication here.
Issue #4329.
This filter bridges the gap between a touchscreen driver, which
generates raw touch events and traditional GUI applications that expect
a pointer (absolute motion, press/release of the left mouse button).
Fixes#4332
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.
To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.
Issue #4324
The former use of Pthread conditionals did not cover the corner case of
early wakeups just before halting the CPU. These wakeups were simply
lost which resulted in sporadic halts of about 500 ms (the maximum timeout
of all halts in VirtualBox). RTSEMEVENTMULTI preserves early wakeups
and effectively prevents the CPU from halting.
Additionally, we now wakeup the target CPU on VMMR0_DO_GVMM_SCHED_POLL
and, thus, mimic the behavior of the original implementation slightly
better,
Slightly related to #4313
Since the top-level node of the output ROM is always generated by the
rom_filter, there is no way to pass-through the content of an input ROM
without wrapping in an addition XML node.
genodelabs/genode#4326
The Allocator_avl back end will display diagnostic messages if the
address to be freed is not at the beginning of a block. This happens
regulary when 'struct page' objects are not freed in allocation order.
Issue #4325.
Introduce a method to access the dataspace capability of the underlying
backing store for a memory allocation. This is necessary for drivers
where the memory is managed manually and the capability needs to be
given to a client.
Issue #4325.
Explicitly, adapt to current framebuffer/window size after
initialization finished. This ensures the use of the correct framebuffer
dimensions in scenarios without a window manager.
Thanks to Raphael for the patch.
This patch makes the test less dependent on the rate of state updates by
calculating the upgraded quota from the values found in the state report
instead of simply increasing the '_ram_quota' for each incoming report.
This patch replaces the 'Ram_allocator::alloc' RPC function by a
'try_alloc' function, which reflects errors as 'Attempt' return value
instead of an exception.
Issue #4322
Issue #3612
The new 'update_list_model_from_xml' function template simplifies the
use of the list model utility by alleviating the need for implementing a
custom policy class for each model. Instead, the transformation is done
using a few lambda functions given directly as arguments.
Issue #4317
This patch introduces the lx_emul/pin.h interface that enables GPIO stub
drivers to interact with Genode's Pin_control and IRQ sessions via a
simple C API.
Fixes#4316
The new interfaces are meant to gradually replace the existing
Gpio_session interface.
- Each session refers to a single pin.
- The session types distiguish the direction of the signal as input or
output.
- Pin coordinates can be selected via session labels.
- GPIO interrupts are covered by the regular IRQ session interface.
The interfaces are accompanied by framework utilities and interfaces:
- os/pin_driver.h
- pin_control_session/component.h
- pin_state_session/component.h
These headers relieve GPIO drivers from implementing boilerplate code by
providing device-agnostic portions. The A64 pio driver serves as
reference for using those utilities.
https://github.com/nfeske/genode-allwinner/tree/master/src/drivers/pin/a64Fixes#4315
Always instantiating a network device with id `net0`, removes the need to call
append_qemu_nic_args in run scripts unless we want to add forwarding
rules.
genodelabs/genode#4311
Allow specifying additional qemu arguments for externally supported boards
(e.g. zynq_qemu) by adding a `qemu_args` file in the board-property directory.
The syntax of the qemu_args file is as follows:
- Arguments can appear in a single line or in multiple lines as the
lines will be appended (separated by a whitespace) to the global
qemu_args variable.
- If the line is prepended with a `foobar:` expression. The arguments
are only added if the foobar spec is present.
Note, that a `-m` argument specified in the qemu_args file will
override the arguments provided by the run scripts.
genodelabs/genode#4311
First, the former implementation has only considered the pure numerical
variant of the -m argument. Yet, qemu also allows specifying the amount
of memory by `-m 1G`, `-m size=1G` and more.
Second, the default amount of memory for BOARD=pc was 512M (800M in case of okl4).
Since the depot_autopilot.run also required at least 768M on all
platforms it seems reasonable to take 800M as a default value for BOARD=pc and
thereby remove the special treatment of okl4.
genodelabs/genode#4311
- request FPU state on VM exit in portal config
- transfer FPU state on VM entry
- save fpu state early
Avoid any FPU instructions (for example during base API calls), which
use the FPU and overwrite FPU registers holding the guest vCPU FPU
state.
- don't save fpu state of EP
Issue #4313
The commit avoids the race between checking for the NEM state and the decision
to notify (poke) the NEM backend (nem.cc).
- ever notify about POKE flag for remote vCPU
- check synchronized for NEM state
- store recheck flag and apply on next switch_to_hw
Issue #4313
In the default setting the number of root ports is set to 4. This
also limits the number of USB host devices that may be attached to
the VM. Since the USB webcam shares the slots, that leaves us with
only 3 available USB2 slots to attach USB host devices. Depending on
the use-case that might not be enough.
This commit statically increases the number of ports to 8 each and
adapts the qemu-usb glue-code accordingly.
Many thanks to Raphael for initial investigation and workaround.
Fixes#4310.
Accidentally, the size of IOMEM dataspace got accounted within the
implementation of the platform driver for ARM. Instead we should
only account a bit for the metadata and paging of the I/O memory.
Fix#4307
The custom ack avail handler is required for zero-copy nic drivers (e.g.
the zynq nic driver), which must release the corresponding DMA buffers.
Fixesgenodelabs/genode#4277
This patch adds a missing call of '_handle_decorator_margins' at
construction time. Up to commit "report_rom: versioning and explicit
notification" this problem was masked by an unconditional signal, which
implicitely triggered the call.
Issue #4274Fixes#4306
Now that we have appropriate native driver for them add keyboard and
mouse devices to virt_qemu machine. Make sure qemu exposes those new
devices in modern, VirtIO 1.0 mode. At leasts qemu 5.1.0 still uses
pre 1.0 mode in default setup.
Issue #4282
This component can service Qemu VirtIO mouse, keyboard and tablet
devices. The implementation is based on VirtIO 1.1 device spec. Its
described in section 5.8 "Input Device".
Issue #4282
Those symbols are not satisfied by any code or dependency of libm. As
result calling cprojf function will always crash on Genode. This crash
can be turned into link time error by adding --no-undefined to LD_OPT.
This patch provides the missing symbols by including isninf.c in libm
build.
Fixes#4299
When rebasing my local branch on top of sculpt-21.10 tag I've noticed
two problems.
The code in new_delete.cc does not include new header file. This works
fine with GCC, but fails with clang because std::align_val_t type is
not defined anywhere according to clang. It looks like GCC pulls this
header indirectly somehow.
The second problem can be seen if one disallows undefined symbols in
executables and shared_libraries. This can be seen with both GCC and
clang by adding --no-undefined to LD_OPT. With such change in place core
fails to link due to:
ld.lld: error: undefined symbol: operator delete(void*, std::align_val_t)
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>> thread.o:(Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> referenced by thread.h:448 (/home/tworaz/devel/genode/repos/base-hw/src/core/kernel/thread.h:448)
>>> thread.o:(non-virtual thunk to Kernel::Core_main_thread::~Core_main_thread()) in archive debug/core-hw-virt_qemu.a
>>> did you mean: operator delete(void*, unsigned long, std::align_val_t)
>>> defined in: debug/core-hw-virt_qemu.a(supc++.o)
If the code would somehow manage call such undefined symbol it'd crash.
Since I generally prefer link time failures to runtime crashes I link
all genode binaries with --no-undefined.
To fix this problem just add a dummy implementation of missing delete
operator.
Fixes#4298
Alignas should be placed before the type. Placing it after it works for
GCC, but fails when building the same codee with clang. The error
message is:
reconstructible.h:48:27: error: 'alignas' attribute cannot be applied to types
char _space[sizeof(MT)] alignas(sizeof(addr_t));
^
Issue #4298
Apparently the iris driver does not make use of tiling by the kernel, so
we shortcut the 'SET_TILING' call to keep iris happy with this quickfix.
However, tiling information may get lost, if the iris driver ever calls
'MMAP_GTT' and no fence is configured for the buffer. A follow-up commit
should address this shortcoming in the future.
Issue #4284
- CPU-architecture annotations
- Change order of top-level menu, moving Mesa driver to the end
- Add black_hole, recall_fs, file_fault
- Add usb_webcam, test-capture
- Add audio driver and mixer
- Add vbox6, keeping vbox5-nova-sculpt as fallback
- Remove recall_fs launcher, which is obsolete with the recall_fs pkg
- Replace system_clock by system_clock-pc pkg
Issue #4281
This follow-up commit to "sculpt: avoid flickering of leitzentrale"
allows nitpicker to double-buffer pixels during resize operation on a
screen size of 1920x1200.
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.
Issue #4176
This patch extends the notion of having only one uniquely hovered client
in the presence of held keys.
If motion occurs once a key is pressed (e.g., while dragging), the
receiver of the key sequence observes the motion events. In this case,
we have to submit an artificial leave event to the originally hovered
client so that no more than one client observes itself as being hovered
at the same time. Once the key sequence is finished, the hovering is
updated again, eventually presenting a motion event to the originally
hovered client and a leave event to the receiver of the key sequence.
Issue #4176
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.
Issue #4176
To clearly identify the correct device use the unique device's name
not the type. Otherwise a driver cannot drive several devices of the
same type.
Fix#4297
This commit contains a backport of commit [1] that deals with updating
the event ring dequeue pointer more often to prevent unnecessary
'Event Ring Full' errors.
[1] 'usb: host: xhci: update event ring dequeue pointer on purpose'
(dc0ffbea5729a3abafa577ebfce87f18b79e294b)
Fixes#4296.
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.
Fixes#4295
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:
[init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0
Issue #4281
Use 'StateChange' event to check for machine's 'PowerOff' state, close
Gui connections and submit exit signal to EP which in turns calls exit.
Fixes#4291
The new 'Env::try_session' method mirrors the existing 'Env::session'
without implicitly handling exceptions of the types 'Out_of_ram',
'Out_of_caps', 'Insufficient_ram_quota', and 'Insufficient_cap_quota'.
It enables runtime environments like init to reflect those exceptions to
their children instead of paying the costs of implicit session-quota
upgrades out of the own pocket.
By changing the 'Parent_service' to use 'try_session', this patch fixes
a resource-exhaustion problem of init in Sculpt OS that occurred when
the GPU multiplexer created a large batch of IO_MEM sessions, with each
session requiring a second attempt with the session quota upgraded by
4 KiB.
Issue #3767
This commit removes the report service from the usb_webcam pkg, which
was used to enable or disable the webcam driver. The on/off state is
instead controlled by the presence of a capture client. That is, once a
capture client appears, the webcam driver is started. Vice versa, once
no capture client exists, the webcam driver is removed automatically.
Internally, the detection of presence of a capture client is based on
nitpicker's 'displays' report, which is consumed as input of the
rom_filter, which in turn generates the configuration of a dynamic sub
init.
Fixes#4287
There are some subtle incompatibilities in VirtualBox 6 with settings we
used in version 5. Therefore, the vbox6 package uses machine.vbox6 as
configuration file. An example configuration is provided by the
raw/vbox6 package.
Issue #4281
'Out_of_ram' was so far the only exception a client had to deal with
during buffer managment. Allocating memory, however, does not only
consume RAM quota but CAP quota as well.
This commit tries to mitigate that shortcoming by reflecting the
'Out_of_caps' state back to the client. Furthermore it allows for
resource accounting on certain client allocations, e.g. buffers.
Fixes#4284.
Allocating and mapping buffers not only consumes RAM quota, it consumes
CAP quota as well. Extended the Gpu session to allow for dealing with
that on the client side.
On a side note, the amount of initial CAP quota needed to establish
a connection is increased to cover the current costs of the Intel
GPU multiplexer.
Issue #4284.
The platform driver uses a 'Constrained_ram_allocator' to allocate
meta-data on behave of a client. It uses the PD session as
'Ram_allocator' back end that in return is implemented via the
'Expanding_pd_session_client'.
Whenever the PD client itselft comes into resource shortage it will
ask its parent unconditionally. However, depending on the integration,
such a request may be left unanswered.
This commit introduces a check to prevent that situation from
occurring. In case the platform driver notices the resource shortage
it will reflect that back to the client.
Issue #4284.
By using the cached_fs_rom instead of fs_rom, each client obtains the
same (read-only) copy of the shared library, avoiding a RAM resource
request when running mulitple GPU applications at the same time.
With this patch, Sculpt is able to host at least 3 Mesa applications.
Issue #4263
Issue #4281
This new version of the system_clock pkg does no longer depend on the
presence of an external 'Rtc' service as previously provided by the
Sculpt base system. Instead, it hosts the rtc_drv inside the subsystem.
Because rtc_drv is board-dependent, the system_clock pkg is named
system_clock-pc now.
Issue #4281
Some guests don't handle remote wake up correctly causing devices to
stop functioning. Therefore, we disable the remote wake up bit (5) in
`bmAttributes` of the device configuration descriptor.
Thanks to Peter for the initial fix.
Fixes#4278
ROM clients have to request an initial update of dynamic ROMs explicitly
and should not depend on artificial signals from the ROM session on
signal-handler registration.
Issue #4274
The sequence app should immediately stop the child when it called
parent().exit(). Otherwise, the child will continue execution which
causes a race condition: The child's ld.lib.so will eventually destruct
an Attached_rom_dataspace for the config rom. If sequence destructed the
corresponding service first, we will get an Ipc_error.
genodelabs/genode#4267
Warning!
The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!
The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.
Fixes#4032
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.
Ref #4032
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.
Ref #4032
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.
Ref #4032
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.
Ref #4032
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key
Ref #4032.
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.
Ref #4032
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.
Ref #4032
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.
Ref #4032
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.
Ref #4032
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".
Ref #4032
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.
Ref #4032
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.
Ref #4032
Despite being readable, the files control/extend and control/rekey proclaimed
that they were not when asked. This caused the fs_query tool to not report the
content of the files although it could have.
Ref #4032
Stat calls on the control/extend and control/rekey files returned a bogus file
size that led to an error in the VFS File_content tool. The tool complained
that the size of the file determined while reading the content differs from the
one reported by the stat operation. Now, the stat call will always determine
the actual size of what would be read. However, it isn't guaranteed that this
size doesn't change in the time after the stat operation and before the read
operation.
Ref #4032
The service is loaded dynamically VBoxSharedClipboard.so at runtime. The
VFS configuration mounts the shared object at /VBoxSharedClipboard.so as
the file is checked by contrib code before loading. An init
configuration in pkg/vbox6/runtime illustrates this and how to re-label
the VBoxSharedClipboard.so ROM to its real name
virtualbox6-sharedclipboard.lib.so.
During Windows 10 boot with sequential block requests, the AHCI request
worker finished earlier than the EMT thread signals hEvtProcess and
begins waiting for hEvtProcessAck indefinitely. The timeouts helps to
survive this short phase.
A better solution would use conditional variables, which are not
provided in VirtualBox's runtime.
This patch introduces a C API to be used by input drivers to generate
Genode events. The initial version is limited to multitouch events only.
Fixes#4273
* Use the architecture-dependent minimal alignment for all allocations,
e.g. on ARM it is necessary to have cacheline aligned allocations for DMA
* Remove the allocation functions without alignment from generic API
* Fix a warning
Fix#4268
After a DMA transaction do only invalidate cachelines from the
corresponding DMA buffers if data got transfered from device to
CPU, and not vice versa. Otherwise it might result in data corruption.
Ref #4268
The former implementation did not internally track ROM changes notified
vs. delivered to the client. We adapt the versioning implementation
implemented in dynamic_rom_session.h and enable explicit notification of
the current version.
The feature is used by the clipboard to notify permitted readers of the
clipboard ROM service on focus change via the newly created private
Rom::Module::_notify_permitted_readers() function.
Fixes#4274
The includes for the address-space-ID allocator and the translation table are
usually specific to the CPU in use. Therefore these includes can be moved from
their current location in the board header to the CPU headers. This reduces the
number of decisions a board maintainer has to make if the CPU model he's aiming
for is already available.
This can probably also be applied for other includes in the board headers but I
intentionally leave it for a future commit as I don't have the time to do it
all now.
Ref #4217
For base-hw Core, we used to add quite some hardware-specific include paths
to 'INC_DIR'. Generic code used to include, for instance, '<cpu.h>' and
'<translation_table.h>' using these implicit path resolutions. This commit
removes hardware-specific include paths except for
1) the '<board.h>' include paths (e.g., 'src/core/board/pbxa9'),
2) most architecture-specific include paths (e.g., 'src/core/spec/arm_v7'),
3) include paths that reflect usage of virtualization or ARM Trustzone
(e.g., 'src/core/spec/arm/virtualization').
The first category is kept because, in contrast to the former "spec"-mechanism,
the board variable used for this type of resolution is not deprecated and the
board headers are meant to be the front end of hardware-specific headers
towards generic code which is why they must be available generically via
'<board.h>'.
The second category is kept because it was suggested by other maintainers that
simple arch-dependent headers (like for the declaration of a CPU state) should
not imply the inclusion of the whole '<board.h>' and because the architecture
is given also without the former "spec"-mechanism through the type of the build
directory. I think this is questionable but am fine with it.
The third category is kept because the whole way of saying whether
virtualization resp. ARM Trustzone is used is done in an out-dated manner and
changing it now would blow up this commit a lot and exceed the time that I'm
willing to spend. This category should be subject to a future issue.
Ref #4217
The 'src/core/board/<board>/board.h' header is thought as front end of
hardware-specific headers of a given board towards the generic base-hw Core
code. Therefore it leads to problems (circular includes) if the board.h header
is included from within another hardware-specific header.
If hardware-specific headers access declarations from namespace Board in a
definition, the definition should be moved to a compilation unit that may
include board.h. If hardware-specific headers access declarations from board.h
in a declaration, they should either use the primary declaration from the
original header or, if the declaration must be selected according to the board,
another board-specific header should be introduced to reflect this abstraction.
This is applied by this commit for the current state of base-hw.
Ref #4217
It is not necessary to have a class, an object, and a generic header for the
perfomance counter. The kernel merely enables the counter using cpu registers
('msr' instructions, no MMIO) on arm_v6 and arm_v7 only. Therefore this commit
makes the header arm-specific and replaces class and global static object with
a function for enabling the counter.
Fixes#4217
Let the kernel's driver for the global IRQ controller be a member of the one
Kernel::Main object instead of having it as static variables in the drivers for
the local IRQ controllers. Note that this commit spares out renaming 'Pic' to
'Local_interrupt_controller' which would be more sensible now with the new
'Global_interrupt_controller' class. Furthermore, on ARM boards the commit
doesn't move 'Distributer' stuff to the new global IRQ controller class as they
don't have real data members (only MMIO) and can be instanciated for each CPU
anew. However, the right way would be to instanciate them only once in Main as
well.
Ref #4217
The unmanaged-singleton approach was used in this context only because of the
alignment requirement of the Core main-UTCB. This, however can also be achieved
with the new 'Aligned' utility, allowing the UTCB to be a member of the Core
main-thread object.
Ref #4217
It's sufficient to access the boot info only on kernel initialization time.
Therfore, it can remain completely hidden to the rest of the kernel inside
kernel/main.cc in the initialization function.
Ref #4217
This commit introduces the Kernel::Main class that replaces the former way of
initializing the kernel (former 'kernel_init' function) and calling the C++
kernel entry handler (former 'kernel' function). These two are now
'Main::initialize_and_handle_kernel_entry' and 'Main::handle_kernel_entry'.
Also reading the execution time of the idle threads was already moved to
'Main'. The one static Main instance is meant to successivly replace all the
global static objects of the base-hw kernel with data members of the Main
instance making the data model of the kernel much more comprehensible. The
instance and most of its interface are hidden in kernel/main.cc. There are only
rare cases where parts of the Main interface must be accessible from the
outside. This should be done in the most specific way possible (see main.h)
and, if possible, without handing out references to Main data members or the
Main instance itself.
Ref #4217
Normally, the board header can be found for each supported board under
'src/core/board/<BOARD>/board.h'. This was not the case for the board 'pc'
that was located under 'src/core/spec/x86_64/board.h'. The commit fixes this.
Ref #4217
The class name Core_thread in Kernel for the object of the first thread of
core is too generic as there can be an arbitrary number of threads in core
besides this one. Furthermore, creating a core thread has its own syscall
'new_core_thread' that isn't related in any way to Core_thread. Therefore
this commit introduces the more specific name Core_main_thread as replacement
for Core_thread.
Ref #4217
The function was only still used for reading the execution time of idle threads
of CPUs. Certainly, it is technically fine and more performant to read these
values directly from the kernel objects without doing a syscall. However,
calling cpu_pool() for it provides read and write access to a lot more than
only the execution time values. The interface via which Core directly reads
state of the kernel should be as narrow and specific as possible.
Perspectively, we want to get rid of the cpu_pool() accessor anyway. Therefore
this commit introduces Kernel::read_idle_thread_execution_time(cpu_idx) as
replacement. The function is implemented in kernel code and called by Core in
platform.cc.
Ref #4217
Apparently, there is no need for exposing the data members of Trace_source, so,
we sould better make them private before someone gets the impression that they
are meant to be accessed directly.
Ref #4217
Core used to read the kernel-reserved IRQs from the timer objects in the
kernel's CPU objects and the PIC class (inter-processor IRQ). Besides not
being "good style" to access a kernel object in Core, this becomes a problem
when trying to prevent CPU pool from being accessed via global functions.
As a solution, this commit extends the boot info to also carry an array of all
kernel-reserved IRQs.
Ref #4217
For the constructor of Kernel_object<T> there are two variants. One for the
case that it is called from Core where the kernel object (type T) must be
created via a syscall and one when it is called from within the kernel and the
kernel object can be created directly. Selecting one of these variants was done
using a bool argument to the constructor. However, this implies that the
constructor of Kernel_object<T> and that of T have the same signature in the
variadic arguments, even in the syscall case, although technically it would
then not be necessary.
This becomes a problem as soon as kernel objects created by Core shall receive
additional arguments from the kernel, for instance a reference to the global
CPU pool, and therefore stands in the way when wanting to get rid of global
statics in the kernel. Therefore, this commit introduces two constructors that
are selected through enum arguments:
! Kernel_object(Called_from_kernel, ...);
! Kernel_object(Called_from_core, ...);
Ref #4217
The various mapping methods are modelled after the requirements of
the Intel GPUs or rather the Mesa driver back end.
With upcoming support for other driver back ends, we need to
sequeeze their requirements in as well. For now hijack 'map_buffer'
to provide for specifying the kind of attributes the client needs.
For now all buffers mapped in the GGTT for Intel GPUs are treated
as RW.
Issue #4265.
This call allows for checking if the given execution buffer has been
completed and complements the completion signal. Initially the GPU
multiplexer always sent such a signal when the currently scheduled
execution buffer has been completed. During enablement of the 'iris'
driver it became necessary to properly check of sequence number.
In case of the Intel GPU multiplexer the sequence numbers are
continous, which prompted the greater-than-or-equal check in the
DRM back end. By hidding this implementation detail behind the
interface, GPU drivers are free to deal with sequence numbers any
way they like and allows for polling in the client, where the
completion signal is now more of a progress signal.
Issue #4265.
The current info implementation (as RPC) is limited in a few ways:
* The amount of data that may be transferred is constrained by the
underlying base platform
* Most information never changes during run time but is copied
nonetheless
* The information differs depending on the used GPU device and
in its current implementation only contains Intel GPU specific
details
With this commit the 'info' RPC call is replaced with the
'info_dataspace' call that transfers the capability for the dataspace
containing the information only. This is complemented by a client
local 'attached_info' call that allows for getting typed access to
the information. The layout of the information is moved to its own
and GPU-specific header file, e.g., 'gpu/info_intel.h'
Issue #4265.
Rather than using the dataspace capability directly, let the client
choose its own local identifier that is linked to the underlying
capability.
Fixes#4265.
Right now the warning about failure to forward packet from driver to
uplink RX connection reads:
"exception while trying to forward packet from driverto Uplink
connection TX"
Add missing space between "driver" and "to".
Issue #4264
32KB is a rather small value. The driver can cope with it now, but
it does not perform as well as it should. This visible especially
in scenarions like nic_router_flood where we still often hit
synchronous wait path. Bump the size to 256kB.
Issue #4264
The problem can be seen when running nic_router_flood scenarion on arm
qemu_virt boards. With the amount of data this scenario tries to send
the driver quickly complains it has failed to push data into TX VirtIO
queue. After this warning message is printed nothing really happens and
after a while the test scenario fails.
The fact that we can't write all available data to the device is not
unexpected. VirtIO queue size is slected at initialization time and we
don't change it during driver lifetime. It can be tweaked via driver
config, but this does not change the fact that we'll always be able to
produce more data packets than we have free space in the VirtIO queue.
IMO the expected behavior of the driver in such case should be to:
1. Notify the device there is data to process.
2. Wait for the device to process at least part of it.
3. Retry sending queued packets.
One could expect returning Transmit_result::RETRY from _drv_transmit_pkt
would produce such result. Unfortunately it seems that Uplink_client_base
treats RETRY return value as indication of link being down. It'll retry
sending the packet only after the device notifies it the link is once
again up. This is the reason why nothing happens when running
nic_router_flood on top of virtio_nic driver. The link never goes down
in this case so once we fill the TX VirtIO queue and tell the base class
to retry the send, we'll be stuck waiting for link up change event
which will never arrive.
To fix this problem, when sending a packet to the device fails, do a
synchrnonus TX VirtIO queue flush (tell device there is data to process
and wait until its done with it).
With this fix in place nic_router_flood test scenario passes on both arm
qemu_virt boards.
Issue #4264
The contents of those descriptor rings can be modified by the device.
Mark them as volatile so the compiler does not make any assumptions
about them.
Issue #4264
The former encoding was UTF-8, which works quite well if LC_CTYPE is
ensured to be an UTF-8 codeset (e.g., en_US.UTF-8 or C.UTF-8 . But, if
LC_CTYPE is set to C or latin1 for example, the Tcl regex library enters
an infinite loop because of unexpected characters used as markers
n the strings (e.g., SECTION SIGN U+00A7).
Therefore, the extract tool was converted to latin1 with the following
commands and now works for LC_CTYPE C and UTF-8 codesets.
iconv -f utf-8 -t latin1 tool/dts/extract > /tmp/e
cp /tmp/e tool/dts/extract
This commit contains features and buf fixes:
* Catch errors during resource allocation
* Because Mesa tries to allocate fence (hardware) registers for each
batch buffer execution, do not allocate new fences for buffer objects
that are already fenced
* Add support for global hardware status page. Each context additionally
has a per-process hardware status page, which we used to set the
global hardware status page during Vgpu switch. This was obviously
wrong. There is only one global hardware status page (set once during
initialization) and a distinct per-process page for contexts.
* Write the sequence number of the currently executing batch buffer to
dword 52 of the per-process hardware status page. We use the pipe line
command with QW_WRITE (quad word write), GLOBAL_GTT_IVB disabled
(address space is per-process address space), and STORE_DATA_INDEX
enabled (write goes to offset of hardware status page). This command
used to write to the scratch page. But Linux now uses the first
reserved word of the per-process hardware status page.
* Add Gen9+ WaEnableGapsTsvCreditFix workaround. This sets the "GAPS TSV
Credit fix Enable" bit of the Arbiter control register (GARBCNTLREG)
as described by the documentation this bit should be set by the BIOS
but is not on most Gen9/9.5 platforms. Not setting this bit leads to
random GPU hangs.
* Increase the context size from 20 to 22 pages for Gen9. On Gen8 the
hardware context is 20 pages (1 hardware status page + 19 ring context
register pages). On Gen9 the size of the ring context registers has
increased by two pages to 21 pages or 81.3125 KBytes as the IGD
documentation states.
* The logical ring size in the ring buffer control of the execlist
context has to be programmed with number of pages - 1. So 0 is 1 page.
We programmed the actual number of pages before, leading to ring
buffer execution of NOOPs if page behind our ring buffer was empty or
GPU hangs if there was data on the page.
issue #4260
* Wait for for completion before return from 'execbuffer2'. This makes
buffer execution synchronous.
* Because the Iris driver manages the virtual address space of the GPU
and creates one GEM context for each batch buffer we have to map/unmap
all buffer objects before and after batch buffer execution.
issue #4260
The lx_emul_virt_to_pages implementation initialized the page ref
counter only for the first page, leaving the remaining elements in
uninitialized state. This, in turn, rendered the Linux page_pool (as
used by the emac network driver) ineffective, ultimately leading the a
memory leak. The fix changes the call of 'init_page_count' to take the
loop variable as argument.
Issue #4225
Increased number of trace subjects since the test sporadically fails on
some platforms.
Also added a sanity check to print an error message in case we run into
the same issue again.
Fixesgenodelabs/genode#4261
This patch adds a switch to internal poll function in libssh that
allows to force this function to immediately return without actually
polling for data and in consequence processing this data. This switch
is used to avoid calling callback functions when flushing output
streams which caused locks due to recursive access to internal
ssh_terminal sessions registry.
Issue #4258
This patch allows to replace sftp packet read and write with
completely asynchronous versions needed to properly hook in existing
ssh_terminal implementation.
Issue #4258
Using 'alignas' in declarations might cause GCC to request for an
implementation of 'operator delete(void*, unsigned long, std::align_val_t)'
although it might actually never be called. This commit adds a dummy
implementation to 'cxx/new_delete.cc' that does nothing more than printing an
error to the log that a proper implementation is missing. This approach is
coherent with our treatment of other global delete operators.
Ref #4217
If one has an object X that has a minimum alignment requirement specified
through 'alignas' this requirement is normally inherited by objects that have
object X as member, and by those that have objects as member that have X as
member, and so on... . However, this chain used to get silently interrupted
(dropping the minimum alignment requirement to 8 again) at objects that are
managed with Genode::Reconstructible or Genode::Constructible. In order to fix
this, the commit ensures that Genode::Reconstructible (and therefore also
Genode::Constructible) has at least the minimum alignment requirement (using
'alignas') as the object it manages.
Ref #4217
The NIC router parses, stores and forwards DNS domain names from DHCP replies.
Yet the routers DHCP client used to not request DNS domain-name information on
DHCP requests. This caused DHCP servers to skip this information on their
replies although it was available. This commit fixes the issue by adding the
DNS domain name code to the request parameter list of requests from the routers
DHCP client.
The 'black_hole' component provides dummy implementations of common
session interfaces.
At this time, only the 'Audio_out' session is provided if enabled
in the configuration of the component:
<config>
<audio_out/>
</config>
Issue #3653
* Switch mesa support from DRI to gallium
Supported drivers are
- softpipe (Sebstian Sumpf)
- iris for Intel GPUs (Alexander Boetcher)
- etnaviv for Vivante GPUs (Josef Söntgen)
* Mesa's generated files are placed into 'contrib/mesa-<hash>/generated'
and are cloned per default from a separate Git repo in order to avoid
hash updates upon package build. In case you need to generate files
yourself use
! prepare_port mesa GENERATE_FILES=1
issue #4254
Support for iris and etnvaviv
* entaviv:
- libdrm on FreeBSD is not prepared for !PCI (and libc our is missing
<sys/pciio.h>
- missing <sys/types.h> include in xf86drmMode.c
- etnaviv relies on linux header files - dummy in $(INC_DIR)
- IOCTL FreeBSD ↔ Linux have swapped IO/OUT bit
- O_CLOEXEC differs between FreeBSD ↔ Linux
issue #4254
According to spec the tail pointer points to the next qword instructions
which will be used by the software.
p 1354, Doc Ref # IHD-OS-BDW-Vol 2c-11.15
issue #4254
Superpages (2M, 1G) are not supported by now, but partially copied over code
from base-hw was around. Remove unused register definitions and remove
non-working super page code do avoid confusion.
issue #4254
Size argument of ggtt free range check is ignored, which leads to
overlapping allocations inside, which leads to unavailable IO-MEM exceptions
thrown by core.
issue #4254
Both, trace_logger and vfs_trace had their own trace_buffer.h. This
commit consolidates the existing implementations and provides the
resulting trace_buffer.h at 'include/trace/'. It thereby becomes part of
the trace api archive.
genodelabs/genode#4244
Driver code such as mfd-core.c may pass 0 as argument n to kcalloc,
which eventually results in an allocation size 0.
res = kcalloc(cell->num_resources, sizeof(*res), GFP_KERNEL);
Since 'res' is checked against NULL for success, kmalloc must not return
a NULL pointer in this case. The patch works around this issue by
forcing an allocation size of 1 byte in this case.
Issue #4253
Clock providers such as drivers/clk/sunxi-ng/ccu-sun8i-r.c don't use
regular init calls but declare their init functions via CLK_OF_DECLARE,
which fill the __clk_of_table. Linux populates the table statically by
using special sections declared in the linker script. In contrast, we
populate the table by expanding the macro to global constructor
functions.
The __clk_of_table is then processed by the call of of_clk_init(NULL).
Issue #4253
* Disable trace source and release ownership on subject destruction.
* Note, since the policy module is also destroyed on descruction of the
session component, the traced component must not access the policy
module when acknowledging the disabled state (else: page fault).
Fixesgenodelabs/genode#4247
If the trace subjects are not properly destructed when the TRACE client
disappears, enabled sources will be owned by a non-existing client.
In other words, when a TRACE client disappears all sources owned by the
client must be disabled.
genodelabs/genode#4247
test-trace always passed, although tracing was never enabled because the
trace subject was not within the first 32 subjects.
* increase number of queried subjects
* output error if trace subject was not found
genodelabs/genode#4247
With this commit, the NIC router DHCP client reads out the first DNS domain
name (DHCP option 15) if any from a DHCP reply that generates an IPv4 config
for a domain and stores the name together with the IPv4 config for that domain.
DNS domain names are reported via the new report tag '<dns-domain>' if the
'config' attribute in the config tag '<report>' is set.
Furthermore, the NIC router DHCP server becomes able to obtain a DNS domain
name from another domain that has a DHCP client dynamically (given the config
attribute 'dns_config_from' is set and no static DNS config is given) or
statically from its configuration (new config tag '<dns-domain>') and propagate
this name with DHCP replies (DHCP option 15).
The 'nic_router_dhcp_*' tests are adapted to test the new feautures.
The commit also gets rid of some mirrored files in
'test/nic_router_dhcp/manager'.
Fixes#4246
WARNING: BREAKS CONFIG COMPATIBILITY!
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
How to adjust:
At each occurrence of the 'dns_server_from' attribute in a NIC router
configuration replace the attribute name with 'dns_config_from'. The attribute
value remains unaltered.
DETAILED DESCRIPTION
The new attribute name 'dns_config_from' reflects that also other aspects of
the DNS configuration of the denominated domain are used by the DHCP server
that holds the attribute. This commit is a preparation for forwarding also the
domain name (DHCP option 15) with the mechanism behind the attribute.
Ref #4246
The fact that the IPv4 config was a struct with all data members public was a
mere leftover of an early state of the NIC router. Today, the router
implementation style is to avoid structs and public data members wherever
possible.
This commit slightly changes the behavior of the router regarding log output.
The router used to print malformed IPv4 configurations to the log only if
the 'verbose' config flag was set using this style:
! [my_domain] malformed dynamic IP config: interface 10.0.2.1/24 ...
Now, malformed IPv4 configurations are only printed if the
'verbose_domain_state' config flag is set (like with any IP4v configuration
states) using this style:
! [my_domain] dynamic IP config: malformed (interface 10.0.2.1/24 ...)
Fixes#4242
The NIC router DHCP server used to add an extra option 6 field to DHCP replies
for each DNS server address. This conflicts with RFC #2132 section 3.8 which
states that the addresses should be listed within one option 6 field without
delimiter. The discrepancy is fixed by this commit.
Ref #4242
File size must be the same as the number of bytes that can be read from
the file. Otherwise, this will trigger a `Truncated_during_read`
exception.
Fixesgenodelabs/genode#4240
Via a new configuration attribute, the user can decide whether the router
should answer dropped fragmented IPv4 with an ICMP "destination unreachable"
packet and, if so, which value the ICMP code field of this packet should have.
The default is that the router doesn't send such responses (silently dropping
fragmented IPv4). The behavior is tested by the 'nic_router_ipv4_fragm' test.
Fixes#4236
If the new attribute 'dropped_fragm_ipv4' of the <report> tag in the NIC router
config is set "yes", the router will report the number of packets that were
dropped per interface respectively domain because fragmented IPv4 is not
supported. The default is not to report the counter. The behavior is tested by
the 'nic_router_ipv4_fragm' test.
Ref #4236
The NIC router used to ignore the IPv4 header fields "More fragments" and
"Fragment offset" completely. Therefore higher-level protocols of fragmented
IPv4 were interpreted wrong because each fragment was considered a self-
standing packet, expecting, for instance UDP/TCP headers somewhere inside of
the UDP/TCP data field. Normally, such packets were dropped as soon as the
UDP/TCP checksum check failed because of the misinterpretation. However,
it was also possible for fragmented IPv4 to pass the router although normally
only partially.
IPv4 fragmentation support in the router would introduce some potential
security risks and is presumably not an easy endeavor. So, for now, we settled
on not supporting IPv4 fragmentation. With this commit, the router simply drops
all fragmented IPv4. This is reflected to the log for each fragment as "drop
packet (fragmented IPv4 not supported)" when 'verbose_packet_drop="yes"' is
configured.
The new test 'run/nic_router_ipv4_fragm' is an automated test for this
behavior. The test is added to the autopilot list.
Ref #4236
- remove redundant file system factory
- remove dead code block
The code was guarded by preprocessor directives checking whether the
contrib code define "_USE_MKFS" is 1. As "_USE_MKFS" is not set one
for our port of FAT, the code was never executed and can be removed.
- remove uneffective config attributes
Apparently, the former XML attributes to the plugin 'drive' and
'codepage' had no effect. I tested them in a scenario with the VFS
block server on a disk-image boot-module as back end. Regardless of
the 'drive' value, the block session label was always "0". Regardless
of the 'codepage' value, the FAT on the disk image succeeded to mount
when not using '--codepage' for 'mkfs.fat' and failed to mount when
using '--codepage' to specify a supported but foreign codepage for
'mkfs.fat' (e.g. "720").
Ref #4220
There was one global static constructor:
! namespace Fatfs { static Constructible<Platform> _platform; }
This caused applications that used the lib or the <fatfs> VFS plugin to end up
in an uncaught exception due to Genode::Component complaining that method
'construct' returned without executing pending static constructors if they
didn't call Genode::Env::exec_static_constructors().
As the use of Genode::Env::exec_static_constructors() is discouraged in Genode,
this commit rather moves the '_platform' object to the scope of the
initializing function and introduces a global static pointer to the object that
gets set by the initializing function. Although this prevents the exception, it
is, technically speaking even worse than the former solution as the new pointer
isn't checked for validity in contrast to the 'Constructible' object.
However, so far, I don't see a clean solution to this problem without the need
for Genode::Env::exec_static_constructors().
Fixes#4220
* the GPU multiplexer now offers the platform service to the Intel
framebuffer driver (driver_manager)
* ajdusted drivers_managed-pc to hand out resources to the GPU driver
* adjust quotas
issue #4233
The platform services is intented to be used by dde_linux's intel_fb_drv
in order to initlialize displays.
* implement and announce platform session
* limit accessible GTT and aperture of client to 64 MB
* forward display engine IRQs to platform client
* move all PCI resources to 'Igd::Resources' class in order to make them
accessible by the platform service and the GPU driver
* fix fence register allocation for id zero (return true)
issue #4233
For mesa-21 the client takes care and manages
the virtual address space of the vGPU by itself and the intel/gpu driver
can't add silently a guard page anymore. Move the patch to the drm/ioctl
of the former mesa version.
Issue #4148#4233
_unmap_dataspace_ggtt requires the cap of Ggtt::Mapping (ring_map, ctx_map)
in order to find the right metadata and to free up the ggtt entries. Also the
pte range is removed already if the metadata was found.
Issue #4148#4233
BREAKS CONFIG COMPATIBILITY:
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
HOW TO ADJUST:
At each occurrence of the '<uplink ...>' tag in a NIC router configuration
replace the tag name 'uplink' with 'nic-client'. The rest of the tag stays the
same.
The term "uplink" for network interfaces in the router that have a NIC session
client as back end was introduced in a time when Uplink sessions didn't yet
exist. Now, they do and, although both an uplink and an Uplink session
normally describe a network session between router and network device driver,
they are based on two different service types (NIC and Uplink). This can easily
cause confusion when integrating the router (the <uplink> is not related to
Uplink sessions) or trying to understand its functioning (an 'Uplink' object
has nothing to do with the Uplink service).
Therefore, this commit introduces the more specific term "NIC client" for an
interface that is based on a NIC session requested by the router. This doesn't
imply any semantic changes at the NIC router. However, the commit also brings a
broader update of the router's README and removes the term "downlink" that was
used only in documentation to refer to interfaces backed by a NIC session
provided by the router. The term was only associated with this meaning because
it is the natural counterpart to an uplink. This isn't appropriate anymore as
the terms for interface types have moved to a more technical level.
The commit adjusts all scenarios in the basic Genode repositories properly.
Fixes#4238
An interface that received a signal for a link-state change accessed its
domain reference without assuming that it could not be attached to a domain
at that moment. This caused the NIC router to crash with an uncaught exception
of type 'Net::Pointer<Net::Domain>::Invalid'. The commit adds a catch
directive for this exception resulting in the handler doing nothing if not
attached to any domain.
Fixes#4222
The test script failed during preparation of the on-target execution for
USB Armory with the following error:
! can't read "tz_vmm_block_irq": no such variable
Presumably, the script wasn't run anymore since the introduction of the
'tz_vmm_block_irq' variable for i.MX53 QSB. As we do not have infrastructure
for automated testing of the USB Armory and there seems to be not much
interest in using Genode on this platform, this commit simply removes the
support from the script.
Filtering boards in a run script by specs isn't the right way anymore (the
specs do not exist anymore). Nowadays, we have to use [have_board] instead.
Ref #4229
For unknown reasons, the former 'wget genode.org' call, that was meant to test
network in the Trustzone guest on imx53_qsb_tz, didn't succeed anymore although
the same call succeeded on my Sculpt VM Linux. However, 'ping 1.1.1.1' still
works, so, the script now uses this as test for networking instead.
Fixes#4229
So far, in order to create an ARP reply, the NIC router merely created a copy
of the corresponding ARP request and modified only those values that differ.
This approach has the disadvantage of re-using bad parameters from a broken
request. The specific use-case that made this visible was an early version of
the Pine board network driver that used to forward ARP requests with a greater
size than required. The ARP replies of the router re-used this size and
confused other network nodes with that. In general, the NIC router should
rely on the data of incoming packets the least possible. Therefore, with this
commit, the router creates a new ARP reply from scratch and uses only those
values required from the corresponding ARP request.
Fixes#4235
The former declaration of the IPv4 packet did not only use the questionable
tool of implementation-defined C++ bitsets but also lacked access to flags
"don't fragment" (DF) and "more fragments" (MF). This commit replaces the
C++ bitsets by using the register framework and introduces accessors for the
missing flags.
Ref #4236
This patch lifts the limitation for 32-bit ARM platforms and makes the
parameter --load-fastboot-device optional. If only one device is
present, it can be omitted.
Fixes#4232
This commit introduces a C-API to the Uplink session, as well as to
serve as a Block service. It can be used by drivers ported from
C-only projects, like the Linux kernel, or BSD kernels for instance.
Fix#4226
The re-newed approach currently supports ARM 64-bit only.
It depends on the Platform API of the ARM architecture.
It tries to meet the original semantic of the Linux kernel
functions as far as possible. To achieve this, device drivers
using this library should reference the original Linux kernel
headers at foremost. Only the headers in `src/include/lx_emul/shadow`
have to shadow clone the original ones.
Fix#4225
skb_push() already increases the skb->len by ETH_HLEN, hence adding
ETH_HLEN to the packet_size is redundant.
A too large packet size becomes a problem for large MTUs. With a maximum
MTU of 1500, adding ETH_HLEN twice will lead to a packet size of 1528.
Since this is larger than what we expect for good-old Ethernet (max. 1522),
some clients (e.g. the e1000 model in vbox5) may drop these packets.
Fixesgenodelabs/genode#4228
I discovered thinkbroadband.com requires the User-Agent header field and
rejects requests missing it with HTTP response code 403 "access to the
requested resource is forbidden". Now, fetchurl always adds the
User-Agent header fetchurl/LIBCURL_VERSION.
Also the error message now contains the HTTP response code.
This patch replaces the enumeration of boards in the drivers_nic_pkg and
drivers_interactive_pkg functions by inferring the package names from
the [board] name. This eases the addition of driver packages in external
repositories.
Fixes#4221
The symlink implementation wrongly constructed a 'Sync' object within
the context of a monitor call. The 'Sync' constructor indirectly
depended on libc I/O for obtaining the current time, ultimately
resulting in a nested attempt of a monitor call. This could be
reproduced via the base.run script:
$ cd /home
$ ln -s a b
The 'ln' command resulted in the following log message:
[init -> /bin/bash -> 7] Error: deadlock ahead, mutex=0x10ff8c70, return ip=0x500583a7
The patch fixes the problem by splitting the single monitor call into
two monitor calls and moving the construction of the 'Sync' object
in-between both monitor calls, thereby executing the constructor at the
libc application level.
Fixes#4219
Building the elfloader in kernel-sel4.inc has a problem with Genodes CCACHE
make variable. When issuing ...
! ./tool/depot/create mstein/bin/*/base-sel4-* CCACHE=yes
..., building the elfloader used to consume all memory of the host system and
then run into a segmentation fault:
! make[6]: *** [elfloader/elfloader.o] Segmentation fault (core dumped)
This is because the other build system invokes the CCACHE variable as a command
in front of the compiler command. If CCACHE is set to 'yes', the 'yes' command
is called and produces an endless output into some output file. The problem
can be fixed by locally re-setting the CCACHE variable for the
'make ... elfloader' command to 'ccache' (Genode CCACHE==yes) or '' (Genode
CCACHE!=yes).
Fixes#4212
The depot tool 'build_bin_archive' used to ask only whether CCACHE is empty or
not and, if it wasn't empty, the tool added 'CCACHE := yes' to the build.conf
of the temporary build dir. This caused the sub-build processes to use ccache
even when the top-level CCACHE variable was set to a bogus value.
Also adds documentation of the CCACHE variable to the help message of the
'build' and 'build_bin_archive' tool.
Ref #4212
Adds try-catch-statement with diagnostic errors in Dhcp_server::free_ip in
order to guard against exceptions from the underlying bit allocator. These
exceptions should never happen given that the router is programmed correctly
and always feeds Dhcp_server::free_ip with sane arguments (which it should).
However, should this not be the case, we can assume that the failed IP freeing
indicates that the IP isn't allocated anyway and it's fine to continue using
the router. Furthermore, IP allocations are a mere client service and not
relevant for the integrity or safety of the router.
Ref #4200
When Interface::handle_config_3 (third step of applying a new configuration to
interfaces) tried to detach the interface from the current IP config because
the old and new IP config differed, it did so using the new domain. The former
steps of the reconfiguration already installed the new domain reference at the
interface. Therefore, also the DHCP server of the new domain was used. This,
however caused uncaught exceptions because detaching from an IP config
includes dissolving all DHCP allocations. This dissolving of DHCP allocations
now operated on a DHCP server (the one of the new domain) that wasn't related
to the allocations and, in the worst case, caused an uncaught exception
because the IPs were out of its range.
That said, this commit ensures that detaching an interface from an IP config
is always done on the domain from which the IP config originated. Normally,
this is the domain the interface is attached to. But in the case of
Interface::handle_config_3, it is another - the former domain the interface
was attached to.
The commit also adapts the nic_router_dhcp_* tests in a way that they
reconfigure the router in a way that would trigger the uncaught exception
without the fix.
Fixes#4200
Introduce two new cache maintainance functions:
* cache_clean_invalidate_data
* cache_invalidate_data
used to flush or invalidate data-cache lines.
Both functions are typically empty, accept for the ARM architecture.
The commit provides implementations for the base-hw kernel, and Fiasco.OC.
Fixes#4207
The implementation conflicted with the implicit declaration of bzero:
.../repos/dde_bsd/src/lib/audio/mem.cc: In function ‘void bzero(void*, size_t)’:
.../repos/dde_bsd/src/lib/audio/mem.cc:377:2: warning: ‘nonnull’ argument ‘b’ compared to NULL [-Wnonnull-compare]
Adapts Dir_file_system::open_composite_dirs in a way that it returns "success"
when the leaf node of the path is an empty directory but "lookup failed", as
usual, if one of the other directories on the way to the leaf node is empty.
I couldn't find a technical reason why we used to return "lookup failed" when
only the leaf node was empty.
The commit also adds a test for en empty root directory and empty
sub-directories to the fs_query run script.
Fixes#4198
The fs_query component used to exit with an uncaught exception if a queried
directory didn't exist. Now, fs_query will catch this event and simply skip the
affected query, thereby indicating to the user the inexistence of the
queried directory.
Ref #4032
This patch adjusts the 'extract_initcall_order' utility to the changed
initcall symbol syntax introduced in Linux by the following commit:
https://github.com/torvalds/linux/commit/a8cccdd9
It uses an additional sed step to strip away the kmod prefix,
__COUNTER__, and __LINE__ information so that the symbol names match
those of earlier kernel versions.
Issue #4188
This patch enables the tool/dde_linux/create_dummies tool to operate on
a out-of-tree build directory. The Linux source tree is determined by
examining the build directory's Makefile.
Issue #4188
- Patch the XHCI model in order to handle frame wrapping correctly. For
this adjust 'mfindex_kick' to the correct period (same, before, or after
'mfindex').
- Flush EP when it is stopped, this causes all pending packets for the EP
to be acked. Correct counting of packets in flight.
- Add BEI patch by Josef.
issue #4196
- API packages for: libusb, libuvc, and libyuv
- Source packages for: API packages + USB webcam app
- Meta package for USB webcam
- Raw package for USB webcam configuration
issue #4196
Unfortunately, our current implementation of 'wmb()' doesn't seem to do what we
want it to do. On base-hw + imx6q_sabrelite, the write of bdp->cbd_sc seems to
get re-ordered after the write to txq->bd.reg_desc_active in the transmission
path of the contrib code. Due to this, the transmission of the packet is only
triggered the next time a packet is sent. However, we only quick-fix it by
enforcing the execution of the write with a volatile global read as we will
soon update the FEC NIC port with a new DDE approach anyway.
Fixes#4010
In ROM mode the global CapsLock state is controlled by the capslock ROM
by virtual KEY_CAPSLOCK events.
Guests are easily confused by spurious KEY_CAPSLOCK input events in
caps="rom" mode. These spurious events may reach the VMM if KEY_CAPSLOCK
is not pressed as first key in a combination and, therefore, is not
filtered as global key. We filter KEY_CAPSLOCK in ROM mode in the VMM
explicitly, but let it pass in non-ROM mode.
Per default RAW mode is used and CapsLock key events are sent unfiltered
to the guest.
Enable watching files via the inotify interface of the Linux Kernel.
Delivery of watches to components is staggered in order to prevent an
overflow of the ACK queue in cases when a lot of changes are made to the
file system from the Linux side.
Fixes#4070
Guests are easily confused by spurious KEY_CAPSLOCK input events in
caps="rom" mode. These spurious events may reach the VMM if KEY_CAPSLOCK
is not pressed as first key in a combination and, therefore, is not
filtered as global key. Now, we filter KEY_CAPSLOCK in ROM mode in the
VMM explicitly, but let it pass in non-ROM mode.
Fixes#4087
Because qemu-usb allocated host devices after 'USB_HOST_DEVICE' in the
object array and 'USB_WEBCAM' is loacated after 'USB_HOST_DEVICE' the
webcam model can overwrite an already allocated pass-through device. As
a solution add the 'USB_FIRST_FREE' to make it clear from where host
devices can be allocated. Also increase the number of supported host
devices to eight.
fixes#4182
If no window has ever been focused, next() always returns an invalid
window id. As a consequence, there is no way to cycle through the focus
history without an explicit focus event (e.g. mouse hover).
Instead, next() should return the first window from the focus history if the
currently focused window is not present.
Fixesgenodelabs/genode#4164
The wpa_supplicant refuses to set the BSSID in case it is quoted.
Removing the quotes allows for specifying the BSSID in the
configuration.
Fixes#4175.
The new tool `extract_initcall_order` generates a header file out of a
Linux kernel build, which provides a sorted array with the initcall function
names of the kernel build. The order states the order in which the initcall
have to be called. It gets extrated out of the Linux kernel System.map.
Fixes#4172
A reset domain can consist of one or several reset-pins
denoted by name that are assigned to a device.
When the device gets acquired via the Platform RPC API,
the pins are de-asserted, and asserted again when the
device gets released.
A configuration looks like the following:
<device name="mipi_dsi>
<reset-domain name="mipi_dsi_pclk"/>
...
</device>
Fixes#4171
Introduces the notion of a transaction that consists of one or more
messages. Whereby a message has a read or write direction and consists
of one or more bytes.
Issue #4170Fixes#4169
Report via platform_info the capabilities of the kernel, e.g. ACPI and MSI.
With the commit the try-catch pattern on IRQ session creation by the platform
driver is avoided.
Issue #4016
- Do not perform desctruction on report updatea in EP because
'unregister_device' may block on Led state 'update' (synchronous
control message) leading to the driver being stuck because no more
signals are received
- Check if device is present in 'submit_urb' calls
fixes#4166
- Signal device ready depending on state (ready or not) immediately or
when "actconfig" is set
- Report new devices when ready
- Drain packet stream in case there is no device present (needed for
synchronous operations at client side)
- Do not use 'session_device' on device destruction, check pointer
directly instead
issue #4149
Adds the <new-file> operation to the fs_tool. When configured, the
<new-file path="...">...</new-file> tag will cause creation or overwriting of
the file given through the 'path' attribute. The file will contain the text
content of the tag.
Ref #4032
This patch moves the utility from the app/text_area to os/vfs.h to make
it easier to use by other components. By hosting the 'New_file' as a
friend alongside the 'Directory', we can now pass a 'Directory' as
constructor argument, which is consistent with other utilities such as
'File_content'.
As a further improvement, the new version supports the implicit creation
of the directory hierarchy leading to the new file.
Issue #4032
Mapping normal memory bufferable restores support for unaligned reads on
DMA memory and prevents the following errors on imx6q_sabrelite.
KERNEL0: alignment error at 18003061 (PC: 0102e3f8, SP: 401ffb18, FSR: 90000001, PSR: 20000110)
Issue #4094
Issue #4157
By adding an attribute 'size="yes"' to a query, one instructs fs_query to
report also the size of each queried file as attribute 'size' of the
corresponding 'file' node.
Ref #4032
The fs_query component used to try watching all files it found resulting in
errors on files that are not watchable. For some files, however, the watch-
feature doesn't make sense as they are not readable (no content, no size).
Now, fs_query will check first whether a file is readable and skip watching
if it isn't.
Ref #4032
When configuring fs_query to print the content of files it used to try so for
all files it found resulting in errors on files that are not readable. Now,
fs_query will check first whether a file is readable and skip printing the
content of those that are not.
Ref #4032
Managing ssh event file descriptors was performed from two different
threads which could cause reallocation of structure used in other thread
in a call to 'poll' function.
Splitted initialization to parts and moved ssh event part into ssh loop.
Issue #4095
Moved creating ssh loop thread after initialization of wake up server
file descriptors to make sure that they will be properly handled even in
first loop run.
Issue #4095
The new tool `create_dummies` easily lists missing references,
while porting subsystems of the Linux kernel to Genode, e.g., device drivers.
Moreover it can automatically generate dummy implementations for functions
and global variables.
Fixes#4156
After update of stdcxx, either hardware (CPU) random sources are taken
or, if not available/insufficient, /dev/urandom is used.
Issue #3967
Issue #4094
For fs_file_systems, reads are limited to the size of the packets from the
File_system session. Hence, we cannot read the large files in one go.
This fix is particularly helpful for fonts_fs, as it enables including font
files from a File_system.
genodelabs/genode#4135
Comment in Linux sources:
Since an ethernet header is 14 bytes network drivers often end up with
the IP header at an unaligned offset. The IP header can be aligned by
shifting the start of the packet by 2 bytes. Drivers should do this
with:
skb_reserve(skb, NET_IP_ALIGN);
This is ensured when using netdev_alloc_skb_ip_align().
Issue #4094
This patch takes advantage of block transfer interrupts on Intel XHCI
controllers which is used during isochronous transfers. Because of a bug
in hardware (see usb_host_isoc_bei.patch header), this feature has been
disabled for Intel leading to up to 8000 interrupts/s for isochronous
transfer causing severe CPU consumption on Genode. With this commit we
lower host driver consumption to normal levels.
issue #4149
A Lx::Task is now associated to a USB device not the session any more.
This implies that a task lives as long as the device making it possible
to gracefully handle outstanding requests (i.e., synchronous) in case
the session has been closed.
issue #4149
The old port version contained '*.ali' files that were build with an older GCC
which led to problems when compiling packages that use the port with the new
GCC 10. The '*.ali' files of the new port version were generated with GCC 10.
Fixes#4145
When loading shared libraries via the 'Shared_object' interface display
all additionaly loaded libraries in case 'ld_verbose' is configured. Up
until now, only the loaded library was displayed. In order to determine
if a dependend library had arlready been loaded prior to loading the
'Shared_object' the reference counter is used.
fixes#4147
We used to export 'LC_COLLATE=C' for the environment of Genode tools. This was
meant to ensure that sorting is always done C-style and not dependent on the
users locale settings. This is required, for instance, to ensure that the same
archive always yields the same hash.
However, 'export LC_COLLATE=C' is not sufficient. It can be outruled by an
'LC_ALL' setting in the users environment. The manual of 'sort' recommends to
set 'LC_ALL=C' locally if you want reliable results and this is what this
commit does. Furthermore it removes the former 'export LC_COLLATE=C'
directives.
Note that I couldn't find a way to set 'LC_ALL' local to 'exec ... sort' in
TCL. This is why I set it global instead using TCLs 'env' array.
Note that the Make directive '$(sort ...)' and the TCL directive 'lsort',
unlike the Shell directive 'sort', are not affected by the users locale
settings.
Fixes#4144
The default size is on most kernels 512M. On OKL4 we have to use 800M,
because of the statically configured memory ranges in the OKL4 kernel.
By avoiding a specific amount of memory, the default Qemu memory sizes are
used.
Issue #4095
Revert GNU ld to the old behavior where sections with the same name in multiple
ld scripts are merged. Binutils 2.36.1 creates two sections with the same name.
Fixes#4126
Download gmp, mpc and mpfr with the download script provided by the
gcc source tree and let the gcc build system handle the build of these
libraries with the correct compile options. This fixes build issues on
armhf Linux and removes the need to maintain mpc and mpfr ports in
the Genode tree.
Issue #4094
The 'gprbuild' version which is provided by Ubuntu 18.04 has a bug
which prevents it from building 'ali2dep' with gcc/gnat 10. With
this commit, a newer 'gprbuild' version is built from source.
Issue #4094
This patch fixes a GCC-10 compile error. Even though the optimization
was quite effective - I measured a speedup of factor 2 - it is not all
that important for the overall application performance. In the nano3d
case, we are talking about 1 vs. 2 percent of CPU time.
Fixes#4140
The kernel-agnostic 'Trace::timestamp' function for arm_64 executes the
'mrs %0, pmccntr_el0' instruction, which is not permitted for user-level
programs on Linux. This patch shadows the generic timestamp.h header
with dummy that returns zero. This return value prompts the timeout
framework to disable the interpolation of time based on timestamps. This
avoid the illegal-instruction abort but comes with two llimitations:
First, time measurements are effectlively limited to a granulariry of 1
millisecond (deliberately constrained by the timer driver).
The quirk is applied when using the base-linux API. Should a generic
application (that uses the base API only) call 'Trace::timestamp'
directly, the illegal instruction is executed.
Issue #4136
This patch adds support for running Genode/Linux on the AARCH64
architecture.
- The kernel-agnostic startup code (crt0) had to be extended to
capture the initial stack pointer, which the Linux kernel uses
to pass the process environment. This is in line with the
existing startup code for x86_32 and x86_64.
- The link order of the host libraries linked to lx_hybrid
programs had to be adjusted such that libgcc appears at last
because the other libraries depend on symbols provided by
libgcc.
- When using AARCH64 Linux as host, one can execute run scripts
via 'make run/<script> KERNEL=linux BOARD=linux' now.
Issue #4136
When a DHCP packet is printed out, it first tries to determine the most
specific message type from the DHCP options and print its human-readable name
right after the protocol name. If finding the message type fails, the less
specific opcode is printed instead, but also in a human-readable way.
Fixes#4131
By moving core's build-description to a library - a pattern already
employed for the other base platforms - we become able to cleanly split
x86-specific code (I/O-port access) from generic code. This is a
prerequisite for enabling non-x86 architectures such as AARCH64.
Issue #4136
This new runscript demonstrates how a file can be overwritten by vfs
import with the flag overwrite set to false. This is due to a bug
in lx_fs that is not propagating an ernno EEXIST syscall error.
Issue genodelabs#4104
This commit introduces a fix for lx_fs to propagate errno EEXIST error.
This prevents vfs <import overwrite="false"> to overwrite an imported
file, if it already exists, without the overwrite flag set to true.
Issue genodelabs#4104
The former implementation called 'TRACE_AND_STOP' which led to the
'usb_host_drv' to stop whenever such a function was called. Rather
than stopping return '0' and let the contrib code deal with this
situation.
Issue #4116.
This commit backports the Linux upstream commit (d4a6106) [*]
that introduces a check to prevent the sglist from being used
unconditionally.
[*] 'xhci: fix bounce buffer usage for non-sg list case'
Fixes#4116.
Unconditionally setting MAKEFLAGS to just 's' is not nice because other
flags cannot be passed through the run script. What the script desires
is to disable the automatically enabled '--print-directory' for sub-make
instances when calling tool/port/current by declaring
'--no-print-directory'.
Until now, Genode's Linux system call bindings were based on original
Unix system calls that were later superseded by more flexibile variants.
E.g., 'openat' is a modern version of 'open'. Even though Linux upholds
the compatiblity with the original versions for existing architectures
like x86, the legacy syscalls are absent for the recently added AARCH64
architecture. A good overview of the system calls accross the prominent
architectures can be found at
https://chromium.googlesource.com/chromiumos/docs/+/master/constants/syscalls.md
This patch updates Genode's syscall bindings to avoid legacy versions,
thereby easing the support for AARCH64. The used "modern" versions
were introduced back in Linux version 2 days. So we are fine to rely
on them.
The patch slightly changes the signature for lx_stat because this system
call is merely used to check for the existance of a file and its size.
The new name 'lx_stat_size' draws a closer connection to its use case.
That said, the stat syscall has not been updated to the modern statx
since statx is still a fairly recent addition.
Issue #4136
This patch simplifies the use of the clone system call for creating
processes and threads. Until now, the binding used an opaque pointer
argument to pass context information to the newly created process or
thread. However, upon close inspection, this is not a strict
requirement.
A newly created thread accesses its contextual information by
using its stack pointer as key. The pointer argument is not used.
The creation of processes is strictly serialized because the
intermediate stack used in-between clone and execve is a global
variable. Since we rely on the serialization anyway, we can pass the
context information of a new process via a global variable as well.
This change simplifies the syscall binding for the upcoming AARCH64
support, which would otherwise require us to deal with the notion
of TLS on Linux.
Issue #4136
With the update to GCC 10, the compiler stopped with an error when compiling
places where a MAC address is copied from outside into a packed object using
the Net::Netaddress::copy method (e.g. in
Net::Arp_packet::dst_mac(Mac_address)):
! error: writing 6 bytes into a region of size 4 [-Werror=stringop-overflow=]
While trying to find a clean solution for this error, I found posts on
gcc.gnu.org and github that stated that the size calculations that cause these
errors are incorrect. Indeed, I could verify that the actual size of the two
regions was static and exactly the same in places were the error occured.
Furthermore, I couldn't find a way of making it more clear to the compiler
that the sizes are the same. By accident, we found that using the address of
the first element of the array that forms the second region instead of the
array address itself, somehow circumvents the error.
Fixes#4109
With the update to GCC 10 the compiler used to warn when using the internet
checksum functions on packet classes (like in
Net::Ipv4_packet::update_checksum):
warning: converting a packed ‘Net::[PACKET_CLASS]’ pointer
(alignment 1) to a ‘const uint16_t’ {aka ‘const short
unsigned int’} pointer (alignment 2) may result in an
unaligned pointer value
Apparently, the 'packed' attribute normally used on packet classes sets the
alignment of the packet class to 1. However, for the purpose of the
internet-checksum functions, we can assume that the packet data has no
alignment. This is expressed by casting the packet-object pointer to a pointer
of the new packed helper struct 'Packed_uint16' that contains only a single
uint16_t member before handing it over to the checksum function (instead of
casting it to a uint16_t pointer).
Ref #4109
The NAT feature of the NIC router used to prefer re-using source ports that
have been freed recently. From an external server's perspective, if a client
dies and restarts, chances are high that the new connect arrives with the same
source-IP/source-port as the old connection. The server has to forcefully reset
the connection. If that happens a lot, the server may even start to ignore
further connections from this IP/port combination for a while as a mitigation.
This patch adds a continuous counter feature that makes sure that every new
port allocation will increment and result in a port that hasn't been used for a
long time.
The NAT feature of the nic_router is now more in line with RFC 6056 chapter 4.
Ref #4086
pthread.0 acquires a write buffer mutex and calls potentially
blocking fs operations. The EP thread handles session requests and tries to
acquire the same write buffer lock. IO progress events for pthread.0 are
handled by the EP thread, which however is blocking on the write buffer mutex.
The commit uses two write buffers, one which is filled by the EP and a second
which is used by pthread.0. The two buffers are swapped protected by a mutex
without invoking blocking fs operations.
Issue #4095
The exec_terminal generates a config report which is used as input ROM for
sandbox/init, which does not support an "<empty>" node.
An empty config node is empty, without an node.
Issue #4095
Was still using the event_filter.config from drivers_interactive-pc
although a dedicated file is present in the raw archive.
The fix is just for consistency reasons, as sculpt manager is generating the
event_filter.config anyway.
KEY_UNKNOWN is a collective symbols for all unknown keycodes.
Remapping thus requires iterating through all corresponding codes
instead of only applying the policy to the first match.
Issue genodelabs#4069
This patch increases the RAM quota of the top-level nitpicker instance
to 12 MiB so that resize operations can be buffered for resolutions up
to 2560x1080. It mutes diagnostic messages of the form "Warning: Gui
(...) not enough RAM to preserve buffer content during resize" and
improves the window-resize experience.
With this patch, the user is able to re-gain access to the inspect view
by toggling the inspect button of a file system unrelated to the failed
USB storage device.
Fixes#4090
Issue #3967
triggers using -O0 with test-libc_integration:
libc_integration/main.cc:146: undefined reference to `std::istream::operator>>(unsigned long&)'
contrib/stdcxx-80f380143250d4f951433876698b54fdac32b95f/include/stdcxx/std/thread:67: undefined reference to `vtable for std:🧵:_State'
Introduce a new _overflowed state variable to indicate whether the
horizontal boundary was reached already and to omit subsequent character
output.
This state is necessary to maintain a valid cursor position at all
times. The _overflowed attribute is reset once the cursor is moved into
a valid position again.
To harmonise the bounds checking for _cursor_pos modifications, the
`constrain()` method was added.
Fixesgenodelabs/genode#4093
Also fixes a bug in `vpa()` and `vpb()` which moved the cursor
horizontally instead of vertically.
The direct execution of application-level code by a watch handler is
troublesome because those handlers are executed at the I/O signal level.
In the concrete case, the watch handler got recursively called because
the handler called _handle_config (application-code), which called the
VFS, which in turn performed a wait_and_dispatch_one_io_signal, which
again invoked the watch handler.
The patch works around the problem by letting the watch notification
trigger the application-level signal for the _config_handler.
Fixes#4091
I created a test program which stresses the interplay between libc,
pthreads and vfs_pipe and may detect regressions.
The program starts a thread that spawns a bunch of workers, sends and
receives data to them through a pipe. When all data of a worker is
collected, the worker is finished (join()) and a new worker is started.
Both the number of bytes sent to the worker and the size of its
answer are random.
Issue #3967
* The device XML information dataspace is only provided,
when the client's policy states `info="yes"`
* The device XM information gets changed to include the
physical resource names (I/O memory and IRQ addresses)
instead of virtual ids and page offset
Fix#4077
As linux drivers may distinguish device configuration by pci subdevice id in
addition to the pci device id, the former must also be used for finding the
matching entry. Otherwise, e.g., the iwlwifi driver might load the wrong
firmware.
Side note: Add break statement to save superfluous iterations after
match was identified.
Fixes genodelabs#4076
This is a follow-up fix for "Streamline platform-device API on ARM".
There is an ambiguity of the 'local_addr' method between the inherited
'Attached_dataspace' and the local declaration, which results in the
double application of the sub-page Range::start.
Issue #4075
This compilation unit contains a global constructor, which violates our
assumption that the libc is free of global constructors on ARMv7.
Specifically, the graphical terminal fails with the following message:
[init -> terminal] Error: Component::construct() returned without executing
pending static constructors (fix by calling
Genode::Env::exec_static_constructors())
[init -> terminal] Error: Uncaught exception of type 'Linker::Fatal'
In this case, the libc-less terminal uses the VFS. The VFS mounts the
ttf VFS plugin. The ttf VFS plugin depends on the libc.
The compilation unit 'arm_initfini.c' can safely be excluded because it
merely initializes the global '_libc_arm_fpu_present' variable, which
is not used by the current version of our libc/libm.
Fixes#4080
This API rework eases the access to memory-mapped I/O registers and
interrupts when using the platform driver. It introduces the notions of
- Platform::Device - one device obtained from a platform session
- Platform::Device::Mmio - locally-mapped MMIO registers of a device
- Platform::Device::Irq - interface for receiving device interrupts
The patch touches several drivers. Some drivers would require a
significant structural change to adopt the new API (e.g., net/virtio,
dde_linux drivers, imx gpio). In these cases, the patch adds
compatibility shims meant to be temporary. In other cases (e.g., imx
i2c), the adaptation was simple enough to carry through.
Fixes#4075
This patch adjusts the matching of the IP address such that the external
IP address is used as opposed the the NAT-local address. It is follow-up
fix of the conversion to the uplink session interface.
Issue #3961
When we allowed symbol resolution during exceptions, we used the shared
object lock to protect ELF object list manipulation (e.g., dlopen,
dclose) when executing exception unwinding code in the linker.
Unfortunately, sometimes libraries that are loaded by 'dlopen' may raise
exceptions in the process, leading to a deadlock within the unwind code.
In order to resolve this, we now protect the object list operations
(i.e., enqueue, removal, iteration) by a separate mutex. This allows
the shared object interface to throw exceptions.
issue #4071
This patch unifies the core-internal 'Mapping' type across all base
platforms.
As one minor downside on seL4, the diagnostic error messages when
observing faults other than page faults no longer print the faulting
thread and PD names.
Issue #2243
These messages pollute the boot log of Sculpt OS when ROM modules are
requested for files of the config fs before the sculpt manager has
created their first version.
When the own cap quota of a client does not suffice for a cap upgrade of
an existing session to a server, the client must issue a cap-resource
request to the parent. This logic was already in place for RAM quota but
was missing for cap quota.
Issue #4072
When callback functions of `dl_iterate_phdr` required further jump slot
relocations this lead to a deadlock. Therefore, we allow the resolution
of further symbols from callback functions, but protect the ELF object
list during the iteration, which blocks any dynamic loading (e.g.,
dlopen/dlcose) of shared object by other threads while in program header
iteration.
fixes#4071
Apparently the skewed motion timings came from the issue fixed by
"timer: restore semantics of periodic timeout 0". With the current
version of the timer, the original motion parameters work just fine.
This patch extends the 'Platform_session::alloc_dma_buffer' interface
with a 'Cache' argument that corresponds to the argument accepted by
'Ram_allocator::alloc', which is used by the platform driver under the
hood.
Since the x86 platform driver used to be hardwired to allocate DMA
buffers as UNCACHED, I adjusted all drivers by specifying the UNCACHED
argument. Right now, this is needed as a hint for core to steer the
allocation of I/O page tables. Once we eliminate the need for such hints
(by introducing an explicit 'Region_map::attach_dma' operation), we can
revisit the drivers individually because cached DMA buffers should
generally be fine on the x86 architecture.
Issue #2243
This change avoids many repetetive Genode:: prefixes, making the code
easier to read. The patch also includes a few consistency fixes
regarding include guards and file headers. It also renames
Platform_device::String to Platform_device::Device:name.
Issue #2243
This patch adds the designated alternative to Dataspace::phys_addr to
the platform-session interface. Under the hood, the platform driver
still calls Dataspace::phys_addr but it should eventuelly become the
only caller before we can abolish this function.
Issue #2243
This commit optimizes the 'Child::resolve_session_request'
implementation by introducing an internal 'Route_model' for quickly
traversing routing rules instead of parsing XML on each session request.
Fixes#4068
This commit replaces the hand-crafted config processing by the use of
the 'List_model' utility. This has the following advantages:
- The parsing follows a common formalism that makes the code
easier to maintain and to understand. Several parts of the code
had to be changed (for the better) to make it fit the list model
approach. E.g., the child states have become more expressive
and logical.
- In the common case, the XML data is traversed only once, which
increases the parsing speed in dynamic scenarios.
- The code becomes easier to optimize. In particular, the patch skips
the re-evaluation of the session routing if no service is affected
by the config change.
The patch also revisits the init test by removing overly long sleep
phases and extending a few sleep phases that were too short when
executing the test on Qemu.
Issue #4068
This patch changes the 'alloc_aligned' interface as follows:
- The former 'from' and 'to' arguments are replaced by a single
'range' argument.
- The distinction of the use cases of regular allocations vs.
address-constrained allocations is now overed by a dedicated
overload instead of relying on a default argument.
- The 'align' argument has been changed from 'int' to 'unsigned'
to be better compatible with 'addr_t' and 'size_t'.
Fixes#4067
This patch avoids the RTC driver's aggressive polling during the
(CPU-bounded) boot of Sculpt OS. As the RTC is not needed during bootup,
this patch reduces the boot time (on Qemu) by 2-4 seconds.
Fixes#4065
GDB monitor re-uses internal parts of the sandbox library. It thereby
relies on the internal detail of how local headers are included (using
"" instead of the now usual practice <>). A seemingly unrelated change
"init/sandbox: avoid repetitive state reports" eventually broke the
build of the GDB monitor.
This patch makes the GDB monitor less reliant on the way of how the
sandbox includes headers internally.
It also fixes a few warnings caused by the double definition of
__GENODE__ (adding an missing include guard and making the #define
conditional).
Related to issue #4064
The 'Timer::Session::trigger_periodic' RPC function used to accept 0 as
a way to de-schedule the periodic processing. Several components such as
nitpicker relied on this special case. In "timeout: rework timeout
framework", the value of zero was silently clamped to 1, which has the
opposite effect: triggering signals at the maximum rate. This results in
a visible effect in Sculpt where the leitzentrale-nitpicker instance
produces a constant load of 2% CPU time.
This patch restores the original timer semantics by
- Documenting it in timer_session.h,
- Handling the case explicitly in the timer implementation, and
- Replacing the silent clamping of the unexpected value 0 passed
to the timeout framework by a diagnostic error message.
Issue #3884
This patch restores the ability to launch nitpicker within a gui_fb
window. It is a follow-up fix for "nitpicker: make framebuffer and input
optional".
Issue #3812
This patch enables sculpt to utilize the CPU reset mechanism via the
PS/2 controller as well as the information provided via the ACPI FADT
information. Whenever the /config/system file is changed to <system
state="reset"/>, both mechanisms are triggered.
Supporting both mechanisms is useful because the PS/2-based reset does
not work reliably on modern machines. The PS/2-based reset is useful in
the case when the FADT reset information refers to the PS/2 command
port. In this case, the platform driver is unable to access this port
because it is already handed out to the PS/2 driver. In this case, the
PS/2 driver kicks in.
Issue #2726
If 'system="yes"' is specified in the <config>, the platform driver now
monitors the content of the system ROM. Should the value become "reset",
a reset is triggered using information obtained from the ACPI driver.
Related to issue #2726
The change of the platform driver is needed to avoid a parsing error of
the ACPI ROM when encountering an unexpected <reset> node.
Thanks to Alexander Boettcher for the preventing the regression of #3829
and improving the adherence to the ACPI spec when parsing the reset type.
Related to issue #2726
This patch adds the handling neccessary for clients to upgrade the cap
quota of their GUI session. Until now, the upgrade mechanism supported
only RAM quota.
The limitation became visible once a client - in the particular case the
motif_decorator - attempted the cap upgrade of its GUI session. The cap
quota would arrive at the wm, but the wm would keep it instead of
forwarding the quota to nitpicker. This resulted in an infinite retry
loop at the motif_decorator, ultimatedly depleting all its cap quota.
The window manager infers the overall state from the intercepted input
events for the decorator and all GUI clients. However, each of those
parties have an independent input-event stream. Whereas the order of
events within one GUI session is strict, the order of events between GUI
sessions is arbitrary. The window manager wrongly relied on a global
event ordering to track the pointed-at GUI session.
The patch removes the assumption of a global event order by tracking the
relevant pointer state for each GUI session independently and evaluating
these states when propagating the pointer position to the decorator.
Fixes#4059
This commit modified bash's builtin mapping of character sequences to
readline-functionality to detect the sequence of the delete symbol as
generated by the terminal.
Fixes#4058
The commits adds the same configuration values as supported up to now by
the monolithic usb driver. In contrast to the original, by default all drivers
are started. Disabling a controller type is used by Sculpt, e.g. for OHCI if
running Sculpt inside Virtualbox.
The addition of further keyboard layouts would otherwise pollute the
config/ directory too much.
Caution: When updating Sculpt OS, don't reuse your existing
config/event_filter file unmodified! You need to replace the chargen
includes, pointing to the new location, e.g.,
<include rom="en_us.chargen"/>
<include rom="special.chargen"/>
must be changed to
<include rom="keyboard/en_us"/>
<include rom="keyboard/special"/>
Issue #4055
This patch extends the settings dialog with the ability to select the
keyboard layout between the options that are included in the sculpt
image. The manual configuration is of course still possible by editing
the /config/event_filter directly.
If both the fonts configuration and the event-filter configuration are
managed manually, the settings button and window are not displayed.
Fixes#4055
By sorting the reported output, all consumers of the reports become able
to rely on a deterministic order. For example, the file browser of
Sculpt OS, the launcher menu items, and the depot-selection items will
appear in a predictable order.
Fixes#4054
This patch adds session-routing options to connect components to the
capture/event interfaces of the global nitpicker GUI server or the
leitzentrale GUI server. It thereby enables the implementation of screen
capturing components, remote management tools, or virtual keyboards.
Since those services are very powerful, they are subsumed under the
"hardware" category of the component graph as opposed to the GUI
category, which guarantees the separation of clients.
Fixes#4053
This patch adds 4 priority levels to the runtime subsystem. The highest
priority is used for components that are critical for the operation of
Sculpt, in particular the Leitzentrale GUI. All regularly deployed
components are assigned the lowest priority by default.
With priorities available in the runtime subsystem, this patch flattens
the priority levels at the top-level init to only two levels and
overlays the priority bands of the drivers, leitzentrale, and runtime
subsystems into one priority band. This has three benenfits:
- This change prevents the starvation of the Leitzentrale GUI from a
spinning high-priority driver (issue #3997).
- The change will also ease the hosting of latency-critical components
in the runtime subsystem that are prioritized higher than regular
components, the storage stack, and the network stack.
- The Leitzentrale GUI remains always perfectly responsive regardless
of the workloads deployed from packages. In the previous version,
the runtime graph was sometimes stuttering on high system load.
Issue #4045
This patch avoids the repeated warning "read blocked until lwIP
interface is ready" by printing the message only once. Otherwise,
the log is flooded with those warnings when falkon web browser
is started on Sculpt OS without network connectivity.
In case there is no valid configuration the component used to mute
output by default. This, however, might lead to the assumption that
audio is not working at all. Instead set the master output volume to
50% and the per application volume to 100%.
Fixes#4043.
This patch adds the missing destruction of session-state objects of
local services when closing a session. Because of the missing
destruction, those session-state object remained part of the server
ID space. This becomes a problem once the backing store of the session
state object vanishes, that is when the client child gets removed from
the sandbox. Hence, the removal of a child with an open session to a
local service would lead to the corruption of the server ID space.
This patch adds the missing session.destroy() call.
Fixes#4044
This patch fixes a corner case where a child is destructed while a
asynchronous close request to a sibling server is still pending.
The child immediately discarded the session ID as the end of the
close-session processing, assuming that this ID is never to be needed
again. The session-state continues to exist to handle asynchrous close
protocol with the server.
However, if the child is destructed at this point (before the server
responded to the session request), the destruction of the child would
not cover the discharging of the session state because the session state
was no longer be part of the client's ID space. So once the asynchronous
close response from the server came in, the session state contained
stale information, in particular a stale closed_callback pointer.
The patch fixes the problem by deferring the discarding of the client ID
to the point where the session state is actually destructed. So the
session of a pending close response is covered by the child destructor.
Thanks to Pirmin Duss for reporting this issue along with a test
scenario for reproducing it!
Fixes#4039
- Enable the "platform-level interrupt controller" PLIC on base-hw
- The RISC-V specification offers only a register description, but no
layout for the register set. This implies the layout is platform
dependent, and therefore, implemented separately for Qemu
issue #4042
- build debug version of core and bootstrap found under
_var/run/<runscript>.core_ (.bootstrap). This is a regression when
switching from object to archive library linkage of core.
fixes#4027
Instruct bender to enable Intel HWP on supported CPUs unconditionally
to gain more insight by using the feature most prominently in Sculpt.
Fixes#4040.
With this patch, the build directory's CCACHE configuration is applied
to the building of depot archives when using the --depot-auto-update
feature.
Note that this is effective only when resetting the hash files before
building so that each depot-auto-update results in the same-named
versions. Otherwise, the include paths (that include the version name as
part of the path) make cache hits impossible.
Issue #4004
This commit complements issue #4004 with support for the depot/create
tool. If CCACHE=1 is specified at the command line, the build directory
for building a binary archive is configured with 'CCACHE := yes'.
This patch triggers the immediate removal of part_block once the
discovery of a fresh inserted USB stick has completed. Without the
patch, part_block was retained until the runtime was reconfigured the
next time for other reasons (e.g., toggling an inspect view). Until the
next reconfituration, part_block tended to stand in the way of directly
assigning the USB device to a VM.
This patch increases the RAM quota of the nitpicker instance for the
leitzentrale to make it suffice for the buffering of content during
resize operations. This fixes a flickering artifact when having an
inspect view open while entering a WLAN passphrase. When the connect
button appears or disappears (depending on the number of written
characters), some parts of the inspect terminal would flicker sometimes.
* catch every possible path of the Bit_allocator_dynamic::Out_of_indices
exception
* add unconditional log output in the new "catch" directives, so, we will be
able to debug the problem a bit more in detail next time
Fixes#4036
This way, the redirected env sessions for the CPU burner are no longer
called directly by init. Init stays independent from the behavior of the
CPU balancer.
Issue #3837
Issue #4029
This shim component can be used in case where env sessions of child
(i.e., child's PD session) must be routed to another child of init.
Without the shim, init would directly need to interact with these
sessions and would thereby make itself dependent of the server's
behavior. RPC calls to a server hosted as a child lead to all kinds of
problems such as livelock situations, and putting the robustness of init
at the whim of its child.
With the shim, init merely needs to bootstrap the shim component by
routing the shim's env sessions to core as usual. The server is only
used for the sessions for the actual application hosted atop the shim.
Issue #3837
Issue #4029
This patch is an interim fix for using HID devices that offer a HID
interface as not the first interface. It also supplements the
interface classes as supplemental information to the USB-devices
report.
Fixes#4035
With this patch, the board/<name>/arch property file can have multiple
lines where each line denotes an instruction-set architecture supported
for the board.
Issue #4019Fixes#4034
Simplify calculation of Timer::_duration, the old implementation caused
the time running backwards sometimes. This makes
'nic_router_dhcp_*' and 'event_filter' run scripts succeed.
issue #4021
This prevents the log terminal from adjusting itself to the whole screen
size before the leitzentrale window layout is applied. This intermediate
size can otherwise exhaust the 8 MiB of RAM quota of the log terminal.
Issue #3970
Do not link base and core libraries into on large relocatable .o file,
which is linked later to core - causing long link times. Create an
independent library archive out of the base and core libraries that can
be linked faster.
issue #4027
This commit improves the performance of the pipe plugin by using local
signal handling and avoiding sending a signal during write when pipe
buffer is full.
Issue #3583
* Add new virtio device model
* Extend test run-script with vfat block test image
* Add vmm depot src recipe
* Use packages in test run-script
Fix#4025
* Introduce different index types for ring counters and descriptor arrays
within the Virtio split queue implementation
* Be more accurate in reporting the queue number supported, and raise it
to 512
* Introduce abstractions for mmio register access, where several values
are stored at the same place, and selector registers exist.
* Turn Virtio_device into a template to define the Virio queue type,
and its numbers per device model (needed for e.g., future block model)
Issue #4025
All pipe-ends were notified at the same time which leads to dead-locks.
This commit mitigates this by having a signal handler for each pipe and
each pipe-end respectively.
Issue #3583
The vfs pipe plugin can now be used as named pipe which anables data
transfer via file handles from one component to another. E.g. if one
would like to send data from component A to stdin of a libc component B,
one can do so by simply writing to that fifo file.
Issue #3583
With this commit libcrypto does not use ARM NEON extension as long as
SPECS includes "neon". arm_v7a does declare "neon" per default while
arm_v8a does.
Issue #3773
Note, OpenSSL now comes as one combined depot archive *openssl* that
replaces the former *libssl* and *libcrypto* archives. The libraries are
still separate binaries for compatibility with legacy software.
Issue #3773
It seems that with the nigthly autopilot the data port (that is choosen by the
client) may stay some time (minutes) allocated after the a test run. This
causes successive tests to fail when trying to reuse the port.
* Use a unique data port for each target platform in the range of 18000-18099.
* Add documentation on how to prepare for running the test on a Linux target.
* Remove Qemu-specific code paths as Qemu isn't supported anymore by the script
since the introduction of the Uplink session (running with a NIC router on
Qemu was never supported and now we always need a NIC router).
Ref #3961
This patch simplifies the packaging of the base-hw kernel for a given
board, in particular when the board support is hosted as an external
repository such as genode-world. Regardless of where the board-support
is hosted, the content.mk file becomes as simple as:
include $(GENODE_DIR)/repos/base-hw/recipes/src/base-hw_content.inc
The board name is automatically inferred from the path of the src
recipe. The architecture is determined from board/<name>/arch files,
following the pattern of the image_link_address. The attempt to build a
base-hw-<board> binary archive for the wrong architecture is now
gracefully handled by skipping all targets (using the REQUIRES
mechanism).
Besides the improved convenience, the patch results in depot archives
that are much closer tailored to the actual board by omitting files for
architectures that are not used by the board. E.g., the src/base-hw-pc
archive does not contain any ARM-related content.
The patch also restores the package builds for core/bootstrap object
files as a follow-up fix of "base: remove SPEC variables of boards",
which happened to left 'BOARD' undefined in the src archives.
Fixes#4019
Be more in line with the original host implementation in Qemu and
buffer transfers. Having transfers in-flight helps to smoothen playback
in case other components utilize the CPU.
Issue #4018.
Linux as well as Windows guests want queue to a varying number of
transfers, where each transfer only covers one transaction (iso frame).
The best results were obtained by following that behaviour rather
than queuing multiple iso frames per requests (like is done with OUT
transfers).
The number of requests queued is increased to 32 while the number of
packets per reques is decreased to 1.
Issue #4018.
The contrib code is updated from 2.4.1 to version 5.2.0 and the used
device-model is changed to QEMU xHCI. Due to this change older guests
OSes, namely Windows 7, that relied on the NEC xHCI device-model will
not work anymore.
The 'Qemu::Controller' interface was extended by an 'info' method, which
returns the vendor and product ID. This allows for removing the
hard-coded values in the VirtualBox glue code.
Issue #4018.
* Update the 'packet_size' information with the actual length for
each isoc frame to be able to handle short reads at the client side.
* Copy the whole transfer buffer because the host controller stores
the data at the original offsets, i.e., the buffer is not densely
packed.
Fixes#4018.
The former implemention assumed that the guest physical memory is
mapped continously. This, however, is not true. Writing larger
files to an USB stick with a Windows 10 guest would therefore lead
to data corruption.
The current implementation uses a bounce buffer to copy the data
to and from the guest physical memory and leaves dealing with the
memory mappings entirely up to the VMM.
Fixes#4017.
When the usb_net_drv was introduced in ports/run/netperf.inc, the
netperf_lxip_usb test on x86_64/hw/pc triggered the calling of the
netif_stop_queue dummy at
contrib/<DDE_LINUX>/src/drivers/usb_net/drivers/net/usb/usbnet.c:1464. As
netif_start_queue was also a dummy and allowed to be called, we tried allowing
calls to the netif_stop_queue dummy as well which fixed the
netperf_lxip_usb test on x86_64/hw/pc.
Ref #3961
The 'environ' pointer is a global variable that must be considered as
part of the application state. It must be copied from the parent to the
child process during fork. Otherwise, a child returning from fork is
unable to access environment variables before invoking execve. The
actual environment variables and their values are already captured
because they reside at the application heap, which is cloned from the
parent. So the copied 'environ' pointer refers to valid data.
Fixes#4015
- remove Spike/BBL support in favour of Qemu (>=4.2.1)
- add 'riscv_qemu' board, remove 'spike' board'
- update to privileged ISA v1.10 (from v1.9.1)
- use direct system calls for privileged core threads (they call into
the kernel and don't use mode changing system calls, i.e. 'ecall',
semantics)
- use 'OpenSBI' semtantics for SBI calls (to machine mode) instead of
BBL
issue #4012
By first removing unused ranges, implicitly meta data allocations are freed
up. This leads to more unused slab blocks and freed up meta data allocations
in the avl tree.
Issue #4014
The deadlock reported in #3236 could be reproduced via the wm.run script
and the modification of test/nitpicker in commit "nitpicker: fix destroy
with invalid handle" by clicking on the testnit entry of the launchpad.
This patch fixes the deadlock by releasing the locked pointer early in
the destruction path, which is legitimate as the wm is single-threaded.
Fixes#3236
This patch adds the missing invalidation of the _hovered pointer to
User_state::forget, which is required to cover the situation where the
owner of the hovered view vanishes.
Fixes#4011
Improve consistency with the other base repositories, in particular
- Indentation of class initializers
- Vertical whitespace around control-flow statements
- Preferably place control-flow statements (return, break, continue) at
beginning of a line
- Placing the opening brace of a namespace at the end of line
- Placing the opening brace of a class at a new line
- Removing superfluous braces around single statements
- Two empty lines between methods/functions in implementation files
This patch simplifies the use of ccache with the build system. Up until
now, each developer had to set up the ccache hooks manually, adjust the
PATH variable, and customize the etc/tools.conf in each build directory.
With the patch, ccache can be enabled by un-commenting a single line in
the etc/build.conf file.
Fixes#4004
The Usb session allows for submitting packets even when the interface
in question is not yet enabled. Enabling an interface will configure
the udev members properly and is normally done implicitly during
processing of an 'ALT_SETTING' packet.
In case the interface was not enabled this leads to a page-fault in
the USB host-controller driver as 'ep' is NULL.
Fixes#3999.
This patch moves the bootstrap-link-address information from the
tool/run/boot_dir/hw file to board-specific property files that can be
accessed by using the board as key. This eliminates the need to
customize boot_dir/hw when hosting board-support in an external
repository.
Fixes#3998
The Vmm::Gic::Gicd_banked::Redistributor is used with Constructible, but
does not have a virtual destructor even though it has virtual methods.
This prompts clang to issue the following warning:
reconstructible.h:122:4: warning: destructor called on non-final
'Vmm::Gic::Gicd_banked::Redistributor' that has virtual functions
but non-virtual destructor [-Wdelete-non-abstract-non-virtual-dtor]
Fix this by inheriting Genode::Interface.
Issue #3984
Even though the binary patching of ldso must be performed only once,
this postprocessing step was executed on each run because the
postprocess.tag rule is phony (the tag file is never created).
This patch removes this phony behavior by creating the tag file.
Issue #3974
The _crt0_start_stack label points to a memory location containing the
size of the bootstrap stack. On AArch64 this should be an 8 byte value,
but the code only only defines half of those using asm .long statement.
The other half is expected to be 0, which is true when using GNU as.
This is not the case when using clang's integrated as however. Since
_crt0_stack_size is defined inside .text section clang uses 0xd503201f
value (aarch64 nop instruction) to fill the extra 4 bytes.
Fix this minor incompatibility by explicitly defining both halfs of
this 8 byte quantity.
Fixes#3987
The _dispatch_pending_io_signals and _original_suspended_callback member
variables are not used anywhere in the code. This prompts clang to produce
a warning message about it. Remove both variables to fix it.
Issue #3985
The "unsigned Nitpicker::Gui_session::layer()" function returns
~0UL. This prompts clang to produce a warning about implicit unsigned
long to unsigned int conversion. Fix it by returning ~0U instead of
~0UL.
Issue #3985
GCC doesn't care, but clang complains if [[fallthrough]] is not followed
by a semicolon. Existing Genode code is also not consitent in this regard.
This patch adds the extra semicolons since it works in both GCC and
clang.
Issue #3985
No code in this class uses this private member variable. This prompts
clang to produce a warning message about it. Fix it by dropping the
variable.
Issue #3985
The class has final destructor, but is not itself final. This prompts
clang to produce the following warning message:
class with destructor marked 'final' cannot be inherited from [-Wfinal-dtor-non-final-class]
~Vfs_plugin() final { }
^
vfs_plugin.h:39:13: note: mark 'Libc::Vfs_plugin' as 'final' to silence this warning
Issue #3985
This static inline function is not used anywhere. GCC does not care,
but clang warns about this. Remove the function to allow the code to
compile cleanly with both clang and GCC.
Issue #3985
The code in Libc::Cloned_malloc_heap_range initializes its local_addr
member variable by calling Region_map::attach_at. This function can
throw Region_conflict exception. The handler for this exception uses the
local_addr to produce an error message. Such error log is IHMO
useless, or even incorrect since the value of local_addr is undefined
in such case.
Its also worth noting that clang 12 produces the following warning for
this code:
"cannot refer to a non-static member from the handler of a constructor
function try block"
Issue #3985
This private member variable is not used anywhere in the code. This
produces compilation warning when using clang instead of GCC. Drop the
unused variable.
Issue #3985
The State enum and _state private member variable are not used anywhere.
This produces an extra warning when building the code with clang instead
of GCC. Remove this dead code.
Issue #3985
When building the code with clang the following warning message is
prodiced:
"explicit instantiation of 'Scout::Browser_window' must occur in namespace 'Scout'
template class Browser_window<Genode::Pixel_rgb888>"
This happens for several different types. This patch fixes the problem
by instantiating all those templates using their explicit full name.
Issue #3985
The Scout::Spacer constructor requires two arguments. The initialization
of the type in Launchpad_window declaration does not specify them. The
variable is however initialized a second time in class constructor. This is
most likely why GCC accepts this code. Clang on the other hand
complains about it.
Fix this by properly initializing both _spacer and _docview only once at
declaration time.
Issue #3985
The code fails to build with clang due to the following warning/error:
error: '_INCLUDE__NANO3D__SQRT_H_' is used as a header guard here,
followed by #define of a different macro [-Werror,-Wheader-guard]
Fix this by removing the extra underscore from this header guard
definition.
Issue #3985
The _device_specific_features() implements part of the Virtio_device
interface. Decorate it with override keyword to make this clear and
also satisfy clang which produces warning regarding this.
Issue #3984
Clang 11 produces the following warning when building port_allocator.cc:
port_allocator.cc:27:21: error: result of comparison of constant 65536 with
expression of type 'const Genode::uint16_t' (aka 'const unsigned short') is
always true [-Werror,-Wtautological-constant-out-of-range-compare]
(port.value < (unsigned)(Port_allocator::FIRST +
Basically the code compares Port::value (uint16_t) against a constant
65536 which is larger than UINT16_MAX (65535). This comparison will always
be true.
Issue #3984
According to clang there are two symbols which File_system can refer to:
1. namespace File_system from ram_fs/chunk.h.
2. Vfs::File_system class from vfs/file_system.h.
Make it clear we refer to the File_system namespace in this case.
Issue #3984
Clang 12 complains that Interface can both refer to Genode::Interface
and Net::Interface in this case. Explicitly state the code refers to
the latter.
Issue #3984
According to GNU as manual the syntax of this directive is:
.cfi_undefined register
The manual does not mention the register should be in parentheses.
This works in GNU as even when those are present, but unfortunately
clang integrated-as does not parse this correctly. Both GNU and
clang's integrated assembler work fine when the extra parentheses
are omitted.
Fixes#3986
The code in base-hw/src/bootstrap/platform.cc uses segment flags for
identification purposes. Based on this information the code decides
what to do with each segment. Unfortunately the linker script does
not actually ensure the flags for a specific named segment match
expectations. The code relies on implicit linker behaviour.
This implicit behaviour can vary between linkers. This breaks
arm_v7a base-hw builds linked with LLVM's lld linker. The segment
named "ro" ends up having writeable flag set when using LLD.
This patch ensures that all ELF segments in genode.ld have their
required perimssion flags set explicitly.
Fixes#3988
Clang is generally fine with Genode::List and compiles code using it
without emitting any warnings. There is however one exception. Clang
fails hard when building base-hw/src/core/kernel/object.cc.
This is due to a call to Genode::List::remove made from
Object_identity::invalidate function. The error message clang
produces is:
list.h:96:33: error: 'Genode::List<Kernel::Object_identity_reference>::Element::_next'
is not a member of class 'const Kernel::Object_identity'
_first = le->List::Element::_next;
~~~~~~~~~~~~~~~^
When we look at the declaration of the Kernel::Object class on which
the remove method is called. as expected it does inherit Genode::List:
using Object_identity_list
= Genode::List<Kernel::Object_identity>;
class Kernel::Object : private Object_identity_list
{
...
}
Given the error message we see that List::Element should be resolved to
Genode::List<Kernel::Object_identity>::Element, and not
Genode::List<Kernel::Object_identity_reference>::Element. But how does
clang manage to figure out we're talking about Object_identity_refecence
list here? Well, I admit I don't know the exact steps it takes to arrive
at this conclusion, but it is not entirely wrong. If we take a look at
what Kernel::Object_identity is we'll see:
class Kernel::Object_identity
: public Object_identity_list::Element,
public Kernel::Object_identity_reference_list
{
...
}
Where as one can guess Object_identity_reference_list is defined as:
using Object_identity_reference_list
= Genode::List<Object_identity_reference>;
Long story short Kernel::Object has Genode::List of both Kernel::Object_identity
and Kernel::Object_identity_reference in its inheritance chain and clang
is not really sure to which of those the code refers to in
Genode::List::remove method by using List::Element::.
The fix for this is relatively simple, explicitly state the full type of
the base class the code intends to refer to. Replacing List::Element,
with List<LT>::Element makes the code buildable with both clang and GCC.
Fixes#3990
If a fd is opened in append mode and just is to be used (so never written by
the parent component) for the to be forked child, the seek state was not
pointing to the end of the file. The wrong seek value then was used in
File_descriptor_allocator::generate_info().
Issue #3991
The fds in O_APPEND state may have changed by the child. The local seek
state needs to be valid/current for the next to be forked child, which seek
state is set by File_descriptor_allocator::generate_info().
Issue #3991
This patch allows for supplementing the existing run-tool plugins with
additional plugins hosted inside a repository. E.g., it enables the run
tool to find world/tool/run/boot_dir/hw automatically.
Fixes#3993
Avoid use of REP_DIR in *.mk files to simplify the use of these files as
templates for a board hosted in a separate repository.
Use REP_INC_DIR for searching headers, thereby considering headers
hosted in an external repository.
Issue #3168
This trace policy can be used as a fault-injection mechanism.
Once installed, the next time the traced thread passes a trace point
(e.g., RPC call, RPC request, ...), the policy produces a divide-by-zero
exception.
* Remove SPEC declarations from mk/spec
* Remove all board-specific REQUIRE declaratiions left
* Replace [have_spec <board>] run-script declarations with have_board where necessary
* Remove addition of BOARD variable to SPECS in toplevel Makefile
* Move board-specific directories in base-hw out of specs
The new helper function returns a boolean value analoque to 'have_spec' if the
BOARD variable corresponds to the given value. It shall replace [have_spec <board>]
declarations in run-scripts.
Ref #3971
In order to perform a smooth transition from NIC drivers that act only as NIC
session clients to NIC drivers that act only as Uplink session clients, this
commit introduces an intermediate state in which all NIC drivers support both
modes. That said, a NIC drivers mode is now statically determined through a new
optional 'mode' attribute in the drivers <config> tag that can be set to either
'nic_server' (default value) or 'uplink_client'. Reconfiguring this attribute
at a driver doesn't have any effects. Whithout this attribute being set, all
NIC drivers will behave the same as they did before the commit. When set to
'uplink_client', however, instead of providing a Nic service, they request
an Uplink session whenever their network interface becomes "UP" and close the
session whenever their network interface becomes "DOWN".
Ref #3961
Let the NIC router provide an Uplink service besides the Nic service that it
already provided. Requests for an Uplink session towards the NIC router are
assigned to Domains using the same <policy> configuration tags that are used in
order to assign Nic session requests. The MAC addresses of Uplink session
components are _NOT_ considered during the allocation of MAC addresses for NIC
session components at the same Domain. The task of avoiding MAC address clashes
between Uplink session components and Nic session components is therefore left
to the integrator. Apart from that, Uplink session components are treated by
the NIC router like any other interface.
Ref #3961
Adds new Uplink session interface, the corresponding client side (Client,
Connection), and the corresponding API archives. An Uplink session is almost
the same as a NIC session with the difference that the roles of the end points
are swapped. An Uplink client is the one that provides a network interface
(for instance, a NIC driver) whereas an Uplink server is the one that uses
that network interface (for instance, a networking stack).
Therefore, in contrast to the NIC session, MAC address and link state come from
the Uplink client. The link state is reflected through the lifetime of an
Uplink session: The client requests the session only when the link state is
"UP" and closes it whenever the link state becomes "DOWN" again. The MAC
address is transmitted from the Uplink client to the Uplink server as an
argument of the session request.
Ref #3961
* Adds documentation how to prepare and finalize a Linux for running the
scenario ontop of it
* Adds consideration of env variable 'ON_LINUX_WITH_DST_IP' that, if set,
adapts the run script to running on Linux with the given ping destination IP
Ref #3961
This patch relaxes the need to specify the rom content of all pkg dependencies
in each runtime file. Whenever a dependency features a runtime file, the
contained <content> <rom/> ... </content> nodes are implicitely included.
Fixes#3981
- depending on available PCI power cap power off and on
- save and restore PCI bars if required
- reset PCI devices after power on if supported
Fixes#3963
using Register_set && Register. It is derived from Genode::Mmio, however uses
as backend the Config_access implementation which is still used widely in
the platform driver.
Issue #3963
Replace explicit usage of bus, device, function arguments to methods or
variables all over the code by a single data type. It eases the reading of and
shorten the code.
Issue #3963
The keys, mute, touchpad toggle (Fn-F4) and rfkill may be reported by some
Fujitsu machines via the ACPI FUJ02E3 ACPI device. With this commit limited
support to detect the 3 keys are added and will be reported as Genode report.
This patch complements the commit "nitpicker: defer hover changed while
dragging" with fixes of the window layouter and motif decorator.
- Handling of empty pointer model (after unhovering a decoration)
instead of not updating it.
- Re-applying the hover model to the window layout when leaving the
drag state. This addresses the corner case that the hover model
changed during the drag operation (which is rightfully not handled
while dragging).
- Letting the window layouter enter the drag state only if a dragged
window is defined.
Issue #3973
When holding at least one key or button, the hovering should never
change. In the previous version, this invariant was not enforced,
but the symptoms for eventual inconsistencies were masked by two
checkes: one when generating the hover report, and one when submitting
the leave event. This patch enforces the invariant by suppressing any
change of 'User_state::_hovered' while in dragged state.
Fixes#3973
When idle, the decorator still consumes a bit of CPU time when triggered
by the GUI session's sync signal. This patch installs the sync handler
each time the decorator goes idle.
During position scaling use the location width/height which is the permitted
dimension within the child space, instead of using the whole possible
child space. (Fixup for "init: scale affinity location" Issue #1412)
Thanks to the report by Peter.
* Introduce 'use_arp' configuration flag at the NIC router in order to disable
requesting IP-to-MAC address resolutions via ARP for domains.
* Add automated run/nic_router_disable_arp test to the autopilot that tests
the effect of the new flag
* Document the new flag and the new test in the NIC router README
Fixes#3935
Thise driver supports USB LTE modems for Huawais' ME906s through MBIM
and provides a traditional Nic session. The "control" interface is a
Terminal session, which can be used via libmbim/mbimcli.
issue #3822
This commit restores the diag feature for selecting diagnostic output of
services provided by core. This feature became unavailable with commit
"base: remove dependency from deprecated APIs", which hard-wired the
diag flag for core services to false.
To control this feature, three possible policies can be expressed in a
routing target of init's configuration:
* Forcing silence by specifying 'diag="no"'
* Enabling diagnostics by specifying 'diag="yes"'
* Forwarding the preference of the client by omitting the 'diag'
attribute
Fixes#3962
- Vendor devices add addtional data to the config descriptor, read and
added to the usb session
- allow '0' configuration within the usb session
issue #3822
The usb_hid driver does not need to distinguish between
normal memory and DMA capable memory, since all requests are routed via the
USB raw session to the usb host driver. The default Malloc implementation
implements this distinction, however exposes restrictions on the size of
allocations. As seen now by several USB HID devices, the size of device
driver allocations depend on read out hardware features and can be
larger than we support with our specialized default Malloc implementation.
Since we don't need this functionality, switching to an well
tested allocator (Heap) which can cope with varying sizes of allocation,
we can mitigate the size restriction.
Fixes#3953
* The NIC router now considers, memorizes, and, if configured, reports
multiple DHCP option 6 entries from DHCP replies that it received as DHCP
client
* A DHCP server at the NIC router can now be configured statically with
multiple DNS server addresses to propagate
* The 'dns_server_from' attribute of the DHCP server of the NIC router now
supports the forwarding of multiple DNS server addresses
* The automated run/nic_router_dhcp test tests all the above mentioned new
functionality and reconfiguring it at runtime. The test was added to the
autopilot.
* All run scripts were adapted to fit the new NIC router configuration
interface
Fixes#3952
When reconfiguring the NIC router modifies the information that DHCP clients
received through a DHCP server of the NIC router, the link state of the
correspodning interface has to do a "down-up" sequence. This provides a signal
to the DHCP clients to redo DHCP, receive the new information and update
accordingly.
Fixes#3931
* Introduce CPU quota for driver subsytem (needed by sd_card_drv)
* Introduce CPU quota for runtime subsytem and nic_drv (needed by fec_nic_drv)
* Increase CAP quota for inspect terminal slightly
* Add sculpt packages for imx8q_evk
Fix#3958
* Introduce sculpt-[board] specific package
* Move rtc driver into managed drivers sub-system
* Name nic_drv in a generic fashion in sculpt_manager
* Copy over pc-specific config files only when building for PC
Ref #3958
Originally the outgoing buffer was flush when the terminal was
detached. Since we cannot do that at this point, make the flushing
part of the common cleanup procedure.
Issue #3682.
Rather than calling 'ssh_disconnect' from within the Terminal session,
flag the detached terminal in the session and let the event loop do the
cleanup. Otherwise it might happen that the 'ep' (handling the Terminal
session) as well as the 'pthread.0' (executing the ssh event loop) end
up both triggering the cleanup concurrently.
Issue #3682.
In case of arm_v7a Kernel::call64 the syscall will use both r0 and r1 as
output registers. Unfortunately the inline asm does not reflect this and
only r0 is explicitly specified as output. GCC manages to produce output
which we'd like to see. Clang on the other hand takes adventage of the fact
r1 should not be touched by swi and produces fewer instructions which do
what the code describes, but not what we actually want.
Basically the code which we want and is generated by GCC is:
svc 0
mov r2, r0
mov r0, r1
mov r1, r2
bx lr
Clang on the other hand generates correct assembly given the code, but
incorrect given what the function is supposed to do:
svc 0
mov r1, r0
mov r0, #0
bx lr
Both GCC and clang generate the same, expected assembly output when r1
is marked as output register from the inline asm swi call.
Fixes#3951
Clang correctly asserts this private member variable is not used
anywhere in the code. I'm not sure what the intention of the code is,
might be this is a part of some unfinished feature. This patch just does
the minimum amount of work to allow the code to build with clang. If
required I can also drop the parent_levels constructor argument and
clean up the call sites.
Issue #3950
The msg argument in Genode::Rpc_dispatcher::_read_arg is not used. GCC
does not care about this, but clang does and prints a warning regaring
this. Silence it by removing unused argument name.
fixup! base: Silence unused arg warning in rpc_server.h
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.
The commit combines the following work steps:
* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'
Fixes#3937
The control area is constructed during session creation and the caller can
handle the Out_of_* exception by increasing the quota by the next attempt.
Fixes#3917
Log a warning when the lwIP VFS plugin queues a read while waiting
for an interface to become ready. By comparision the Lxip plugin
has the same behavior but a more verbose initialization process.
Fix#3920
Account for the situation where the driver is started while the HP
is already plugged in and configure the mixer accordingly.
Thanks to Peter for the patch.
Issue #3929.
Due to what seems like a copy-and-paste error, the wrong union member
was used to compare the label. Fortunately, as both structs have the
same memory layout that did not result in any issue.
Issue #3929.
Originally, the kernel code should have been executed within the
context of the main task like it is done in dde_linux. The initial
port of the HDA driver, however, did not required doing so and the
session called code directly.
When using USB device, that is no longer possible as we have to
suspend the execution during the execution of the kernel code. So
we pass in the audio data and schedule the kernel.
Fixes#3929.
This becomes necessary in case of the USB audio driver where we have
to wait for and query the function first.
That being said, alternatively we could also announce the session but
ignore any request until there is a device we can use.
Issue #3929.
With this commit the timer back-end uses the timeout framework to
schedule any occuring timeouts and for providing the current time.
For now there is only one timeout, the unsolicited azlia codec event
and therefore the timeout queue consists of solely one timeout object.
In addition a timer session is used for implementing 'delay()' where
we have to block until the delay is completed.
Issue #3929.
For historical reason the 'strlcpy' implemention was directly pull in
into the emulation environment. There is, however, no reason not to
use the contrib sources in the usual fashion.
Issue #3929.
Instead of the generic name, call the PCI driver 'pci_audio_drv'.
This is preliminary clean-up work before introducing the USB audio
driver.
Issue #3929.
The supported drivers so far exclusively used PCI and for practical
reasons the emulation environment was to tied to. To make future
addition of drivers that employ other transport busses easier, split
the bus handling into its own backend.
This is preliminary clean-up work before introducing the USB audio
driver.
Issue #3929.
* Updating the run script was missed in commit "dde_bsd: remove
configration attributes".
* Decrease output and input volume to "more sane" levels.
Issue #3929.
Updating the config and using its settings instead of only reporting
the new session allows to apply stored channel settings immediately.
In case of Sculpt this is useful when an existing launcher already
contains a valid config that sets the volume levels appropiately or
the 'recall_fs' is used.
Fixes#3930.
The _root, _gid and _uid private member variables are not used for
anything. GCC does not care, but clang likes to complain about things
like this.
Issue #3938
Right now the code marks specific instance of this function as noreturn.
It then tries to initialize it using a value that has the same type,
except for the noreturn part. GCC does not care, but clang complains this
technically assigns the value of entry from incompatible pointer type.
Fix this by defining Entry function as no return.
Issue #3938
The lambda function passed to Board::Vm_page_table_array does not
actually use "this" for anything. GCC does not warn about this, but
clang does. Remove the extra capture to make clang happy.
Issue #3938
GCC doesn't care, but clang complains if [[fallthrough]] is not followed
by a semicolon. Existing code is also not consitent in this regard. Lets
just fix it to make clang happy.
Issue #3938
When compiling this code, clang complains reference to 'Sandbox' is
ambiguous. It can either mean ::Sandbox namespace from
os/src/lib/sandbox/types.h, or Genode::Sandbox declared in
repos/os/include/os/sandbox.h. Since the code refers to ::Sandbox::Child
and its already in ::Sandbox namespace we can just drop "Sandbox" and
refer to just Child, which makes clang happy.
Issue #3938
This path fixes a void cast used to silence unused return value warning.
Its a common pattern to use void cast to do that. The code uses void *
cast instead. It works for GCC, but clang complains about this.
Issue #3938
Clang is rather picky about this and prints the following warning when
compiling new_delete.cc:
error: function previously declared with an explicit exception
specification redeclared with an implicit exception specification
[-Werror,-Wimplicit-exception-spec-mismatch]
Issue #3938
This was discovered when building the code with clang instead of GCC. In
this setup the run/ping on base-hw/arm_v8a/virt_qemu would crash
on shutdown due to uncaught Deref_unconstructed_object exception thrown
for Genode::Reconstructible<Genode::Account<Genode::Ram_quota>>. The
specific instance throwing this exception was
Pd_session_component::_ram_account. My investigation exposed the
following problem:
1. The Pd_session_component has a _sliced_heap member backed by
_constrained_ram_alloc which in turn uses Pd_session_component itself
as its Ram_allocator.
2. When ~Pd_session_component is called it first destroys _ram_account,
followed by _signal_broker.
3. The signal broker holds a reference to
Pd_session_component::_sliced_heap as Signal_broker::_md_alloc.
4. The base-hw implementation of ~Signal_broker destroys some contexts
and does this by calling Genode::destroy on some slabs using the
_md_alloc (ref to Pd_session_component::_sliced_heap).
5. The Genode::Slab calls the Ram_allocator::free which ends up calling
Pd_session_component::free.
6. The Pd_session_component::free can among other things call replenish
method on Pd_session_component::_ram_account which has already been
freed at this point.
From my POV calling replenish at this point is basically an undefined
behavior. The Genode::Constructible holding the Genode::Account was
already detroyed at this point. GCC builds happen to somehow manage to
go through the -> operator call without raising any alarms, while clang
builds trip on the _check_constructed() call.
This fix moves the _ram_account a bit higher in class declaration to
ensure its destroyed after _sliced_heap. This seems like the simpliest
solution for this problem.
Fixes#3941
This prevents later file-descriptor shortage when opening files on
demand, which can't be reflected to the application in a sane manner.
The real fix is to open socket files not on libc level but on VFS level
only effectively consume one libc file descriptor for one socket.
* Fix GIC model to support priority and cpu target settings correspondingly
* Fix semantic of SGIR register for GICv2
* Minor GIC model IRQ state fix
* Introduce synchronization for VirtIO and GIC models
* Enable multiple CPUs in test run-script for ARMv8
Fix#3926
* Introduce hypervisor-stack per CPU
* Introduce host world context per CPU
* Mark EL2 translation table memory as inner shareable
* The VMID is not bound to a single VCPU, but to the Vm_session as a whole
* Set affinity of the VCPU accordingly
* Add VMPIDR to VM state
Ref #3926
Instead of calling core to run/pause a VCPU, go directly to the kernel.
Apart from the performance win, it would otherwise involve a more complex
protocol, when a VCPU on another core has to be removed from the scheduler.
Core's entrypoint handling those request runs on the boot-cpu only.
Ref #3926
To enable the interaction of a VMM with the kernel directly,
a hidden RPC gets introduced. It allows a kernel-specific
base-library implementation of the Vm_session::Client to request
a kernel-specific capability to address a VCPU, e.g., to
run/stop it.
Ref #3926
Now, the USB connection is established on backend initialization and
terminated on backend exit triggered by high-level libusb code.
Thanks to Peter for the patch.
- unlink shared memory files
- lower maximum number of socket pool sockets to reduce chance of file
descriptor exhaustion
- fix a build dependency which caused sporadic parallel build errors
Fixes#3910
With this commit, the alignment of anonymous 'mmap()' allocations can be
configured like this:
<config>
<libc>
<mmap align_log2="21"/>
</libc>
</config>
Fixes#3907
This plugin gives access to the Audio_out session by roughly
implementing a OSS pseudo-device. It merely wrapps the session and does
not provide any resampling or re-coding.
Fixes#3891.
In the same vein as the terminal and block I/O controls, the sound
controls are implemented via poperty files and match the OSS
API ([1] features a nice overview while [2] is v3 and [3] gives
in-depth information on the current v4.x API we eventually might want
to implement).
[1] https://wiki.freebsd.org/RyanBeasley/ioctlref/
[2] http://www.opensound.com/pguide/oss.pdf
[3] http://manuals.opensound.com/developer/
The controls currently implemented are the ones used by the cmus OSS
output plugin, which was the driving factor behind the implementation.
It uses the obsolete (v3) API and does not check if the requested
parameter was actually set, which should be done according to the
official OSS documentation.
At the moment it is not possible to set or rather change any
parameters. In case the requested setting differs from the parameters
of the underlying Audio_out session - in contrast to the suggestion in
the OSS manual - we do not silently adjust the parameters returned
to the callee but outright fail the I/O control operation.
The following list contains all currently handled I/O controls.
* SNDCTL_DSP_CHANNELS sets the number of channels. We return the
available channels here and return ENOTSUP if it differs from
the requested number of channels.
* SNDCTL_DSP_GETOSPACE returns amount of playback data that can
be written without blocking. For now it amounts the space left
in the Audio_out packet-stream.
* SNDCTL_DSP_POST forces playback to start. We do nothing and return
success.
* SNDCTL_DSP_RESET is supposed to reset the device when it is
active before any parameters are changed. We do nothing and return
success.
* SNDCTL_DSP_SAMPLESIZE sets the sample size. We return the
sample size of the underlying Audio_out session and return ENOTSUP
if it differs from the requested number of channels.
* SNDCTL_DSP_SETFRAGMENT sets the buffer size hint. We ignore the
hint and return success.
* SNDCTL_DSP_SPEED sets the samplerate. For now, we always return
the rate of the underlying Audio_out session and return ENOTSUP
if it differs from the requested one.
This commit serves as a starting point for further implementing the
OSS API by exploring more users, e.g. as VirtualBox/Qt5/SDL2 audio
backend or a more sophisticated progam like sndiod.
Issue #3891.
At least on some PIT-based platforms (x86_32 + pistachio/okl4/sel4), we run
into trouble with the reworked timeout framework that now proccesses all
pending timeouts before calling their handlers. This order change leads to a
higher rate of handling of short periodic timeouts in the timer driver which
can cause lower prioritized components to starve. Especially, if submitting
signals (from timer to client) isn't cheap (as is the case on qemu + pistachio
for example).
Issue #3884
The driver is faily simple and does not support fancy features like
TCP checksum offloading or vlan filtering, but it is fully capable of
running every Genode network based scenario I've tried. Its currently
known to work on virt_qemu arm platforms and x86_64.
Fix#3825
To simplify writing native VirtIO drivers for Genode add helper classes
representing VirtIO device and queue. The queue implementation should
be platform independant. The device abstraction however is closely tied
to the VirtIO transport being used (PCI/MMIO). Both PCI and MMIO
implementations expose the same public API so the actual driver logic
should be the same regardless of which transport is used.
Its also important to note that the PCI version of Virtio::Device
currently does not support MSI-X interrupts. Unfortunately my kowledge
about PCI bus is very limited and my main area of interest was to get
VirtIO drivers working on virt_qemu ARM/Aarch64 platform. As such all
the VirtIO drivers I plan to submit will work with PCI bus, but might
not use some extended capabilities.
Ref #3825
The VirtIO device configuration on Qemu is dynamic. The
order and presence of different command line switches affects
base address and interrupt assignment of each device. One could
probably hard-code the necessary switches and resulting XML ARM
platform driver configuration in each run script, but this seems
like troublesome and hard to maintain solution.
This patch explores an alternative approach to the problem.
It implements a ROM driver which probes the address space region
Qemu virt machines assign to VirtIO MMIO devices and exposes the
result as XML via a ROM session. This XML output can be fed directly
as config to the generic ARM platform driver.
Ref #3825
Right now the same code dealing with nic setup on qemu is duplicated
in many different run scripts. It makes it unnecesarily complex to
change the existing config or add support for new nic types. Lets move
all this common code to qemu.inc.
Ref #3825
- make GPIO server more robust on imx by not throwing exceptions for
unknown pins, use '_with_gpio' instead
- use 'Gpio::Pin' data type instead of POD 'unsigned'
issue #3900
The patch handles the case, that the memory for the MSI-X table is part
of one of the Pci::Resource Memory BARs, which got allocated beforehand already.
With this commit, the platform driver will not fall back to use legacy IRQs or MSI, whereby MSI-X is available actually. Additionally, this patch avoids a lot of red
messages about non available IO-MEM printed by the roottask.
Fixes#3904
The deadlock occured with three concurrently running threads: two
waiters calling pthread_cond_timedwait() and one signaller calling
pthread_cond_signal().
If waiter W1 hits its timeout, the signaller may have called
pthread_cond_signal(), detected this waiter and posted the internal
'signal_sem' concurrently. Then, the signaller waits for 'handshake_sem'
to ensure the waiter got woken up.
Waiter W1 can't consume the 'signal_sem' post by
'sem_wait(&c->signal_sem)' because another waiter W2 may have consumed
the post already above in sem_wait/timedwait(). Waiting for a post on
'signal_sem' would block the waiter W1 in perfect deadlock with
signaller on 'handshake_sem'. As W1 also owns 'counter_mutex' in this
situation, waiter W2 would block when trying to aquire 'counter_mutex'
and can't resolve the situation.
So, W1 does nothing in this case and we accept the spurious wakeup on
next pthread_cond_wait/timedwait().
* get rid of alarm abstraction
* get rid of Timeout::Time type
* get rid of pointer arguments
* get rid of _discard_timeout indirection
* get rid of 65th bit in stored time values
* get rid of Timeout_scheduler interface
* get rid of uninitialized deadlines
* get rid of default arguments
* get rid of Timeout::_periodic
* get rid of Timeout::Raw
* use list abstraction
* only one interface for timeout handlers
* rework locking scheme to be smp safe
* move all method definitions to CC file
* name mutexes more accurate
* fix when & how to set time-source timeout
* fix deadlocks
Fixes#3884
In case of contexts blocked in select() the monitor updates the
file-descriptor status, but if the entrypoint is just blocked for the
select handler, the status must be updated explicitly on
dispatch_select().
This patch fixes the corner case where the keyboard focus is defined
independently from user interactivity, e.g., the activation of a
screensaver or lock screen.
In this case, nitpicker would update its internal focus state not before
the next input event is handled. Should this input event be a press
event, this event would wrongly be delivered to the prior focused
session. Another problematic situation is the initial state before the
very first input event occurs. Since the focus remains undefined until
the first input event is handled, an initial key press event would not
be delivered.
This is a regression caused be the transition to the event-session
interface and the removal of the nitpicker's periodic way of operation.
The patch fixes the problem by applying pending focus changes not only
at the input processing but also on the code path that responds to focus
changes (e.g., focus-rom update).
Issue #3812
Adjust the base-* platforms to acknowledge new thread location solely if
migration is supported and succeeded. Otherwise the wrong thread
locations are observed via the trace session and utilization time calculation
get wrong.
Issue #3842
Instead of using the old 'ioctl' Vfs::File_io_services API implement
the I/O control functionality in a buch of files. This is similar to
the terminal-VFS plugin.
Fixes#3889.
Like already done for terminal I/O controls use collect the information
by reading property files instead of using the old VFS ioctl interface.
Fixes#3888.
There is a type mismatch as in the FreeBSD contrib code the type of the
request is 'unsigned long'. So far, only I/O controls where the request
falls into the signed range where used and this was not a problem.
Some of the SNDCTL requests, however, have the bit set.
Fixes#3887.
This patch is a follow-up for the commit "libc: use monitor for fork".
It removes the use of the monitor mechanism from the
'Local_clone_service::close' RPC function because the fork_ep must stay
responsive for the destruction and creation of 'Child' objects.
Issue #3874
we turned towards enabling bulk-data transfer between the Zynq's CPU and its
FPGA. In a first step, we built a custom hardware design that implements a DMA
loopback device based on Xilinx' AXI DMA IP. Since we were particularly
interested in testing out the Zynq's accelerator coherency port (ACP), we
implemented two loopback devices: one attached to the ACP and one to the
high-performance (HP) AXI port of the Zynq. In order to test the design in
Genode, we added a port of Xilinx' embeddedsw repository that hosts standalone
driver code for the Xilinx IP cores. Based on this port, we implemented the
xilinx_axidma library as a Genode wrapper in order to simplify development of
custom drivers using Xilinx' AXI DMA IP. A newly written test component takes
throughput measurements for varying transfer sizes. A more detailed account of
this story is published in an
[https://www.hackster.io/johannes-schlatow/using-axi-dma-on-genode-6482d2 - article on hackster.io].
Knowing that DMA bypasses any memory protection on the Zynq as it does not
feature an IOMMU, we further spent some development efforts on implementing a
custom IP block, called DMA Guard, for protecting against unintended DMA
transfers from/to the FPGA. The DMA Guard is configured with a limited set of
address ranges for which DMA transfers will be granted. Any out-of-range
transfer will be denied. The configuration of the DMA Guard is conducted by
the Zynq's platform driver based on the allocated DMA buffers. For the time
being, we applied several changes to the platform driver. These modifications
are currently hosted in the genode-zynq repository but are going to find their
way into the generic platform driver for the next release.
More details about the DMA Guard are covered by the dedicated article:
[https://www.hackster.io/johannes-schlatow/taking-control-over-dma-transactions-on-zynq-with-genode-fd60b6 - Taking control over DMA transactions on Zynq with Genode].
Following a regular cycle of two years, we updated our tool chain to recent
versions again, this time in particular to GCC 12.3.0, binutils 2.40, and GDB
13.1 while taking the opportunity to enable C++20 by default.
A noticeable change with GCC 12 is that auto-vectorization with the
'-ftree-vectorize' option is now enabled by default when building with the
'-O2' optimization level. This has the effect that more SIMD instructions are
generated, which required adaptations throughout our code base, for example by
making sure that memory allocations in ported Linux drivers adhere a suitable
address alignment and by saving and restoring ARMv8 FPU registers in the
dynamic linker.
In addition to that, GCC 12 reports new warnings and errors, which we had to
rectify at various places, the most common ones being:
* Deprecated arithmetics between different enumeration types,
* Deprecated use of '++' and '--' operators with volatile variables, and
* Undefined references to 'strlen' inside custom implementations
of 'strlen'-like functions, related to the
'-ftree-loop-distribute-patterns' option.
As an extra feature, we added Genode's library name patterns to the linker so
that the '-l' option has become able to find the corresponding libraries.
This is useful while porting 3rd-party software based on Autoconf, whenever a
'configure' script checks for a library dependency by linking a test program
with this option. This change thereby removes the need for dummy libraries
that were formerly used to satisfy the probing.
API changes
===========
As part of Genode's
[https://genode.org/documentation/release-notes/16.08#Cultivation_of_the_new_text-output_API - great API revision]
in 2016, we largely *abolished* the use of *format strings* throughout the
framework. This is desirable because a code base without format strings cannot
have format-string vulnerabilities. Still, a few occurrences, specifically the
interface for passing session-construction arguments, remained untouched since
then. With version 23.05, we finally attained our initial goal by wrapping up
the transition.
In particular, we revised 'Genode::Connection', which now accepts the session
label, affinity, and session-specific parameters as constructor arguments,
whereas the parameters are passed as a 'Genode::String'. This eliminates the
need for rendering a format string. Given this new interface, we were able to
remove format strings from all connection types, updated all components that
still happened to rely on format strings, and ultimately removed format
strings from Genode's base API.
Format strings still play a role to accommodate 3rd-party code ported
to Genode. Whenever the 3rd-party code targets the C runtime, format
strings are readily available via the libc. For free-standing ports that
avoid the dependency from the full C runtime, e.g., ported device drivers,
a new 'format' library based on Genode's former _base/snprintf.h_ and
_base/console.h_ provides rudimentary format-string support. The library
is hosted in the libports repository.
As another matter of housekeeping, we removed the _util/avl_string.h_ utility.
The use case of organizing objects by using strings as keys is covered by the
_util/dictionary.h_ now.
Towards kernel-agnostic DMA protection
======================================
As sketched in our [https://genode.org/about/road-map - road map], we plan
having a feature-complete PC version of Sculpt OS based on base-hw by the end
of this year. One of the reasons why we are still sticking to base-nova for
the PC version is the fact that we are relying on NOVA's IOMMU support. One
necessary step to decouple Sculpt OS from base-nova is to integrate the IOMMU
handling into the platform driver.
Motivated by our
[https://genode.org/documentation/release-notes/23.02#Custom_IP_block_for_DMA_protection_on_AMD_Xilinx_Zynq - custom IP block for DMA protection on AMD/Xilinx Zynq],
we integrated the notion of IOMMU-like devices into the platform driver with
this release as a preparatory step. The platform driver automatically acquires
known IOMMU-like devices for itself by looking at the device types. Other
devices can then reference these devices by using '<io_mmu>' nodes. This is
best illustrated by looking at the devices ROM for the Zynq's dma_guard IP
block:
! <devices>
!
! <device type="dma_guard" name="dma_guard_0">
! <!-- [...] -->
! </device>
!
! <device type="axi_dma" name="axi_dma_0">
! <io_mmu name="dma_guard_0"/>
! <!-- [...] -->
! </device>
!
! </devices>
This tells the platform driver that, whenever a DMA buffer is allocated/freed
for the session owning the 'axi_dma_0' device, the 'dma_guard_0' must be
configured accordingly in order to allow/deny access to the corresponding
memory ranges. With the structural changes to the platform driver, the support
for dma_guard devices is simply added by implementing specific 'Io_mmu' and
'Io_mmu_factory' objects. You can find the code in the _dma_guard.h_ within
With the current Genode release, we have added general support to the
framework that permits guarded access to selected MSRs via Genode's
system-control RPC of the protection domain (PD) session. If the underlying
kernel supports this feature, presently the NOVA kernel, read and write
requests are forwarded via Genode's 'core' roottask to the kernel. A component
needs the explicit [https://genode.org/documentation/release-notes/22.02#Restricting_physical_memory_information_to_device_drivers_only - managing_system] configuration role to get
access to this functionality, which is denied by default.
The actual knowledge about how to manage Intel HWP and AMD pstate is provided
as a native Genode component, which uses the new 'Pd::system_control'
interface. The component monitors and reports changes of MSR registers for
temperature (Intel), frequency (AMD & Intel), and power consumption (Intel
RAPL). Additionally, it can be instructed - by the means of configuration
changes - to write some of the registers. Besides the low-level MSR component,
a Genode package with a GUI component is provided to make the interactive
usage of the feature more user-friendly. For Sculpt, we added an interactive
dialog to assign the system-control role to a component like the graphical MSR
package via the resource dialog. For a more detailed description please refer
to our [https://genodians.org/alex-ab/2023-10-23-msr - Genodians article]
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
