Without this patch, usb_drv would issue a resource request when
assigning a USB device to a VM in the sculpt scenario.
Furthermore, the patch adjusts the intel_fb quota to enable it on
devices where the driver allocates the framebuffer in many 4K pieces.
This is a drivers subsystem that starts the most fundamental
(framebuffer, input, block) device drivers dynamically, depending on the
runtime-detected devices. The discovered block devices are reported
as a "block_devices" report.
This patch applies the handling of cursor keys, function keys, and page
up/down keys even if no keymap is defined. This is the case when using
the terminal with character events produced by the input filter.
Add a "writeable" policy option to the ahci_drv and part_blk Block
servers and default from writeable to ready-only. Should a policy
permit write acesss the session request argument "writeable" may still
downgrade a session to ready-only.
Fix#2469
When idle, menu_view de-schedules timer events to save processing time.
Once reactivated by a dialog update, it computes the passed time and
applies the result to the animator. However, the animation was most likely
started by the update not during the sleep. So the passed time must not
be applied to the animation in this case. Otherwise, many animation steps
are computed at once within a single visible frame.
Furthermore, the patch adjusts the REDRAW_PERIOD to 2, which is a better
value for geometric movements as opposed to mere color-blending effects
where the frame rate does not matter so much.
It also refines the nitpicker-buffer relocation in a way that extends
the buffer but does not shrink it. This lowers the interaction with
nitpicker in situations where the dialog size changes a lot.
By applying the text output to the alpha buffer in addition to the pixel
buffer, labels can now appear without the need for an underlying frame
or button.
The new widget allows one to align a child widget within a larger parent
widget by specifying the boolean attributes 'north', 'south', 'east',
and 'west'. If none is specified, the child is centered. If opposite
attributes are specified, the child is stretched.
The VFS library can be used in single-threaded or multi-threaded
environments and depending on that, signals are handled by the same thread
which uses the VFS library or possibly by a different thread. If a VFS
plugin needs to block to wait for a signal, there is currently no way
which works reliably in both environments.
For this reason, this commit makes the interface of the VFS library
nonblocking, similar to the File_system session interface.
The most important changes are:
- Directories are created and opened with the 'opendir()' function and the
directory entries are read with the recently introduced 'queue_read()'
and 'complete_read()' functions.
- Symbolic links are created and opened with the 'openlink()' function and
the link target is read with the 'queue_read()' and 'complete_read()'
functions and written with the 'write()' function.
- The 'write()' function does not wait for signals anymore. This can have
the effect that data written by a VFS library user has not been
processed by a file system server yet when the library user asks for the
size of the file or closes it (both done with RPC functions at the file
system server). For this reason, a user of the VFS library should
request synchronization before calling 'stat()' or 'close()'. To make
sure that a file system server has processed all write request packets
which a client submitted before the synchronization request,
synchronization is now requested at the file system server with a
synchronization packet instead of an RPC function. Because of this
change, the synchronization interface of the VFS library is now split
into 'queue_sync()' and 'complete_sync()' functions.
Fixes#2399
The launcher.run scenario was last updated mid-may of the recently
developed cap-quota accounting (before all cap types were covered).
Hence, the quotas used in the scenario are too low. This patch adjusts
the values such that the scenario can be started on NOVA on Qemu. It
also fixes a warning about a deprecated way of configuring the
report_rom component.
Thanks to Jörg-Christian Böhme for reporting!
With the capability-quota mechanism, the terminal-session won't always
be constructed completely on the first try (we may run out of caps in
the middle of the construction). Therefore, all members of the object
must be properly destructable. Furthermore, the patch replaces the
sliced heap by a heap to avoid allocating a new dataspace for each line
of the cell array.
Previously, the Genode::Timer::curr_time always used the
Timer_session::elapsed_ms RPC as back end. Now, Genode::Timer reads
this remote time only in a periodic fashion independently from the calls
to Genode::Timer::curr_time. If now one calls Genode::Timer::curr_time,
the function takes the last read remote time value and adapts it using
the timestamp difference since the remote-time read. The conversion
factor from timestamps to time is estimated on every remote-time read
using the last read remote-time value and the timestamp difference since
the last remote time read.
This commit also re-works the timeout test. The test now has two stages.
In the first stage, it tests fast polling of the
Genode::Timer::curr_time. This stage checks the error between locally
interpolated and timer-driver time as well as wether the locally
interpolated time is monotone and sufficiently homogeneous. In the
second stage several periodic and one-shot timeouts are scheduled at
once. This stage checks if the timeouts trigger sufficiently precise.
This commit adds the new Kernel::time syscall to base-hw. The syscall is
solely used by the Genode::Timer on base-hw as substitute for the
timestamp. This is because on ARM, the timestamp function uses the ARM
performance counter that stops counting when the WFI (wait for
interrupt) instruction is active. This instruction, however is used by
the base-hw idle contexts that get active when no user thread needs to
be scheduled. Thus, the ARM performance counter is not a good choice for
time interpolation and we use the kernel internal time instead.
With this commit, the timeout library becomes a basic library. That means
that it is linked against the LDSO which then provides it to the program it
serves. Furthermore, you can't use the timeout library anymore without the
LDSO because through the kernel-dependent LDSO make-files we can achieve a
kernel-dependent timeout implementation.
This commit introduces a structured Duration type that shall successively
replace the use of Microseconds, Milliseconds, and integer types for duration
values.
Open issues:
* The timeout test fails on Raspberry PI because of precision errors in the
first stage. However, this does not render the framework unusable in general
on the RPI but merely is an issue when speaking of microseconds precision.
* If we run on ARM with another Kernel than HW the timestamp speed may
continuously vary from almost 0 up to CPU speed. The Timer, however,
only uses interpolation if the timestamp speed remained stable (12.5%
tolerance) for at least 3 observation periods. Currently, one period is
100ms, so its 300ms. As long as this is not the case,
Timer_session::elapsed_ms is called instead.
Anyway, it might happen that the CPU load was stable for some time so
interpolation becomes active and now the timestamp speed drops. In the
worst case, we would now have 100ms of slowed down time. The bad thing
about it would be, that this also affects the timeout of the period.
Thus, it might "freeze" the local time for more than 100ms.
On the other hand, if the timestamp speed suddenly raises after some
stable time, interpolated time can get too fast. This would shorten the
period but nonetheless may result in drifting away into the far future.
Now we would have the problem that we can't deliver the real time
anymore until it has caught up because the output of Timer::curr_time
shall be monotone. So, effectively local time might "freeze" again for
more than 100ms.
It would be a solution to not use the Trace::timestamp on ARM w/o HW but
a function whose return value causes the Timer to never use
interpolation because of its stability policy.
Fixes#2400
Removes the following Fiasco.OC specific features:
* GDB extensions for Fiasco.OC
* i.MX53 support for Fiasco.OC
* Kernel debugger terminal driver
* Obsolete interface Native_pd
* Obsolete function of interface Native_cpu
This patch reduces the number of exception types by facilitating
globally defined exceptions for common usage patterns shared by most
services. In particular, RPC functions that demand a session-resource
upgrade not longer reflect this condition via a session-specific
exception but via the 'Out_of_ram' or 'Out_of_caps' types.
Furthermore, the 'Parent::Service_denied', 'Parent::Unavailable',
'Root::Invalid_args', 'Root::Unavailable', 'Service::Invalid_args',
'Service::Unavailable', and 'Local_service::Factory::Denied' types have
been replaced by the single 'Service_denied' exception type defined in
'session/session.h'.
This consolidation eases the error handling (there are fewer exceptions
to handle), alleviates the need to convert exceptions along the
session-creation call chain, and avoids possible aliasing problems
(catching the wrong type with the same name but living in a different
scope).
This patch mirrors the accounting and trading scheme that Genode employs
for physical memory to the accounting of capability allocations.
Capability quotas must now be explicitly assigned to subsystems by
specifying a 'caps=<amount>' attribute to init's start nodes.
Analogously to RAM quotas, cap quotas can be traded between clients and
servers as part of the session protocol. The capability budget of each
component is maintained by the component's corresponding PD session at
core.
At the current stage, the accounting is applied to RPC capabilities,
signal-context capabilities, and dataspace capabilities. Capabilities
that are dynamically allocated via core's CPU and TRACE service are not
yet covered. Also, the capabilities allocated by resource multiplexers
outside of core (like nitpicker) must be accounted by the respective
servers, which is not covered yet.
If a component runs out of capabilities, core's PD service prints a
warning to the log. To observe the consumption of capabilities per
component in detail, the PD service is equipped with a diagnostic
mode, which can be enabled via the 'diag' attribute in the target
node of init's routing rules. E.g., the following route enables the
diagnostic mode for the PD session of the "timer" component:
<default-route>
<service name="PD" unscoped_label="timer">
<parent diag="yes"/>
</service>
...
</default-route>
For subsystems based on a sub-init instance, init can be configured
to report the capability-quota information of its subsystems by
adding the attribute 'child_caps="yes"' to init's '<report>'
config node. Init's own capability quota can be reported by adding
the attribute 'init_caps="yes"'.
Fixes#2398
This patch makes use of the new 'Quota_transfer::Account' by the service
types in base/service.h and uses 'Quota_transfer' objects in
base/child.cc and init/server.cc.
Furthermore, it decouples the notion of an 'Async_service' from
'Child_service'. Init's 'Routed_service' is no longer a 'Child_service'
but is based on the new 'Async_service' instead.
With this patch in place, quota transfers do no longer implicitly use
'Ram_session_client' objects. So transfers can in principle originate
from component-local 'Ram_session_component' objects, e.g., as used by
noux. Therefore, this patch removes a strumbling block for turning noux
into a single threaded component in the future.
Issue #2398
This patch replaces the former use of size_t with the use of the
'Ram_quota' type to improve type safety (in particular to avoid
accidentally mixing up RAM quotas with cap quotas).
Issue #2398
Ldso now does not automatically execute static constructors of the
binary and shared libraries the binary depends on. If static
construction is required (e.g., if a shared library with constructor is
used or a compilation unit contains global statics) the component needs
to execute the constructors explicitly in Component::construct() via
Genode::Env::exec_static_constructors().
In the case of libc components this is done by the libc startup code
(i.e., the Component::construct() implementation in the libc).
The loading of shared objects at runtime is not affected by this change
and constructors of those objects are executed immediately.
Fixes#2332
This patch adds the handling of 'CHARACTER' events as emitted by the
input-filter's character generator (<chargen>). To avoid interpreting
press/release events twice (at the input filter and by the terminal's
built-in scancode tracker), the terminal's scancode tracker can be
explicitly disabled via <config> <keyboard layout="none"/> </config>.
In the future, the terminal's built-in scancode tracker will be
removed.
The use of the terminal with the input filter is illustrated by the
'terminal_echo.run' script.
Issue #2264
This patch eliminates the need for a global allocator by passing the
parent-service registry as argument to the 'Slave::Policy' constructor.
Fixes#2269
This commit enables compile-time warnings displayed whenever a deprecated
API header is included, and adjusts the existing #include directives
accordingly.
Issue #1987
To better support non-blocking terminal components, let the
'Terminal::Session::write()' function return the number of bytes
actually written.
Fixes#2240
The session-control mechanism is based on the way how sessions are
labeled. In #2171, we changed the labeling to be more strict. In
particular, label-less sessions do no longer exist.
Unfortunately, nitpicker and the window manager still handled the former
weaker labeling, which ultimately led to a situation where any
session-control argument would mismatch. The behavior could be observed
in the launcher.run script where a click on the subsystem button would
not focus the clicked-on subsystem. With the patch, the scenario works
again as expected.
Libc::Env is the Genode::Env interface extended to cover access
to the XML content of the 'config' ROM and a VFS instance. This
deduplicates the burden of components to attain and manage
these resources.
Fix#2217
Ref #1987
This patch removes the component_entry_point library, which used to
proved a hook for the libc to intercept the call of the
'Component::construct' function. The mechansim has several shortcomings
(see the discussion in the associated issue) and was complex. So we
eventually discarded the approach in favor of the explicit handling of
the startup.
A regular Genode component provides a 'Component::construct' function,
which is determined by the dynamic linker via a symbol lookup.
For the time being, the dynamic linker falls back to looking up a 'main'
function if no 'Component::construct' function could be found.
The libc provides an implementation of 'Component::construct', which
sets up the libc's task handling and finally call the function
'Libc::Component::construct' from the context of the appllication task.
This function is expected to be provided by the libc-using application.
Consequently, Genode components that use the libc have to implement the
'Libc::Component::construct' function.
The new 'posix' library provides an implementation of
'Libc::Component::construct' that calls a main function. Hence, POSIX
programs that merely use the POSIX API merely have to add 'posix' to the
'LIBS' declaration in their 'target.mk' file. Their execution starts at
'main'.
Issue #2199
The header is foc-specific. It used to shadow the generic one provided
by the base repository, which contradicts with the kernel-agnostic
Genode API. Hence, it had to be moved to a foc-specific location.
This patch unconditionally applies the labeling of sessions and thereby
removes the most common use case of 'Child_policy::filter_session_args'.
Furthermore, the patch removes an ambiguity of the session labels of
sessions created by the parent of behalf of its child, e.g., the PD
session created as part of 'Child' now has the label "<child-name>"
whereas an unlabeled PD-session request originating from the child
has the label "<child-name> -> ". This way, the routing-policy of
'Child_policy::resolve_session_request' can differentiate both cases.
As a consequence, the stricter labeling must now be considered wherever
a precise label was specified as a key for a session route or a server-
side policy selection. The simplest way to adapt those cases is to use a
'label_prefix' instead of the 'label' attribute. Alternatively, the
'label' attribute may used by appending " -> " (note the whitespace).
Fixes#2171
This patch adjusts the various users of the 'Child' API to the changes
on the account of the new non-blocking parent interface. It also removes
the use of the no-longer-available 'Connection::KEEP_OPEN' feature.
With the adjustment, we took the opportunity to redesign several
components to fit the non-blocking execution model much better, in
particular the demo applications.
Issue #2120
This is a redesign of the root and parent interfaces to eliminate
blocking RPC calls.
- New session representation at the parent (base/session_state.h)
- base-internal root proxy mechanism as migration path
- Redesign of base/service.h
- Removes ancient 'Connection::KEEP_OPEN' feature
- Interface change of 'Child', 'Child_policy', 'Slave', 'Slave_policy'
- New 'Slave::Connection'
- Changed child-construction procedure to be compatible with the
non-blocking parent interface and to be easier to use
- The child's initial LOG session, its binary ROM session, and the
linker ROM session have become part of the child's envirenment.
- Session upgrading must now be performed via 'env.upgrade' instead
of performing a sole RPC call the parent. To make RAM upgrades
easier, the 'Connection' provides a new 'upgrade_ram' method.
Issue #2120
* Supply Env to Input::Session_component
* Attach input event dataspace at Input::Client
* Process input events by lambda rather than pointer
* Supply Env and a label to Input::Connection
* Wm serves valid input_session to decorator
* Per-source signal handling at input_merger
* Base API update for dummy_input_drv, test_input
* Input API update for launcher, menu_view, terminal,
mupdf, sdl, seoul, virtualbox
Ref #1987
Besides adapting the components to the use of base/log.h, the patch
cleans up a few base headers, i.e., it removes unused includes from
root/component.h, specifically base/heap.h and
ram_session/ram_session.h. Hence, components that relied on the implicit
inclusion of those headers have to manually include those headers now.
While adjusting the log messages, I repeatedly stumbled over the problem
that printing char * arguments is ambiguous. It is unclear whether to
print the argument as pointer or null-terminated string. To overcome
this problem, the patch introduces a new type 'Cstring' that allows the
caller to express that the argument should be handled as null-terminated
string. As a nice side effect, with this type in place, the optional len
argument of the 'String' class could be removed. Instead of supplying a
pair of (char const *, size_t), the constructor accepts a 'Cstring'.
This, in turn, clears the way let the 'String' constructor use the new
output mechanism to assemble a string from multiple arguments (and
thereby getting rid of snprintf within Genode in the near future).
To enforce the explicit resolution of the char * ambiguity, the 'char *'
overload of the 'print' function is marked as deleted.
Issue #1987
Session_label constructor now takes a bare string rather than a
serialized argument buffer.
Replace all instances of previous constructor with 'label_from_args'
function.
Issue #1787
Replace 'attribute(...).has_value("yes")`
with 'attribute_value(..., false)'.
This allows for boolean configuration to be set with values such as
"true", "false", "yes", "no", or "1", "0".
Fixes#2002
This patch cleans up the thread API and comes with the following
noteworthy changes:
- Introduced Cpu_session::Weight type that replaces a formerly used
plain integer value to prevent the accidental mix-up of
arguments.
- The enum definition of Cpu_session::DEFAULT_WEIGHT moved to
Cpu_session::Weight::DEFAULT_WEIGHT
- New Thread constructor that takes a 'Env &' as first argument.
The original constructors are now marked as deprecated. For the
common use case where the default 'Weight' and 'Affinity' are
used, a shortcut is provided. In the long term, those two
constructors should be the only ones to remain.
- The former 'Thread<>' class template has been renamed to
'Thread_deprecated'.
- The former 'Thread_base' class is now called 'Thread'.
- The new 'name()' accessor returns the thread's name as 'Name'
object as centrally defined via 'Cpu_session::Name'. It is meant to
replace the old-fashioned 'name' method that takes a buffer and size
as arguments.
- Adaptation of the thread test to the new API
Issue #1954
This patch makes the former 'Process' class private to the 'Child'
class and changes the constructor of the 'Child' in a way that
principally enables the implementation of single-threaded runtime
environments that virtualize the CPU, PD, and RAM services. The
new interfaces has become free from side effects. I.e., instead
of implicitly using Genode::env()->rm_session(), it takes the reference
to the local region map as argument. Also, the handling of the dynamic
linker via global variables is gone. Now, the linker binary must be
provided as constructor argument.
Fixes#1949
Currently the report name is used implicitly as first xml node name for the
report. This is inconvenient if one component wants to generate various xml
reports under various names (e.g. to steer consumers/clients slightly
differently) but with the same xml node tree structure.
Fixes#1940
If attached ROM dataspaces are not valid after update(), code that uses
these ROMs produces
void Genode::Volatile_object< <template-parameter-1-1> >::_check_constructed() const [with MT = Genode::Attached_dataspace]: Deref_unconstructed_object
This patch removes a superfluous resize request at the creation time of
a new window, which resulted from _requested_size being initialized with
zero whereas the _geometry was initialized with the actual window
geometry. In some cases, this inconsistency led to the report of a new
resize request for the size 0x0, which is obviously wrong. I.e., it
leads clients to believe that the user has closed the window.
This patch resets the part of the window state that is responsible the
dragging of window controls once the drag operation is finalized.
Without it, the window was wrongly positioned when leaving the maximized
state after a previous resize operation.
This patch adds support for manipulating the window layout with keyboard
actions. It supports the toggling of fullscreen (aka maximize), the
raising of the currently focused window, and the focusing the next/previous
window.
This patch adds the mechanics for detecting key sequences to the window
layouter. Sequences for layouter actions can be expressed in the
layouter configuration. They cannot trigger any real action yet.
This patch weakens the themed decorator's demands with respect to the
supplied theme data. It no longer strictly requires the specification of
the '<closer>', '<title>', and '<maximizer>' nodes and the accompanied
png/tff data. Furthermore, the default.png can be left out if both decor
and aura have a size of zero.
This patch enhances the layouter to apply a label-dependent policy
for the placement of new windows. The policy may contain the
attributes 'xpos', 'ypos', and 'maximized'. If the latter is set
to "yes", the matching window will appear in maximized state.
Explicitly cast floats to long as we currently do not plan to support
float in Xml_generator and previously the value was implicitly casted to
long anyway.
Issue #1819
* Also change the way how mute is handled. Only send the
changed signal if the user has clicked on the mute checkbox
* Always check channels_rom is valid
* Add <default> handling
* Increase verbosity
Fixes#1795.
This patch changes the decorator to always apply stacking-order changes
immediately instead of deferring the re-stacking of the nitpicker views
to the next call of 'update_nitpicker_views'. The deferred application
did not always work when more then one windows changed their stacking
position at once because the cached '_neighbor' values interfered with
each other.
The eager re-stacking should not have negative effects on the user
experience because, in contrast to re-positioning, re-stacking a rare
operation.
This change makes it possible to reuse the generic window decorator
classes in include/decorator/ for decorators of a different structure.
E.g., instead of painting decorations on a single nitpicker session,
each window may paint its decorations into additional window-specific
nitpicker sessions.
For each session upgrade performed by a wm client as part of the
Nitpicker::Connection::buffer function, the window manager wrongly
upgraded the wrapped nitpicker session twice: Once by handling the
Root::upgrade, and again by handling of the server-side 'buffer'
operation. Here, the 'buffer' operation was implemented by not merely
forwarding the RPC request to the wrapped nitpicker session but by
calling the 'buffer' method on the wrapped session's connection
object, which implictly issues session upgrades. Consequently,
the window manager would transfer twice the amount of the session
upgrades it received by its clients to nitpicker and eventually ran
out of memory.
The patch fixes the problem by eliminating the call of the
Nitpicker::Connection::buffer method and instead merely forward the RPC
requests to the wrapped nitpicker sessions.
This patch, complements the existing vbox layout with a hbox layout and
improves the response to dynamic dialog updates. The new version support
disappearing widgets and the reordering of widgets. Furthermore, this
patch ensures that the 'Widget::_layout' functions are executed after
updating a new version of the dialog.
This patch improves the decorator in two ways. First, it enables the
assignment of window colors depending on the window labels. This
configuration can be changed dynamically. Second, it adds the handling
of window controls for closing, maximizing, minimizing windows.
Issue #1689Fixes#1688
Until now, the CLI monitor and the laucher allowed the user to explitly
kill subsystems but both used to ignore gracefully exiting subsystems.
It was the user's job to remove the remains of those subsystems. The
patch takes the burden of manually killing exited subsystems from the
user.
Fixes#1685
If a client provides a read buffer of insufficient size for all
available data, we have two options
1) Leave it to the client to do partial reads until not further data is
available, or
2) Signal the client that there still some bytes on a partial read.
As the second option seems more robust it's implemented in this commit.
Fixes#1705
Instead of returning pointers to locked objects via a lookup function,
the new object pool implementation restricts object access to
functors resp. lambda expressions that are applied to the objects
within the pool itself.
Fix#884Fix#1658
This patch changes the window manager, the decorator, and the
floating window layouter to propagate the usage of an alpha channel from
the client application to the decorator. This way, the decorator can
paint the decoration elements behind the affected windows, which would
otherwise be skipped.
This patch adds two new painters located at gems/include/polygon_gfx.
Both painters draw convex polygons with an arbirary number of points.
The shaded-polygon painter interpolates the color and alpha values
whereas the textured-polygon painter applies a texture to the polygon.
The painters are accompanied by simplistic 3D routines located at
gems/include/nano3d/ and a corresponding example (gems/run/nano3d.run).
The menu view generates a simple dialog of widgets and reports the
hovered element. It is meant to be embedded into applications that
require simple GUIs but don't want to deal with the pecularities of
a full-blown widget set.
If the Rom_session::update function returns false, the ROM dataspace may
have been physically destructed (and core has removed all mappings).
In this case, we have to omit the detach operation in the destructor
of 'Attached_dataspace' to avoid detaching the same region twice.
The headers 'texture_rgb565.h' and 'texture_rgb888' contain
template specializations needed for using the 'Texture::rgba' function
for the respective pixel formats. The specializations were formerly
contained in application-local code.
The window manager provides a nitpicker session interface. In contrast
to the nitpicker server, which leaves the view layout up to the client,
the window manager organizes the views on screen according to a policy
provided by a window layouter. Furthermore, it equips views with window
decorations as provided by a window decorator. Both layouter and
decorator are independent programs.
This patch changes both the Input::Session interface and the skeleton
for the server-side implementation of this interface
('input/component.h').
The Input::Session interface offers a new 'sigh' function, which can be
called be the client to register a signal handler. The signal handler
gets notified on the arrival of new input. This alleviates the need to
poll for input events at the client side.
The server-side skeleton for implementing input services underwent a
redesign to make it more modular and robust. I.e., there are no
global functions needed at the server side and the event-queue
enable/disable mechanism is implemented at a central place (in the root
component) rather than inside each driver.
Fixes#46
This patch changes the top-level directory layout as a preparatory
step for improving the tools for managing 3rd-party source codes.
The rationale is described in the issue referenced below.
Issue #1082