The 'file_size' type denotes the size of files on disk in bytes. On
32-bit architectures it is larger than the size_t, which refers to
in-memory object sizes.
Whereas the use of 'file_size' is appropriate for ftruncate and seek, it
is not a suitable type for the parameters of read/write operations
because those operations refer to in-memory buffers.
This patch replaces the use of 'file_size' by size_t. However, since it
affects all sites where the read/write interface is uses, it takes the
opportunity to replace the C-style (pointer, size) arguments by
'Byte_range_ptr' and 'Const_byte_range_ptr'.
Issue #4706
The screenshot trigger displays a little red dot at the upper-left
corner of the screen. When touched or clicked-on, it generates an
artificial key-press-release sequence for the print key and disappears
for one second. In this time, a separate screenshot component can handle
the print key by capturing the screen without the red dot appearing in
the saved picture.
The touch-keyboard config accepts the new attributes 'opaque="yes"
and 'background=#112233' to control the dialog background. The
attributes are passed unmodified to embedded the menu view.
This patch add the support needed for implementing on-target
system-update functionality. The new 'empty' method is required for the
two-step procedure of updating image-index files - removing the old
index, followed by downloading the most current one. It is used to the
detect the completion of the first step.
Issue #4744
This patch reflects more details such as the percentage value for
downloads maintained in the download queue. This makes this information
easier to display at the GUI.
Issue #4744
This patch replaces the generic "In progress..." message by slightly
more concrete information about the type of operation. This is useful to
distinguish the two steps during the expansion of a partition.
This patch enhances the depot_download subsystem with support for
downloading and querying system images.
The installation ROM support the following two now download types:
<image_index path="<user>/image/index"/>
<image path="<user>/image/<name>"/>
Internally, the depot-download subsystem employs the depot-query
component to determine the missing depot content. This component
accepts the following two new queries:
<images user="..."/>
<image_index user="..."/>
If present in the query, depot_query generates reports labeled as
"images" and "image_index" respectively.
The also tracks the completion of each job depending on the depot-
query results, so that the final report contains a result for each
installation item requested. Prior this patch, the inactivity of the
depot-download manager (indicated by an empty state report) was
interpreted as success. But that prevents the proper association of
results and requested installation items.
Issue #4744
The 'scan' query for depot users used to list the names of depot users.
However, the URL and existence of a pubkey is useful to know when
assembling a GUI menu from this list.
Issue #4744
Each time when enlarging the menu view, a new 'Gui_buffer' is
constructed with the new size. At its contruction time, the default
reset background color is in effect, which is evaluated by
'reset_surface' as part of the construction. A custom reset color
takes effect only after the construction. Hence, when the Gui_buffer is
flushed to screen immediately at construction time, the gray default
becomes visible for a short time.
This patch changes the Gui_buffer to accept the reset background color
as construction argument so that it takes immediate effect.
Related to #4592
This patch simplifies the 'Deploy::update_managed_deploy_config'
interface by keeping an internal copy of the currently used deploy
template inside the 'Deploy' class. The template is updated whenever
the config/deploy file is modified.
This change weakens the coupling between the '_manual_deploy_rom' and
the '_deploy' subsystem, easing the upcoming implementation of the
switching between presets.
When writing the GPT header, the tool always wrote the GPT entries
belonging to the primary header to LBA following the header. Normally
this is LBA 2 as the header is located in LBA 1. The GPT allows for
up to 128 entries that all in all cover 16 KiB of storage space.
However, on some systems, e.g. ARM-based machines, the bootloader can
be stored in this region. For this reason the GPT entries may be moved
to a different LBA.
This commit changes the tool to adhere to then given GPE LBA in header
when writing out the modified GPT data.
Fixes#4720.
The old 'Io_response_handler::io_progress_response' interface has been
replaced by the 'Vfs::Env::User::wakeup_vfs_user' (issue #4697). The
remaining 'read_ready_response' method is now hosted in the
appropriately named 'Read_ready_response_handler'.
Issue #4706
This patch keeps driving the internal state machines until no progress
can be made. This required fixing the return values of several execute
functions, which used to report progress while being in complete state.
Along the way, the patch removes default switch cases to ensure that all
states are covered.
Issue #4706
By adding a 'write_ready' interface following the lines of the existing
'read_ready', VFS plugins become able to propagate the (de-)saturation
of I/O buffers to the VFS user. This information is important when using
a non-blocking file descriptor for writing into a TCP socket. Once the
application observes EAGAIN, it expects a subsequent 'select' call to
return as soon as new I/O buffer space becomes available.
Before this patch, the select call would always return under this
condition, causing an unnecessarily busy write loop.
Issue #4697
This patch removes the 'Insufficient_buffer' exception by returning the
WRITE_ERR_WOULD_BLOCK result value instead. It also eliminates the
superfluous WRITE_ERR_AGAIN and WRITE_ERR_INTERRUPT codes.
Issue #4697
This patch fosters the batching of network packets transferred by the
lwIP stack over the NIC connection. It replaces the eager submission of
the packet-stream's data-flow signals by explicit wakeup notifications.
The commit also increases the NIC session's buffer size from 128 to 1024
packets.
Issue #4697
This patch facilitates the batching of I/O operations in the VFS library
by replacing the implicit wakeup of remote peer (via the traditional
packet-stream interface like 'submit_packet') by explicit wakeup
signalling.
The wakeup signalling is triggered not before the VFS user settles down.
E.g., for libc-based applications, this is the case if the libc goes
idle, waiting for external I/O.
In the case of a busy writer to a non-blocking file descriptor or socket
(e.g., lighttpd), the remote peers are woken up once a write operation
yields an out-count of 0.
The deferring of wakeup signals is accommodated by the new 'Remote_io'
mechanism (vfs/remote_io.h) that is designated to be used by all VFS
plugins that interact with asynchronous Genode services for I/O.
Issue #4697
The commit "sculpt_manager: relax nic_drv policy label" introduced the use of
the "label_prefix" attribute instead of "label" for the uplink policy in the
NIC router. However, it missed an appropriate adaption of the lookup of that
attribute when the Sculpt manager has to decide which uplink is used in a
manually managed router config. This caused the uplink to disappear whenever a
user created a manually managed router config. This commit fixes the problem.
Issue #4660Fixes#4695
The platform driver configuration is missing the required 'info'
attribute that allows the 'vesa_fb_drv' to map the proper I/O
memory address of the framebuffer. In addition the driver requires
at least '2' more CAPs, so raise the quota to '110'.
Fixes#4668.
This patch makes the component graph better reusable for the phone
version of Sculpt. In the phone version, the '+' menu does not exist.
So we need to omit the corresponding button. Furthermore, the storage
dialog is presented in a dedicate section of the GUI instead of
presenting it inside the 'storage' graph node. The phone version
also does not offer the inspect view. So we need to omit the
corresponding buttons.
When using the newer genode_c_api uplink library, an uplink connection uses
the device name as label, which enables integrators to use different policies
resp. routes for different devices driven by one driver. The nic_drv policy
of the nic_roouter configuration generated by the sculpt_manager however uses
an empty label like: "nic_drv -> ". This is the way how existent NIC drivers,
like ipxe_nic_drv requested their uplink session. To support both driver
variants this commit relaxes the policy by checking for a prefix only.
Ref genodelabs/genode#4660
If `select_from_ports` is evaluated lazily, we might miss a port during
the dependency check. A way to prevent this is to use the `:=` operator.
Fixesgenodelabs/genode#4618
plain_decorator_theme.tar is not linked to the app but must be generated
as side effect. Therefore, use CUSTOM_TARGET_DEPS to trigger the
generation.
Fixes#4637
This patch removes the intermediate querying of the depot while the
installation of packages is in progress. This avoids misleading warning
messages and reduces superfluous file-system load during the
installation of large packages.
Issue #4631
This patch reflects both the pci_decode results and the platform
driver's aggregated device information in Sculpt's /report/drivers/ in
the form of pci_devices and devices files respectively.
Until now, the /config/system ROM was not handled by the sculpt manager
but solely managed by the user. Its main purpose was the ability to
reset or power-down the machine by manually modifying the 'state'
attribute. However, down the road, we'd like to enable the sculpt
manager to drive this state, e.g., to implement the multi-staged
loading of drivers, or to drive suspend-resume states.
The support such scenarios, the 'system' state has been moved from
/config/system to /config/managed/system.
This is a follow-up commit for "menu_view: configurable alpha channel
and bg color", which simplifies the code. The '_no_alpha' surface is not
needed because the 'Gui_buffer' provides a 0x0 alpha surface when using
the opaque mode.
This patch changes the access of pkg-archives files such that the file
read only once per pkg, not for each ROM module used by the package.
Issue #4611
By caching directory listings, the performance of depot_query is no
longer impeded by a massive amount of stat calls while searching for ROM
module locations.
Issue #4611
Upon closer inspection of real-world access patterns, it turns out that
the 'Stat_cache' and 'Cached_rom_query' are not as effective as hoped
for because cache hits are rare while querying pkg blueprints.
However, by increasing the initial size of the blueprint reporter from 4
KiB (default) to 64 KiB has a great effect. With the small default
report size, the querying of blueprints is repeated until the buffer
size suffices, incrementing the buffer size by 4 KiB in each iteration.
Issue #4611
The new 'Dictionary' provides an easy way to access objects using
strings as key. The 'String' received the 'operator >' to simplify the
organization of strings in an AVL tree.
The patch removes the former definition of the 'operator >' from the
platform driver because it would be ambigious now.
Fixes#4610
This patch avoids repetitive depot queries at the start of the Sculpt
system.
We don't need to trigger a query unconditionally whenever the
managed/deploy changes because the call of 'handle_deploy' triggers a
query when needed.
We don't need to trigger a query once the prepare step is completed
because the depot_query component is spawned at this point. The initial
blueprint produced by the depot_query component, in turn, triggers the
'handle_deploy' mechanics in the sculpt manager.
The constructor of the Sculpt manager's 'Main' does not need to call
'depot_deploy' because the prepare step - which is a precondition for
the deployment - cannot be completed at this point anyway.
If provided with a config that does not include a `<static>` or
`<common_routes>` node, depot_deploy exits due to a `Nonexistent_sub_node`
exception. Instead, we should output a more useful warning.
Fixesgenodelabs/genode#4600
The `with_sub_node` method is renamed to `with_optional_sub_node` to
better reflect that the non-existence of a sub node with the desired type is
ignored.
At the same time, the new `with_sub_node` now takes a second functor that is
called when no sub node of the desired type exists.
genodelabs/genode#4600
This style is used by the upcoming phone version of Sculpt for GUI
elements that are supposed to stand out a little bit more than the
regular frame style.
This patch enhances menu_view with the optional configuration attributes
'opaque' and 'background'. Setting 'opaque' to "yes" suppresses the use
of the alpha channel at the GUI session. This improves the drawing
performance by 20% on the PinePhone. Since the menu_view uses the
gems/gui_buffer.h utility, the 'Gui_buffer' received a new 'Alpha'
argument at construction time.
The 'background' attribute can be specified to define the reset color of
the GUI buffer. It alleviates the need to create a frame widget for the
top level.
The patch also switches the optimization level for compiling menu_view
to -O3, which increases the drawing performance on the PinePhone by 30%.
Fixes#4592
This change increases the quota to allow the use of bigger fonts, and
tweaks the style such that the keyboard gets a decent appearance on the
PinePhone's 1440x720 display.
This patch adds principle support for using a USB-net modem as
mobile-data uplink. The change is motivated by the upcoming phone
manager for the PinePhone where the modem serves as the primary network
uplink. For the regular PC version of Sculpt, the feature is not needed
(hence remains disabled) because USB net can be deployed from a package
as described in:
https://genodians.org/jschlatow/2021-07-21-mobile-network
The patch also renames the "Local" network option to "Disconnected" to
be more intuitive.
By decoupling the network dialog's menu view from the 'Network' class,
we become able to host the network dialog in the same menu view instance
as other dialogs.
By using the new functions provided by the base API, this patch removes
the dependency of several components from include/decorator/xml_utils.h.
Issue #4584
Define custom analyses that can be imported into TraceCompass (>= 7.3)
for evaluating the traced component interactions and checkpoints.
genodelabs/genode#4352
The box layout evenly distributes the child widgets according to the
number of children. This is not desired in the special case where a
child widget has a size of zero. The patch changes the layout algorithm
such that zero-sized widgets are not taken into account for distributing
residual space.
This patch replaces the former implicit "phonyness" of the rule by an
explicit .PHONY and installs a symlink from the target's build directory
to bin/ as is the usual practice for regular targets.
Related to issue #3972
By declaring the generated menu_view_styles.tar archive as build
artifact, it is automatically picked up whenever menu_view appears as
build ingredient of sculpt.
build: app/menu_view
This patch simplifies the use of the menu_view in scenarios where no
absolute motion events but only touch events occur. Previously, such
scenarios required the creation of artificial absolute motion events
via the event filter.
Issue #4514
This patch fixes rare freezes of menu view instances, which could happen boot
time whenever the leitzentale GUI happens to get initialized before the display
driver finished setting up a reasonable mode. In this case, the resolution-
dependent font size can temporarily get almost zero, tripping up the glyph
renderer.
This patch reduces the response time of supposedly stuck situations like
an unresponsive part_block component. First, it reduces the heartbeat
rate from 1 to 2 seconds to make it consistent with the frequency of
state reports. Second, it allows up to four skipped heartbeats until
regarding the situation as stuck. With those changes, the prolonged
initialization sequence of a USB ZIP drive succeeds with Sculpt.
This patch handles the corner case of switching virtual desktops while
child views are visible. Examples of such child views are tool tips,
pull-down menus, or the graph of the top-view utility. The switch to
another virtual desktop would implicitely turn the child views into
top-level views of the root nitpicker GUI server until switching back
to the original virtual desktop.
The patch implements the expected behavior of hiding all child views
that belong to a disappearing top-level view.
The value of 50% as assigned by commit "sculpt: add basic support for
i.MX8 Quad EVK" leaves too little room for other components of the
runtime subsystem. With the adjustements of commit "sculpt: assign CPU
quotas" the sum exeedcs 100%. Hence this commit tunes down the value to
sensible 10%.
By assigning CPU budgets, base-hw's priorities come into effect.
Even though the chosen values are rather guessed than informed, they
yield a visibly improved responsiveness on the Pinephone.
* Switch from the legacy usb_host driver to the new PC version
in recipes and automated tests
* Update documentation snippets
* Remove outdated, unused usb_rndis run-script
Fixgenodelabs/genode#4416
Do not set '_mode' per default to MANANGED. Check if a manual config ROM
is present during construction and set '_mode' to MANUAL in case it is.
issue #4369
This patch makes Sculpt's leitzentrale GUI able to respond to touch events. It
formerly assumed that click/clack events are always preceded by hover reports
that identify the clicked-on widgets. For touch events, however, the most
up-to-date hover information referred to the previous click because there is no
motion without touching. So the GUI tended to identify the wrong widgets as
click targets.
The patch solved this problem by testing the freshness of the hover information
at the time of the click. If the hover information is older than the click, the
action is deferred until up-to-date hover information becomes available.
Fixes#4398
* retrieve Genode::Env from plugin, this way no mesa applications need to
be changed.
* add 'vfs_gpu' api
* remove when all required functionality is implemented within the plugin.
issue #4380
When a <gpu> node is present in the VFS, the plugin opens a
Gpu::Connection for each open call to the 'gpu' node and installs a
completion signal handler. A read only to the fd returned only comes
back if a completion signal has been received between two read
transctions to the fd.
For now the Gpu::Connections can be retrieved by calling the
'vfs_gpu_connection(unsigned long id)' function. The id can be obtained
using 'stat' on the 'gpu' device and is located in the inode (st_ino)
field of the stat buffer.
issue #4380
This patch equips Sculpt with the ability to customize the system image
in very flexible ways.
All customizable aspects of the image have been relocated from the
former sculpt.run script and the accompanied gems/run/sculpt/ directory
to a new location - the sculpt/ directory - which can exist in any
repository. The directory at repos/gems/sculpt/ serves as reference.
The sculpt directory can host any number of <name>-<board>.sculpt files,
each containing a list of ingredients to be incorporated into the
Sculpt system image. The <name> can be specified to the sculpt.run
script. E.g., the following command refers to the 'default-pc.sculpt'
file:
make run/sculpt KERNEL=nova BOARD=pc SCULPT=default
If no 'SCULPT' argument is supplied, the value 'default' is used.
A .sculpt file refers to a selection of files found at various
subdirectries named after their respective purpose. In particular, There
exists a subdirectory for each file in Sculpt's config fs, like
nitpicker, drivers... The .sculpt file selects the alternative to use
by a simple tag-value notation.
drivers: pc
The supported tags are as follows.
*Optional* selection of /config files. If not specified, those files are
omitted, which prompts Sculpt to manage those configurations
automatically or via the Leitzentrale GUI:
fonts
nic_router
event_filter
wifi
runtime
gpu_drv
Selection of mandatory /config files. If not specified, the respective
'default' alternative will be used.
nitpicker
deploy
fb_drv
clipboard
drivers
numlock_remap
leitzentrale
usb
system
ram_fs
Furthermore, the .sculpt file supports the optional selection of
supplemental content such as a set of launchers.
launches: nano3d system_shell
Another type of content are the set of blessed pubkey/download files
used for installing and verifying software on target.
With the new version, it has become possible to supply a depot with the
the system image. The depot content is assembled according to the 'pkg'
attributes found in launcher files and the selected deploy config.
The resulting depot is incorporated into the system image as 'depot.tar'
archive. It can be supplied to the Sculpt system by mounting it into the
ram fs as done by the 'ram_fs/depot' configuration for the ram fs.
It is possible to add additional boot modules to the system image. There
are two options.
build: <list of targets>
This tag prompts the sculpt.run script to build the specified targets
directly using the Genode build system and add the created artifacts
into the system image as boot modules.
import: <list of depot src or pkg archives>
This tag instructs Sculpt to supply the specifid depot-archive content
as boot modules to the system image. This change eliminates the need for
board-specific pkg/sculpt-<board> archives. The board-specific
specializations can now be placed directly into the respective .sculpt
files by using 'import:'.
To make the use of Sculpt as testbed during development more convenient,
the log output of the drivers, leitzentrale, and runtime subsystems
can be redirected to core using the optional 'LOG=core' argument, e.g.,
make run/sculpt KERNEL=linux BOARD=linux LOG=core
The former pkg/sculpt-installation and pkg/sculpt-installation-pc
archives have been replaced by pkg/sculpt_distribution-pc, which
references the generic pkg/sculpt_distribution archive. Those pkgs are
solely used for publishing / distribution purposes.
Fixes#4369
- Consider 'sdl' as source of input events in the event-filter
configuration as generated by the sculpt manager
- Supply an artificial 'platform_info' ROM as requested by the
sculpt manager to obtain the affinity-space information
- Substitute 'fs_rom' for 'cached_fs_rom' as a workaround for the
lack of support for managed dataspaces on Linux
Fixes#4362
This patch improves the robustness of the CPU-affinity handling.
- The types in base/affinity.h received the accessors
'Location::within(space)' and 'Affinity::valid', which alleviates
the fiddling with coordinates when sanity checking the values,
in init or core.
- The 'Affinity::Location::valid' method got removed because its
meaning was too vague. For sanity checks of affinity configurations,
the new 'within' method is approriate. In cases where only the x,y
values are used for selecting a physical CPU (during thread creation),
the validity check (width*height > 0) was not meaningful anyway.
- The 'Affinity::Location::from_xml' requires a 'Affinity::Space'
as argument because a location always relates to the bounds of
a specific space. This function now implements the selection of
whole rows or columns, which has previously a feature of the
sandbox library only.
- Whenever the sandbox library (init) encounters an invalid affinity
configuration, it prints a warning message as a diagnostic aid.
- A new 'Affinity::unrestricted' function constructs an affinity that
covers the whole affinity space. The named functions clarifies
the meaning over the previous use of the default constructor.
- Core's CPU service denies session requests with an invalid
affinity parameter. Previously, it would fall back to an
unrestricted affinity.
Issue #4300
Similar to other devices allow for selecting a graphics device as
well. This is currently only useful on iMX8-based systems like
iMX8Q-EVK and MNT Reform2 where the driver is explicitly started
from a pkg.
Fixes#4342.
This patch changes the 'Allocator' interface to the use of 'Attempt'
return values instead of using exceptions for propagating errors.
To largely uphold compatibility with components using the original
exception-based interface - in particluar use cases where an 'Allocator'
is passed to the 'new' operator - the traditional 'alloc' is still
supported. But it existes merely as a wrapper around the new
'try_alloc'.
Issue #4324
This patch adds a missing call of '_handle_decorator_margins' at
construction time. Up to commit "report_rom: versioning and explicit
notification" this problem was masked by an unconditional signal, which
implicitely triggered the call.
Issue #4274Fixes#4306
This patch presents all press and release events to the pointer state,
fixing the problem that _key_cnt was decreased but never increased.
However, the inconsistency had no observable effects in practice.
Issue #4176
This patch ensures that the pointer report is updated not before all
input events are handled. The change does not solve any observed
practical issue but the potential problem was spotted while reviewing
the code.
Issue #4176
This patch changes the depot_query tool to filter the returned index
data depending on the 'arch' as specified for the query. This way, one
index file can support multiple CPU architectures while allowing
individual entries to be architecture-specific.
Fixes#4295
This patch adds the missing definition of 'prio_levels' in the prepare
sub init, fixing the warning:
[init -> runtime -> prepare] Warning: vfs: invalid priority, upgrading from -2 to 0
Issue #4281
Warning!
The current version of the file vault is not thought for productive use but
for mere demonstrational purpose! Please refrain from storing sensitive data
with it!
The File Vault component implements a graphical frontend for setting up and
controlling encrypted virtual file systems using the Consistent Block Encrypter
(CBE) for encryption and snapshot management. For more details see
'repos/gems/src/app/file_vault/README'.
Fixes#4032
Previously unconditional calls to Genode::log in cbe init and the cbe trust
anchor VFS plugin were made dependent on a verbosity flag that is set to
"false" by default.
Ref #4032
Instead of simply encrypting the private key with AES-256 when storing it to
the 'encrypted_private_key' file, wrap it using the AES-key-wrap algorithm
described in RFC 3394 "Advanced Encryption Standard (AES) Key Wrap Algorithm".
This is more secure and enables us to directly check whether the passphrase
entered by the user was correct or not.
Ref #4032
As the file formerly named 'secured_superblock' actually contains the hash of
the superblock that was secured, it was renamed 'superblock_hash'.
Ref #4032
As the file formerly named 'keyfile' actually contains the encrypted private
key of the Trust Anchor, it was renamed 'encrypted_private_key'.
Ref #4032
By now, the symmetric keys were only XOR'ed with the private key as placeholder
for a real encryption. Now they are encrypted using AES256 with the TA's
private key as key
Ref #4032.
A private key of 256 bits is generated pseudo-randomly using the jitterentropy
VFS plugin on initialization. The private key is stored in the key file
encrypted via AES256 using the SHA256 hash of the users passphrase. When
unlocking the CBE device, the encrypted private key is read from the key file
and decrypted with the hash of the users passphrase.
Ref #4032
Instead of using the user passphrase directly, use its SHA256 hash calculated
using libcrypto. The passphrase hash is still stored in the key file to be
used as base for the very primitive way of generating the private key.
Ref #4032
Closing the keyfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
The unlocking operation in the trust anchor was broken wich caused bad keys in
the CBE. This rewrites the whole operation to work as desired. Note that this
doesn't make it more safe! The private key is still almost the same as the
passphrase and stored plaintext.
Ref #4032
The plugin used to close file handles via the 'vfs_env.root_dir.close'.
However, this lead to resource leaks and apparently isn't the right way to
do it. Other VFS plugins do it by calling 'close' directly on the handle and
doing it in the trust anchor plugin also, fixes the leaks.
Ref #4032
Closing the hashfile handle after a write operation wasn't synchronised to the
actual end of the write operation.
Issuing a write operation at the back end returns successfull as soon as the
back end has acknowledged that it will execute the operation. However, the
actual writing of the data might still be in progress at this point. But the
plugin used to close the file handle and declare the operation finished at this
point which led to warnings about acks on unknown file handles and leaking
resources. Now, the plugin issues a sync operation directly after the write
operation and waits for the sync to complete. This ensures that the plugin
doesn't declare the operation finished too early.
Ref #4032
There were no means for issuing a Deinitialize request at the CBE using the
CBE VFS plugin. The new control/deinitialize file fixes this. When writing
"true" to the file, a Deinitialize request is submitted at the CBE. When
reading the file, the state of the operation is returned as a string of the
format "[current_state] last-result: [last_result]" where [current_state] can
be "idle" or "in-progress" and [last_result] can be "none", "success", or
"failed".
Ref #4032
When discarding a snapshot, the CBE VFS plugin didn't communicate the ID of
the snapshot to the CBE. Instead it set the ID argument to 0. Therefore the
operation never had any effect.
Ref #4032
The snapshots file system used to return the number of snapshots on
'num_dirent' when called for the root directory although it was expected to
return 1. This confused the tooling ontop of the VFS.
Ref #4032
Despite being readable, the files control/extend and control/rekey proclaimed
that they were not when asked. This caused the fs_query tool to not report the
content of the files although it could have.
Ref #4032
Stat calls on the control/extend and control/rekey files returned a bogus file
size that led to an error in the VFS File_content tool. The tool complained
that the size of the file determined while reading the content differs from the
one reported by the stat operation. Now, the stat call will always determine
the actual size of what would be read. However, it isn't guaranteed that this
size doesn't change in the time after the stat operation and before the read
operation.
Ref #4032
Both, trace_logger and vfs_trace had their own trace_buffer.h. This
commit consolidates the existing implementations and provides the
resulting trace_buffer.h at 'include/trace/'. It thereby becomes part of
the trace api archive.
genodelabs/genode#4244
WARNING: BREAKS CONFIG COMPATIBILITY!
This commit changes the configuration interface of the NIC router in a way that
may break systems that use the component without proper adjustment!
How to adjust:
At each occurrence of the 'dns_server_from' attribute in a NIC router
configuration replace the attribute name with 'dns_config_from'. The attribute
value remains unaltered.
DETAILED DESCRIPTION
The new attribute name 'dns_config_from' reflects that also other aspects of
the DNS configuration of the denominated domain are used by the DHCP server
that holds the attribute. This commit is a preparation for forwarding also the
domain name (DHCP option 15) with the mechanism behind the attribute.
Ref #4246
File size must be the same as the number of bytes that can be read from
the file. Otherwise, this will trigger a `Truncated_during_read`
exception.
Fixesgenodelabs/genode#4240
* the GPU multiplexer now offers the platform service to the Intel
framebuffer driver (driver_manager)
* ajdusted drivers_managed-pc to hand out resources to the GPU driver
* adjust quotas
issue #4233
The fs_query component used to exit with an uncaught exception if a queried
directory didn't exist. Now, fs_query will catch this event and simply skip the
affected query, thereby indicating to the user the inexistence of the
queried directory.
Ref #4032
If no window has ever been focused, next() always returns an invalid
window id. As a consequence, there is no way to cycle through the focus
history without an explicit focus event (e.g. mouse hover).
Instead, next() should return the first window from the focus history if the
currently focused window is not present.
Fixesgenodelabs/genode#4164
Adds the <new-file> operation to the fs_tool. When configured, the
<new-file path="...">...</new-file> tag will cause creation or overwriting of
the file given through the 'path' attribute. The file will contain the text
content of the tag.
Ref #4032
This patch moves the utility from the app/text_area to os/vfs.h to make
it easier to use by other components. By hosting the 'New_file' as a
friend alongside the 'Directory', we can now pass a 'Directory' as
constructor argument, which is consistent with other utilities such as
'File_content'.
As a further improvement, the new version supports the implicit creation
of the directory hierarchy leading to the new file.
Issue #4032
By adding an attribute 'size="yes"' to a query, one instructs fs_query to
report also the size of each queried file as attribute 'size' of the
corresponding 'file' node.
Ref #4032
The fs_query component used to try watching all files it found resulting in
errors on files that are not watchable. For some files, however, the watch-
feature doesn't make sense as they are not readable (no content, no size).
Now, fs_query will check first whether a file is readable and skip watching
if it isn't.
Ref #4032
When configuring fs_query to print the content of files it used to try so for
all files it found resulting in errors on files that are not readable. Now,
fs_query will check first whether a file is readable and skip printing the
content of those that are not.
Ref #4032
Managing ssh event file descriptors was performed from two different
threads which could cause reallocation of structure used in other thread
in a call to 'poll' function.
Splitted initialization to parts and moved ssh event part into ssh loop.
Issue #4095
Moved creating ssh loop thread after initialization of wake up server
file descriptors to make sure that they will be properly handled even in
first loop run.
Issue #4095
pthread.0 acquires a write buffer mutex and calls potentially
blocking fs operations. The EP thread handles session requests and tries to
acquire the same write buffer lock. IO progress events for pthread.0 are
handled by the EP thread, which however is blocking on the write buffer mutex.
The commit uses two write buffers, one which is filled by the EP and a second
which is used by pthread.0. The two buffers are swapped protected by a mutex
without invoking blocking fs operations.
Issue #4095
The exec_terminal generates a config report which is used as input ROM for
sandbox/init, which does not support an "<empty>" node.
An empty config node is empty, without an node.
Issue #4095
With this patch, the user is able to re-gain access to the inspect view
by toggling the inspect button of a file system unrelated to the failed
USB storage device.
Fixes#4090
The direct execution of application-level code by a watch handler is
troublesome because those handlers are executed at the I/O signal level.
In the concrete case, the watch handler got recursively called because
the handler called _handle_config (application-code), which called the
VFS, which in turn performed a wait_and_dispatch_one_io_signal, which
again invoked the watch handler.
The patch works around the problem by letting the watch notification
trigger the application-level signal for the _config_handler.
Fixes#4091
This patch adds the handling neccessary for clients to upgrade the cap
quota of their GUI session. Until now, the upgrade mechanism supported
only RAM quota.
The limitation became visible once a client - in the particular case the
motif_decorator - attempted the cap upgrade of its GUI session. The cap
quota would arrive at the wm, but the wm would keep it instead of
forwarding the quota to nitpicker. This resulted in an infinite retry
loop at the motif_decorator, ultimatedly depleting all its cap quota.
The window manager infers the overall state from the intercepted input
events for the decorator and all GUI clients. However, each of those
parties have an independent input-event stream. Whereas the order of
events within one GUI session is strict, the order of events between GUI
sessions is arbitrary. The window manager wrongly relied on a global
event ordering to track the pointed-at GUI session.
The patch removes the assumption of a global event order by tracking the
relevant pointer state for each GUI session independently and evaluating
these states when propagating the pointer position to the decorator.
Fixes#4059
The addition of further keyboard layouts would otherwise pollute the
config/ directory too much.
Caution: When updating Sculpt OS, don't reuse your existing
config/event_filter file unmodified! You need to replace the chargen
includes, pointing to the new location, e.g.,
<include rom="en_us.chargen"/>
<include rom="special.chargen"/>
must be changed to
<include rom="keyboard/en_us"/>
<include rom="keyboard/special"/>
Issue #4055
This patch extends the settings dialog with the ability to select the
keyboard layout between the options that are included in the sculpt
image. The manual configuration is of course still possible by editing
the /config/event_filter directly.
If both the fonts configuration and the event-filter configuration are
managed manually, the settings button and window are not displayed.
Fixes#4055
By sorting the reported output, all consumers of the reports become able
to rely on a deterministic order. For example, the file browser of
Sculpt OS, the launcher menu items, and the depot-selection items will
appear in a predictable order.
Fixes#4054
This patch adds session-routing options to connect components to the
capture/event interfaces of the global nitpicker GUI server or the
leitzentrale GUI server. It thereby enables the implementation of screen
capturing components, remote management tools, or virtual keyboards.
Since those services are very powerful, they are subsumed under the
"hardware" category of the component graph as opposed to the GUI
category, which guarantees the separation of clients.
Fixes#4053
This patch adds 4 priority levels to the runtime subsystem. The highest
priority is used for components that are critical for the operation of
Sculpt, in particular the Leitzentrale GUI. All regularly deployed
components are assigned the lowest priority by default.
With priorities available in the runtime subsystem, this patch flattens
the priority levels at the top-level init to only two levels and
overlays the priority bands of the drivers, leitzentrale, and runtime
subsystems into one priority band. This has three benenfits:
- This change prevents the starvation of the Leitzentrale GUI from a
spinning high-priority driver (issue #3997).
- The change will also ease the hosting of latency-critical components
in the runtime subsystem that are prioritized higher than regular
components, the storage stack, and the network stack.
- The Leitzentrale GUI remains always perfectly responsive regardless
of the workloads deployed from packages. In the previous version,
the runtime graph was sometimes stuttering on high system load.
Issue #4045
This patch triggers the immediate removal of part_block once the
discovery of a fresh inserted USB stick has completed. Without the
patch, part_block was retained until the runtime was reconfigured the
next time for other reasons (e.g., toggling an inspect view). Until the
next reconfituration, part_block tended to stand in the way of directly
assigning the USB device to a VM.
This commit improves the performance of the pipe plugin by using local
signal handling and avoiding sending a signal during write when pipe
buffer is full.
Issue #3583
All pipe-ends were notified at the same time which leads to dead-locks.
This commit mitigates this by having a signal handler for each pipe and
each pipe-end respectively.
Issue #3583
The vfs pipe plugin can now be used as named pipe which anables data
transfer via file handles from one component to another. E.g. if one
would like to send data from component A to stdin of a libc component B,
one can do so by simply writing to that fifo file.
Issue #3583
The deadlock reported in #3236 could be reproduced via the wm.run script
and the modification of test/nitpicker in commit "nitpicker: fix destroy
with invalid handle" by clicking on the testnit entry of the launchpad.
This patch fixes the deadlock by releasing the locked pointer early in
the destruction path, which is legitimate as the wm is single-threaded.
Fixes#3236
No code in this class uses this private member variable. This prompts
clang to produce a warning message about it. Fix it by dropping the
variable.
Issue #3985
This private member variable is not used anywhere in the code. This
produces compilation warning when using clang instead of GCC. Drop the
unused variable.
Issue #3985
The State enum and _state private member variable are not used anywhere.
This produces an extra warning when building the code with clang instead
of GCC. Remove this dead code.
Issue #3985
Let the NIC router provide an Uplink service besides the Nic service that it
already provided. Requests for an Uplink session towards the NIC router are
assigned to Domains using the same <policy> configuration tags that are used in
order to assign Nic session requests. The MAC addresses of Uplink session
components are _NOT_ considered during the allocation of MAC addresses for NIC
session components at the same Domain. The task of avoiding MAC address clashes
between Uplink session components and Nic session components is therefore left
to the integrator. Apart from that, Uplink session components are treated by
the NIC router like any other interface.
Ref #3961
This patch relaxes the need to specify the rom content of all pkg dependencies
in each runtime file. Whenever a dependency features a runtime file, the
contained <content> <rom/> ... </content> nodes are implicitely included.
Fixes#3981
This patch complements the commit "nitpicker: defer hover changed while
dragging" with fixes of the window layouter and motif decorator.
- Handling of empty pointer model (after unhovering a decoration)
instead of not updating it.
- Re-applying the hover model to the window layout when leaving the
drag state. This addresses the corner case that the hover model
changed during the drag operation (which is rightfully not handled
while dragging).
- Letting the window layouter enter the drag state only if a dragged
window is defined.
Issue #3973
When idle, the decorator still consumes a bit of CPU time when triggered
by the GUI session's sync signal. This patch installs the sync handler
each time the decorator goes idle.
* Introduce CPU quota for driver subsytem (needed by sd_card_drv)
* Introduce CPU quota for runtime subsytem and nic_drv (needed by fec_nic_drv)
* Increase CAP quota for inspect terminal slightly
* Add sculpt packages for imx8q_evk
Fix#3958
* Introduce sculpt-[board] specific package
* Move rtc driver into managed drivers sub-system
* Name nic_drv in a generic fashion in sculpt_manager
* Copy over pc-specific config files only when building for PC
Ref #3958
Originally the outgoing buffer was flush when the terminal was
detached. Since we cannot do that at this point, make the flushing
part of the common cleanup procedure.
Issue #3682.
Rather than calling 'ssh_disconnect' from within the Terminal session,
flag the detached terminal in the session and let the event loop do the
cleanup. Otherwise it might happen that the 'ep' (handling the Terminal
session) as well as the 'pthread.0' (executing the ssh event loop) end
up both triggering the cleanup concurrently.
Issue #3682.
The CBE repository contained a lot of Genode-specific code despite the fact
that the CBE core logic is not bound to Genode in any way. Therefore the
Genode-specific CBE code is moved to the 'gems' repository to form part of
Genode mainline. The remaining CBE code becomes a port in Genode instead of
being invoked as sub-repository.
The commit combines the following work steps:
* add all files removed from CBE repository
* add CBE port files
* make all CBE libs and targets build again
* make all CBE run scripts succeed again
* make all CBE recipes build again
* make CBE autopilot succeed again
* let CBE autopilot use 'libsparcrypto' contrib dir and Genode build dir
instead of '.ci' dir in CBE contrib dir (remove '.ci' dir from CBE repo)
* let CBE autopilot always check for all ports
* make CBE autopilot directly executable
* fix license headers in all Genode CBE files
* remove unused VFS replay component
* remove unused CBE test
* remove unused external crypto
* remove unused files in run dir
* remove unused external trust anchor
* add cbe_tester test to autopilot list
* get rid of directories 'include/cbe_*' and 'include/utils'
Fixes#3937
- Show "..." for resource-assignment menu entry because it leads
to a sub menu.
- Avoid dialog changes when clicking on "Add component" while a
routing or resource dialog is unfolded.
The initial implementation of the affinity configuration in
"depot_deploy: support affinity configuration" added the affinity
location attributes to the <start> node of the deploy config. This patch
moves the information into a dedicated <affinity> sub node as done by
the init configuration. So the context of the attributes 'xpos', 'ypos',
'width' and 'height' becomes clear.
It also fixes a usability issue in Sculpt that occurred during testing:
When configuring multiple components with custom affinities, the
resources dialog of later components would wrongly display the state of
earlier components instead of displaying the fresh (default) state. The
resulting configuration would then not match the displayed information.
This is fixed by resetting the dialog state.
As another minor cosmetic change, the patch adds a line break in front
of copied <config> or <heartbeat> nodes.
Issue #3597
With the move of the storage-management dialogs to the graph in Sculpt
version 20.02, the ability to unselect the buttons for destructive
storage operations such as format or expand disappeared. This patch
restores the original behavior.
This patch enables the menu view's new ability to respond to font-size
changes in Sculpt so that the menu view instanced no longer need to be
restarted whenever the screen resolution or font size is changed.
Fixes#3875
This patch allows the use of the VFS watch mechanism for the glyph file
of the TTF VFS plugin so that clients become able to dynamically respond
to font reconfigurations.
Issue #3875
With this patch, sculpt uses init's heartbeat-monitoring mechanism to
detect the failure of part_block instances during storage disovery.
If part_block gets stuck, the device is released and can thereby
be accessed at the whole-device level.
Issue #3861
The check prevents the Ttf_font from violating the bounding box in the
presence of very small scale values. This can happen during the startup
of Sculpt. Before the framebuffer driver is up, Sculpt bases its dynamic
font-size setting on a screen resolution of 1x1.
Issue #3812
The sculpt manager used to defer the initialization of the GUI until
nitpicker's first display report became ready. This way, Sculpt was able
to run headlessly even if the framebuffer driver failed to start up.
Thanks to #3827, nitpicker no longer depends on a working framebuffer
driver. So the sculpt manager is safe to rely on nitpicker in any case,
simplifying the code.
Issue #3827
* enable all common warnings through default value of CC_ADA_WARN
* treat warnings like errors through default value of CC_ADA_WARN_STRICT
* enable almost all style checks through default value of CC_ADA_WARN_STRICT
* style fixes for aes_cbc_4k
* disable strict warnings and style checks for libsparkcrypto and spark lib
Ref #3848
This commit applies the transition from the "Input" session to the "Event"
session to the event-filtering mechansim. The functionality of the
input_filter is now provided by the event_filter. The event filter
requests only one "Event" session as destination for the filter result,
which is usually routed to the nitpicker GUI server. It provides an
"Event" service to which any number of event sources can connect.
The configuration of the filter chain remains almost the same. Only the
declaration of the <input> nodes is no longer needed. Instead, the
configuration must specify <policy> nodes, which define the mapping of
"Event" clients (event sources) to the inputs used in the filter chain.
The patch adjusts all uses of the nitpicker GUI server accordingly such
that the event filter reports events to nitpicker's event service
instead of having nitpicker request an "Input" session. This dissolves
the dependency of nitpicker from input drivers.
Issue #3827
This patch replaces the use of the "Framebuffer" session interface by
the new "Capture" session interface in all framebuffer drivers. Thanks
to this change, those drivers have become mere clients of the nitpicker
GUI server now, and are no longer critical for the liveliness of the GUI
server.
The patch touches the following areas:
- The actual driver components. The new versions of all drivers have
been tested on the respective hardware. Generally, the drivers
have become simpler.
- The drivers_interactive packages for various boards. The drivers
subsystem no longer provides a "Framebuffer" service but needs a
valid route to the "Capture" service provided by nitpicker.
- The driver manager of Sculpt OS.
- This patch changes the role of the test-framebuffer component from a
framebuffer client to a capture server so that drivers (capture clients)
can be directly connected to the test component without the nitpicker
server.
- Framebuffer driver no longer support the unbuffered mode.
- The fb_bench.run script is no longer very meaningful because it
interplays solely with nitpicker, not with the driver directly.
- All run scripts for graphical scenarios and the related depot
archives got adapted to the change.
Fixes#3813
Until now, Genode's framebuffer session interface was based on the
RGB565 pixel format. This patch changes the pixel format to 32-bit
XRGB where the X part is ignored. It adapts all graphical applications
and device drivers accordingly.
The patch also adjusts the users of the drivers_interactive packages,
assigning 64 MiB RAM and 1500 caps to the drivers subsystem, which is
sufficient for covering high resolutions at 32 bits per pixel and to
accommodate multi-component USB HID input stacks.
Fixes#3784
This commit fixes the 'Out_of_caps' handling. The previous version
mistakenly upgraded the RAM instead the caps as response. The problem
could be triggered by the 'decorator_stress.run' script.
- Since Genode::strncpy is not 100% compatible with the POSIX
strncpy function, better use a distinct name.
- Remove bogus return value from the function, easing the potential
enforcement of mandatory return-value checks later.
Fixes#3752
If a "cat" tool as simple as the removed one is needed, it should be
implemented with Goa, only depend on libc/posix (*not* base), and be
named "simple_cat". Up to today, the misleading naming of the removed
tool, tricked me into believing "test-pipe" tests POSIX pipes, which it
did not!
This commit fixes a regression introduced by "window_layouter: add
dynamic screen handling", rendering the sub-division of screens in
columns and row unusable. The said commit removed a condition needed
for the correct window placement. This patch restores the condition.
Issues #3646
When the last writer closes the pipe, we must trigger the I/O progress
handler to deliver the final EOF to the client (READ_OK with out count
of 0).
Fixes#3697
This patch replaces the former Noux instance by a sub init that hosts
the combination of VFS + fs_rom + bash. If bash exits, the whole sub
init exits, which implicitly tears down the terminal session used by the
sub init. The latter is expected by the test sequence.
Issue #3696
Without this patch, the text area would mistakenly delete the characters
types after placing the cursor with the mouse as soon as shift is used
as modifier.
- Don't reset sculpt partition on USB changes whenever ram fs is
selected for use.
- Reconfigure runtime immediately when plugging USB devices.
This prevents the usb-block driver and part_block from
dangling in the graph. They disappear immediately now.
This patch restores the anchoring of the popup menu to the original
behavior, placing the popup to the right of the '+' button. The
anchoring got lost due to the recent structural changes of the GUI,
which affect the hover XML structure.
Be less rigid when checking for available network to support
setups where the uplink or depot repositories are provided by
another source than "wired" or "wifi" NIC services,
e.g., a virtual machine with pass-through network device.
The new text_area component is able to view and edit files.
Internally, it employs a menu_view for the graphics output.
Only basic notepad-like text-editing functions are supported.
At the current time, it is solely meant as a companion of the Sculpt
manager.
Issue #3650
This patch improves the robustness of menu_view when encounting missing
textures, which can happen during development when using styled buttons
and frames. With the patch, menu_view outputs diagnostic messages,
pinpointing the problem.
The patch also updates the texture handling to use the 'File_content'
utility and the VFS for obtaining PNG images.
Issue #3629
This patch allows for the customization of the text color and alpha
value of the label widget by the means of a style-definition file.
The mechanism is exemplified with the new "invisible" label style
that sets the alpha value to zero.
Issue #3629
This commit adds dynamic switching in between different defined
screens via keyboard shortcuts, or by editing the rules file.
In the window_layouter package it defines per default ten screens,
reachable by pressing the screen key along with numbers 0-9.
Fix#3646
This new attribute can be used to enforce a minimum width in the unit of
the size of the character 'x'. Furthermore, the patch sets the minimum
height of a label to 0 if no 'text' attribute is present. By combining
both features, the label becomes usable as a horizontal spacer.
Issue #3629
This patch refines the hover handling such that a float widget never
responds to hovering unless a child is hovered. This way, it becomes
possible to stack multiple float widgets within one frame and still
reach all child widgets.
Issue #3629
Similarly to the way of how a <cursor> can be defined for a <label>
widget, a selection can be expressed as follows:
<label ...>
<selection at="2" length="12"/>
</label>
Issue #3607
Issue #3629
When setting the <dialog> attribute 'hover_details' to "yes", the hover
report features the character position of a hovered label.
Issue #3607
Issue #3629
This patch equips the label widget with the ability to display a text
cursor, as illustrated by the following example:
<label text="...">
<cursor at="10"/>
</label>
Issue #3607
Issue #3629
The wm used to remember the last pointer position when observing a leave
event. With such a stale pointer position, the wm would eventually
wrongly create an artifical motion event when a supposedly hovered
window changes its position (during an animated move). This can lead to
the propagation of the stale pointer position to the wm client, which,
in turn, may interpret the outdated position (e.g., the menu view would
report a wrong hover state).
This patch removes the stale state by resetting the '_pointer_pos' when
observing a leave event.
Fixes#3632
Instead of listening for new TCP/IP connections only,
the TCP terminal connects to a server when an IP address is
configured in the policy for a terminal client.
Fix#3619
Replace return values with appropiate bool and document two-staged
publickey authentication. This fixes a bug where wrong authentication
attempts are not properly denied.
Issue #3590.
server.h:51:12: warning: ‘int write_avail_cb(socket_t, int, void*)’
declared ‘static’ but never defined [-Wunused-function]
This patch fixes the warning by moving the user of 'write_avail_cb' to
the compliation unit that defines it.
This patch is a follow-up fix for "ttf_font: prevent out-of-bounds
access", which produced sporadic single-pixel artifacts with large font
sizes, e.g., with the monospaced font set to 24px in Sculpt.
The artifacts occurred only for some horizontal sub-pixel positions, in
combination with the font cache, and after the rendering of '>'
characters. They were ultimately caused by the missed clearning of the
first pixel of a glyph where x0 is 1 (e.g., the character 'd'). In this
case, a pixel from the previously evicted cache entry (the '>') shined
through. The patch fixes the problem by clearing the glyph starting from
the first, not the x0's, pixel.
Fixes#3567
* The log history of a test is stored as a whole for the lifetime of the test.
* Matching of the log history against log patterns is done correctly now
(previously, a pattern like "AAB" on an input like "AAAB" wouldn't have
triggered).
* Use memcmp, memcpy, memmove instead of the former character-wise operations.
* Sanitizing of log input and log patterns now works more generic through the
new Filter class for all replacements/removals.
* Sanitizing is done as soon as a string is available and remains for the
lifetime of the test.
* Sanitizing doesn't interfer with the matching algorithm.
* Decomposing into small clearly named functions.
Ref #3555
When copying config/managed/deploy to config/deploy, the latter may
temporarily result in an empty configuration. Such an intermediate
state should be ignored to keep the currently running scenario in tact
instead of restarting it.
Add a new plugin for creating pipes between pairs of VFS handles. It is
intended to replace the libc_pipe plugin, one of the last remaining libc
plugins.
In contrast to the libc_pipe plugin, this plugin defers cross-handle
notification until I/O signal handling rather than block and unblock
readers using a semaphore. This is a performance regression in the case
of multiple threads blocking on a pipe, but shall be an intermediate
mechanism pending renovations within the libc VFS and threading layers.
As a side effect, threads blocked on a pipe might not be resumed until
the main thread suspends and dispatches I/O signals.
The "test-libc_pipe" test has been adjusted to use the VFS pipe plugin
and tests both local pipes and pipes hosted remotely in the VFS server.
Merge adaptations (such as EOF handling, adjustment to VFS/libc
interface changes) by Norman Feske.
Fix#2303
This patch extends the 'File_system::Status',
'File_system::Directory_entry', and the related 'Vfs' types with
the following additional information:
- Distinction between continuous and transactional files (Node_type)
(issue #3507)
- Readable, writeable, and executable attributes (Node_rwx),
replacing the former 'mode' bits
(issue #3030)
The types 'Node_rwx', 'Node_type' are defined twice,
once for the VFS (vfs/types.h) and once for the 'File_system'
session (file_system_session/file_system_session.h).
Similarly, there is a direct correspondance between
'Vfs::Directory_service::Dirent' and 'File_system::Directory_entry'.
This duplication of types follows the existing pattern of keeping the
VFS and file-system session independent from each other.
