Commit Graph

6345 Commits

Author SHA1 Message Date
Christian Helmuth
6006051fb9 depot: update recipe hashes 2020-05-27 11:56:47 +02:00
Stefan Kalkowski
70acd4b2d5 os: pl050, pl11x, lan9118 use ARM platform driver
Make the framebuffer driver for pl11x chipsets,
the ps2 input driver for pl050, and the lan9116 NIC driver independent from
the pbxa9 board by using the newly introduced common ARM platform driver API.

Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
1a80f166c5 os: introduce common platform driver for ARM
Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
935dcf8b18 usb_drv: include specific rpi platform_session API
The rpi_usb_drv uses the rpi-specific variant of the platform_session API.
Therefore, it has to include it excplicitly.

Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
b915b0adc4 Annotate irq session interface with RAM_QUOTA
Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
6e6b671a66 Annotate io_mem session interface with RAM_QUOTA
Ref #3299
2020-05-27 11:56:46 +02:00
Stefan Kalkowski
e1333c9421 os: refactor i.MX53 interactive drivers (ref #3299)
* Remove input driver specific to i.MX53 tablet board from QSB driver pkg
* Move GPIO settings for QSB LVDS backlight out of framebuffer driver into
  GPIO driver config
* Move PWM driver functionality out of framebuffer driver
* Make framebuffer driver configureable, and less dependent on
  platform driver i.MX53 specifics
2020-05-27 11:56:46 +02:00
Norman Feske
ab8ef5750d doc: tweaks for updated Genode Foundations book 2020-05-27 11:56:46 +02:00
Stefan Thöni
78497c03ca base-linux: enabled seccomp
base-linux uses seccomp to reduce the available system calls
to the minimum set needed to run base-linux. There are still
some syscalls that allow accessing global state which should
be further reduced.

The combination of seccomp and socket descriptor caps should
provide an intermediate level of security for base-linux
thereby enabling base-linux as a migration path from using
the Linux kernel to the use of microkernel-based Genode.

Fixes #3581
2020-05-27 11:56:46 +02:00
Alexander Boettcher
f80b4b9fd9 vm_stress.run: update numbers
due to script changes to stabilize/minimize variants in runs

Issue #3683
2020-05-27 11:56:46 +02:00
Pirmin Duss
7f6b6d7e13 core-linux: make RAM quota configurable
Add the option to configure the RAM quota for core on base-linux.
The environment variable GENODE_RAM_QUOTA if it exists is interpreted
as number of bytes to provide to the first init.

Issue #3762
2020-05-27 11:56:46 +02:00
Pirmin Duss
51104454aa depot_deploy: copy all attributes of <report> node
This allows the configuration of all report attributes of the <report>
node for the sub init instead of only `delay_ms`.

Issue #3760
2020-05-27 11:56:46 +02:00
Christian Prochaska
2f47bbde30 qt5: use VFS pipe plugin
Fixes #3759
2020-05-27 11:56:46 +02:00
Norman Feske
b078224753 Replace Genode::strncpy by Genode::copy_cstring
- Since Genode::strncpy is not 100% compatible with the POSIX
  strncpy function, better use a distinct name.

- Remove bogus return value from the function, easing the potential
  enforcement of mandatory return-value checks later.

Fixes #3752
2020-05-27 11:56:45 +02:00
Norman Feske
0f27d139bd depot: update recipe hashes 2020-05-18 10:16:59 +02:00
Norman Feske
77a875735a fs_query.run: adjust quota for seL4 2020-05-18 10:16:15 +02:00
Christian Helmuth
32753c3f69 Use HTTPS in fetchurl test
HTTPS is standard today and HTTP the exception.
2020-05-18 10:16:15 +02:00
Christian Helmuth
7d2eb71094 openssl: update to current version 1.0.2u 2020-05-18 10:16:15 +02:00
Norman Feske
0de54cddaa gdb_monitor: hide exceptions during create_thread
This patch is a workaround for the missing implementation of
'Pd_session::transfer_quota' interface by the GDB monitor's PD service.
The missing implementation becomes problematic with the changes of #3750
that enabled the cap-quota accounting for core's CPU service.

In regular scenarios without the GDB monitor, the client of
'Cpu_session::create_thread' deals with Out_of_caps or Out_of_ram by
upgrading the CPU session's cap and RAM quotas. This, in turn, results
in a sequence of 'transfer_quota' operations at the parent.

Since GDB monitor implements a custom PD service, these 'transfer_quota'
calls try to transfer quota between sessions provided by core and those
provided by the GDB monitor. This does of course not work. To fix this
issue, the GDB monitor needs a major overhaul. This patch side-steps
the problem by handing Out_of_caps and Out_of_ram from the debuging
target.
2020-05-18 10:16:15 +02:00
Norman Feske
4002653334 qt5: fix audio driver support on Linux
The lx_hybrid audio driver must be started with the 'ld="no"' argument.
2020-05-18 10:16:15 +02:00
Emery Hemingway
adb48b5c9e Libc: MSG_PEEK support
As discovered by Johannes Kliemann, peeking at buffered socket data
using 'recv' and 'MSG_PEEK' is not supported. Read a "peek" control file
from the socket directory to attempt to peek into buffers at the
socket_fs. Support for every feature of POSIX sockets cannot be
expected, but this one is trivial to implement.

Fix #2875
2020-05-18 10:16:15 +02:00
Emery Hemingway
7f928a6573 LxIP "peek" file
Add a control file for peeking at socket buffers.

Ref #2875
2020-05-18 10:16:15 +02:00
Josef Söntgen
f1427fc02a dde_bsd: remove configration attributes
The driver always opens the audio device in duplex mode, i.e.,
playback and recording. Setting the 'playback' or 'recording' attribute
only influnces the service announcement. Due to changes made in a more
recent OpenBSD release recording must be set enabled explicitly anyway.
Since we already provide the interface that mirrors the one used by
OpenBSD 1:1 in the configuration use that and the remove the additional
config attributes.

Fixes #3757.
2020-05-18 10:16:14 +02:00
Josef Söntgen
8ce798abed dde_bsd: document audio driver configuration
So far the configuration was only document in the commit message that
introduce the change.

Issue #3757.
2020-05-18 10:16:14 +02:00
Norman Feske
dd0c1575f5 Xml_node: mark deprecated methods
Fixes #3755
2020-05-18 10:16:14 +02:00
Norman Feske
4b9c1d8f2b solo5: tolerate use of deprecated Xml_node API
This patch is an interim fix to allow building solo5 despite of the use
of deprecated parts of the Xml_node API.

Issue #3755
2020-05-18 10:16:14 +02:00
Norman Feske
be65c4acd2 Avoid use of deprecated Xml_node methods
Issue #3755
2020-05-18 10:16:14 +02:00
Norman Feske
d22b95ded3 test-fs_rom_update_ram: increase timeout for foc
The timeout triggered on foc/x86_32 in Qemu.
2020-05-18 10:16:13 +02:00
Christian Helmuth
c11d9b7b5c Remove false API dependencies from libc/posix components
Fixes #3720
2020-05-18 10:16:13 +02:00
Christian Helmuth
42fddf8390 Cleanup shared-object support mechanics
The former ldso-startup static library (now called ldso_so_support) is
used to spice each shared object/library with local support code for the
dynamic linker (execution of static constructors and ARM-EABI).
Therefore, the library must be statically linked to each dynamic
library.

As a result recipes for dynamic libraries must always depend on the "so"
API, which makes ldso_so_support.mk and so_support.c available
independent of "base". Additionally, ldso_so_support is also provided in
the libc API to cut the dependency early for libc/posix libraries.

Issue #3720
2020-05-18 10:16:13 +02:00
Christian Helmuth
589b416ca8 Remove misleading "pipe" utility and test
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
2020-05-18 10:16:13 +02:00
Christian Helmuth
4738d77c88 libc: fix CC_C_OPT in libm 2020-05-18 10:16:13 +02:00
Norman Feske
64bc008c3a core: fix inconsistent state after failed 'trace'
This patch fixes the handling of the corner case where the allocation of
a trace buffer throws 'Out_of_caps' or 'Out_of_ram'. Under this
circumstance, the '_buffer' would still be flagged with the 'size',
which prevented any subsequent allocation attempt. This patch fixes the
problem by initializing the 'size' after the potentially throwing
allocation.

The problem triggered with the test-trace_logger after the accounting of
core's TRACE service (replacing the 'Allocator_guard' by
'Constrained_ram_allocator') became more accurate.

Related to issue #3750
2020-05-18 10:16:13 +02:00
Christian Helmuth
236e02a2dd linux: remove initramfs from base-linux src archive 2020-05-18 10:16:13 +02:00
Norman Feske
cb5b688eb9 Remove <configfile> feature from init
Fixes #3753
2020-05-18 10:16:13 +02:00
Norman Feske
c39a342fe5 Remove use of <configfile> feature of init
Issue #3753
2020-05-18 10:16:13 +02:00
Norman Feske
07502ce6bb Remove Python2
Fixes #3751
2020-05-18 10:16:13 +02:00
Norman Feske
48b2456845 util/token.h: fix possible out-of-bounds read
The 'WHITESPACE' case of the _calc_len method wrongly accessed the
character before checking upper bound of the token. The problem is fixed
by switching the order of both conditions.

Fixes #3756
2020-05-18 10:16:12 +02:00
Christian Helmuth
894c7411e7 Remove obsolete vmm_utils test 2020-05-18 10:16:12 +02:00
Sebastian Sumpf
ea78d85d35 ahci: SYNC with empty NCQ queue only
Fixes #3746
2020-05-18 10:16:12 +02:00
Norman Feske
04aeaa25e5 Remove dead code 2020-05-18 10:16:12 +02:00
Norman Feske
9d67f9fc8e Remove Allocator_guard
This patch removes old 'Allocator_guard' utility and replaces its use
with the modern 'Constrained_ram_allocator'.

The adjustment of core in this respect has the side effect of a more
accurate capability accounting in core's CPU, TRACE, and RM services.
In particular, the dataspace capabilities needed for core-internal
allocations via the 'Sliced_heap' are accounted to the client now.
The same goes for nitpicker and nic_dump as other former users of the
allocator guard. Hence, the patch also touches code at the client and
server sides related to these services.

The only remaining user of the 'Allocator_guard' is the Intel GPU
driver. As the adaptation of this component would be too invasive
without testing, this patch leaves this component unchanged by keeping a
copy of the 'allocator_guard.h' locally at the component.

Fixes #3750
2020-05-18 10:16:12 +02:00
Christian Prochaska
1cc7277996 qt5: don't build webkit-related libraries for arm_v8a
Fixes #3747
2020-05-05 13:53:09 +02:00
Norman Feske
a9f0e47ea3 Remove return value of Log_session::write
Fixes #3749
2020-05-05 13:51:05 +02:00
Norman Feske
bbc21cf063 util/bit_array.h: remove use of memset and memcpy
This makes the code less dependent on functions considered unsafe.

Fixes #3748
2020-05-05 13:30:15 +02:00
Christian Helmuth
f722aa3325 os: src recipe for lx_fs 2020-05-04 15:59:29 +02:00
Norman Feske
eb0a33302a libc: strip trailing '/' for directory operations
Fixes #2686
2020-05-04 15:28:47 +02:00
Christian Prochaska
151828752c vfs: handle read error in fs file system
Issue #3742
2020-04-28 11:43:12 +02:00
Christian Prochaska
6a8fb48c13 vfs server: keep ack packet intact on failure
Issue #3742
2020-04-28 11:42:52 +02:00
Christian Prochaska
07b87f6f1f pthread: initialize static condition variables
Fixes #3741
2020-04-28 11:42:16 +02:00
Christian Prochaska
905b0c4aef libc: remove log2.patch
Fixes #3740
2020-04-28 11:41:38 +02:00
Christian Prochaska
6505ce47ae libc vfs plugin: report non-zero link count in 'stat()'
Fixes #3739
2020-04-28 11:40:58 +02:00
Christian Prochaska
31d7b3eb97 vfs_lwip: guard 'blocked_handles' Fifo
Fixes #3738
2020-04-28 11:37:56 +02:00
Alexander Boettcher
80d89c20fd top: use batched subject_infos of trace session
Issue #3610
2020-04-28 08:58:03 +02:00
Alexander Boettcher
1a94338389 trace: support to request subject infos batched
Optimize requesting the Subject_infos from O(n) to O(1) RPC call.

Issue #3610
2020-04-28 08:57:57 +02:00
Norman Feske
dd899fde29 depot: update recipe hashes 2020-04-24 14:37:57 +02:00
Norman Feske
1bf796d69a Remove Rust support
Fixes #3488
2020-04-24 14:37:57 +02:00
Norman Feske
c12d76686e Move OpenVPN to genode-world repository
Fixes #3737
2020-04-24 14:37:57 +02:00
Stefan Kalkowski
199821a247 os: re-enable drivers_interactive for i.MX53
* Fix IPU hardware structure layout
* Turn Signal_handler into Io_signal_handler
* Eliminate the faulty msleep in I2C initalization sequence
* Fix routes and resources for tablet board (i.MX53 SMD)

Fix #3735
2020-04-24 14:37:57 +02:00
Norman Feske
840f383e46 Remove input_merger component
Fixes #3736
2020-04-24 14:37:57 +02:00
Norman Feske
6f6340644b Hide binary_ready_hook_for_platform from public
The hook is meant to be internal to the framework. So better keep its
declaration in the framework-internal globals.h header.

Issue #3581
2020-04-24 14:37:47 +02:00
Norman Feske
b134867f31 Remove Rpc_entrypoint::Native_context
This patch largely reverts the commit "base: lay groundwork for
base-linux caps change" because the use of 'epoll' instead of 'select'
alleviated the need to allocate large FD sets, which motivated the
introduction of the 'Native_context' hook.

Related to issue #3581
2020-04-21 16:50:37 +02:00
Norman Feske
01bf32b998 Remove ram_fs server
Fixes #3734
2020-04-21 16:27:07 +02:00
Norman Feske
f14cc2edab Replace use of ram_fs by VFS server
Issue #3734
2020-04-21 16:24:37 +02:00
Norman Feske
f0c4fc1e22 sandbox: defer requests for upcoming server
The sandbox library supports the forwarding of session requests from the
outside to one of the hosted children according to a policy. This patch
introduces the distinction between two cases, which previously triggered
the denial of the session request.

- There exists no matching policy for the requested session
- There exists a matching policy but the referred server child
  does not exist (yet)

Whereas the proper response to the first case is the denial of the
request, the second case can occur in situation where a dynamic init is
used to implement a staged startup, for example via the deploy
mechanism. In such cases, a policy may exist as a static rule while the
server has not been started yet. This patch changes the behavior such
that such requests are stalled.

The patch is accompanied with test cases for exercising both situations.

Fixes #3733
2020-04-21 14:52:29 +02:00
Alexander Boettcher
f891f4c963 vm_stress: change output message for ci scripts
so that it detect it correctly as not available instead of a failure on
normal work days

Issue #3683
2020-04-20 12:36:00 +02:00
Stefan Kalkowski
9f28f4f803 hw: avoid BASE_DIR relative path definitions
Fix #3728
2020-04-17 12:55:13 +02:00
Stefan Kalkowski
0e49336b96 Retire Exynos 5 support (fix #3725) 2020-04-17 12:53:57 +02:00
Stefan Kalkowski
941e918b46 vmm: unify armv7/v8 virtualization
Fix #3638
2020-04-17 12:52:02 +02:00
Stefan Kalkowski
74e75d7fbc hw: enable virtualization support for virt_qemu
Ref #3638
2020-04-17 12:51:53 +02:00
Stefan Kalkowski
58db6542f8 hw: check for security extension support in GICv2
Ref #3638
2020-04-17 12:51:44 +02:00
Tomasz Gajewski
fca2a05adf trace: extend test for log_output
Issue #3714
2020-04-17 12:48:17 +02:00
Tomasz Gajewski
4639978b3a trace_logger: avoid output of empty lines
It avoids output of empty lines in output buffer if traced messages end
with \n (what is common with messages logged from dde_linux).

Issue #3714
2020-04-17 12:48:13 +02:00
Tomasz Gajewski
870d348d77 trace: redirect logs to trace based on policy
If trace is enabled for component than an attempt to put message into
trace buffer is performed using log_output policy. If it succeeds than
message is not put to logs using log service.

Fixes #3714
2020-04-17 12:47:48 +02:00
Tomasz Gajewski
db8ec81e9f trace: log_output policy that redirects logs to trace
Issue #3714
2020-04-17 12:47:35 +02:00
Tomasz Gajewski
1d9a2dce94 trace: extend policy with log_output
Issue #3714
2020-04-17 12:47:19 +02:00
Roman Iten
12ea494477 vfs/File_content: fix end condition in for_each_line
Fixes #3729
2020-04-17 12:45:10 +02:00
Christian Helmuth
b60b591d06 depot: update recipe hashes 2020-04-17 12:40:13 +02:00
Christian Helmuth
9fbc68bda1 libports: icu library moved to GitHub 2020-04-17 12:40:13 +02:00
Norman Feske
132569d12b base-linux: socket descriptor caps for RPC
On Linux, Genode used to represent each RPC object by a socket
descriptor of the receiving thread (entrypoint) and a globally-unique
value that identifies the object. Because the latter was transferred as
plain message payload, clients had to be trusted to not forge the
values. For this reason, Linux could not be considered as a productive
Genode base platform but remained merely a development vehicle.

This patch changes the RPC mechanism such that each RPC object is
represented by a dedicated socket pair. Entrypoints wait on a set of
the local ends of the socket pairs of all RPC objects managed by the
respective entrypoint. The epoll kernel interface is used as the
underlying mechanism to wait for a set of socket descriptors at the
server side.

When delegating a capability, the remote end of the socket pair is
transferred to the recipient along with a plaintext copy of the
socket-descriptor value of the local end. The latter value serves as a
hint for re-identifiying a capability whenever it is delegated back to
its origin. Note that the client is not trusted to preserve this
information. The integrity of the hint value is protected by comparing
the inode values of incoming and already present capablities at the
originating site (whenever the capability is invoked or presented to the
owner of the RPC object).

The new mechanism effectively equips base-linux with Genode's capablity
model as described in the Chapter 3 of the Genode Foundations book.
That said, the sandboxing of components cannot be assumed at this point
because each component has still direct access to the Linux system-call
interface.

This patch is based on the extensive exploration work conducted by
Stefan Thoeni who strongly motivated the inclusion of this feature into
Genode.

Issue #3581
2020-04-17 12:40:13 +02:00
Alexander Boettcher
319d2be1af seoul: add vm_stress script version
Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
29911cf114 seoul: update contrib branch
- reactivate vga update, range was to small
- remove diagnostic messages
- add support to ignore machine check MSR MCG CAP

Issue #3683
2020-04-17 12:40:13 +02:00
Alexander Boettcher
8be72b0be1 vbox5: add testing VMs causing load
Issue #3683
2020-04-17 12:40:13 +02:00
Emery Hemingway
6359445a8e Add <exit propagate="…"/> to Init config schema
Fix #3724
2020-04-17 12:40:13 +02:00
Christian Helmuth
c783764d0b Region-map attach/detach stress depot_autopilot test
Issue #3715
2020-04-17 12:40:13 +02:00
Stefan Kalkowski
ff378a8c5b hw: cache maintainance on mapping removal too
Older ARM processors like ARMv6, or Cortex A8 need to write back changes
of the page-tables to physical ram because the MMU does not use the cache.
This naturally needs to be done not only when adding a mapping,
but on removal too.

Fix #3715
2020-04-17 12:40:13 +02:00
Norman Feske
03c3040a1d Remove stale documentation
The topics are either covered by the Genode Founations book for by our
tools, in particular the integration of the prepare_port mechanism with
the run tool.
2020-04-17 12:40:13 +02:00
Christian Helmuth
cc4e21e7a7 Fix some details in run scripts
- don't use 'qemu -serial mon:stdio' anymore as it no longer works as
  expected
- use "bash -l" with [terminal] to read user's profile configuration,
  e.g., PATH settings
- added missing boot modules and cap quotas
2020-04-17 12:40:13 +02:00
Norman Feske
6dfd268ef1 base/registry.h: remove misleading comment 2020-04-17 12:40:13 +02:00
Christian Helmuth
838c5ba7de ieee754: enable output check for ARM64
Issue #3723
2020-04-17 12:40:13 +02:00
Christian Helmuth
4ab990ad5b libc: provide C++ runtime symbols in ABI
This commit puts all C++ runtime/support symbols of ld.lib.so in a
dedicated section of base/lib/symbols/ld and mirrors the section to
libports/lib/symbols/libc. So, the libc ABI resolves potential C++
runtime dependencies of base-ABI-agnostic components at link time. The
runtime resolution is done by the linker by symbol lookup in ld.lib.so.

Issue #3720
2020-04-17 12:40:13 +02:00
Alexander Boettcher
13cd25e7b0 vfs/ram: avoid 2x mutex releases in guard
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
2b41323fe6 test-* recipes: fix xmllint errors
config_0.xml.tmp:26: element config: Schemas validity error :
  Element 'config': Character content other than whitespace is
  not allowed because the content type is 'element-only'

Issue #3612
2020-04-17 12:40:12 +02:00
Norman Feske
7bf47b1982 base-linux: boost max open fds to the hard rlimit
This patch increases the default limit of the maximum number of open
file descriptors to the hard limit of the system. This is needed for
complex scenarios, which require more FDs than the default of 1024
at core.

Related to issue #3581

Fixes #3721
2020-04-17 12:40:12 +02:00
Alexander Boettcher
22d71d5a8b os: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
3956530634 base: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Alexander Boettcher
e87d60ddf7 core: use Mutex/Blockade
Issue #3612
2020-04-17 12:40:12 +02:00
Norman Feske
85a1f91f59 Sanitize Framebuffer::Mode member access
Fixes #3719
2020-04-17 12:40:12 +02:00
Alexander Boettcher
dc90740549 nic_router: accept DHCP reply with missing option
The options are not always set, which throws exception. This leads to not
accepting the selected IP address.

Fixes #3716
2020-04-17 12:40:12 +02:00
Tomasz Gajewski
d111af922a trace documentation: fix reference to events definitions 2020-04-17 12:40:12 +02:00